Monday, November 30, 2015

Eric Clapton: Clawing back a life

Read Eric Clapton's autobiography to learn how to enjoy life.

I am a fan of Eric Clapton's music.  I grew up listening to the Rainbow Concert and Bluesbreakers on endless repeat.  I sang the praise of Clapton through school years, debating his prowess over other guitarists.  Clapton was a role-model for my guitar playing: both for a choice of instruments, and the choice of music.

So it is surprising that I held off reading his biography till much later.  A few months ago, to be precise, I started reading it.   I knew about much of his life, I had memorized early details of his career.  So I was pleasantly surprised that there was much to learn.  Now that I am a father, I found myself identifying with his later years.  Clapton's love of life, and his joy in family struck me more than his prowess with the guitar.

I started out loving Clapton, the guitar God.  Now I am in awe of Clapton, the daddy.


Clapton's book goes in chronological order through his life.  His early years, a tough childhood, and his early success at music.  The writing style is easy, and his honesty comes through.  He is honest on his academic failure, and his eagerness to regain a life through music.  He is honest about his shaky relationship with women, and his hesitation in approaching them.  He is honest about the success of other musicians around him, and how much they helped him.

The most gripping parts were his middle years, "Lost Years" as he calls it.  While I knew that Clapton had struggled with substance abuse, the extent of the abuse shocked me.  The damage it caused to his family and friends, and his life was horrifying.    And his recovery and relapse into alcohol addiction was equally saddening.  One of the most brilliant guitarists of our age, a God, struggling with such a mortal weakness!  Clapton's frequent references to his diary are impressive.  Having kept a journal, he was able to dig back into those years and paint a clear picture.  Deep in the midst of his substance abuse, he frequently forgets entire days and even concerts that he played at.

Clapton's recent years are the most mysterious to me.  In the recent past, I started listening to more blues, B.B. King, more jazz, Louis Armstrong.  Over time, my own musical interests have changed.  While I still enjoy the older albums, I find the recent Clapton albums much more to my taste.  "Riding with the King" with B.B. King and Clapton was stellar, as was "Reptile" and "Me and Mr. Johnson".  I found myself identifying more with the cleaner blues sound.  However, by this time I had lost touch with Clapton's life, and didn't idolize him as much.  So it was a complete surprise to find that Eric Clapton had not just recovered from substance abuse, but had found a satisfying family life.  There was an adorable picture of Clapton playing guitar in his children's room.  The mother is sitting on a couch reading a book as the children play by.  It nearly brought a tear to my eye.  I identified with the joy of playing the simplest melody to my kids, and reflecting in their wonder.  I could see my own daughter sing happily at the top of her voice while I struggle to play along.  I could see my son asking me to strum his favorite song, no matter how poorly.

I found that Clapton was a new role model to me.  Not a guitar god who is aloof from humanity.  But a gentler, kinder man.  A person who has prevailed over harsh times.  A parent who provides comfort.  A parent who is glad just to be around the children.

A guitarist who plays for himself and his kids.




Image, courtesy Amazon.

Friday, July 31, 2015

Book Review: Lead Guitar Harvey Vinson

I'm learning Lead guitar from Harvey Vinson's book.  I came across this book in a used bookstore, and it came with flexible record.  Apparently, this is was how music was shipped in the Analogue age.  The technology involved is quite impressive: you can stamp these flexible records out quite cheaply, they are flexible and light.  And you can play it without electricity, if you have a hand-cranked turntable.

So I was talking about this book with my friends, and one of them offered to transcode the record into a format for the digital age.  Mr. DM took the book from me, and returned me three files containing both sides of the record. Side One has a short tuning prelude, and then a rhythm backing track for standard blues in G.  Side Two has tuning, a triplet blues backing track in G, and a track for turnaround in G.

The choice of G is interesting: I much prefer the key of A.  While you are learning, it doesn't matter.

The book goes through the pentatonic scale, the blues variation, and shows you how to build lead for a standard 12 bar blues song.  With the backing track, you can practice and make your own song.  This format works very well: you are learning something basic, and then the book gives you enough understanding to start making your own music.  To a student, this is the most fulfilling part of learning: creating something new.  Many guitar books start the student out on basic tunes.  For a while this is sufficient, but many students tire out of playing dull tunes.  It is exciting to be able to make your own music, to record it, and share it with friends.  This book gives you enough insight that you can start learning the basic of 12 bar blues, and gives you enough starting points to develop your own solos, and your own riffs.

Here are the audio files, in case you have this obscure book, and are stuck with a record that you cannot play any more.  You can download these files and play them locally as backing tracks while you are using the book.  You can also add the audio track to your existing audio project (Logic Pro or Audacity) and record your lead guitar in a separate track.

Side One
Side Two Triplet Blues in G
Side Two Turnaround in G 


 Courtesy: DM for doing an amazing job at converting the record.

Thursday, July 30, 2015

Limiting the rate of ssh connections

The internet is a wild place.  I have an SSH server that is open.  The machine is locked down with very few accounts, all with long passwords, but that doesn't deter attackers from trying to get into the machine.  Most attacks are against the root account, which is futile since the root password is hopelessly long.  And it only accepts public key authentication on that account.

Here is a script I use to limit the number of ssh connections.  As a sample, I show how to rate-limit connections to two ports (222 and 2222) down to one connection in a 60 second window.  Most automated attack scripts back off very rapidly when they notice that they don't get through.  So this easy remedy is enough to thwart a majority of the bot-infested machines.


#!/bin/bash


# Clear all chains
/sbin/iptables -F
/sbin/iptables -L -v -n

# Create a new chain to log and then to drop
/sbin/iptables -N LOGDROP
/sbin/iptables -A LOGDROP -j LOG
/sbin/iptables -A LOGDROP -j DROP

# The external ports 222 and 2222 need to be rate limited.
iptables -I INPUT -p tcp --dport 222 -i eth0 -m state --state NEW -m recent --set --name FIRST
iptables -I INPUT -p tcp --dport 2222 -i eth0 -m state --state NEW -m recent --set --name SECOND

# One connection in a 60 second window.
iptables -I INPUT -p tcp --dport 222 -i eth0 -m state --state NEW -m recent  --update  --name FIRST --seconds 60 --hitcount 1 -j LOGDR
OP
iptables -I INPUT -p tcp --dport 2222 -i eth0 -m state --state NEW -m recent  --update  --name SECOND --seconds 60 --hitcount 1 -j LOG
DROP

Monday, February 23, 2015

Why don't banks have two-factor authentication?

I'm typing this blog using a Gmail account. It is not enough for someone to know my password for this account.  They would need my phone to log into my account.

In the last few months, there has been a spate of passwords leaks and personal information leaks from online sites.  A simple solution for this is Two-Factor authentication.  It requires two distinct components: something you know, and something you have. Usually, you know a password: which is secret.  But you also need an object that is unique to you.  Sometimes this is a special electronic device that prints a very special number based on what was programmed into it.  Sometimes this is a cell phone that can receive text messages (so it is unique).  Sometimes it is a special app on your phone that generates numbers that are unique to your phone.  Even if someone watches you type your password, they don't have your special device.  So they can't log into your account.

Prominent websites have started developing support for Two-Factor authentication, to keep their users safe.  It is disappointing how few American banks support this. I stand to lose more if my bank password gets compromised than if my email account gets compromised.  Capital One promotes Multi-Factor Authentication. It sounds very distinguished, till you learn what it is.

This is from Capital One's page on Multi-Factor Authentication:

What is multi-factor authentication (MFA) and how does it work?
Multifactor authentication is an extra level of authentication for verifying a customer's identity and preventing unauthorized users from accessing financial information.
At enrollment you will set up a series of five security questions.  These questions do expire, so from time to time, you may be asked to update your questions upon signing into your account.  In this instance, you will be presented with a selection of five sets of questions. You’ll be asked to choose the five that are the most meaningful to you and to type in your answers.
You may be asked to answer security questions if our systems require verification that it is you attempting to access your account.  These questions are also used to gain access to your account in the event that you have forgotten your username and password. This is an added layer of security to ensure that the right person is signing into your online account.
If you wish to change your security questions, you can do so online. Just sign in to Online Banking, then click the My Info tab. Click the (+) sign next to Update my sign in information and select the Edit button next to the Security Questions section to update.

It is a couple of extra questions with answers that anyone can type out.  In addition, both the questions and their answers have to be stored on the server (perhaps in cleartext).  It isn't multi-factor at all: it is one factor, just more of it.  To add insult to injury, the questions are hilariously complicated, "What is the last name of your first boyfriend?"  If that increases security, I suggest this question for Capital One to consider for their next round, "What is the last name of your grandmother's first boyfriend?"

Six passwords instead of one don't make you safer.



Image courtesy: motifake.com

Wednesday, July 16, 2014

Windows 9 will be a smashing hit!

I just spent some time with Windows 8 on a computer I purchased for a family member.  Windows 8 marks such a huge departure from Windows that you might consider either holding off a PC purchase, or just get a Mac or a Linux machine instead. Even a Mac will feel more familiar.

Some caveats before we start. I don't know all the terminology around Windows 8 (neither would any new user).  My primary Windows experience has been the Windows XP.  My primary system is Linux because I am a developer, and I use Windows really only for playing games. That said, I can claim some knowledge of computers.

My entire experience can be summed in two words: just baffling.
  1. Metro versus classic apps: this is a confusing minefield. The metro apps don't show up under Control Panel -> Programs. You can launch them only from the Metro interface, and then they take up the full screen where the UI is hilariously large. One of the applications I used was a third-party webcam application bundled with the computer. It had no close button, no menu bar, and the bottom was filled with immense Fisher-Price buttons. Luckily Alt-F4 still worked and closed the window.
    The real confusion here is that the Windows Taskbar no longer shows Metro applications. So the Task Bar doesn't show all running applications anymore. Alt-Tab moves you through Metro and classic applications, but they might as well be on two different systems. It felt like Metro apps were first-class citizens and classic was a Virtual Machine instance. In this world, why bother with the taskbar anymore?
  2. No overlapping Metro apps. Wow, and this isn't the first time that this was tried.
  3. Within minutes of using the new Start shell, I had to install Classic Start. The entire interface for launching applications is totally horrifically broken. To go into all applications, you have to press the Start button, and then click on the down arrow. Then you get an overwhelming list of every application there is, including websites like eBay.  How on earth are people supposed to navigate through this every time they start a new application?
  4. Settings -> "Search and apps" under the Metro Start shows completely different things from "Settings -> Programs" in the Control Panel in the Classic menu. Not just the names, the actual programs listed in the two is different. The Metro Settings contains programs that take 16kb: magical stuff like 'eBay' and 'Skype' which are most likely URLs. The Control Panel in the Classic menu contains the usual Windows XP items like McAfee, Windows .NET libraries. As far as I see, they have no intersection. "Search and apps" contains Metro apps, some of which are URLs and some of which are real programs. The distinction is deliciously vague, so some of them launch in Firefox, while others start an application.
  5. Screen-gestures to navigate around is retarded. There is no way I can use this on a daily basis without my right arm cramping up. Whoever came up with this probably doesn't use a PC for a living. I suspect the goal is to make it like a tablet: but a tablet use-case is so very different from a PC that they might as well be different appliances. And if you choose to use the trackpad for everything, the pointer traversal to go from one edge of the screen (charms) to the other edge of the screen (switcher) will quickly fatigue your fingers.
  6. UEFI secure boot. You can turn off secure boot to test out Knoppix or Ubuntu. But if you do, you get a prominent error message drawn on top of the bottom right of the screen. As far as I can tell, there is no way to turn off this annoyance. There is a special update to disable this watermark though.
  7. The default theme has insanely fat window borders. I looked for some sort of Classic Windows theme to make my window decorations sane again, but didn't find anything in the five minutes I spent on it. Turns our you either have to edit the registry or download a third-party application to do this.
  8. The menu bar on most Windows applications is the ribbon. Again, no way to turn this into something sane.
The entire operating system feels like a cruel joke. At many points I was amazed that this product actually shipped without someone realizing what a terrible idea this is. I suspect people used it on tablets where this works (better than Windows 7). Then they convinced themselves that PCs would be fixed in the next release and that capturing the tablet market was worth the head-shot to the PC users. The system is a Frankenstein-style collection of Chrome OS, Apple's App Store, and everyone's tablet UI bolted together on top of Windows. It feels like Windows 9 Early Preview Beta rather than Windows 8.

I predict huge adoption problems. This is Vista v2.  Microsoft has a crazy version of Intel's tick-tock cycle  where every alternate Windows is broken. The next release looks like cutting-edge engineering: Windows 95, Windows ME (dud!), XP, Vista (dud!), Windows 7, Windows 8(dud!).

Microsoft isn't alone. Canonical and Gnome tried this same story with Unity.  A team is given the mandate to do something daring, something refreshingly new and bold. They try it, and convince themselves that it works. Either external feedback is not solicited or they believe that once people spend enough time with it, they will grow to like it too. Unfortunately, the real world doesn't have an extra month to re-learn basic computer skills And the real world isn't invested in the Windows 8 outcome. If it doesn't work in the first week, it will be replaced by something that does, perhaps the previous version of the software. Perhaps the competitor's version. Forcing it down people's throat only makes them antagonistic and belligerent. I'm sure Unity is a lot better today. But Canonical's aggressive upgrade has pushed me towards XFCE and KDE.

Computers are an essential tool now.  Online discussions are filled with car-analogies, but that is not even close to reality. Most people spend an hour each day in a car, but many hours in front of a computer. Computers are as essential as your fingers.

Luckily you don't have to spend much money to get a feel for Windows 8. Just use your existing computer while wearing thick gloves.


(Broken Windows image courtesy: Wikipedia)

Monday, July 14, 2014

Game Review: Type:Rider

Want to play a fun platform game which is as enlightening as it is enjoyable? Pick up Type:Rider.


As I mentioned earlier, mainstream gaming is rehashing the same tired concepts. We don't need fifteen different World War 2 shooters made every year.  I don't have any numbers to prove it but I suspect that compared to the early days of gaming, there is less diversity in games. There are some gems, but if you look through the top titles of the past year, they are all familiar concepts.

So here is a platform game, which is a concept that has been done to death. But the main character is a set of two dots. And you move though a land of fonts, collecting alphabets and stars. For the stars that you collect, you get some information about the font that you  are currently exploring. It sounds very strange when written down like this, but it is really fun. The environments capture the mood of the time, and include the historical moment when that font was being developed. The atmosphere is brilliantly done, and the music beautifully matches the mood.

And the game mechanics change subtly. Different levels introduce new challenges. I'm past the half-way point but I haven't grown tired of anything yet. It is superb.

 Type:Rider is available for all the main platforms, including mobile. I purchased this as part of the Humble Bundle so I have tried this both on Android and PC, and I highly recommend the PC version. Games such as these require a good gamepad and touchscreen controls are not yet to the point where they are enjoyable. But that's just me, my friends have tried this on tablets and found it works great for them.

The one downside is that the game is devlishly hard towards the end, so I gave up half-way in the Pixel level. But I enjoyed the majority of the program and it was fun.



Image courtesy: The two dots.