PGP: Migrating Away from SHA-1

Originally published at Please leave any comments there.

The SHA-1 hash that PGP and GnuPG use by default is now looking even
less secure than previously thought. It’s recommended that users begin
using SHA-2, and generate new keys to replace their 1024-bit DSA keys
which are dependent on SHA-1:

If you understand the instructions in the link above, you should
probably follow them soon. If you don’t understand them, don’t worry
too much, as your keys and signatures are still mostly safe for now,
they’re just not future-proof. You’ll probably want to wait until new
versions of your software are released with updated default settings,
and then generate new keys.

I’ve generated a new key for myself, which I’ve signed with the old key
and will be using from now on.


Firefox Portable + GnuPG + FireGPG = CryptoFox

Originally published at Please leave any comments there.

I’ve been talking about this for a while, but I finally got around to doing it.  I’ve put together a software package consisting of Firefox Portable, GNU Privacy Guard, and FireGPG.  I’m calling it “CryptoFox”.  You can download it here.

The idea behind this is to lower the barrier to entry for using PGP encryption.  If you want to communicate privately with someone, instead of having to guide them through the install process for 3 different components, you can just have them download CryptoFox and run it.  No installation is required.

It’s also a little tricky to set FireGPG and GnuPG up to function portably.  If you want to run them from a USB stick on any computer, I’ve already done the hard part for you.


NoScript Firefox plugin secretly disables Adblock Plus

Originally published at Please leave any comments there.

Apparently Giorgio Maone, the developer of the NoScript extension for Firefox, has been indulging in some borderline-malware tactics in order to make sure the ads on his site don’t get blocked by the (excellent and popular) Adblock Plus extension.  This is a shame, because NoScript is a genuinely useful tool, but I no longer feel comfortable using it.

Details are available at this post on the ABP blog.


Debian and Back Again

Originally published at Please leave any comments there.

I decided a few days ago that Xubuntu was just too sluggish on my old, ailing laptop. I’d heard that Crunchbang was a bit faster, so I tried it out, but X just segfaulted on startup.  The same thing had happened on Xubuntu 8.10, so I’d been sticking with 8.04.  I tried Arch next, hoping that something not based on Ubuntu would fare better.

Arch seems like a neat distro, but it didn’t solve my problem with X. After much digging (including a couple sessions with gdb), I found out that the newly-rewritten PCI access code in Xorg 7.4 was trying to initialize my laptop’s broken PCMCIA hardware, causing the segfault. Someone on the #xorg-devel IRC channel also pointed out a patch that fixes the problem.  The patch did fix the segfault, but after all that fucking around, I still couldn’t get X to actually start.  Even with the basic VGA driver, it would immediately drop me back to the command line without giving any errors at all.

Yesterday, I finally gave up and decided that Arch was too bleeding-edge for my poor broken laptop.  I ended up going back to Debian, the first Linux distro that I ever used. I’d originally stopped using it because the “stable” version was too conservative (and the “unstable” and “testing” versions too prone to breakage), but in this case that seems like a good thing.

In order to keep the machine running at a decent speed, I’m just using a basic window manager in X instead of a full desktop environment.  I’m giving xmonad a try right now.  I think I’d need a higher-resolution screen to really take advantage of the “tiling window manager” concept, but I do like how it’s almost exclusively keyboard-controlled, and how it lacks space-wasting window decorations.  I’m also trying the Vimperator plugin in Firefox (or rather, Iceweasel), allowing me to cut down significantly on my mouse usage.

I still need to delve into xmonad’s configuration, set up the status bar, find a decent xterm replacement, and install ProFont.


Rochester OpenPGP Users Mailing List

Originally published at Please leave any comments there.

The keysigning party on Saturday went well.  We decided to create a mailing list to keep in touch and discuss ways to promote PGP use locally.  From the list’s description:

This group is for PGP/GnuPG users in Rochester, NY to:

1) Discuss ways of promoting the use of OpenPGP encryption
2) Arrange keysignings in order to expand the local web of trust
3) Get help with using PGP, GnuPG, and related programs

If you’re interested in joining, you can do so here.


Moving completely from AIM to Jabber

I won't be signing into AIM anymore. You can IM me via any Jabber (aka XMPP) compatible service:

Google Talk and LJ Talk are both Jabber IM services. If you use GMail you already have a Google Talk account (, and if you use Livejournal you have an LJ Talk account (

The LJ Talk page has a good list of IM clients that support Jabber. My client of choice is Pidgin. It's available for both Windows and Linux, and allows you to use just about any IM network out there.

I'm now on

I created an account on tonight. It's a "microblogging" service similar to Twitter. For those of you that don't know what that is (or don't see the point of it), think of it as a way of having instant-message type conversations out in the open with your friends, so that anyone can read them and join in. You can even set it up to send and receive messages through your IM client.

There's been some discussion recently on the Ant Hill mailing list about moving random email banter to a microblogging site ( being one suggestion). I'd already been thinking about getting into this sort of thing, but I refuse to sign up for any more "walled garden" services like Twitter. I figured all the others were set up the same way. looks good, though. From their FAQ:
How is different from Twitter, Jaiku, Pownce, Plurk, others? is an Open Network Service. Our main goal is to provide a fair and transparent service that preserves users' autonomy. In particular, all the software used for is Free Software, and all the data is available under the Creative Commons Attribution 3.0 license, making it Open Data.

The software also implements the OpenMicroBlogging protocol, meaning that you can have friends on other microblogging services that can receive your notices.

The goal here is autonomy -- you deserve the right to manage your own on-line presence. If you don't like how works, you can take your data and the source code and set up your own server (or move your account to another one).
Anyway, if any of you use it, or decide to sign up, my username is chrisacheson (surprise) UPDATE: cacheson.

Math for Programmers

Originally published at Please leave any comments there.

I bookmarked a blog post called “Math for Programmers” years ago on one of my random “scratch space” wiki pages, and just rediscovered it tonight.  I figured I’d share:

The right way to learn math is breadth-first, not depth-first. You need to survey the space, learn the names of things, figure out what’s what. [...]

I think the best way to start learning math is to spend 15 to 30 minutes a day surfing in Wikipedia. It’s filled with articles about thousands of little branches of mathematics. You start with pretty much any article that seems interesting (e.g. String theory, say, or the Fourier transform, or Tensors, anything that strikes your fancy.) Start reading. If there’s something you don’t understand, click the link and read about it. Do this recursively until you get bored or tired.

My timing on this is interesting.  Over the past few days I’ve started playing a bit of poker (Texas hold ‘em, against computer players in PokerTH), in lieu of my usual habit of compulsively playing quick games of FreeCell at random moments.  For the sheer nerdy fun of it, I want to write a program to calculate the exact odds that I have a better hand than all of my opponents, given the cards that are visible at any particular time (pre-flop, flop, turn, and river).

I’m sure it’s a solvable problem, but I’m having trouble simplifying the staggering number of permutations involved.  For example, assuming you’ve got your two-card hand, there are 1,225 possible hands that a single opponent could have from the remaining 50 cards.  If you have six opponents, there are approximately 9×1017 possible combinations of hands that they could have.  We only care about the best hand among our opponents, so I think we can simplify things by assuming that the math is the same for six opponents as it is for one, except that any given hand is six times more likely to occur.

Anyway, I’m thinking of reading up on combinatorics.  I got a bit from my discrete math and probability & statistics courses in college, but I feel like I’m missing something here.  I’ve always been interested in probability and permutations in games, so it seems like a good subject to pursue.