Monday, November 30, 2015

Eric Clapton: Clawing back a life

Read Eric Clapton's autobiography to learn how to enjoy life.

I am a fan of Eric Clapton's music.  I grew up listening to the Rainbow Concert and Bluesbreakers on endless repeat.  I sang the praise of Clapton through school years, debating his prowess over other guitarists.  Clapton was a role-model for my guitar playing: both for a choice of instruments, and the choice of music.

So it is surprising that I held off reading his biography till much later.  A few months ago, to be precise, I started reading it.   I knew about much of his life, I had memorized early details of his career.  So I was pleasantly surprised that there was much to learn.  Now that I am a father, I found myself identifying with his later years.  Clapton's love of life, and his joy in family struck me more than his prowess with the guitar.

I started out loving Clapton, the guitar God.  Now I am in awe of Clapton, the daddy.

Clapton's book goes in chronological order through his life.  His early years, a tough childhood, and his early success at music.  The writing style is easy, and his honesty comes through.  He is honest on his academic failure, and his eagerness to regain a life through music.  He is honest about his shaky relationship with women, and his hesitation in approaching them.  He is honest about the success of other musicians around him, and how much they helped him.

The most gripping parts were his middle years, "Lost Years" as he calls it.  While I knew that Clapton had struggled with substance abuse, the extent of the abuse shocked me.  The damage it caused to his family and friends, and his life was horrifying.    And his recovery and relapse into alcohol addiction was equally saddening.  One of the most brilliant guitarists of our age, a God, struggling with such a mortal weakness!  Clapton's frequent references to his diary are impressive.  Having kept a journal, he was able to dig back into those years and paint a clear picture.  Deep in the midst of his substance abuse, he frequently forgets entire days and even concerts that he played at.

Clapton's recent years are the most mysterious to me.  In the recent past, I started listening to more blues, B.B. King, more jazz, Louis Armstrong.  Over time, my own musical interests have changed.  While I still enjoy the older albums, I find the recent Clapton albums much more to my taste.  "Riding with the King" with B.B. King and Clapton was stellar, as was "Reptile" and "Me and Mr. Johnson".  I found myself identifying more with the cleaner blues sound.  However, by this time I had lost touch with Clapton's life, and didn't idolize him as much.  So it was a complete surprise to find that Eric Clapton had not just recovered from substance abuse, but had found a satisfying family life.  There was an adorable picture of Clapton playing guitar in his children's room.  The mother is sitting on a couch reading a book as the children play by.  It nearly brought a tear to my eye.  I identified with the joy of playing the simplest melody to my kids, and reflecting in their wonder.  I could see my own daughter sing happily at the top of her voice while I struggle to play along.  I could see my son asking me to strum his favorite song, no matter how poorly.

I found that Clapton was a new role model to me.  Not a guitar god who is aloof from humanity.  But a gentler, kinder man.  A person who has prevailed over harsh times.  A parent who provides comfort.  A parent who is glad just to be around the children.

A guitarist who plays for himself and his kids.

Image, courtesy Amazon.

Friday, July 31, 2015

Book Review: Lead Guitar Harvey Vinson

I'm learning Lead guitar from Harvey Vinson's book.  I came across this book in a used bookstore, and it came with flexible record.  Apparently, this is was how music was shipped in the Analogue age.  The technology involved is quite impressive: you can stamp these flexible records out quite cheaply, they are flexible and light.  And you can play it without electricity, if you have a hand-cranked turntable.

So I was talking about this book with my friends, and one of them offered to transcode the record into a format for the digital age.  Mr. DM took the book from me, and returned me three files containing both sides of the record. Side One has a short tuning prelude, and then a rhythm backing track for standard blues in G.  Side Two has tuning, a triplet blues backing track in G, and a track for turnaround in G.

The choice of G is interesting: I much prefer the key of A.  While you are learning, it doesn't matter.

The book goes through the pentatonic scale, the blues variation, and shows you how to build lead for a standard 12 bar blues song.  With the backing track, you can practice and make your own song.  This format works very well: you are learning something basic, and then the book gives you enough understanding to start making your own music.  To a student, this is the most fulfilling part of learning: creating something new.  Many guitar books start the student out on basic tunes.  For a while this is sufficient, but many students tire out of playing dull tunes.  It is exciting to be able to make your own music, to record it, and share it with friends.  This book gives you enough insight that you can start learning the basic of 12 bar blues, and gives you enough starting points to develop your own solos, and your own riffs.

Here are the audio files, in case you have this obscure book, and are stuck with a record that you cannot play any more.  You can download these files and play them locally as backing tracks while you are using the book.  You can also add the audio track to your existing audio project (Logic Pro or Audacity) and record your lead guitar in a separate track.

Side One
Side Two Triplet Blues in G
Side Two Turnaround in G 

 Courtesy: DM for doing an amazing job at converting the record.

Thursday, July 30, 2015

Limiting the rate of ssh connections

The internet is a wild place.  I have an SSH server that is open.  The machine is locked down with very few accounts, all with long passwords, but that doesn't deter attackers from trying to get into the machine.  Most attacks are against the root account, which is futile since the root password is hopelessly long.  And it only accepts public key authentication on that account.

Here is a script I use to limit the number of ssh connections.  As a sample, I show how to rate-limit connections to two ports (222 and 2222) down to one connection in a 60 second window.  Most automated attack scripts back off very rapidly when they notice that they don't get through.  So this easy remedy is enough to thwart a majority of the bot-infested machines.


# Clear all chains
/sbin/iptables -F
/sbin/iptables -L -v -n

# Create a new chain to log and then to drop
/sbin/iptables -N LOGDROP
/sbin/iptables -A LOGDROP -j LOG
/sbin/iptables -A LOGDROP -j DROP

# The external ports 222 and 2222 need to be rate limited.
iptables -I INPUT -p tcp --dport 222 -i eth0 -m state --state NEW -m recent --set --name FIRST
iptables -I INPUT -p tcp --dport 2222 -i eth0 -m state --state NEW -m recent --set --name SECOND

# One connection in a 60 second window.
iptables -I INPUT -p tcp --dport 222 -i eth0 -m state --state NEW -m recent  --update  --name FIRST --seconds 60 --hitcount 1 -j LOGDR
iptables -I INPUT -p tcp --dport 2222 -i eth0 -m state --state NEW -m recent  --update  --name SECOND --seconds 60 --hitcount 1 -j LOG

Monday, February 23, 2015

Why don't banks have two-factor authentication?

I'm typing this blog using a Gmail account. It is not enough for someone to know my password for this account.  They would need my phone to log into my account.

In the last few months, there has been a spate of passwords leaks and personal information leaks from online sites.  A simple solution for this is Two-Factor authentication.  It requires two distinct components: something you know, and something you have. Usually, you know a password: which is secret.  But you also need an object that is unique to you.  Sometimes this is a special electronic device that prints a very special number based on what was programmed into it.  Sometimes this is a cell phone that can receive text messages (so it is unique).  Sometimes it is a special app on your phone that generates numbers that are unique to your phone.  Even if someone watches you type your password, they don't have your special device.  So they can't log into your account.

Prominent websites have started developing support for Two-Factor authentication, to keep their users safe.  It is disappointing how few American banks support this. I stand to lose more if my bank password gets compromised than if my email account gets compromised.  Capital One promotes Multi-Factor Authentication. It sounds very distinguished, till you learn what it is.

This is from Capital One's page on Multi-Factor Authentication:

What is multi-factor authentication (MFA) and how does it work?
Multifactor authentication is an extra level of authentication for verifying a customer's identity and preventing unauthorized users from accessing financial information.
At enrollment you will set up a series of five security questions.  These questions do expire, so from time to time, you may be asked to update your questions upon signing into your account.  In this instance, you will be presented with a selection of five sets of questions. You’ll be asked to choose the five that are the most meaningful to you and to type in your answers.
You may be asked to answer security questions if our systems require verification that it is you attempting to access your account.  These questions are also used to gain access to your account in the event that you have forgotten your username and password. This is an added layer of security to ensure that the right person is signing into your online account.
If you wish to change your security questions, you can do so online. Just sign in to Online Banking, then click the My Info tab. Click the (+) sign next to Update my sign in information and select the Edit button next to the Security Questions section to update.

It is a couple of extra questions with answers that anyone can type out.  In addition, both the questions and their answers have to be stored on the server (perhaps in cleartext).  It isn't multi-factor at all: it is one factor, just more of it.  To add insult to injury, the questions are hilariously complicated, "What is the last name of your first boyfriend?"  If that increases security, I suggest this question for Capital One to consider for their next round, "What is the last name of your grandmother's first boyfriend?"

Six passwords instead of one don't make you safer.

Image courtesy: