Christmas 06 Wish List
- High priority books or Medium or High priority music from my Amazon wishlist
- ThinkGeek WTF sweatshirt, XL
- ThinkGeek 2+2=5 t-shirt, XL
- ThinkGeek Pluto t-shirt, XL
- ThinkGeek USB Rocket Launcher
- Jumpstarter and Compressor for my car
- Jumper Cables for my car
- Canned air (I know it’s cheap and lame, but I use it all the time and I never seem to remember to get it for myself)
- OTIS Elite gun cleaning system
- Four bottles of OTIS bore solvent
- Two bottles of OTIS 2oz dry lube
- Medieval II Total War PC game
- FEAR PC game
- Call of Duty 2 PC game
- ColdHeat Pro soldering iron
- Tip Magnifier and 61 degree conical tip for ColdHeat pro
- Home tool kit. While I do already have one, it’s actually for my car; I took it out to support my various hardware projects, but that leaves me without coverage for my car. I’d like a more suitable toolkit for home, containing the following:
- Small DMM (don’t go overboard; just voltage/current/resistance/capacitance/inductance is fine)
- Needlenose, diag cut, bent nose, side cut pliers
- Sturdy tweezers, non-static
- Fine guage solder
- Small light, ideally with flexible neck, like this
- Hex, Torx, Phillips, Straight bits. A good example is here (though it’s missing hex bits)
- Driver for the above bits. A flexible neck is helpful
- Files
- Probes (sort of like the picks that dentists use)
- Solder brush
- Solder aid
- Wire stripper
- Mirror (again, like dentists use; must be static safe)
- Wire crimper/stripper/cutter
- If you get a pre-assembled kit with a case, the case should have some extra room for some of the items that won’t come with it, like the ColdHeat iron
- When looking at pre-assembled kit options, favor ones for electronics over more general field service, as electronics work requires smaller more delicate tools. See this master electronics tool kit as the canonical example, but don’t actually get this one (it’s too expensive). If in doubt, Seth should be able to advise.
- Micro butane torch, for heat shrink and solder work
- 60yd 100 MPH tape, black. I had a small roll of this w/ me in Iraq, and found all sorts of uses for it
- 2GB Sandisk Cruzer Titanium USB flash drive. NB: There are two versions of the 2GB titanum; the one I’ve linked to is the correct one, model number SDCZ7-2048-A10. You can tell the new model from its thinner, rectangular extension knob and boxier appearance. The older version, SDCZ3-2048-A10, is more rounded
Gun Wish List
In the spirits of Mike Adams’ preparatory gun-hoarding, I’ve resolved to spend more time and resources exercising my Constitutional right to bear arms, while at the same time relieving myself of burdensome cash and indulging in my somewhat disturbing lust for new guns.
My want list:
- Arms of America Polish TDI Under-folder AK-47.
My fixation with all things Kalashikov is well known by anyone who’s had the misfortune of being in my presence when I unleash a full-auto fusilade of fire from my AK-47 Airsoft gun. Though it wouldn’t be cool to shoot Poke with the real thing, I wouldn’t mind blowing the crap out of 100yd target or two down at the range.
Though the 7.62×39 cartridge won’t win any awards for favorable ballistics or power, it’s so cheap I may as well shoot pennies, and certainly not something I’d want to be shot with. The under-folding stock appeals to me more than side-folders, and offers better carry/transport and maneuverability, not to mention lighter weight.
The Poles don’t make the best/most accurate AKs (I think Bulgaria’s Arsenal owns that distinction), but the quality is decent, and considerably cheaper (Arsenal’s under-folder costs at least twice as much, and doesn’t come with rails).
- Springfield M1A Scout Squad
The great thing about the M1A, apart from it’s heritage as the M14 battle rifle back in the days when caliber and range all the rage, is its power and accuracy. Even w/ the 18″ barrel, 3″ groups at 200yds (open-sight!) aren’t uncommon. And as for power, well, stumps and cars and plate armor tend not to get in the way of the .308 Winchester. I’d of course cap it off with an Aimpoint red dot sight for maximal coolness.
- Remington Model 700P in .308 Winchester
Of course, the Remington Model 700 series has the dual distinction of being the most popular hunting and sniper rifle of all time. The Marine Corps snipers use modified Model 700′s, as do SWAT teams, and hunters. They’re cheap, accurate, and reliable. The 700P is ostentibly law enforcement only, but it’s not illegal for civilians to own, and has a big advantage over the overtly civilian models: .308 Winchester. Not coincidentally, the M1A uses this same round; it’s cheaper and easier to stockpile one caliber instead of two.
- Sig Sauer P-229 in .40 S&W
The whole SIG vs Glock jihad is as polemic and pointless as Mac vs. PC, Linux vs. Windows, classic Trek vs. TNG. That said, I like the SIG better. I like the single/double action, and it’s just as popular and reliable as any Glock. The P-229 would be a carry gun like my Kahr PM-9, but a tad bulkier and with alot more stopping power.
- Ruger 10/22
The 10/22 is a toy gun. It uses .22 LR, which would be hard pressed to shoot out a tire at 50 yds, but it’s really cheap, ammo is practically free (500 rds for < $10), and has a ton of accessories including a sweet bullpup mod and high-cap mags. It’s also a good weapon for n00b shooters, since it’s not as loud and scary as a more powerful gun.
- KelTec P-32
The P-32 isn’t very pretty, or powerful, or even all that reliable. However, it’s very small, and 7+1 rounds of .32 are a whole lot better than nothing. My Kahr PM-9 is fairly small, but bulkly compared to the P-32 (then again, my PM-9 fires 9mm ammo, which packs more of a punch).
- KelTec SUB-2000
A folding carbine chambered in .40 S&W. Handy for car carry.
- Beretta 92FS/M9
As a child I dreamt of owning an M9, even before I started to lust after the AR-15. It’s too big for carry, 9mm isn’t as powerful as .40 or .45, but it’s the M9 for God’s sake.
- Bushmaster Carbon 14 Model 4
There was a time when my #1 most lusted after gun was the CAR-15, the carbine version of the AR-15, civilian equivalent of the M-16 infantry rifle. Then my brother got one, and we took it shooting. It was great fun to shoot, and very accurate, though it wouldn’t feed my surplus mags. It wasn’t until we got home and I had to clean it that I reconsidered. When you can clean a Kalashnikov by tossing it in the dishwasher, it’s hard to imagine why you’d want to spend an hour scrubbing carbon deposits of an AR-15 firing pin.
That said, the AR-15 family is immensely popular for a reason, and I’ve got to have at least one.
It’s not clear to me exactly how long it’ll take to acquire my ‘arsenal’. VA has a stupid and utterly ineffective one-handgun-a-month law, but I could order all the rifles tomorrow if I wanted. Mostly it’s about the money; the average price of the guns above is $1000/ea (the P-32 and 10/22 are less; the M1A is more).
Absurd List
In addition to the justifiable guns above, there are several ridiculous guns that I’d love to have but won’t spend the money for:
- Bobcat Weapons BW89 SP
A civilian MP5!? About time!
- FN PS90
It’s hard to believe a Belgian company could produce a weapon system as cool as the P90; even harder that they’d bother to produce a civilian version. Insane!
- Heckler & Koch G3
I’m not sure what I’d do with a G3 that I couldn’t do with an M1A or a Kalashnikov, but I want one.
Ideas for OpenID bindings for REST, SOAP, HTTP
I happened to be reviewing the 10th draft of the OpenID 2.0 Authentication spec, when I noticed this nugget in section 5.2.1 of the draft:
[HTTP redirect] method is deprecated as of OpenID Authentication version 2.0 though is still required for implementation to aide in backwards compatibility.
In place of the HTTP redirect used by OpenID 1.1, is this, in section 5.2.2:
A mapping of keys to values can be transferred by returning an HTML page to the User-Agent that contains an HTML form element. Form submission MAY be automated using JavaScript.
The <form> element’s “action” attribute value MUST be the URL of the receiving Web site. Each Key-Value pair MUST be included in the form as an <input> element. The key MUST be encoded as the “name” attribute and the value as the “value” attribute, such that the User Agent will generate a message as specified in Section 4.1.2 (HTTP Encoding) when the form is submitted. The form MUST include a submit button.
This disturbed me somewhat, as it couples OpenID 2.0 auth fairly tightly with HTML and interactive user agents. You may recall my earlier rant decrying OpenID 1.1′s tight browser coupling, which I only recanted when Johannes Earnst showed me how wrong I was. Now, it seems, what I thought to be true about OpenID 1.1 is in fact true of OpenID 2.0.
I emailed Johannes about this, and he suggested I post to specs@openid.net. I did, and startied a thread that ended up going off in another direction, but confirmed my interpretation of the OID 2.0 language.
The gist of the explanation for the change was that OpenID 2.0 is much richer than 1.1, and thus will involve larger message exchanges, and thus the 2K limit imposed by using HTTP redirects and therefore GETs will become a problem, ergo HTTP POST populated by submission of an HTML form is the only option left that is compatible with major browsers without extensions or plug-ins.
The reasoning is sound, and under the circumstances I might’ve made the same call. Clearly, there’s alot of value in using OpenID with REST/SOAP/other technologies, but the OpenID community is moving in a direction that requires REST/SOAP/other bindings be described in separate standards.
So, with the encouragement of Dick and others on the specs list, I’ve put together some thoughts on what OpenID bindings for REST/SOAP/HTTP might look like. I’ve created a page on the OpenID wiki to capture these thoughts.
A w.bloggar-composed post
Normally I post blog entries using Drupal‘s web-based composition tool, with Markdown rich text formatting syntax. Today I’m trying a free thick-client blogging tool, w.bloggar.
w.bloggar doesn’t have WYSIWYG editing abilities, which sucks. It wouldn’t be so bad, but w.bloggar also doesn’t support Markdown, so I’m stuck with ugly HTML. It’s not the 90′s anymore; why should I compose blog entries like it is?
I think I’ll stick w/ Drupal for the time being.
Results of work on Tor WSAENOBUFS error
A while back I talked about my intention to look into and explain–if not fix–Tor’s WSAENOBUFS problem when running on Windows. After running for over an hour with /MAXMEM=128 in boot.ini, I had no problems. I emailed tor-volunteer and got a response indicating I should in fact run it for 12 hours or more, contrary to problem report.
I did that as instructed, and still had no problems. I must conclude it’s either not really a problem anymore, or only presents under heavier loads than I had previously thought.
In my discussions with tor-volunteer, I mentioned that tcpdump didn’t show much Tor traffic, which I thought was a sign I was doing something wrong. The response I got surprised me; I was pointed to the Tor legal FAQ section on Exit Snooping, which reads:
Should I snoop on the plaintext that exits through my Tor server?
No. You may be technically capable of modifying the Tor source code or installing additional software to monitor or log plaintext that exits your node. However, Tor server operators in the U.S. can create legal and possibly even criminal liability for themselves under state or federal wiretap laws if they affirmatively monitor, log, or disclose Tor users’ communications, while non-U.S. operators may be subject to similar laws. Do not examine the contents of anyone’s communications without first talking to a lawyer.
Nevermind that I wasn’t actually snooping plaintext, but rather what hosts were communicating with my Tor server; even if I were sniffing and logging traffic, I find it interesting that the Tor project suggests such monitoring is subject to civil and criminal penalties under federal wiretapping laws. Under this theory, IT personnel that monitor corporate network usage are commiting federal wiretap law violations, as is an ISP technician monitoring traffic over a peer connection or a WiFi network admin watching network traffic.
Even under the somewhat dubious ‘reasonable expectation of privacy’ test sometimes used to discourage corporate IT surveillance, this argument fails, due to this prominent language on the Tor site:
And remember that this is development codeāit’s not a good idea to rely on the current Tor network if you really need strong anonymity.
So, I in fact have no reasonable expectation of anonymity, and thus privacy.
While I totally understand Tor’s motivation in discouraging interception and logging of other users’ Tor traffic (Tor’s vulnerability to exit node snooping is, imho, its biggest weakness), making broad claims about felonious wiretapping isn’t particularly helpful. I find myself strongly tempted to sniff some Tor traffic now as an act of civil disobedience.
Belated review of Fuji FinePix F-30 compact
A while back I mentioned that I’d selected the FinePix F-30 as the replacement for my Casio Exilim EX-Z750. I’ve had plenty of time to use it in a variety of situations, particularly my trip to Rome in October, so now it’s time to write up a quick review.
Overall
The F30 is a decent camera, but only a decent camera. There is but one reason I chose it over the better-featured and better-designed alternatives: a very low-noise, high-ISO CCD. I take so many low-light pictures ranging from after-dark mood-lit get-togethers to after-dark outdoor shots that the motion blur of low ISO and the grainy noise of high ISO were really getting to me. The F30 offers an alternative: a middling camera that can do virtually noise-less ISO 400 shots, fairly low-noise ISO 1600, and noisy-but-better-than-nothing ISO 3200 shots. For me this was too intriguing to pass up.
Low-light performance
Since I got the F30 for low-light photography, it seems fair to focus on its performance in that area. While the low-light experience suffers the same limitations that plague the camera in well-lit scenarios (below), the CCD sensor works as avertised. The Auto (400) mode auto-sets everything but ISO mode, which it fixes at 400. On any other compact, ISO 400 is a mode of last resort, when the severe degradation due to CCD noise is preferable to a severely blurred or underexposed shot, or no shot at all. On the F30, ISO 400 is quite usable, and only a close-up examination of the resulting pics will reveal the slightest trace of noise, making ISO 400 effectively indistinguishable from 100 or 200.
Of course, you’ll still need a tripod or a very still subject if you’re doing much work in really low light, but the point at motion blur becomes a problem is closer to absolute dark in ISO 400 or ISO 1600 than it is with the ISO 50 or ISO 100 you’d be using on another camera. It also reduces reliance on the always-shitty compact camera flash, which the F30 most certainly suffers from.
So, all in all, for low-light photography the F30 is a major upgrade from the Z750, and even my all-time favorite camera, the Canon S-60.
Bright light performance
The F30′s super-sensitive CCD doesn’t help it in bright light. I found it’s well-lit picture quality to be considerably worse than the S-60, and slightly worse than the Z750. Consider the two photos below:
This one I took of the Piazza del Popolo in Rome back in ’05, using a Canon S-60:
And this one I took with the F30 this past October:
Now, there are some differences due to environmental factors, for example the haze obscuring St. Peter’s in the background in the F30 version, and the additional cloud cover in the S-60 version. However, even compensating for these, having been there both times I can affirm that the S-60 does a better job of preserving the color and tone of the shot, while the F30 (and the Z750, for that matter) tends to wash out a bit. This may be par for the course for all compacts, or it may be a problem that non-Canon cameras have.
Annoyances
I can’t emphasize enough that apart from its low-noise high-sensitivity CCD the F30 is at best a middling camera. It doesn’t have much in the way of manual features, its pre-programmed shot modes are mostly useless (the ‘Natural Light’ one basically turns on ISO 1600; brilliant), its flash is the same shit I’ve come to expect from all compacts, it doesn’t support multi-shot AF lock, and most annoying of all, it’s autofocus is slow and meandering.
These last two really burn me, and are almost enough for me to send it back. It’s especially problematic in low-light situations. Normally, auto-focus takes maybe 1 second on a compact camera, and you can pre-focus by half-pressing the shutter release button, then holding it there until you press it the rest of the way to take the shot. The F30 supports that, but if you release the shutter button half way after taking the shot, it doesn’t hold the AF lock. The Z750 doesn’t either, but my S-60 did, making it really easy to pre-focus a tricky shot, then shot it multiple times.
If that weren’t bad enough, the F30′s auto focus takes its sweet time. Last night I was taking some low-light pictures of my cat, Poke, on my bed. Both Poke and my bed are black, which wreaks havoc on AF systems that rely on edge detection to help them focus. The F30, though, takes the ponderous auto focus cake; each shot (and, being a cat owner, I took approximately 100,000) required over a second to focus, as the AF went through its entire range of motion each time to find the right focus. This would be sufferable if the camera held the AF lock between shutter half-presses, but it doesn’t.
Under normal circumstances, you could work around both these problems with the camera’s continuous shooting mode. Fortunately the F30 has a ‘continuous shooting’ mode, but unfortunately it was implemented by a guy who doesn’t know what ‘continuous shooting’ is. In this mode, the F30 takes pics repeatedly as long as the button is down, however it doesn’t preserve its AF lock between shots, so the continuous mode is no different than repeatedly hitting the shutter button. Whichever dropout Fuji intern is responsible for that feature should be terminated with prejudice.
On the plus side
Farbeit from me to end this review with a gripe. The F30 does have the nice features I’ve come to expect but which cannot be assumed, like epic battery life, lightning-quick startup time, decent shot-to-shot speeds (the AF bullshit above notwithstanding), decent zooming speeds, and fairly good quality photos. It’s high-sensitivity ISO modes make it possible to take low-light shots that you’d miss or flash-nuke on other cameras. If you shoot outdoors in the sun all day, this is definitely not the camera for you, but if low-light performance trumps all else, you have (sadly) no other option.
For more info, see the very-thorough Steve’s Digicams reviews of the F-30, and the runner-up in my compact camera selection competition, the Canon SD700 IS.
For some real-world comparisons, check out my Rome ’05 gallery taken with the S-60, my Iraq gallery taken with the Z750, and my Rome ’06 gallery taken with the F30.
Rome pictures are (finally) up
I’ve finally posted the pictures I took whilst in Rome back in October. It took a while to go through the 1000+ pics and eliminate dupes and crappy shots, but I finally finished. As an added bonus, they’re all geocoded with the approximate GPS coordinates of the location of each shot. My gallery software doesn’t support browsing pictures by their map coordinates, but hopefully it will in the future.
The pics are here.
A few of my favorites:
Working on the WSAENOBUFS error in Tor
The Tor project is having a problem with sockets on Windows. It seems in low-memory environments with a larger number of outgoing socket connections, socket calls are failing with WSAENOBUFS.
As it happens, I’ve had this problem in my own socket apps. It’s covered in the Jones/Ohlund book, Network Programming for Microsoft Windows, 2nd Edition. There are two causes of WSAENOBUFS:
On a machine with sufficient resources, a Winsock server should have no problem handling thousands of concurrent connections. However, as the server handles increasingly more concurrent connections, a resource limitation will eventually be encountered. The two limits most likely to be encountered are the number of locked pages and non-paged pool usage. The locked pages limitation is less serious and more easily avoided than running out of the non-paged pool.
About the locked pages limit, they have this to say:
With every overlapped send or receive operation, it is probable that the data buffers submitted will be locked. When memory is locked, it cannot be paged out of physical memory. The operating system imposes a limit on the amount of memory that may be locked. When this limit is reached, overlapped operations will fail with the WSAENOBUFS error.
and regarding the non-paged pool limit:
Hitting the non-paged pool limit is a much more serious error and is difficult to recover from. Non-paged pool is the portion of memory that is always resident in physical memory and can never be paged out. Kernel-mode operating system components, such as a driver, typically use the non-paged pool that includes Winsock and the protocol drivers such as tcpip.sys. Each socket created consumes a small portion of non-paged pool that is used to maintain socket state information. When the socket is bound to an address, the TCP/IP stack allocates additional non-paged pool for the local address information. When a socket is then connected, a remote address structure is also allocated by the TCP/IP stack. In all, a connected socket consumes about 2 KB of non-paged pool and a socket returned from accept or AcceptEx uses about 1.5 KB of non-paged pool (because an accepted socket needs only to store the remote address). In addition, each overlapped operation issued on a socket requires an I/O request packet to be allocated, which uses approximately 500 non-paged pool bytes.
As you can see, the amount of non-paged pool each connection uses is not great; however, as the number of clients connecting increases, the amount of non-paged pool the server uses can be significant. For example, consider a server running Windows 2000 (or greater) with 1 GB physical memory. For this amount of memory there will be 256 MB set aside for the non-paged pool. In general, the amount of non-paged pool allocated is one quarter the amount of physical memory with a 256 MB limit on Windows 2000 and later versions and a limit of 128 MB on Windows NT 4.0. With 256 MB of non-paged pool, it is possible to handle 50,000 or more connections, but care must be taken to limit the number of overlapped operations queued for accepting new connections as well as sending and receiving on existing connections. In this example, the connected sockets alone consume 75 MB on non-paged pool (assuming each socket uses 1.5 KB of non-paged pool as mentioned). Therefore, if the zero-byte overlapped receive strategy is used, then a single IRP is allocated for each connection, which uses another 25 MB of non-paged pool.
If the system does run out of non-paged pool, there are two possibilities. In the best-case scenario, Winsock calls will fail with WSAENOBUFS. The worst-case scenario is the system crashes with a terminal error
In my case, the cause was the locked page limit; it seems you can’t lock more pages in physical memory than you have physical memory, doh! However, Tor uses libevent, which uses the select API, not I/O completion ports, so there’s no overlapped I/O to cause locked pages, which leads me to think in Tor’s case it’s probably the non-paged pool limit.
However, I want to make sure. It turns out, you can turn on non-paged pool tagging and use poolmon to break down non-paged pool use by driver. If my suspicion is right, the afd driver (I don’t know why it’s called afd, but it’s what implements the socket interface to TCP/IP) will be consuming some/all of the non-paged pool. Microsoft Support has a pretty cheesy article on the subject, which advocates using copy-paste into Notepad as a means to store historical pool usage data. Whatever.
So, before I can monitor the non-paged pool, I need to reproduce the problem. According to the problem report, if you limit XP’s available memory to 128MB, this problem presents immediately. It’s not clear from the problem report if the Tor server must be running as an exit server in order to present the problem, but I hope not since that requires publishing the server in the directory and getting a cryptographic signature from the Tor maintainers, which will take a little while and break my flow.
Anyway, I’ve downloaded Tor onto a VM w/ XP Pro and the latest patches. I’ll change boot.ini with /MAXMEM=128 and fire up Tor. I have to enable pool tagging with gflags.exe first. I just check the ‘Enable Pool Tagging’ option and reboot.
Oddly, even w/ only 128MB of RAM, tor seems to run fine. I’ll have to consult the tor list to see what I’m missing.