Alkahest my heroes have always died at the end

November 27, 2007

Making vegetarian food tastier; or

Filed under: Cooking — cec @ 11:05 pm

Cooking with the world’s most dangerous* additive; or

How I stopped worrying and learned to love MSG.

A few weeks ago, I heard Robert Krulwich on NPR talking about umami – the fifth taste. If you didn’t hear it, go to the link above. As always, Krulwich makes the story very engaging. He describes how the Greek philosopher Democritus hypothesized the existence of four tastes: sweet, sour, bitter and salty. Everything you eat is made up of a combination of those four tastes (plus the 10,000 various smells your nose can sense).

He goes on to discuss the previously hypothesized, but recently confirmed, discovery of a fifth taste – umami. The taste of l-glutamate. The 200 year old discovery was finally confirmed with the identification of two different types of glutamate receptors on the tongue. Glutamate is common in meat and other protein-heavy foods, like certain cheeses.  I suspect that the glutamate receptors evolved for the same reason as our ability to detect the other tastes: to help us decide what we should and shouldn’t eat.  Sugar indicates a carbohydrate rich food, salt – salt (duh), sour – probably vitamin C, bitter – maybe something poisonous to avoid, and umami to detect protein rich foods.

That got me to thinking.  With the exception of certain foods, e.g., cheeses, vegetarian cooking doesn’t have much umami in it.  It may have plenty of protein, but the dishes often aren’t satisfying.  Perhaps the lack of umami means that the actual protein in the food doesn’t register on the tongue and so, over time, you feel as if you were lacking for the protein itself.

Some of my favorite vegetarian dishes have lots of cheese, particularly parmesan (e.g., hamburger bocca burger pie and barley with mushrooms).  Of course, I can’t add parmesan or soy sauce to everything.  So as an experiment, I bought some ‘Accent’ which is just a container of MSG.  It’s not something I would add to all dishes, but I’ve been experimenting with adding it to dishes that are supposed to be savory: split pea soup that doesn’t have ham, store bought stuffing that should be made with beef broth, etc.

So far, the experiment seems to be a success.  Used in the right dishes, adding MSG to certain foods seems to make them taste better.

Of course, there are reasons why I shouldn’t use MSG; but fortunately health is not one of them.  Numerous scientific studies have completely exonerated MSG from the anecdotal health scare from the 60s.  There are no ill effects observed from the consumption of moderated amounts of MSG.  After all, this is essentially the same compound as is found in meat and other natural glutamate sources.

My main concern for not relying on it too much is that it’s a cheat.  It’s not a big cheat.  It’s a little bit like adding vinegar or salt to something to improve it’s flavor.  However, it is a cheat.  Rather than using an artificial source of umami, I would prefer to find ways of using more ingredients that are naturally higher in umami.  But in the meantime, I’m definitely going to keep the MSG around.  It’s in a little container in the pantry, right next to the salt.  🙂

November 26, 2007

Calendar pictures

Filed under: Personal,Photography — cec @ 12:27 pm

To forestall my mother’s nagging polite and subtle reminders, I took some time yesterday to select pictures for a 2008 Yellowstone calendar. I tried to limit myself to pictures taken on this year’s trip and was happy to see that I could 🙂

The ones I finally selected are shown below. They start with the cover image and then go from January through December:

Cover January February March April May June July August September October November December

To print them, I’m going with Lulu instead of Kodak. There are a couple of reasons for that. One is price 🙂 The other is that Lulu will do a full 8.5″x11″ edge to edge print whereas Kodak always puts a border. The images above are all scaled/cropped to a 8.5×11 aspect ratio, so hopefully, I’ll end up with a pretty nice result.

update: if anyone’s interested, the calendar is available from Lulu with no markup

November 25, 2007

Rebuilding an iPod

Filed under: Technical — cec @ 11:08 pm

Over the holiday (I hope everyone had a good Thanksgiving!) I spent some time figuring out what to do about my broken iPod hard drive. The simplest/cheapest thing is to replace the drive with another 30 GB 1.8″ drive. The problem is that this is boring. Okay, next thought – up the drive size. I can get a 40 GB drive that’s the same size and is a drop-in replacement. Only problem is that this isn’t very cost effective in terms of dollars per GB. Apparently the wide-spread use of 30 GB drives in iPods has lowered the price point here. What about a 60 GB? It looks like that’s doable too and at a good price point. Downside is that I need a new back to accommodate the thicker drive. Hrm, that’s no good either.

In looking around online, I ran across Tarkan Akdam’s website. He had the same issue with a dead ipod drive and resolved it with a very cool hack. He built a connector board that connects a compact flash card to the ZIF connector for an ipod. This let him connect a 4 GB CF card in place of the drive. As an electronics engineer he did this right – not a cheap connector with random wires (like I would do), but a custom connector board. He’s now selling these and I’ve ordered one, along with a 16 GB CF card. Hopefully by next weekend everything will be here and I can put it all back together.


  • less space
  • slightly slower data transfer speed


  • exceedingly cool
  • hardier – no moving parts to break the next time I drop it
  • no spin-up time when I change songs – i.e., better ipod response times
  • better battery life (Tarkan’s done some tests and the results are impressive)

I would have preferred not to have broken the ipod, but this will at least be interesting and cheaper than a replacement 🙂

November 21, 2007

Tango uniform

Filed under: Personal — cec @ 10:29 pm

Looks like my ipod died today.  As I was packing up to head home it slid off of my bag and onto the floor.  Not a bad fall – it’s had worse.  It seemed fine when I started it back up, played a couple of songs.  But apparently, those were in the memory cache.  Once it was done with those, it locked up and the hard drive started clicking 🙁

I guess my options are to either replace the hard drive or buy a new one.  I’ll probably replace the drive.  I don’t think I care enough about the magical features of the new ipods.  At least not enough to justify blowing three to four hundred dollars.

November 19, 2007

progress – such as it is

Filed under: Guitar — cec @ 11:49 am

Five years ago, I did a lot of Tai Chi.  My teacher at the time constantly related the encouraging (?) story of a tai chi student who went to his teacher and asked, “teacher, when will my knees stop hurting?”  The teacher told him that his knees would stop hurting, “when he stopped learning.”

If the guitar is anything like tai chi, then I’m definitely still learning 🙂

Observations after a week of practice:

  • The fingers on my fretting hand (pronounced, mah frettin’ hand) still hurt, but not as badly as they did after the first night.  I can practice for a good hour without too much damage
  • has a very good set of beginner’s lessons
  • Chords learned to date: G, C, D, E minor, A minor and D minor.  If I remember correctly, all you need for rock music is 4 chords and a groupie – all I need is a groupie and I’m set!
  • Scales are boring, but helpful.  I’ve got the chromatic scale down and I’m working on the E phygian scale.
  • I need for someone to explain to me why there is no B# or E# – going straight from B to C and E to F keeps screwing me up
  • I like the mathematical progressions in music.  You get a sense of why Pythagoras was both a mathematician and a mystic.

November 13, 2007

I call BS

Filed under: Social — cec @ 9:58 am

I missed on Sunday, but under the theory of better late than never…

Donald Kerr is the principal deputy director of national intelligence, so presumably he speaks with some authority regarding the government’s view of privacy. In a recent Associated Press article he made several remarks which I find exceedingly scary, misleading or both. First up:

Privacy no longer can mean anonymity, says Donald Kerr, the principal deputy director of national intelligence. Instead, it should mean that government and businesses properly safeguard people’s private communications and financial information.

So if I understand this, privacy, whose definition traditionally includes anonymity and the control over personal information, should now be defined to exclude both. Instead we should trust the government to safeguard the formerly private information. Correct me if I’m wrong, but we have a word for the protection of sensitive information – it’s called confidentiality. What Kerr is saying is that there is no such thing as privacy when it comes to government, all you really can hope for is confidentiality.

I’m not certain it’s possible to express how abhorrent to the constitution the attitude conveyed in that statement really is. Kerr is essentially saying that there is no longer a fourth amendment providing against unreasonable search and seizure.

But wait, there’s more! Now for a limited time, in addition to an anti-constitutional perspective on government, Kerr gives us a bunch of crap to justify it:

Kerr said at an October intelligence conference in San Antonio that he finds concerns that the government may be listening in odd when people are “perfectly willing for a green-card holder at an (Internet service provider) who may or may have not have been an illegal entrant to the United States to handle their data.”

First, let’s get rid of the fear-mongering. Is Kerr suggesting that the U.S. government is giving green-cards to illegal immigrants? That seems exceedingly unlikely. Second, I’m fairly certain that a green-card holder is not going to be able to arrest me in the event that he or she a) monitors my internet traffic, and b) thinks something is a concern. Third, remember that privacy is about the control of personal information. It’s about having the ability to decide who gets to see what information. Having a government monitor all of the information from all ISPs completely strips away privacy. As to the ISP itself, I think that most of us are used to thinking of them as common carriers (like the telephone companies they are descended from). Their status as common carriers suggests that they are not monitoring all traffic. Moreover, there are laws that prevent them from turning over information to the government without having a court order. Of course, these are the same laws that the administration is pushing congress to overturn through retroactive immunity to the telecom companies.

Finally, we have this:

Millions of people in this country — particularly young people — already have surrendered anonymity to social networking sites such as MySpace and Facebook, and to Internet commerce. These sites reveal to the public, government and corporations what was once closely guarded information, like personal statistics and credit card numbers.

“Those two generations younger than we are have a very different idea of what is essential privacy, what they would wish to protect about their lives and affairs. And so, it’s not for us to inflict one size fits all,” said Kerr, 68. “Protecting anonymity isn’t a fight that can be won. Anyone that’s typed in their name on Google understands that.”

Again, another lovely distortion. Kerr is suggesting that the intentional, willing dissemination of information is comparable to the government hoovering all of your communications off of the internet. This is complete and utter crap. Are there things about me on the internet? Of course. There are the public records from Durham and Chatham counties and bunch of emails that I sent to public mailing lists. Oh, and the information that I’ve purposefully posted. With the exception of the public records, all of this is information that I made public. Comparing this to the government monitoring all of my personal communications that I have not chosen to make public is an intentional distortion of the basic concepts of privacy. But then I guess we knew that from the beginning of the article.

November 12, 2007

Guitar was the case

Filed under: Guitar,Personal — cec @ 11:08 pm

Maybe random Monopuff songs aren’t the best blog post titles, but what the heck.

K asked me what I wanted for my birthday (fwiw, I’m either very easy or very hard to shop for depending on whether or not you want to get me a gift certificate to a bookstore – thanks Mom!). From what I’m sure was out of the blue for her, I asked for a guitar – hey, I’ve always wanted to learn.

I went out with a friend on Saturday and found a decent guitar to learn on (relatively inexpensive, but with a good sound). I’ve been practicing for the past couple of days. A few observations:

  1. it is possible to make your fingers bleed. I haven’t gotten this far, but it’s in sight
  2. it shouldn’t be that damn hard to hold the strings to the frets, but there you go
  3. if i could just keep my fingers from touching other strings, I would be set

I’m working on tuning, scales, general fingering and a couple of chords. The chords only sound right about 1 in 10 times – I guess I’ll keep working on that 🙂


Filed under: Personal — cec @ 10:55 pm

I started thinking through why I didn’t care for management at my last job and as is often the case, I wrote it down to help me think it through.  It’s probably not worth posting the reasoning, but I did decide that most of the things I disliked about my most recent management job were due to the environment and not management itself.  Don’t get me wrong, management’s not something I enjoy, mostly because it’s a lot of hard work – at least if you are conscientious about it.

That said, today, I did agree to give it a shot at the new place.  There are quite a few reasons for this.  Probably the biggest is that I inherited my father’s sense of responsibility – if you see a job that needs doing and you can do it, then get started.  Other reasons are that it really will make the office a better place; it’s a small company and so diversifying my role makes sense; they were extremely flattering when asking; and finally, I’m grateful to the company, my boss and the president of the company for encouraging me to come work for them.

That last one sounds a bit silly, but they really did encourage me to join them, they had a lot of patience with my initial hesitance and I am significantly happier now than I was before.  At least for now, there’s probably not much they could ask that I wouldn’t at least try.

November 7, 2007

Just when I thought that I was out they pull me back in.

Filed under: Personal — cec @ 8:42 pm

I’m not Michael Corleone and the places I’ve worked at could hardly be compared to the mob; but I did have an interesting, brief discussion this afternoon with the president of the company for which I’m working.  For the record, I don’t think that any discussion which begins, “you used to be management, right?” can be characterized as anything but interesting.

It seems that the company (like the family, only smaller, legal and less profitable) might have a need for some management and there is some interest in me filling the role.  Unfortunately, in taking this job, one of the big pluses for me was that it was not a management position.  On the other hand, there are some good things about management and the company is much smaller than the university.  I would still be expected to do technical work and the management is anticipated to be about 5-10% of my time (if I did it).

I don’t have many details yet, mostly because the president wanted to get my initial reaction before we got into details (fwiw, my initial reaction was close to, but not quite, eek!).  At the very least this means that I need to figure out what I didn’t like about management at the university so I know which questions to ask in this case.  It’ll probably be a good thing, but I hadn’t been planning to do a systematic exploration of my feelings in this area any time soon.

C’est la vie 

November 6, 2007

Two factor authentication

Filed under: Security,Technical — cec @ 9:05 pm

A couple of weeks ago, Hunter and I were talking about passwords. More to the point, the inadequacy of passwords and why we haven’t moved beyond them yet. This touches on several points that I made last year. Specifically, that a password that is secure enough starts to restrict its usability.

In a nutshell, authentication is proving that you are who you claim to be. The standard ways of authenticating yourself are through: something you know (e.g., a password), something you have (e.g., a token) or something you are (e.g., biometrics, facial recognition, etc.). So the claim here is that the human brain is not good enough at remembering things to make “something you know” secure. Unfortunately, it’s cheap and easy to implement. Two things which are always important.

Our other options are something you are or something you have. Something you are can be complicated and expensive. At the very least, it requires a something-you-are-reader anywhere you want to authenticate yourself. Want to use your computer at home to access the one at work? Make sure you have your trusted, secure something-you-are reader set up (finger print scanner, iris reader, etc.). Want to authenticate from an Internet cafe? Good luck. Besides that, there’s some argument that many of the approaches used to date are not secure; and there’s the creepiness factor.

So, something you have. This one can also get potentially expensive, but is potentially cheaper than the rest which is why you see it being used by banks to access online accounts. Here we have some sort of hardware “token.” Most traditionally, these tokens have a simple processor, a clock and an LED display. The display shows a pseudo-random number. At a regular interval, the number changes. To log into a service, you key in the random number and maybe an a password. Since the service you access knows the pseudo-random number generating algorithm for your device and the time, it can validate the number you entered. Allow a little bit of logic to deal with clock skew and you are set. Several companies will sell you something like this. Of course, you pay for the devices, pay for the authentication server and then, in some cases, pay for each service.

So, what about an open source solution?  This is in-part what Hunter and I were talking about. Imagine if you had an encrypted private certificate stored on a thumb drive. You could fairly easily write up a challenge-response protocol to validate the certificate. Since it’s certificate based, you could authenticate without a centralized authentication server – the ability of the certificate signed by your (private) certificate authority to participate in the response authenticates the certificate holder. You could create PAM modules for unix/linux and the equivalent for Windows and Mac. On the client side, stored on the same drive, you would have software to mediate the authentication.

I could see two ways for the client to do this. 1) a separate process that connects to the service’s server and essentially allows access for this IP. The service then needs to talk to the server-side piece to see if a user is allowed to access from the IP. That plus a password and you’re in pretty good shape. No connection to the authentication service means that you can’t log in. 2) Try to create a service along the lines of stunnel that mediates all communication between the client and the service. This is extremely ugly and I wouldn’t recommend it.

So, what are the advantages/disadvantages?

  1. Advantage: low hardware cost. Most every computer has a USB reader
  2. Advantage: relatively simple to implement
  3. Disadvantage: even the cheapest thumb drives are on the order of $5 each
  4. Advantage: many people already have one and they could be used for this purpose without wasting too much space
  5. Disadvantage: to a certain extent, this is not secure. Specifically, there’s no proof that the user actually has the key as opposed to a copy of the certificate and the algorithm required.

#5 seems like the biggest problem. As an open source product, all one needs is the certificate to spoof the token. Okay, we could incorporate the USB serial number, but that can also be copied. Ideally, all the processing would occur on the thumb drive, but that takes us out of the realm of commodity. So, the risk here is that using your token on a compromised computer compromises the token in the same way that using your password on a compromised computer compromises your password.

This is definitely not a hypothetical problem, but I don’t know how to resolve it. Is it still worth implementing something like this? If folks have thoughts or suggestions, I would love to hear them.

Older Posts »

Powered by WordPress