Friday, March 25, 2011

How To Escape the Web

I have finally found a browser configuration that can reliably keep me from screwing around on the internet.

For a while I've had the Leechblock add-on for Firefox, which lets me dynamically (i.e. on-the-spot) add a site to a list, and then keep me from seeing it for some period of time. But I figured out early on that I could remove sites from the list with just a little work. Apparently, I just didn't know how to use Leechblock to the fullest of its abilities, because it's also possible to set it so that no changes at all to its configuration - except for adding addresses - are possible outside certain circumstances, which can be made very restrictive.

So, with Firefox, I am now prohibited from visiting my favorite places to read, visiting my favorite forums, and periodically checking Facebook to make sure that, still, no one has left me any messages.

But that leaves IE, which I quickly discovered is basically un-uninstallable. You can roll back to earlier versions, but you cannot, without more expertise than I have, remove it from XP. So I persisted this way for a while, with an old version of IE that at least made me nervous to go wandering around the web, for fear of Java trojans. I could sneak over to stupid IE to check for Facebook messages, or to see what the others were talking about on the forums, or to see what country was on fire today. I was basically controlling myself relatively well, but still not satisfied.

Solution: rather than try and figure out whether there's some Leechblock equivalent for IE, I rolled IE back up to the current version, went into the "content advisor" settings, and told it not to let me visit any websites that I haven't already rated as okay. I'm not even sure what a content advisor rating is - I was just testing to see what the setting did. It prevented me from looking at basically any website at all, making IE useless. But the key is that the content advisor has a password option, so that without the password you can't change the settings.

I set the password to something I made up on the spot, and I have no idea now what it was. It was actually a word, something like arduvon or.. I remembered it for a few minutes afterwards, and worried that I had memorized it, but it's gone!

I'm not completely protected, however. I could always download Chrome or something else, or roll IE back again. The first option can be prevented by just adding the Chrome site to the Leechblock list.

Anyways, I'm pretty satisfied with this.

Friday, January 21, 2011

yandex.ru

Another boring Sitemeter post. I'm so sorry.

Several interesting visitors recently, though I haven't kept notes and have forgotten the names of several. Someone in France came here and spent something like an hour viewing several dozen pages, I don't know why - they came in through the MS-WBT server page, though.

Someone came here through my link in Facebook, which never happens, and he looked at a few pages. I know who it was, but I won't embarrass him.

Anyway, page views are up for some reason - every day or two, someone flips through several pages, I don't know why that's happening now but not before - the MS-WBT page isn't changed, nothing is. Random winter boredom maybe?

Today there was a visitor about whom Sitemeter seemed to know nothing at all. I was curious, so tracerouted the entire IP block, and it led back to a cluster of sites named yandex.ru. This, apparently, is the Russian Google, a search engine suite. I don't know what hit the site, exactly, but maybe it was a yandexbot - the Googlebot comes every few days or weeks, maybe the yandexbot will start dropping by.

Anyways, that's pretty boring. Sorry.

Friday, December 31, 2010

WebSense

This is kind of interesting.

Being on the private network and all, I can't see the main stream of internet traffic - or, I don't know how to watch it from an external host, same thing. Anyways, I am reduced to watching Sitemeter to see if anything interesting pops up there. So we get the Italia thing from last time.

Sitemeter tells me the referring URL for most visitors to this site. 98% of them are referred from Google, because they've searched for MS-WBT-SERVER and that April page is the top return for that search. The ones that aren't from there are the interesting ones. Today I get the following referral:

http://10.237.125.90:15871/cgi-bin/blockOptions.cgi?ws-session=1817507749

An IP address starting with 10.* is a private network address - so at first I thought this was a referral from some site on my own network, which doesn't make any sense at all. Then, slightly more sensibly, I thought it must be a reference from within the Blogspot network. Then I gave up guessing, and Googled it.

A number of forum questions suggest that someone on a private network tried to see this site, but it (i.e. blogger.com) was blocked by WebSense software. So WebSense poked the site, found it was on its block list, and probably gave that person a notification that it was blocked - 15871 is the port used by the WebSense monitor or something, so this actually reveals (I think) the user's own IP address. The request came from an address in Tamil Nadu, India.

So, strangely enough, this is a way of getting information about a user from within a private network - get your site blocked by them, then you can see their external, public address when they attempt to connect, and their private address when WebSense bounces them off. Neat!

***

The public address sitemeter gave me was 203.99.193.* - this is registered to Cognizant Technology Solutions - long story short, Cognizant is (among other things) an outsourcing company. No way of knowing exactly what they're doing there, some sort of white collar stuff, call centers, that sort of thing.

Tuesday, December 21, 2010

Italia

Oh, also I am always watching Sitemeter, keeping track of how many people are coming to check out my invaluable MS WBT tips. Somebody on an Italian network actually seems to have searched this site out by name, strangely enough: they Googled the terms "internet what i am going to learn today", which is pretty weird. May have just been a coincidence, but I think they were looking for me.

Sitemeter doesn't give the whole IP address of the visitor, just the prefixes, and in this case it couldn't be certain where the visitor was coming from. I tracerouted the whole block, though, and they all belong to the Telecom Italia backbone, called "Seabone".

So today I learned that Telecom Italia's international backbone is called Seabone.

Publication Report 2010

My internet research has dwindled to nothing!

Meanwhile, this year's publication history:

Published manuscripts: 2
Submitted manuscripts: 0
In-preparation manuscripts: 1
Abstracts submitted: 2
Conference papers written: 2
Conference presentations: 1
Invited lectures: 1

SUBMITTED MANUSCRIPTS = 0.0, this isn't so good. I have a waiting list of whatever comes right before "in-preparation", though.

Okay, what did I learn today:
Well, I built a model of adapted image quality (blur/normal/sharp) matching yesterday, and fixed it up today. It does just what it should: it "normalizes" when adapted to one or another type of input, though for now its starting point is "blank adapted" which isn't quite right. It also displays the loss of blur/sharp gain that I found in the matching experiment (which accounts for 4 of the above objects: paper in preparation, abstract accepted, presentation and lecture given).

The model is your basic contrast transducer array, a set of Foley functions (Stromeyer-Foley, Naka-Rushton, etc.) with thresholds set by a standard function. I've built it several times before, but this is the first time I came up with a good way of implementing the adaptation part. This is the transducer function, with w in the denominator standing in for some added (only added, yes) gain control function:

The idea is that the system wants R to be kept relatively constant, at a particular level above threshold but not terribly near saturation - but C keeps changing, so how to keep R in that ideal range? Yes, we adapt, and here adaptation basically means setting the value of w. That's easy to do, just solve for w. This introduces probably the most important free parameter in the model, R, because I don't know what it should be, though I have a good idea of the range, and luckily the thing only really behaves if I put it in that range. So okay, it works!

So what I learned is that the third time you build something, it might actually work. From now on I need to make sure to build everything at least three times.

Monday, November 15, 2010

MS WBT SERVER 2

This site has been getting more than 20 hits/day because of this post from back in April. Basically, all it does is describe some packets that were sent to a port used by the service MS WBT SERVER. It supplies a critical piece of information for those wishing to find out what, exactly, MS WBT SERVER is: "this is the port used by the 'Remote Desktop' utility in windows". There, I've done it again! Now I should start getting twice as many hits.

Sitemeter says that something like 98% of those hits leave the site immediately without looking at anything, probably because people immediately recognize that there's nothing useful here at all. But they keep coming, more every week, more every month! Every once in a while someone goes and looks at one of the indices on the right side of the page, maybe thinking, "ah, there's where something useful might be hidden!" Usually they leave right after that, but it's interesting anyways. I haven't gotten any comments on any of my old comedic dialogues unfortunately.



Virtually every one of these visits was referred from google.com, from a search for MS WBT SERVER.

For comparison, here's an old record from a couple of years ago.

Monday, October 18, 2010

ARP

One small thing, which I don't have on hand - the other night, I switched on the network monitor and saw an exchange I'd never seen before: ARKIV (my computer) sent an ARP packet to Jingping's computer, which is on the same local network - immediately, her computer responded with two UDP skype packets. ARKIV's skype was turned off. Is skype constantly checking incoming messages to see if they come from an address in its routing tables - in that case why was Jingping the only computer that got an ARP packet? Was the ARP packet sent by some active skype process? Mysteries, mysteries...

(These conversations suggest that skype knows enough to adjust its routing for LANs - so instead of IP addresses it needs to be routing to MAC addresses, or something.)

Wednesday, October 13, 2010

Audio

Ok, here's something slightly interesting. It has to do with Skype - the only traffic I can see here that isn't building business, or something I'm doing (webpages, ftp, updates, etc.) is Skype, so I guess that's what I live with until I go figure out something new.

Anyways, I've mentioned before about how my Skype account seems to use port 34268 to advertise its existence - UDP packets go in and out through that port, and sometimes a link gets established with one of the associated addresses, and a conversation starts - i.e. my computer gets used as a relay in the Skype network. Sometimes I see the UDP packets go out, looking for another node, and nothing comes back - they go out a few more times, and give up.

So, what I noticed is that tonight, my computer is sending RTP packets, which I haven't seen before, rather than UDP packets. RTP is apparently used for transferring video and audio, especially with VOIP applications. So, Skype is looking for someone accepting video/audio streams, trying to establish an RTP network? I have no idea.

Each of those RTP messages was reciprocated with a UDP response, by the way. Nothing else followed, however - there's a single conversation going on through Skype, leisurely exchanging TCP packets every few dozen seconds, so I would assume this is a text conversation - but it's a one-sided conversation, since my computer is communicating only with one other address! If I were relaying a conversation, I should see connections with two other hosts, not one. Maybe some sort of routing table content is being transferred, updated, etc., very slowly?

That's all I've got.

Sunday, October 03, 2010

Private networks are boring

Just as the title says. Since moving into this new apartment, I've been viewing the internet only from within private networks, at home or in the lab. It's very boring. Here, as there, I see absolutely nothing but the browsing traffic and attendance updates between the hosts and the server. Nothing from outside, ever.

I haven't done anything, learned anything internet-wise, since moving here. This is the reason.

Before, when I had that public Comcast address, it was like living on the street, and all the random scans and searches that passed by every other minute were like other street people, bumping around and looking for somebody to take advantage of, or just exploring as I was doing, scanning this or that node, looking for something interesting.

The private network is like living in... an apartment building, or a suburban neighborhood, where all you ever see are your neighbors, and all they're ever doing is routine, everyday, necessary things, which aren't interesting at all except in that they're being done and that they're done every day, routinely - routine has a quality all its own, but it's not much fun to watch.

I need to figure out how to watch traffic from other hosts. It's time to expand my abilities.

Thursday, September 16, 2010

Tuesday, July 06, 2010

back

okay, june was a busy month, and it had absolutely nothing to do with me learning anything at all about the internet. and, lately, i have lost interest in the topic. but i'm sure it will come back! i'll be moving to a new apartment by and by, where the internet is apparently distributed by a local network run by the building manager - i.e. i'll be plugging into a LAN to get outside. so, first, i'll have to find out what i can and can't do from there, but it will also be interesting to try and figure out how the building's network is put together. i'm guessing, however, that i won't have my own IP address any longer, which will be a plus and a negative when it comes to exploration.

Friday, May 21, 2010

skyping

watching skype here in the lab. sending a few messages from here to jingping. interesting thing is that i don't have a direct link to her. instead, skype only reports having connections with computers at NYU - several of them, six different hosts. maybe they're using me as a relay? or, i could be part of a similar set of harvard-located hosts. here, instead of 36268 or whatever it is at home, the port being used by skype for those UDP messages is always 38253. i also see that i'm sending to each of those NYU hosts from the same port, but receiving from a different port from each one. i'm guessing that all these connections are for the same purpose, and that again for each of those users the port number is the same for all their connections.

oh well, more later. maybe something interesting will happen.

Tuesday, May 18, 2010

chinese-american economics

unrelated to the internet, but i did realize this last night, so it may as well go down here.

i'm aware of two facts, to which we are all constantly exposed by various media:

A. the US buys lots of stuff from China, more than China buys from the US, so there's a trade imbalance. this means the Chinese are stuck with extra $$ that they can't spend, so they loan it back to the US to continue the cycle.
B. the Chinese 元 is tied, in part, to the US $$.

i knew these things already, but didn't realize they were directly related. but they are - and so far i think it's a one-way relationship, in that A) makes B) necessary. i understood it in terms of the following cycle:

1. China companies manufacture goods
2. US companies purchase China goods with $$
3. China companies purchase US goods with the $$ they accumulated
4. China companies have $$ leftover
5. China companies need to pay for domestic costs and profit, but can't spend $$ in China
6. China companies give their $$ to China govt, which gives them China 元 in exchange
7. China govt loans $$ to US treasury
8. US treasury loans $$ to US banks
9. US banks loan $$ to US companies
10. (back to 2.)

this seems to work. I don't know anything about how sustainable it is, though I think I see how you could get to know, or have a strong opinion about, something like that by looking at this process in detail.

anyways, why does A lead to B? because of 6). in order for 6) to be a fair deal, so that the China companies can know they're getting exactly their dollar's worth in the trade, the $$ and the 元 should be closely linked. in essence, those $$-linked 元 are like $$ printed in Chinese form, with the actual $$ stored away as ensured value, like gold - this is why they call $$ a reserve currency.

so apparently, this journal is entirely devoted to me figuring out things that everyone else knows already.

Sunday, May 16, 2010

what is in my packet net?

a boring post, to start: i'm just going to go through the list of what packets i caught during a 780 second capture. skype was on, as was xdict and its incessant search for the kingsoft mothership, which is currently routed to ARKIV itself.

first on the list:
p3nlhg43c081.shr.prod.phx3.secureserver.net
robtex suggests that this is some sort of porn locus, responsible for porn spam and who knows what else. sent one packet from their http port 80 to my port 19246, which is for i don't know.

next:
multiple, periodic IGMP signals, labeled "membership report". i see this all the time, sent to 239.255.255.250. apparently, this is just to establish my presence on the network, so that the routers and other whoever know i'm here.

next:
there were 8 apparent skype contacts through port 34268. what i understand is that this is how different skype hosts find eachother. what i don't understand is why for me it's always 34268, while its always different ports for the others. could it be that for them it's always their number? maybe i'm a member of a particular skype class - the port 34268 class. really, i have no idea. these are always UDP packets, call and response, usually just once, always intiated by ARKIV. and, as i mentioned before, i see them even when skype is off, but ARKIV doesn't respond then.

next:
BROWSER: host announcement. i assume this is something like the "membership report" above, but i don't know what makes it different - ARKIV runs a browser service, and there are browser elections, to select a browser which will keep track of all the potential browsers.. argh.

next:
here is a succinct description: packet from 190.2.29.193, originating from Argentina, from port 1217 to 1434 - 1434 was the way in for something called the SQL slammer worm. SQL is a microsoft database server program - what i received was a single SSRP packet, which is a protocol specially designed for use with the SQL thingie. anyways, one hit, nothing else (presumably i am not running an SQL database server).

so really, that's it. i found a paper on principles of routing in between networks, but haven't read it yet. my learning progress is stalling.

China 222 part 3

not much going on - watched a couple of scans, but haven't studied much. saw the same 222.45.112.59 scan, on ports 8085, 9415, 3246, 9090, and 8090. it probably spins around every few hours, from what others have said on ipillion.com. got a single hit from 222.169.118.106, another chinese location, on a single port. this one actually had a domain name: 106.118.169.222.broad.bc.jl.dynamic.163data.com.cn.

read a bit about routing a few days ago, and got a bit of a sense for it, but not really - but then, Jason gave me a great piece of information that I hadn't gleaned yet from my browsing: routers and other computers broadcast their addresses and routing information across the networks. this is how routing tables get their information. i'm still not totally clear on it, but i'll figure it out.

Jason also suggested i get around to learning how to use linux, and install at least a virtual version of it to use, since that's what real internet people do. i may do that, if only for the fun of it.

but anyways, nothing much learned lately. slow week.

Wednesday, May 12, 2010

China 222 part 2

And, got scanned again by 222.45.112.59, on ports 8085, 2479, and 8090.

DNS server

ok, just got home, thought i'd look at the monitor.

nothing much going on, except i see two reciprocated queries to an address i recognize as something that comes up often as a comcast address - both packets were DNS packets, which as i take it are a type of UDP packet, or maybe not. anyways, i guessed that the address must be a DNS server. since i usually am not using the web browser when i look at the monitor, i wouldn't have noticed this before.

so, i google it and sure enough, 68.87.71.230 is the primary comcast DNS server for massachusetts.

now, one of the queries was for the institute FTP server, which i used to get a file. the other was for tools.google.com, which i do not like, because i did not know google was running something in the background on my computer. the address was then contacted and some packets were traded, a couple were HTTP messages saying "update". i'm going to find out what it is, and kill it. (could be Chrome which i have installed but don't use. i don't have any google plugins or anything for firefox. Chrome must go.)

China 222

maybe a better name for this log should be "what random thing did i see today".

1. it's hard to type in a wrist brace. that fits with "what did i learn today", so..

2. saw four packets from China, from address 222.45.112.59. they soaked into 4 ports which i lost because i restarted the monitor - got distracted at the wrong time, lost good information... i did scan the address and found that it may be a server - google indicates it could be a proxy server: open ports on 1026 and 3389. note comments here and especially here. apparently multiple Chinese IPs starting with 222 are pushing scans all over the place, irritating lots of people.

Sunday, May 09, 2010

not much 2

ok, this is interesting. another packet from ircu.krypt.com. the host at that address has just about all of its ports open. i haven't seen that before. is this some sort of lure?

*edit*
not a lure - i think it's an open proxy. all those open ports are so that other hosts can use it as a proxy for whatever service they want. i can't find any resource that actually confirms this (and i think that having all ports open doesn't necessarily mean it's an open proxy), but i think that's what it is.

always something new to learn...

not much

just observed a sweep from IP 66.186.59.50, "ircu.krypt.com", looking into port 1137. a bit of news suggests this is a vulnerability search. the signal is coming from an IRC line, port 6667. they must be looking at IRC logs and sweeping those addresses, since i've actually been on IRC in the last couple of weeks (and last night).

another thing, i also saw (for the first time) some nonreciprocated requests for port 34268 while skype was turned off. looking for a relay? i scanned the source and it doesn't actually seem to be a skype host, though maybe i waited too long, after they had turned it off. instead, they actually had unfiltered, closed ports 5800/5900, which are used for remote desktop viewing. also, no clue as to the OS, so i don't know what it actually is. another user? something else? it's another comcast host, presumably another user, but who knows?

i'll check it out again later.

Thursday, May 06, 2010

internet metaphors

okay, this is kind of dumb, bust since i haven't learned anything new lately, it's all i've got.

actually, i thought of this a few days ago. i was at the taekwondojang, thinking about how the classes work. (almost) every class starts the same way, regardless of who the teacher is, with a set of warmup exercises. different teachers will count a little differently, faster or slower maybe, but everyone does the same exercises. next, we start going through techniques in the lineup, and the first is always "riding stance to the left, left-hand punch". next technique will usually be "step forward front stance, low-section guarding block".

so, up to this point things are the same no matter who the instructor is, no matter what the rest of the class is going to be about. from here, things are still predictable to a point - after the low-section blocks, we'll probably do mid and high section blocks, maybe with a punch after the mid-section blocks. next, we go to fighting stance and start doing kicks, with front kick and punch first, round kick and roundhouse punch next, then sidekick with knifehand strike. it gets less and less predictable after this.

by the end of the lineup, we've probably done a couple of techniques that haven't come up in at least a week or so in other lineups. then, the rest of class will focus on a few specific techniques in some permutation of the "find a partner" game.

what this has to do with the internet is that i realized that the course of a given class could be analogized directly to a traceroute, assuming a single start location. the first few steps away from the local host are the same every time, but depending on the destination eventually the paths will diverge. the warmup and starting techniques are like the local network path out, the later techniques are like the area network, where there are a few possible large routers to choose from, and the remainder of class is like the ultimate path and network destination. kind of.

really, you could apply this structure to all sorts of things, where the first few steps are the same, but eventually there's a divergence and then different paths to disparate destinations. in a lot of ways that's how the brain works, how distribution networks of all kinds operate, etc.

like i said, not too interesting, but it's all i've got for now.

Saturday, May 01, 2010

local network

i mentioned earlier that i had tried the traceroute scan on the institute's local network. i had, but it was so dense that trying to look at the graph caused nmap to die. i did it again today, but carefully collapsed the densest nodes, so i could see the 'backbone' of the network. what i saw was interesting, and implies that my thinking was kind of mistaken.

i had been thinking that i would be looking at the institute network - that the institute must have set up a local 192.168 network within the Harvard system, and that by scanning that prefix (up to 192.168.36.255, which was where addresses seemed to stop existing) i would get back a picture of the institute network. instead, i saw that the scan went out into the Harvard 128.103 network, then back into the local network. I think this may have been scanning into systems outside of the Institute, and except for the hosts themselves (on the other side of the Harvard nodes) i got back no IP info, so couldn't see the structure. what i could see was that hosts with names on my side of the Harvard nodes all were associated explicitly with the institute (having the institute initials in the hostname), while those on the other side did not.

but, from institute out, i could see that there's a single way out of the institute network, connecting to two nodes both named something like 'core' (i don't have the scan here at home to look at). one of these led into many, many other private network hosts along those blind pathways, and so did the other, along with leading to the node that exits the system into NOX, or level3, or wherever the localhost is pointing.

so, point is, a traceroute to another address with the same prefix as the localhost may not traverse only other hosts with the same prefix. i had assumed that the 192.168 network was somehow self contained, that any hosts i saw within it must be linked through other 192.168 hosts. apparently this isn't necessarily how it works. i have more to learn.

(actually, i had noticed this last week, in scanning my comcast prefix - i found other systems separated from me by large interchanges with different prefixes (but prefixes common to other interchanges), but themselves having the same prefix as mine. i didn't understand it at the time, but forgot about it. this bugged me more, probably because of the 'private network' label attached to 192.168.)

Wednesday, April 28, 2010

traceroute scanning

something that's lots of fun to do is to scan a network with a traceroute command. what you get back is a (relatively) complete picture of the network connecting all the hosts with the specified prefix. depending on where you point it, it can be very, very big.

like i mentioned earlier, i know which node it is that stands between me and several routers that connect to different parts of the Boston internet. one of those routers goes to NOX, and another one to other residential (i think) comcast accounts. if i point the traceroute scan at a comcast node that's relatively nearby, and that contains the same IP prefix as mine (20 bits is reasonable and doesn't give back 65 thousand possible hosts), i get back a nice, complex picture of a network extending from here and across Boston, and across MA to CT, VT, and the MA-NY border.

i tried the same thing on the private 192.168 network at the institute, and got back something similar, and actually much denser (which makes sense, all hosts within the network have the same prefix, so i could get them all in one big shot, but the comcast network was relatively sparser, and seemed to have same-prefix hosts separated by nodes with different prefixes, which i don't understand...). since it's a single institution, it's organized differently - there are nodes for different users, but mainly the network divisions are more functional, with databases in one place, outgoing servers in another, administrative here, labs there. the comcast network looked much more regional, with a Hartford node, others (i get all these new englandy names confused, they all sound like Westly or Chestford or something like that).

ok, need to step back now and get more acquainted with the specifics rather than just playing with these toys...

Tuesday, April 27, 2010

network scanning

okay, so i know how to use CIDR notation now. knowing this, i can get a network scan to work; you specify a prefix, and look for hosts on that network. last night i did this for a while on a couple of targets (jingping's insightbb network, and an AOL network around Cincinnati that i found through another connected skype user), and found that i could recognize a computer using skype by the ports it had open - all hosts i had looked at which i knew were running skype had open TCP ports on 80 and 443. so, when i saw a couple of hosts with those open ports, i guessed it must be skype, and confirmed it with more intensive, specific scans.

i also looked at my own network. given what i know, i was the only visible skype user. there was another machine which nmap guessed was a VOIP router, which is kind of interesting.

so, looking at networks is interesting. you can see all the hosts at once, get quick summaries of just what type of host they might be and what they're doing, and all of this with a couple of simple tools and some ability to recognize states (which the tools are of course better than me at doing).

also, from my office, i can see that my home network is linked by a single router to a different node than i see from home, one of the NOX comcast nodes (i can't remember what it is from home, but it isn't NOX, which is what ties together all these new england university networks). so, that router has access to several dozen hosts including my computer, and also to several higher comcast nodes, through which it can send traffic off in various directions. in other words, i think that that router is the single bottleneck for traffic from my home computer - i'm one hop from the open internet.

Monday, April 26, 2010

portscan

just got my first portscan result.

it's another address in boston, using skype. it's also a comcast address, and the first 16 bits are the same as my address. the prefix of the server above it says 'needham'. i guess it's strange that it's such a similar location to mine, and i suppose i could be looking into some sort of mirror that i don't understand, but i do think it's a real, other user, somewhere here in town.

nmap saw that its http ports (80 and 443) were open, and decided that they were being used by the Skype service. i can also see that port 2265 is open, the same port from which i'm receiving packets from this computer.

the other open port (2222) is associated with a website administration program, or with who knows what else.

nmap also claims with some confidence that the computer is a pocket PC running some version of windows XP.

still, i have no idea why this computer is reflecting messages through my computer. and i still haven't figured out why there's always an explicit connection through skype with another computer - other than jingping, this is the only skype connection at the moment, so it is *the other* connection. now i'll see if it shows up again...

Saturday, April 24, 2010

nmap 1

got a program called nmap, using the windows gui.

i can't really get a port scan to work on another computer. i tried to get jingping to turn off her firewall, but she said it was already off - i guess norton does its own firewall.

still, nmap has other neat functions. you can get it to do traceroute for you, along with other things, and it will hold on to all the data for you. as you do this, it creates a graphic plot of all the addresses you've been querying. if you're doing tracerouts, it plots ip paths, which is fantastic. here's what i did:

still working off the mysteries of Skype, i ran the network monitor for a few minutes, and got a list of those UDP conversations through port 34368. most of these just consist of my computer sending out a single datagram to some other address, with which i may or may not be also involved in a TCP session. a few ms later, i get a UDP back from the target. there were about 15 of these over a 5 minute period. i plugged them all into the nmap and tracerouted them (had to do this one by one, i'm going to have to get a little more sophisticated), and got back a neat plot showing how all these connections are related to me. these other IP addresses were all over the world, China, NZ, Japan, Russia, France, all over. maybe those are the supernodes, and i'm just registering with them by sending a datagram?

the plot is interesting in itself:


you can't read them but the ip address of every node along the route is listed. the maps are dynamic; you can highlight a node and all its children (those further down the route away from the center), change the center node, rotate, etc.

like i said, most of those UDP exchanges were just 2 packets, one out and one response. there were two other things that happened. one was, I sent 2 UDP packets and got back 1 RTP packet, which i think is actually a UDP packet carrying audio/video information. there wasn't anything else associated with that address, though, so i can't guess what that was about.

the other interesting thing was an instance where i sent 3 UDP packets to a certain address, with no response. i actually guessed the reason: they were being sent to jingping's laptop on campus, on the UofL wireless network, where it hasn't actually been connnected since early friday evening: i sent those UDP packets after midnight, more than 7 hours after she had disconnected.

why did this happen? one thing is, i may have left Skype running on the computer in my office, and during the day that was a connection to her laptop on the campus wireless network. or, i may have turned it off - sometimes i forget, usually i don't, but i don't usually remember if i remembered, only if i forgot (strange how that works). at any rate, for some reason, my computer, being connected with my Skype account, thought to check to see if that UofL address was still on, despite the fact that the account it had been associated with was now associated with another IP address. this doesn't make a lot of sense to me. some sort of cleanup work on Skype's part?

mysteries, mysteries.

Thursday, April 22, 2010

http://nil.isi.edu/

oh, this is neat!

i saw an ICMP 'echo request' packet! i was in an IRC channel at the time, for the first time in like 10 years, so i thought maybe it was somebody there. but the request actually had a working URL attached, which is in the title of this post (http://nil.isi.edu/). it really was a ping, an automated, scientific ping!

internet is very, very interesting.

Tuesday, April 20, 2010

portsweeping

this is called portsweeping!

i saw another one, in China (Jinan, Shandong maybe), this one looking into port 6000, which can be used for remote keystroke recording.

somebody just sets up a program to search the internet for computers with vulnerable ports. it's like if someone could go and scan apartments for ones with unlocked doors or open windows - then send in the thieves! amazing!

MS WBT SERVER

watching the net monitor again, with network applications turned off. saw one unassociated address - tracked down to Henan, China. to look this up, i stopped the monitor and opened the web browser. then i started the monitor up again, and right away realized i had failed to check the port number.
luckily (or unluckily) i caught another one. this one was either in Georgia (.ge) or Turkey - i think the service is based in Turkey, but the address was in Georgia.

so, this address exchanged several TCP packets with my computer, none of which seemed to contain anything (i say this only because they had 'payload lengths' of zero - this is not something i have researched yet). they were exchanged through port 3389, which actually carried a label: MS WBT SERVER. what is MS WBT SERVER you ask? this is the port used by the 'Remote Desktop' utility in windows. obviously, this was something in the Caucasus searching for a computer with a somehow vulnerable port 3389.

how to tell if it's vulnerable? maybe if i was using the utility? i don't know. maybe he's watching me type right now, though i think then i'd be able to see him still. it was a total of 8 TCP packets, followed a couple of minutes later by 2 UDP packets.

very interesting!

Monday, April 19, 2010

skype port? broadcasts?

ok, very briefly because it's late.

if i leave the network monitor on for a while, it lists lots and lots of conversations between ARKIV (my computer) and other addresses out there in the world. most of these are UDP packets, but not all. of the ones that are UDP packets, i'm pretty sure that they're all associated with Skype. here is how i know:

the monitor does show when conversations are known to be controlled by a particular process like Skype. so, tonight, i record for a while, and i see two other addresses associated with Skype. one is jingping, i know, because tracert tells me that it's an insight address routed through Atlanta, and i already know that's our service in louisville. the other is somebody in new bedford MA, still in the comcast network. i don't know what that is.

anyways, so i can see jingping's IP address. it also shows up in the 'unknown' associated list of all those UDP conversations, with a different port number, 34268. all the other UDP conversations (most - i didn't look at each one) are also going to port 34268, so i deduce that they must also be associated with Skype.

so, apparently Skype is going to be an internet learning tool for me. it's very mysterious. are these other Skype users, using ARKIV as a waypoint for finding other users? i think that's what a supernode does, but from what i've read supernodes should have many, many more connections. so, i still don't know what this is all about, and skype's operations are kind of trade secrets which are hard to research online. still, i'm sure there's plenty out there for me to figure out.

okay, so there, i learned that i can identify a process by its port number. or, at least, i deduced it. it may be wrong.

Thursday, April 08, 2010

well..

oh man. i haven't learned anything today, except that there's only so far you can take a visual simulation before it breaks. so, i've been measuring thresholds for a simulated observer at different spatial frequencies, for content within photographs which has been thresholded depending on a trial-to-trial staircase. it works pretty well for the images themselves. the original image gets compared with the image containing a thresholded band, and the observer is able to converge at a measure of the threshold over several hundred trials, similar to a human observer.

what i do is this: the original image gets filtered at the frequency in question, and the filtered image (the output of the filter) is thresholded and added back into the original image minus the filtered image. so, we actually have the original image minus the subthreshold content within the filter. if the threshold is zero, these two images are identical, i.e. they are whole, unfiltered photographs. this is the experiment as i originally ran it on myself, trying to find the just-detectable threshold (the threshold-threshold). to do the experiment simulation, the thresholded image then gets filtered again, meaning that the filter picks up the thresholded content along with residual off-frequency content. this is the only reasonable way to get the test content, since 1) that off-frequency content is there in the image and would be seen by the filter, and thus can't be ignored, and 2) the filtered band contains harmonics which wouldn't be seen by the filter.

naturally, i eventually decided to do the same experiment without the complete image; i.e., just measure threshold-thresholds for the content within the filter. i thought this would be straightforward - i just use the filtered image as the 'original', and the thresholded filtered image as the 'test'. but then, i thought, ah, almost screwed up there: the thresholded filtered image should be filtered again, just like in the original experiment. so, you can see the problem. the original content is lifted straight out of the source image, while the thresholded content gets lifted out of the source image and again out of the thresholded image, which means it will be multiplied twice by the filter. so, even if the threshold is zero, the test and original images will be different.

this is a problem. in fact, it must also be a problem in the original experiment. but, the test and original images in the original experiment are the same when the threshold is zero - i assume this is because the off-frequency content amounts to the difference between the filtered and double-filtered content, and adding the filtered content back into the image basically restores the lost content.

i need to think about this.

Monday, April 05, 2010

UDP packets

ok, so all those strange packets are UDP packets. UDP stands for User Datagram Protocol, which really means nothing to me. anyways, UDP can be used for broadcasting information across a network, and from reading a bit about it i get the impression that its generally kind of messy when compared with TCP. TCP (Transmission Control Protocol) is what is used to build a precise, static file, like a webpage or a file that you save on your computer. so, maybe what i'm seeing on my computer is just content that is broadcasted across the entire local network. still, i don't know why that is done, or why it would be done from far away places, but i'll figure it out.

promiscuous mode

was reading about 'promiscuous mode' the other night, but don't remember much about it. might explain some of the mystery traffic, but i think probably not. apparently you can tell your computer to go ahead and accept whatever traffic happens to wash over it, which i totally don't understand, and use this mode to monitor activity that isn't meant for you. but, i don't think my computer is normally promiscuous, so that may not be relevant. my laptop is probably a zombie, receiving secret orders from another zombie in bulgaria. wow! i'll figure it all out later. anyways, drove to connecticut this weekend with jingping, first time ever out of the City into the "new england". it was alright i guess.

Friday, April 02, 2010

hm..

looking at traffic again last night with the MNM, with the explicit internet applications all turned off. over something like a 20 minute period, there were conversations between my computer and maybe ten others from around the world. i checked a few of these addresses; one in bulgaria, one in italy, one in china. each was only a few packets. i didn't save the recording, which i think i'll do from now on, so maybe eventually i can figure out what these things are. is my computer a zombie? are these just scans or searches from computers in faraway places? i must know.

Wednesday, March 31, 2010

ports and NAT

ok, so i've been kind of curious as to what a port is. i still don't really know, but i think it's kind of like an address for a specific function within a computer. a computer has lots of ports. they're not physical things, more like indices for input and output.

anyway, i was reading about network address translation (NAT), and a part of understanding it requires the concept of ports. NAT is where a computer locally has one IP address, but to the rest of the internet it appears to have a different IP address, and possibly the same address as lots of other computers that are on the same local network. this happens because they're all on a private network, say, and they're all using a router to send info out into the internet, and get info back out of it. the router knows all of the computers on the private network by their private IP addresses, and it assigns each of these to a specific port number for its own IP address (the router being just another computer in the network).

so, when a computer on the private network sends a message out into the internet, its private IP address gets changed ('translated') into the IP address of the router plus a specific port number. incoming messages meant for that computer must have the correct port number; basically, for the router, port numbers refer to computers on the private network.

but that's not enough, because each of those computers is using different ports to do different jobs with different targets on the network: one port keeps in touch with the Skype supernode, one port is getting data for a file i'm downloading, and another port is sending the info that i'm typing into this blogger.com window right now. so, actually, the router has to assign a different port number to each port on each computer on the private network; so, for the router, a specific port number will refer to a specific port on a specific computer on the private network.

i'm pretty sure this is all true for the protocols that have to do with sending and receiving files. i still need to learn about protocols, but i think there are also protocols for sending packets to all computers on a network, so maybe you wouldn't need to know their port numbers exactly to do that. not sure.

anyways, there's some stuff about ports.

Monday, March 29, 2010

microsoft network monitor

oh, this is even better. i figured there must be programs for watching network activity in real time. i just googled "network monitor", and this was the first thing on the list: "microsoft network monitor". hey! i thought i'd see what it did.

what it does is exactly what i thought it did, and more. it keeps track of all the packets going in and out of the computer over a period of time. it also automatically bins these packets according to 'conversation', which is the set of [origin destination] that describes all of them. so, all the packets i send to jingping through skype fall in one bin, and all the ones she sends to me fall in another bin, for example.

last night i saw a couple of strange addresses communicating with my computer. i had turned off the browser, skype, and the chinese dictionary (which has some sort of homing beacon to beijing in it), but i still saw those packets arriving. where were they coming from? i don't know, except that one origin was in china (ningbo; 'zooz.org') and the other in australia (forgot the city). maybe my computer is a zombie! i will solve this mystery..

now, i need to learn more about packets and protocols.

Saturday, March 27, 2010

netstat

okay, netstat is neat. it shows you a list of all the IP addresses to which your computer is connected by a port. i haven't figured out what exactly a port is yet, but i think it's just like some sort of i/o index for the computer. what's more neat is that if you type netstat -b, it will show you the list along with the applications associated with each. for me, this basically means firefox (chrome boo) or skype.

so, from this i have learned something interesting about skype. if you're just connected to it, you'll see some foreign address that's unfamiliar - i guess it's just like a neutral relay node or something, which you use to connect to other people. if you're currently talking with someone, in chat or phone, you can actually see their address directly. this is why skype is a 'peer-to-peer' service: you connect directly with the other person.

Friday, March 19, 2010

about IP addresses

so i've been reading about how the internet works, since i know absolutely nothing about it. one thing i learned today was that the IP address i see for my computer may not be, or probably isn't, the IP address that the internet sees, since it may just be an address within a private network. specifically, if an address starts with 192.168., it's definitely a local network address, and it doesn't make sense to look for it from across the internet.

so, i know slightly more than nothing now.

Friday, March 05, 2010

生活是婊子(命运多舛),original by Lemmy

不知你是谁
不知你的名
可你若想活
你得学竞争

你为何这里
没看见你脸
你若不想败
你得藏疤痕

让可怜人哭
你生活的路
让可怜人笑
你生活的路

离开时间到
你最好上路
别尖叫
别呼喊
三振就出局
我知很遗憾
没机会看秀
又害怕上司
杀掉告密者
只记住生活是婊子

Wednesday, June 10, 2009

Mr G's

Ben Gemel was hungry. He stalked past darkened storefronts, stared down a dazed hobo, and stood starkly at the corner of 5th and Elm. Ben Gemel had never been here before. He had only been in this city for a few hours. He looked south down 5th, east on Elm, north up 5th, and west on Elm, looking for some glow that might call out 'food sold here'. It was just after four in the morning. Ben Gemel saw a yellow glow, on a corner two blocks west. He read the letters on the sign, block letters arranged in two lines. "MR G'S DINE IN". A sign in the window said Mr G's opened at 4am. The menu looked reasonable. Ben Gemel started walking.

Ben Gemel had superior visual acuity. When he entered the Service, he was immediately singled out. The staff optometrician determined that his acuity was on the order of 20/2. He could get by fine without binoculars. At night, Ben Gemel could read a menu in a diner window from a thousand feet away. He could recognize a face at 5000 feet. He could do better when both eyes were good.

Approaching Mr G's, Ben Gemel noticed that the sky had cleared. He could see stars, and the approach of sunlight. Venus was over the horizon. Ben Gemel thought of Dalen Rutger. Was he angry? He probably was. It would be hard to keep one's composure, after such a humilation. When Ben Gemel reached Mr G's entrance, he paused. He looked through the round window at the top of the door, and imagined that he saw Dalen Rutger sitting at the counter, staring into his cup of coffee.

Tuesday, June 02, 2009

Sunk

"Station eight. In the field."

"I don't understand," said Dalen. He yawned, and asked "What do you mean?"

"The field," gasped Vic Hoyle. "Field." Vic's eyes rolled back, and he choked on his last breath. Images, remembered voices, and fragmented thoughts flowed through Vic Hoyle's mind. He made a final effort to piece together what had happened. Dalen's face was still in shadow, and Vic struggled to recognize it. His grip on Dalen's collar relaxed, and released, and his hand fell to his side, arm across his belly. Dalen sighed, and he waited for Vic Hoyle's last paroxysms of thought to dissipate.

"The field," said Dalen. With enormous effort he stood, and looked at the envelope he still held in both hands. He folded it once, along the shorter meridian, pulled open his jacket, and tucked the envelope into a pocket. For a moment he paused, his hand still in the pocket, still gripping the envelope.

From the same pocket he produced a tiny bottle, smaller than any of his fingertips, stopped with an even tinier cork. Inside was a miniscule seed, like a miniature cumin seed, brown with black striations from end to end. Dalen Rutger gazed at the seed, momentarily forgot where he was, that he was on the deck of a sinking ship, in a freezing harbor under a starry sky. Behind him there was a crash, of a crane or some other massive thing toppling into the water, and his reverie was broken.

Dalen placed the bottle back in the pocket with the envelope. He looked at the sky, looked for a familiar star or constellation. He thought about Ben Gemel, and about how he would make him pay for this disaster. He would pay in blood, and in tiny seeds.

From the shore Ben Gemel watched the flames rise from the sinking container ship. He knew that Dalen Rutger would survive, and that they would meet again.

Sunday, May 17, 2009

A Train Ride!

(i never published this one for some reason; it's 3-26-12 now, here it goes, dated retroactively)

Vic arrived at work an hour late. He had been watching a stranger in the alley, from what he thought was a safe distance, through unusually heavy morning fog. He had missed his train, and had to wait on the platform with the front-end of the morning rush hour.

During his twenty minute wait, the platform had accumulated between fifty and sixty commuters, people who worked in the city in tall buildings. Most of them were supposed to be at their desks by eight o' clock. Vic was supposed to be at his post, selling tickets to travelers beneath the street at 9th Avenue Station, at seven o' clock.

As he boarded the 7:15 West Blue Regional to 9th Street, he glanced down the platform at all the commuters. Staring back at him from the same distance as he had been staring at the strange fellow in the alley a half hour earlier was the strange fellow himself. Ben Gemel caught Vic's glance and then quickly broke it, and boarded the train. As this is a common experience in public, and as he could not recognize the placid and anonymous face of Ben Gemel, Vic noticed nothing out of the ordinary, and boarded his own train car.

Ben Gemel took a seat in the nearly empty car. Lenape Station was the end of the line for the West Blue Regional, first and last stop. For the next twenty minutes, through six stops across the expanse of West City, the car was filled to capacity. Throughout his trip, Ben Gemel alternated between studying the attire of his fellow travelers and studying the smooth gray spot in the center of the palm of his right hand. At last, when the train came to 9th Street Station, Ben Gemel stood, thrust his hands into his pockets, and flowed out of the train with a third of the other riders.

Vic exited the train at the same moment as Ben Gemel, unknowing, and dodged across the station until he came to a door marked "MTA Personnel Only". He pressed his palm against a flat, black panel mounted next to the door, and pulled the door open. Inside, he was stopped at the security station, presented his credentials, and then rushed to his locker to retrieve his uniform.

Wednesday, May 06, 2009

Return

Ben Gemel was the figure in the alleyway, the one Vic Hoyle had seen in the morning. Through the fog, Vic could see someone pacing back and forth behind the church. Vic had stopped to watch. He met others in the alleyway sometimes, but when they were nearby, near enough to make eye contact, he never stopped to watch. It would be asking for trouble. But this morning Ben Gemel was far enough from Vic Hoyle that Vic felt safe stopping and watching. The mist added distance, made Vic feel as if he were further from Ben Gemel than he really was. He didn't realize this at the time.

Ben Gemel was looking for something he had thrown out of a window a half hour earlier. He had been meeting with a deacon, had brought something to sell him, and had noticed something interesting on the deacon's desk. A little brass disk, the size of a dime, with a loop on one side as if it were meant to hang on a necklace.

As the deacon rambled on about some righteous thing or another, trying to convince Ben Gemel to lower his price, Ben had concentrated all his mental energies on the brass disk. It was as if there was nothing else in the room! When the deacon stopped talking, Ben Gemel named a price. The deacon paused, smiled, and nodded. Ben Gemel stretched out his arm and opened his hand, palm up, in the space between himself and the deacon. In his palm there was a seed, tiny, tinier than a fennel seed, and heavier than the shoes Ben Gemel was wearing. Ben Gemel smiled a toothy smile at the deacon, and repeated his price.

The deacon crept forward, seemingly repelled by the miniscule object in Ben Gemel's upturned palm. He spoke one word: "Paid". He licked the tip of his index finger with a dry tongue, and pressed the fingertip into Ben Gemel's palm. There was a flash of light and a loud pop, and the deacon was replaced in the room by a pile of green ashes and an aromatic mist. Ben Gemel went to the deacon's desk, to the brass disk, and picked it up. He went to the window, pried it open, and tossed the disk into the alleyway.

Ben Gemel paced in the alleyway, searching for the disk. Vic Hoyle watched him from a smaller distance than was in fact safe or advisable. Ben Gemel knew he was being watched. He saw a glint of metal in a tuft of grimy gray grass, and knelt to have a look. It was his treasure. He picked it up, held it up to his one good eye, and smiled. It was a toothy smile.

Monday, December 01, 2008

Andrew,

I am wondering, how many lectures have you prepared?

How many pages of dissertation have you written lately?

Do you have a job yet?

Are you hungry?

Wednesday, September 10, 2008

Mystery of the Numerous Forks

Ah..

I hadn't washed dishes in a couple of days, so there was a pile of them in the sink. For one person, I use a lot of dishes every day. There was also a bit of extra silverware left over from the last time I dishwashed, I must have given up before finishing.

Anyways, I noticed what I had noticed last time I washed a pile of leftover dishes at once, that there were a bunch of forks in the sink. This was strange, because I absolutely never eat with a fork. That last time, and this time, I stood there wondering, where are these forks coming from? I thought about everything I ate, at different times of day, weekdays or weekends, and none of them involve a fork. I use spoons or chopsticks. Never forks.

So, I gave up thinking about it, just couldn't figure it out. I even fantasized that maybe it was a signal from someone, someone who had been sneaking into my apartment when I wasn't there, or when I was asleep. They might be trying to frighten me by doing otherwise unexplainable things. But, I figured that now I was sensitized to fork use, and the next time one came up, I would be sure to notice, and the problem would be solved.

This morning I go to pack my lunch, getting covered bowls of leftovers from the refrigerator and scraping selections into my lunch container. Sure enough, I used a fork, and then I tossed it into the sink.

Problem solved, life can continue now.

Monday, July 21, 2008

Not locking my bike, and letting it get stolen

Man. So, I go to China, and before I go I put my bike in the stairwell, inside my building, where you need a key to get inside. I've already locked the wheel on Jingping's bike, and so naturally I tell myself to lock my bike, but apparently I forget. I get back from China 18 days later, and my bicycle is gone.

Now, it is my fault, and I am an idiot, for not putting the lock on the bicycle wheel. I know this. But I also blame one of my neighbors, though I don't know which one. Either 1) someone propped the outside door open so they could move something, or because they were too dumb to take their key with them, allowing one of the wandering neighborhood thieves to wander by, walk in an open door, and find my unprotected bike, or 2) one of my neighbors is himself a thief, or closely associates with thieves.

Muggings, break-ins, car windows smashed in, stuff stolen, bike seat taken. I am an idiot for living through all of these things and still not locking my bicycle.

Wednesday, June 18, 2008

幺典黑桃! (the ace of spades)

如果你想赌,我说我是你人
你有时获,有时输,为我都是一样-
(吧吧吧吧吧,吧吧吧吧吧)
那愉快是游戏,你的说没有影响
(吧吧吧吧吧,吧吧吧吧吧)
我没有你贪欲,单独一牌我需
幺点黑桃,幺点黑桃!

你猜我就要输,也堵就是为愚
但那道我就喜欢,猴子,我不要成不朽的!
也不忘那王牌!

Wednesday, May 07, 2008

Getting my bike seat stolen, and buying an inadequate replacement

Oh gosh! Someone stole the seat right off my bicycle last week while it was locked up outside the building where I work every day. This brings us to the first point at which I am an idiot. At some point late in the afternoon I walked over to the music building to play the piano for a little while. The bicycle seat thief was probably at that very moment stealing the seat off my bicycle, and all I would have had to do was turn my head to the left, to see the spot beside the building where I had locked said bicycle, thereby catching the thief red-handed and giving myself an opportunity to interrupt him and given him a good talking to. So, I am an idiot for not casually checking on the status of my bicycle seat a good hour or so before I noticed it stolen, since I would have had some tiny chance of saving it.

Next, I waited a week to buy a new one, punishing myself by riding everyday to and from school without a seat, which is both dangerous and very difficult, since you basically have to stand the whole time, raising your center of gravity and making your legs do more work than usual. It also makes it impossible to pedal constantly, so you have to pedal in short bursts, which makes it even more difficult.

Anyway, I waited a week to buy a new one, and when I did, I bought a twenty dollar one at a bike shop, and it seemed comparable to the original, which was a pretty good seat for a $100 Walmart bike. Only when I got home with it did I explicitly realize that I couldn't attach this new seat, since the post connecting seat and bike had also been stolen. I went back to the bike shop, and asked about this, and they said I should bring the bike in since the post is measured in millimeters, and there are 18 different sizes, and it would be pretty tough for me to get that precision with an old wooden yardstick. At this point, I got a parking ticket for not paying the meter, and the guy was in the process of calling in a tow truck at the moment I came out of the shop, so that was close.

So, I return to the bike shop a third time with my bike, and they tell me it's $16 for the post thingie. I think to myself, at this rate replacing all the parts in my bike would cost probably $1000 dollars, so this is already an imprudent course of action, spending $36 for a new seat. So I get all cheap all of a sudden (yeah, right), and ask to exchange the $20 seat I previously bought for the cheapest one they had, which was just $10 and is basically a piece of hard plastic. So there's the second part: I am an idiot for thinking a comfortable bike seat is not worth $10, though my idiocy may be vindicated if someone also steals this new seat. Maybe they would have been more likely to steal the nicer one. I'm still an idiot. Idiot.

Tuesday, March 04, 2008

My New Look

Unfortunately, I promised to divert any visitors to see what I look like now:
http://retort27.blogspot.com/2008/03/mybf.html

Luckily, I don't get any visitors!

Tuesday, February 05, 2008

Post of the apocalyptic future to the future from the man of the past.

100th post!

I am writing this only out of the general hope that future generations might, in excavations of the ruins of this tomb, happen upon it and read it. Hello there, future generations! How did you make it through the War? How did you make it past the giant rats? I am certain that society has been rebuilt, and that your devices and contrivances are far more contrived than were those of my society, the one which brought such disaster upon itself. Oh dear... since my oxygen is clearly running out, I must be quick.

When you find this message, undoubtedly through the use of some seemingly magical gadget which can simply read information out of a decayed data-bank, I hope you are not too dismayed at my primitive, though surprisingly forward-looking, outlook. No, we in my time did not believe in magic, though we certainly found entertaining those who trained to perform outstanding feats of illusion and trickery. Still, even with all your high technology, you must be surprised to find yourself being addressed by one such as I, a man dead for more years than he lived. We were the same as you, we men and women of the past! We yearned to know the future, to know of the world which would follow us! People of the future, humanity, hear the call of the past, of one who has been crushed by the mistakes of his society! Be good to one another, and treat your fellows as if they too were men of the future, looking out on a world which you will never see or can never fathom.

Now, if, on the other hand, you are not the future of humanity, and are in fact a giant rat whose successive generations have through atomic mutation developed faculties of higher cognition and technological prowess, may I curse you with and bestow upon you a world of infinite troubles, wonders, and terrors. Beware, giant rat of the future! The world you have inherited is not all you think it is. Unless of course your cognitive skills are far beyond those of we extinct, or perhaps perpetually enslaved, humans, enabling you to comprehend matters far beyond the ken of a mortal man... Farewell giant rat of the future, or human of the future, and good luck to you in all that you do.

Gasp!

Tuesday, November 27, 2007

important message

Post:

I hereby call a meeting of all party members, 4 am Wednesday at the fish counter. There has been an accident, and some duties need to be redistributed in the usual fashion.

This morning, as I was mixing up a new recipe for the newsletter I suddenly was struck by the coldest of chills. Winter, my abdomen was telling me, had at last arrived, and the heat had not yet been turned on. I rushed outside in one stocking and a bare foot, calling to my neighbors to shake out their flags and get ready for a parade, when the small toe on my bare foot caught between two sides of a narrow crack in the streetside masonry. In an instant, I was twisted, turned, and thrown flat on the side of my head.

So, a fire will need to be built, and an effigy burnt, and posters printed, all without my direct supervision. I will be there for the meeting but you will see for yourselves the degree to which the pain of my injuries has very nearly incapacitated me. As general secretary, it falls to me to appoint a standing supervisory secretary, as per party guidelines, and you all know what that means. I am sorry, but everyone is to bring a cat and a coffee tin to the meeting.

Also, when the next garbage cycle comes around, someone needs to remember to post blanket men at the dropoff on the corner of 5th and Main, seeing as how otherwise someone is going to get hit with something heavy, since that's usually where heavy appliances and old lab equipment get tossed out. If I could send a message up the spire, I would, and I hope that my previous message to this effect has been distributed by leaflet as I instructed in the last post. For whatever reason, the spirecrats are backlogged beyond their normal late-autumn backlog, and we have no choice but to wait until our complaints can be considered by the central committee.

Now, as for the winter parade, I only ask that if you feel a need to call on your neighbors to dust off their flags and put on their shiniest boots, you do so with shoes on and during a reasonable hour when someone might be expected to come to your aid should your understandable fervor and excitement bring you to some unfortunate accident.

Onward, fellow revolutionaries!

Monday, October 15, 2007

Andrew's House of Noodles


It is true that even I do not visit this site anymore. Others are probably afraid that they will come and be exposed to more comic dialogues on probability summation. Look at that dropoff! It's almost linear. That is fantastic, I say.

Tuesday, October 09, 2007

a short play

McQueen: still working on prelim.

Sorensen: should be done any hour now.

McQueen: still need a paragraph or two on 'transient and sustained mechanisms'.

Sorensen: need to cut down on the long bits.

O'Leary: figures. need figures.

Thursday, September 06, 2007

Introducing Elgar and Stern

Elgar: It's interesting that, still, no one is able to explain the nonlinearity of contrast detection for human observers.

Stern: Why is that so interesting?

Elgar: I mean, academically it's interesting. In an everyday sense, it's probably not as interesting as most things that-

Stern: I understand. So, why would you say it's so interesting?

Elgar: It's just something that people have been talking about for a long time. Very weak contrasts seem to be brought into visual awareness by an expansive nonlinearity.

Stern: What does that mean, exactly?

Elgar: Basically, it means that input is being raised to a power greater than one, as a part of the detection process.

Stern: Input being contrast.

Elgar: Right. Specifically, it seems as if contrast is raised to a power of around 2.5. The thing is, your brain is not an equation. Even though we can write an equation to perfectly describe your perception of different signal intensities, we really don't have a good idea of what, physically at least, that equation is describing. There are several candidates.

Stern: I can't wait for you to describe them to me.

Elgar: The simplest one is just to say that the transducer is simply built in such a way that it transforms input into output as a power function.

Stern: Like a neuron, maybe?

Elgar: Could be. Or maybe a networked population of neurons. Maybe for low signal intensities, a contrast-detection neuron just has an accelerating response to increasing input. Then, you still have to explain why that particular nonlinearity goes away for higher contrasts, but people love to suggest different sorts of gain control, so it's not really a problem.

Stern: Wait, it goes away? Are you talking about transducer saturation? Weber's law, that kind of stuff?

Elgar: Right. Once you've detected a signal, and intensity continues to increase, the apparent increase in response, as well as your perceived intensity, increases as a power less than one. So, for example, the stronger the signal is, the bigger the difference in intensity you're going to need to notice an increase. That's kind of like Weber's law.

Stern: I thought that was Weber's law.

Elgar: Strictly speaking, Weber's law is where you need a constant fraction of the current signal intensity in order to tell a difference. If I need to add 1 pound for you to notice a difference in a 10 pound load, and I also need to add 5 pounds for you to notice a difference in a 50 pound load, the fraction is constant, and that's Weber's law behavior.

Stern: Okay, I get it. So, an accelerating transducer is one explanation for the detection nonlinearity. What else is there?

Elgar: Well, it could be that all of your neurons transduce linearly near the detection threshold. Plus, it's certainly true that you have lots and lots of neurons. If both of these are the case, and if you're monitoring lots and lots of neurons waiting for a signal to pop out against the background noise level, then uncertainty theory suggests that as intensity increases your sensitivity to the signal will increase rapidly as you become more and more certain as to which neurons are the best ones to monitor.

Stern: So why does uncertainty theory predict an accerating increase in sensitivity? That's not exactly an intuitive idea.

Elgar: I know. It's a mathematical thing. 'Certainty' is kind of just an ad hoc way of describing an outcome. If you're making decisions based on the biggest responses you see over a set of neurons, you effectively have a variable noise source. When the signal is weak, the important noise is a combination of all those neurons that don't matter, and the ones that do. When the signal is strong, the only noise that matters is what's in the relevant neurons, because those will always have the largest responses. The transition between weak and strong signals, then, basically corresponds to a transition from high to low noise, which is equivalent to an increase in sensitivity. An increase in instantaneous sensitivity with increasing signal strength appears as an acceleration in overall sensitivity! For strong signals, the observer's behavior will just follow whatever the transduction function of the neuron is. In this case, maybe it saturates as a power less than one.

Stern: Man.

Elgar: There's one more explanation, one that I don't know much about.

Stern: So this will be a brief explanation.

Elgar: I hope so. The nonlinear transducer and uncertainty theories both abide by standard assumptions of signal detection theory. So, they assume that even below 'threshold', the neurons, or whatever, are actually responding to the signal; the response is just hopelessly buried in noise.

Stern: What if there is no noise? Why do you keep mentioning noise?

Elgar: All systems are noisy, and usually the noise has a number of different sources. In the visual system you have photon noise, metabolic variability, eye movements, thermal noise, and other things. All of these, we hope, combine to produce basically Gaussian noise. But there's no chance at all that there could be no noise, and in fact every model of signal detection, perceptual or otherwise, implicitly contains terms for performance-limiting noise.

Stern: I think I knew that already. I should have known that this wouldn't be a simple idea.

Elgar: Actually, noise isn't what I'm talking about. My point is that the first two theories assume, sort of, that the signal is always transduced, and that uncertainty or noise limit detection. The last option is that this isn't true; that there is a true, 'hard threshold', which has to be acheived before any transduction takes place.

Stern: I see. Kind of like overcoming friction to get something moving across a surface. Up to a point, you may push and get no result, but with enough force you'll get it moving.

Elgar: That's it! So, maybe the transducer is linear, but it has a real zero-point. Some intensities just fail to evoke a response, but at some point the neuron gets turned on and starts transducing. If it's a steep enough function, depending how the noise is implemented something like this might just appear from the outside to be a sudden, brief acceleration of response to an input.

Stern: Okay, I agree with you that maybe this is kind of interesting. But if I had to hear it more than once, I don't think I could take it.

Elgar: That's understandable. So, aren't you going to ask about how the ways in which noise can be implemented in a hard-threshold theory are especially interesting?

Stern: We'll save that for later. Can I just have my hamburger now?

Elgar: Alright. Did you want fries? I can't remember.

Stern: No fries, just a burger.