Archive for August, 2012

Since moving to Seattle and living in an apartment and a condo, I’ve had “interesting” neighbors:

  1. There was the people who lived downstairs that were super loud with their music.
  2. There was the guy who lived downstairs who snored super loud.
  3. There was the lady who lived next door with the rent-a-cat who would spend most of his free time in my place.

And now I live next to the couple with the really loud kid.

The place next door stood unoccupied for nearly a year. Finally, an elderly Asian couple bought it and fixed it up a bit. They asked me how much rent they could collect, so I told them (total: not much).

Well, a couple of weeks later a new couple moved in.  This couple has two young kids, I estimate that they are both less than five years old, a boy and a girl. Therefore, there’s four people living in the two-bedroom condo. I would think it’s a tight fit.

I don’t envy the job of parents, I think that they have it tough. However, one of these two kids is very loud.

I frequently get home and I can hear the kids running around, screaming. I understand that’s how kids act, they get hyper and need to blow off energy. It’d actually be kind of depressing if they didn’t do that.

However, the one kid next door, I think it is the younger one, can go from laughing/screaming to crying in no time.

“Ah, ha, ha, ha!” in a high pitched scream. BOOM! <crying…>

And it happens almost every single day. The kid is crying about something. The wife and I frequently look at each other and say “The kid next door is crying again.”

And sometimes, the kid goes from crying to screaming/laughing in five seconds. I don’t know what’s going on over there, I just know that the kid is really loud.

Read Full Post »

I was going to write a blog post about something else but I changed my mind.  I thought I’d post this cartoon instead.

I think it’s funny.

Read Full Post »

Over the past few months, I’ve been inundated with offers in the mail to refinance my condo to lower the rate of interest.  I was intrigued by many of them but it wasn’t until two months ago that I got a phone call from the same guy who set my mortgage up the first time about this special refinancing offer.

He explained to me that the federal government came up with a program wherein responsible home owners could refinance their homes at a lower rate without getting an appraisal on their current dwelling. For someone like me who is $100,000 underwater (i.e., my place would sell for $100,000 less than what I owe on the mortgage, about roughly 35% of what I bought it for), this was intriguing.

What was the catch?  Surely I’d have to dump a load of money into it?

Not so. There was no catch (other than this being an election year). The agent explained to me that the federal government thought that people like me should be able to lower their payment without putting much, if any, additional money in.

Suffice to say, I went for it.

I ended up lowering my rate from 5% to 3.875%, saving about $200/month.  However, I am still paying the same amount towards my mortgage since I have gotten used to paying that amount.  That means the extra $200/month goes straight towards the principle and I will pay it off 12 years early.

Not a bad deal.

On Mint.com, it pulls all of my financial accounts together in one place. When my mortgage was paid off, my net worth suddenly shot up a huge amount!  Of course, it’s all fake.  I’m not really that wealthy (but man, that’d be nice).

Today, I got a letter from the bank I refinanced with that they had sold my mortgage to Wells Fargo.  That means that starting October 1, I’ll be paying my mortgage to them. That is the exact same bank that I was paying before – my initial mortgage company sold my first loan to Wells Fargo, and now they’ve sold it a second time to them.

I’m right back to where I started.

This also means that Mint.com will connect to my Wells Fargo account and will automatically pull in my mortgage.  My net worth will once again drop by a huge amount.

Confused smile

But at least it’ll go to zero faster than before. Only 18 more years until I am debt free.

I can’t wait for that day.

Read Full Post »

The other day, I went down to the gas station to fill up my car. But while there, I had the weirdest experience I ever had a gas station.

This particular station has 16 pumps, but you can only fit 8 cars in at a time.  This is because the Regular pumps are next to the Premium pumps. That means that if one car wants Regular but another wants Premium, if there are no open slots one of them will have to wait.

The pumps are laid out in a rectangle, and cars can go on either side of the rectangle.  This means that there can be two sets of cars (four vehicles) on the outside of the rectangle, and two sets of cars (more more vehicles) on the inside of the rectangle.

On this particular day, I drove into the gas station, saw that there was nobody at one of the pumps on the inside of the rectangle – but at the back (meaning that there was another car in front of me) – and drove to the spot. There was somebody already at every other pump.  This wasn’t a problem, it meant that when I was done, if the car in front of me hadn’t left yet, I would have to back out. Unless I had a lot of room to squeeze through the other cars, I’d have to back out.  No big deal.

I drove up to the pump and I turned and looked to my left and saw that I might be a little too far forward.  I was parked in front of Premium whereas I wanted Regular. I kind of hem/hawed for a couple of seconds, looked in my back mirror, looked over my shoulder, and then decided to back up a couple of feet (a couple of feet!) to Regular.

Here’s where it gets weird.

I pulled back and waited a couple of seconds to get my keys out and put the car in park.  I got out of my car and looked behind me and saw another car parked right behind mine. This car was literally parked less was maybe two or three inches behind me.  The lady in the front seat was glaring at me.


I couldn’t figure out what was going on. What happened? I walked over to her and said something, I can’t remember what, and she said “You saw me coming and zoomed into the spot ahead of me.”

Um, what?

“What?” I asked, shrugging.

She repeated herself.  “You saw me coming and zoomed in front of me into this spot, cutting in front of me!”

I ran through my memory banks. I drove in, saw the empty spot and went up to the pumps. There was no way I could have zoomed in front of her because the only way that was possible is if she entered in from the other side of the parking lot and I would have seen that – she would have been coming straight at me and I would have slowed down.  Not to mention I didn’t remember seeing another car.

I shrugged my shoulders and shook my head. “I didn’t see you,” I said. If she was there, I literally had not seen her.

She shook her head and said “I’m sure that you didn’t see me.” I interpreted that as a lie, as people who lie will repeat back a portion of what you say.

Again, I shook my head and shrugged.  “I’m sorry but I didn’t see you,” which was the truth.  What the heck was she talking about?

She looked straight ahead,not making eye contact, and said the same thing.  “I’m sure that you didn’t see me.”

At this point, I didn’t feel like arguing. I had nothing to gain. I went back and filled up my car, feeling awkward the entire time and thankful that at least she parked two or three inches behind my car instead of ramming me.

After I finished, I got into my car.  However, the one in front of me hadn’t left yet (what was taking him so long?).  The cars on the other side of me hadn’t left either, so I was stuck there.  I couldn’t move.

The lady did not move for me either.  She could see I was stuck in there, but she would not back up for me.  After three or four minutes, she backed up a bit and I thought she would left me out or go to another pump, but didn’t.  She rolled forward again, boxing me in.  I sat there for another very uncomfortable two or three minutes, just sitting there unable to move.

Finally the guy in front of me left and I was able to leave. That was so weird! Later on I scanned through my memory banks. What was that lady talking about? The only thing I can think of is when I drove up to the Premium pump initially and saw I was too far forward and hesitated, then pulled back, maybe there she was planning to use that pump and I pulled backwards to the Regular one.

That would explain why she was so close to me. As she was pulling forward, I was pulling backward and I hadn’t seen her.  She interpreted this as me “zooming into the pump ahead of her.”  Of course, even then, it doesn’t make any sense because she wouldn’t have been able to pull forward to the pump, there’s not enough room for two cars.

Did she think I was pulling backwards to the pump because I saw her there? That doesn’t make sense either because I wouldn’t have been able to squeeze through the other cars in front of her.  All I did was drive and then decide to scootch backwards a bit to line up my car better.

Ultimately, even today, I still don’t know exactly what her problem was with me.

And that’s the story of the weirdest thing that’s happened to me at a gas station.

Read Full Post »

I like politics. I like reading about them and discussing them.  The problem is that of all my friends who also like politics (i.e, the ones who regularly speak their beliefs on Facebook), I have no respect for any of their opinions.

Not a single one.

For those of you reading this who say "You have no respect for my opinions?” No, not you. If you’re reading this you almost likely never post on Facebook your political beliefs.  Instead, I’m referring to my friends who post article after article after article that contain slanted editorials about how much the other side is wrong (and by extension, that they are correct). I much prefer looking at both sides of the issue.

Maybe I’m just being ornery. But I post this because of an issue that has come up within the political environment.  It comes from this story about Congressman Todd Akin’s comments regarding rape and pregnancy:

Congressman Todd Akin, a conservative Republican candidate for the U.S. Senate, said in an interview broadcast Sunday that women’s bodies can prevent pregnancies in the case of "a legitimate rape," adding that conception in such cases is rare.

Akin, a six-term congressman running against incumbent Democrat Sen. Claire McCaskill, was asked in an interview on St. Louis television station KTVI if he would support abortions for women who have been raped.

"It seems to me first of all from what I understand from doctors that’s really rare," Akin said. "If it’s a legitimate rape, the female body has ways to try to shut that whole thing down," Akin said of a rape victim’s chances of becoming pregnant.

His comments raised a brouhaha, and rightly so, for two reasons:

  1. A “legitimate” rape? How can rape possibly be legitimate?  Akin later apologized for the comments and said he meant “forcible” rape, later asserting that no rape is legitimate.

    His retraction seems reasonable, as he went on to say "As the father of two daughters, I want tough justice for predators. I have a compassionate heart for the victims of sexual assault. I pray for them."

    He misspoke earlier as I find it hard to believe that anyone could think of a case where rape is legitimate.

  2. But the furor continued: the female body can shut down pregnancy in the event of rape? What is he thinking?  Of course it can’t!

Many of my friends on the left are all up in arms about Akin. He has either misinterpreted the female reproductive cycle (it’s true that there are only certain times when women can get pregnant), or has misinterpreted the female body’s ability to prevent pregnancy (psychological issues can get in the way of becoming pregnant, but it’s not a switch that the brain can flip to disable the reproductive process).

I suspect that Akin has to take the position he does (or did) because he has started at the end and worked his way backward:

  • He is against abortion in all cases.  Women should not choose to abort the fetus simply because they were “careless” enough to prevent pregnancy in the first place.

  • What about if a women becomes pregnant not by choice, such as in the case of rape?  Well, that is a corner case.  Women don’t become pregnant this way very often, and even if did, the body can stop most of this from even occurring.  Because there’s such a small number of cases left over, banning abortion in all circumstances does more public good (it is the moral thing to save the life of an unborn child) than public harm (only a very few number of women would be adversely affected by the illegitimate case).

His rationale, which I have theorized, is flawed. Women can (and do) get pregnant by rape and the body cannot automatically shut down to prevent it. That’s simply wrong. 

I think that the reason Akin said it is because of Confirmation Bias – believing things that agree with your own pre-conceived beliefs.  In addition, Cognitive Dissonance is at work here – trying to believe two contradictory things (all abortion is wrong but pregnancy by rape is unfair) and then resolving one of them to believe what you wish to believe (pregnancy by rape is almost non-existent and therefore all abortion is wrong).

The big problem I have with my Facebook friends is how they spin it to support their own confirmation bias (the other political party are evil and my side is enlightened and good). One friend posted the article GOP official says God chooses to bless raped women with pregnancy, saying “Another rape apologist from the GOP.” From the article:

Sharon Barnes, a high ranking state Republican, came to the defense of her conservative colleague who she believes only "phrased it (his statement) badly."

Barnes was quoted by The New York Times saying, "abortion is never an option." Barnes went on to biblically claim that, "If God has chosen to bless this person [the rape victim] with a life, you don’t kill it."

This is hardly an apologist for rape. The term “apologist” comes from the Greek term “apologia” which means to speak in defense of, and generally is associated with a reasoned defense of the Christian faith. In modern times, an apologist is someone who defends an idea.

Neither Barnes nor Akin was defending rape. Instead, they were saying that a third party – a child – should not be harmed even though a horrible act has been committed. They shouldn’t have to suffer the consequences.  Rape does not become legitimate because of a child, but abortion does not become legitimate because of rape, either.

I don’t really agree with this view. In fact, most Americans don’t agree with this view, either:

  1. A nationwide ban on abortion puts Akin and Barnes outside the mainstream of even evangelical women.

    A few months ago on Christianity Today I read an article entitled “Evangelical Women’s position on abortion more nuanced than previously thought” (unfortunately I can no longer find the link).  In it, while a majority of evangelical women opposed abortion for themselves personally, a majority did not want a ban on it.  This was a “this is wrong for me, but I don’t want to prevent it for you, too” position.

    Furthermore, the likelihood of women more likely to support abortion was inversely related to their socio-economic class (or maybe it was their race). White women were more likely to oppose the possibility of abortion for themselves than were Latino or black women. That is, wealthier women (whites have more money) would be more likely to be able to afford to raise a child and give birth to it, and therefore would be less likely to pursue an abortion.  Since black women are usually poorer than white women, on average, they would be more inclined to seek an abortion.

    The fact that evangelical women, the very constituency that Akin and Barnes represent, are not in favor of an all-out ban on abortion places them outside the mainstream of their very own base of support.

  2. Why are men leading the charge to ban abortion when they don’t even bear the majority of the cost?

    In pregnancy, women bear the majority of the cost of having a child. They are the ones that must carry the child to term for 9 months. For men to ban abortion, they are putting a requirement upon others (women) that they will never have to bear. If men had a 50/50 chance of getting pregnant, how strongly would they be leading the charge to ban abortion?

    I’m not in favor of one group of people voting for a set of laws that will disproportionately affect another group.  For example, there are many people that are in favor of higher taxes and redistribution of wealth, but most of the time, the people are in favor of redistributing someone else’s wealth, not their own.  In similar manner, it’s easy for men to say “We oppose abortion” when they never have to worry about enduring the (majority of the) consequences of that belief.

For both of these reasons, I find Akin and Barnes’s position untenable. It’s one thing to oppose abortion personally, but quite another to impose it on everyone else as the law of the land.

This is the type of discussion I’d like to see. Unfortunately, it’s nearly impossible to have a rational one because someone blows up and starts distorting someone else’s position.  People find very strong group identity in politics (as I’ve talked about earlier), and unfortunately, this is reflected in the us-vs-them, good-guys-and-bad-guys mentality that we see today. Flying off the handle is counterproductive because I pretty much just write off what my friends say in regards to all of their opinions.

Even if they have something valuable to say.

Read Full Post »

How did you do that trick?

This past weekend, I had the opportunity to perform a magic trick at a church campout.  Whereas the last couple of years I performed I did a mentalism effect, this time around I did a mentalism effect that turned into a “pure” magic trick.

The effect is this:

  • I ask for a member of the audience who has a background in first-aid.  I get them to come to the front and I hand them a first-aid kit.  The sit to the side of the stage with instructions that should something go wrong, they need top help me.  But not until then.

  • Next, I show the audience four wooden bases, but sticking out of one of the wooden bases is a sharp nail.  If it punctures my hand, it would be a very serious injury.

    I get second member of the audience to come up on stage and write his initials on a small piece of tape, and then I wrap the tape with his initials onto the tip of the nail.

  • Next, I cover the wooden bases with styrofoam cups and the cups are mixed up so that nobody, not even me, knows where the nail is.  The audience member then names a number 1 through 4 and I lift up my hand over the cup corresponding to it, and slam it down onto the cup.  Obviously, if the nail is there, I become very badly injured.

  • The first cup is called out and I slam my hand down.  But my hand is fine! The audience member then names a second number and I slam my hand down on it.  They then call out the third and final number and I slam my hand down on it, but each time I have escaped uninjured!

  • Finally, as the coup-de-grace, I say that the audience member did a great job.  But what would have happened had he called out the other number?  I then quickly raise up my hand and slam it down onto the last remaining cup.  Everyone expects me to cry out in pain, but I don’t!  Instead, I escape from that one uninjured, too!  The nail has mysteriously vanished and I wasn’t in any serious danger.  Success!

  • Originally, that was the final ending to the trick.  I did it that way in Vancouver in 2010 when I presented it for the first time at a conference:


    But for this trick, I decided to take it one step further.  The original audience member with the first-aid kit has been at the front the entire time.  I then walk over to them and ask for the first-aid kit.  We peek inside and get rid of all of the stuff in there – bandages, gauze, and tape.  But at the bottom of the kit is a nail… with tape on the tip of it… with writing on the end of it!

    I tip the box over and the nail drops into the first-aid kit audience member’s hand.  She takes it over to the other audience member.  Was that the nail you signed earlier?  It is the nail you signed earlier!  It is!

    This is amazing!  The nail that the hand-slammer signed ends up in the box that the other audience member had been holding the whole time! 

    Absolutely incredible.

There was a small hiccup in the trick that I think I got away with, and the audience member I wish I had back.  But the rest of it went pretty well.

But today, as I was walking across the field, a young girl asked me “How did you do that last night?”  I answered with my usual response – I smiled and said “It’s magic!"  But now that I think about it, that was a poor answer.  Even though I want to preserve the secret, people deserve a better, more magical explanation.

This trick is the first one that I designed specifically to use both psychology and magic.  I intentionally added parts into it to enhance the quality of the effect:

  1. Breaking the “logic” trap.

    In order to get an audience to stop thinking about how a trick is done and more “into” the trick itself, I have to get them to stop thinking logically.  The more emotionally invested you are into something, the less energy you can devote to deconstructing how something is done.

    In other words, emotion gets in the way of logic.

    This is not easy to do in magic. Some people will always care, but there are always some that don’t.  How do I get them to care? By invoking fear – the fear that I would get hurt, or the fear of seeing blood, or the fear of a serious injury.  When someone tells you of a serious injury someone suffered (such as twisting their ankle all the way around), don’t you cringe, close your eyes and turn away?  You’re not using logic at that point, you’re responding to the emotion of fear (that you don’t want it to happen to you).

    The fear of personal injury to me is the first emotion I try to create in my audience.  This isn’t really the novel part of the trick, though.  I’ve seen magicians perform this type of trick many times.  But the danger principle works.

  2. Reinforcing the logic gap.

    In order to sell the audience that there is legitimate danger involved to me personally, I set it up ahead of time.  Why should the audience take this trick seriously?  Because I am taking it seriously.  I take preventative measures up front because if something really can go wrong, I need to be prepared for that.

    At the beginning, I ask for an audience member with medical experience to help me out and I give her a first-aid kit.  I then give someone else a pre-printed map to the nearest hospital and instruct them that if something goes wrong, me and my temporary nurse will need a ride to that hospital (at the conference, I put the address of the hotel on the big screen and instructed someone to call 911 and come to that address if something went wrong).

    Why do I do this?

    Because it reinforces in the audience’s mind that something dangerous is happening. If I am taking it seriously enough to set up preventative care, then they should, too.

    This little bit – the ride to the hospital and the audience member with medical background – are new innovations to the trick that I invented.

  3. Selling the uncertainty.

    When I am up on stage and I’m about to slam my hand down on the cup, I mustn’t do it with a high degree of confidence.  I may know that I will be safe, but I have to make sure the audience believes I think I’m in danger.  How do I do this?

    I act out the emotions associated with uncertainty.

    Three years ago I learned how to read body language.  I also paid especially close attention to what we as humans do when we’re nervous.  So, when I’m doing the trick, when I’m about about slam my hand down, I act nervous.

    For example, I raise my arm and touch the back of my neck with my hand.  I purse my lips together.  I tap my leg up and down just as I’m about to slam my hand down.  My hands tremble with indecision.  At one point, I backed away and walked around in a circle with my hands on my hips the way a person may do if they were undecided (something I personally do but it’s not a universal action across all people).

    These are all actions that we, as people, subconsciously recognize as pacification techniques.  We do them unconsciously when we are uncomfortable with our surroundings or situation.  When others exhibit them we pick up on them.

    I know what body language signals the emotion I want people to think I am feeling, and so I do them.  This further reinforces the logic gap because people are empathizing with my plight at a subconscious level.

    This is an innovation that I added to the trick.

  4. The kicker finish

    Originally, the trick ended with a surprise – the nail is gone.  But after I performed it twice, I began thinking “Where did the nail go? Where should it go?”

    That’s when it hit me. It should be in front of the audience the entire time. While I had the audience member at the front at first, I didn’t give her (or him) anything to hold onto.  But what if they ended up with the nail at the end? 

    How could they get it?  By holding onto a box or something that they had the entire time. 

    But what sort of box?  A first-aid kit, because it’s something they would naturally need.

    I like this finish because it introduces something up at the beginning and then closes with it at the end.  It’s a natural finish to the trick.

    One thing I forgot to account for are the theories that people would invent for how the nail got into the box.  To the audience member with the first aid kit, it’s very clear that when it is opened, I remove bandages and gauze and stuff and underneath it all is the nail.  It’s impossible for me to sneak anything in there.

    When I was practicing the trick, I would show both my hands open as I went to grab the box.  I wouldn’t call attention to it (too obvious), but the point is to ensure that I don’t put anything into the kit.

    During the trick, I have one hand on a microphone. Then I have to do an awkward hand-off between the mic and kit and only then can I show my hand empty, if only briefly.  I do unwrap the rubber bands and you can see my hand, but it’s not as clear this way.

    I say this because some people (i.e., one person) claim I stuck the nail into box while I was unloading stuff from it (i.e., I tossed stuff out and then snuck the nail in).  This is not how it works.  Unfortunately, it didn’t come across as clearly during the show as it did during rehearsal.

    The trick “object-to-impossible-location” is a pretty common one in magic.  The idea for how to get the nail into the kit came to me as I recalled a discussion with another magician about 7 years ago when I heard the story of how he borrowed a dollar bill, and then it ends up in the pen cap of the sharpie that the audience member had used to sign the bill and he had been holding the whole time.  He explained to me the technique.

    I don’t use quite the same technique; I’m proud to say that I use some mentalism and a variant of his method to accomplish it.  My innovation with the marked nail tip – and the way it is discovered by the audience – is something I haven’t come across before. 

    Anyway, the way it worked this time – the first time I have ever tried it – was better than I had planned.  My hand-slammer audience member was genuinely surprised when his nail ended up in the box at the end (I watched his body language).

    A slam dunk!

So you see, the answer to the question of “How did you do that?” is complicated.  It combines magic, suggestion, psychology, showmanship and misdirection all in an attempt to present an amazing effect.

I think that this one went pretty well.

Read Full Post »

After the wife’s latest bout of injuries, we ended up going to the doctor to get her leg x-rayed to make sure it wasn’t fractured.  I didn’t think it was because if it were, it’s unlikely she would have been able to hike down from the mountain on it. However, the wife insisted she go otherwise she’d be continually saying that it might be broken. She also likes going to the doctor even though half the time, they don’t give advice beyond what you’d find on the Internet.

As it turns out, going to the doctor was a great idea. Why? Well, he said he didn’t think it was broken but we did an x-ray just to make sure (it wasn’t). But he explained what would happen:

  • Her leg would swell up.
  • It would turn colors, to a blue-and-green tint.
  • It would start to spread down into her ankle because of gravity.  This was all part of the healing process.

Sure enough, that’s exactly what happened:


Had we not gone to the doctor who explained that this is exactly what would happen, the wife would be freaking out about her leg and subsequent foot discoloration.

Luckily, since he predicted it, it’s not that big a deal right now.

Thank goodness for doctors.

Read Full Post »

The past few weeks, I’ve been on this security kick particularly when it comes to encryption. I’m developing my own app so I’m trying a whole bunch of things, no doubt making plenty of mistakes in the process.  Luckily, the data I am protecting is only quasi-valuable so I can afford to take a hit due to my own conscious incompetence.  I’ve also posted this on my work blog, but I thought I’d repost it here.

Anyhow, I ran across this article on arstechnica yesterday entitled “Why Passwords have never been weaker – and crackers have never been stronger.”  It’s a long article and it will take you a while to read it, but here is the summary.

  • The hardware has gotten better

    Because of advances in technology, passwords have become easier to crack for determined hackers. Part of the reason for this is advances in hardware. As the cost of hardware keeps dropping, hackers/attackers can push through more and more combinations of passwords in the same amount of time.  This reduces the amount of time it takes to break a password.
  • The software has gotten better

    One of the advances in breaking passwords has been the advancement of rainbow tables.  Rainbow tables are basically a way of storing pre-encrypted tables of common passwords.  I used to think that a rainbow table was just a super big table of pre-encrypted passwords and that the reason this was possible was because of the low cost of storage.

    However, it turns out this is not what a rainbow table does.  Instead, it efficiently compresses pre-computed passwords and only stores the minimal amount of information. You then use an algorithm to search for a hash that you do have, and if you hit it, work your way backwards (or rather, start at the front of the chain and go forwards) until you find the original key.

    I may do a future blog post to explain rainbow tables, but for now this article here does a good job: Kestas Kuliukas.

  • Password algorithms are frequently implemented poorly, part 1

    Part of the problem with the LinkedIn breach, as well as eHarmony and Yahoo Voice is the lack of salts when hashing the password.

    A password salt is a unique random string that is added to the clear-text password of every user’s password.  The password + salt is then hashed instead of just the password. For example, a database might store a user’s login information the following way:

    username: user@example.com
    salt: 7xsLOp
    password: fba1d284701ccd85e1314fe51c727eb50dcf5670

    When the user logs in, he types in his password. The web portal:

    a) Transmits the information
    b) Looks up his username
    c) Gets the salt
    d) Combines it with the entered text that was the password, then hashes it.

    If it matches, then the user’s login has succeeded.

    In the above, the user knows that his password is “password”, but the string “7xsLOppassword” was hashed.  Thus, even if a hacker pre-computed every SHA1 hash in the English language, his hash of the word “password” would be “5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8” which is different than the above hashed string.

    This doesn’t necessarily defeat a determined hacker.  Instead, they might create multiple rainbow tables that consist of multiple salts. However, this drives up their cost because instead of maintaining a single rainbow table, they have to maintain lots of rainbow tables. For example, if they knew that the salt was six characters, and if the allowable characters were letters and numbers, then they’d have to maintain (26 uppercase + 26 lowercase + 10 digits) = 62 x 62 x 62 x 62 x 62 x 62 = 56 billion rainbow tables.  If they’re going to do that, what they trying to steal had better be worth the cost of maintenance.

    Some systems include another salt, called “peanuts” which is a common string across all passwords. In our example, a hashed SHA password for “peanuts7xsLOppassword” is “ed410e919f2b4f13f2ebd0cd22d88d0fc4d45f64”. In this way, an attacker would have to figure out the random string “peanuts” (which could be any random letter/number combination) and then maintain an absolutely huge number of rainbow tables.

    The lack of salts in passwords makes it a lot easier for an attacker.

  • Password algorithms are frequently implemented poorly, part 2

    The article also talks about the password hash that LinkedIn used – SHA1.  SHA1 is designed to be fast. In other words, the amount of computer time required to compute a SHA1 hash is very small.

    Instead, a password hash like Bcrypt or PBKDF2 is designed to be computationally more expensive. It takes longer for a computer to figure it out. For humans logging into a webpage, this doesn’t matter because we can wait a second or two and we wouldn’t notice because the amount of time it takes to transfer data online is more than a couple of seconds (enter username/password, hit send… wait for response, page loads).

    However, to a computer that is trying to compute as many hashes as possible, computing a SHA1 hash is 500,000 times faster than SHA512 (also more computationally expensive). Taking so long to perform all those hashes makes it computationally infeasible unless you have a ton of resources. Only governments have that type of money to burn on breaking security, and even then, only a handful of governments invest that much into security.

    Thus, the infrequent use of password hashes combined with the lack of salting contributes to making password cracking easier, especially with cheap hardware and good software algorithms.

Thus, all these factors combined are what make it easier for hackers today to crack passwords. Furthermore, because they already know what many of the most common passwords are (“password”,”123456”,”12345678”), this gives them a head start.

That’s how passwords have gotten easier to crack over the past five years.

Read Full Post »

As I’ve been hiking a lot more during the past couple of years (since I met the wife), I’ve worked my joints a lot more.  For the most part, I don’t suffer too many injuries but recently I have felt it a lot more in my hips (the same joint that gives me trouble 100% of the time the rest of the year if I do certain motions).

But I’m lucky – compared the wife I’m getting off easy.  So far this year:

  • She has suffered from tendonitis in her Achilles tendon; the sore one was 1.5 times as big as the other.

  • Persistent pain in her foot from twisting it at work and not quite allowing it to heal.

  • Today, she tripped on a hike and now has a large bruise on her shin with major swelling.  It looks pretty cool, it’s like there’s a golf ball under her skin.

    Below is a picture of the bruising, it doesn’t show up that well on camera but trust me, it’s there:


    Here’s another angle:


    Yowsa, that’s a lot of swelling!

Who says that hiking, a low impact activity, can’t be hazardous to your health?

Read Full Post »

Not far from where we live is a Trader Joe’s grocery store.  For my Canadian readers who have never heard of such of thing, or my American ones who have never been in one, let me tell you – it’s awesome.


What makes it so great? There’s so much good stuff that you can get from there that we can’t get from Fred Meyer.  And frequently the stuff that you are able to get from a big box grocery chain just isn’t as good:

  • We get apple sausages from there and they are fantastic.  A better substitute for bacon (easier to cook).

  • We get garlic na’an bread which is like pita bread but it tastes better.

  • The Trader Joe’s dark chocolate is very good.

  • The wife gets yogurt from there.

The list goes on and on.  It’s not a very large store, but I regret not going there more often in the years past even though I did have opportunity.

Anyhow, one day we were wandering through there and I saw Trader Joe’s Vanilla Chai coffee.  “Coffee?” I said.  “I don’t drink coffee!”

And I rarely drink coffee. Sometimes I get it from Starbuck’s or I have it at work, but it’s very infrequent.  I tried drinking it years ago but I had to put too much sugar in it to make it consumable for my palate.  So I gave up.

But remember that episode on the Simpsons where Homer sees an advertisement for Clown College and he keeps thinking about it despite dismissing it? That was me with the coffee.


This wasn’t instant coffee where you just mix it with water. You had to brew it with a coffee maker.  We don’t have a coffee maker.  I don’t even know how to use one!  That’s two strikes against this coffee!

But I couldn’t stop thinking about the coffee.  I broke down and decided to buy the coffee (I didn’t realize it was the kind you had to brew until we got home).

The wife and I still had to overcome the dilemma of not having a coffee maker. So, went to Bed, Bath and Beyond and used one of the gift certificates we still have from our wedding that we got nearly a year ago.  We found an inexpensive one, maybe $30, and brought it home.  The wife figured out to use it (I learned 3 weeks later) and we brewed ourselves some coffee.

Totally worth it!

It’s good stuff.  I have it in the morning every few days, and the wife drinks it, too, and sometimes iced coffee.  She had been substituting it so much that Starbuck’s phoned her up and asked her why she hadn’t been going into their store anymore.

We tried out a new flavor of coffee this past week and it, too is good.  The wife prefers it although I still like the Vanilla Chai a bit more.  We’re most likely going to end up trying all the different flavors because Trader Joe’s does a good job at screening the products they sell.  They obviously must because it makes a difference.

As for me, I’m like “Is this what I’ve been missing all these years?  Was it simply the brand of coffee that makes the difference?” I still try not to put any sugar in it (only some milk) and I also don’t drink that much (too much is more than 1 cup).

But here’s to many years – hopefully – of happy brewing.

Read Full Post »

Last week I read a study out of the University of Eugene, Oregon and the University of Kansas entitled Divergent Effects of Believes in Heaven and Hell on National Crime Rates.  The study took a look at how belief in certain religious concepts affect people’s morality.  I’ll recap the study here (it’s pretty short but I’ll do it anyhow in case you are too lazy to click on the link like the lazy Internet reader that you are):

  1. They tested people’s religious beliefs.

    The researchers tested the people according to their belief in heaven, a place of divine and everlasting bliss, and their belief in hell, a place of everlasting punishment.  How does belief in one thing affect how they behave vs. belief in the other?

  2. They primed Christians to see how they acted.

    To test this, they had Christian participants spend 10 minutes writing about the nature of God’s loving and forgiving nature.  They also had another group of Christians spend 10 minutes writing about God’s punishing nature (they also tested a neutral control, a forgiving human, and a punishing human but these produced no discernible effect).

    Next up, they had the participants perform a task where they accomplished something simple and then paid themselves money according to how successfully they achieved it.

    The results?  Christians who wrote about God’s forgiving nature tended to overpay themselves, while those who wrote about God’s punitive nature produced no statistically significant behavior from the neutral control.  This means that belief in heaven produced less moral behavior than belief in hell.

  3. They checked crime rates.

    Next up, they checked the effect of religious attendance, belief in heaven and hell and the affect on national crime rates.  Belief in hell predicted lower crime rates while belief in heaven predicted higher crime rates.  They checked this against third variables and adjusted for income inequality, national prison rates, life expectancy and urban density.  Despite these, only beliefs in heaven and hell emerged as the strongest predictor of crime rates.

    The authors point out that belief in heaven does not necessarily mean a belief in hell.  There are many people who believe in one (usually heaven) but do not believe in the other (usually hell).  This was helpful in determining the degree of correlation.










The question the authors ask is why does this work? They posit that people who believe more strongly in God’s forgiveness think that they can get away with a lot more because God will forgive them.  However, those who believe in hell believe that even if they get away with it and no human will punish them, God will pay them back eventually and this compels them to act more morally.

Therefore, believing in a good, loving God does not make people behave more morally, only believing that God will perform retribution does.

Way back, I used to read essays by Christian universalists who would say that the doctrine of hell was invented by people who were just trying to control the population.  Opponents of universalism would say that without hell, what was the point of being moral?  Universalists would say that using hell as a scare tactic is a cheap way to win a religious convert.


But as it turns out, the people who believe in hell were right. The threat of hell does produce more moral people.  We have the observational study/experiments to prove it.

This contrasts with Richard Dawkins’ statements about religion. From Wikipedia:

Many of us saw religion as harmless nonsense. Beliefs might lack all supporting evidence but, we thought, if people needed a crutch for consolation, where’s the harm? September 11th changed all that. Revealed faith is not harmless nonsense, it can be lethally dangerous nonsense.

Dawkins is famous for his opposition to Christianity, and in the above quote he calls it harmless nonsense.  Yet while he says that religion can be used for evil, this study contradicts that statement in that it can also be used for good in the form of lower national crime rates.

I’ve sometimes wondered why people associate so strongly with religion.  But that also extends to why people identify so strongly with groups – why, for example, are people so proudly nationalistic during the Olympics?  You don’t know any of the athletes competing, but I bet you feel a source of pride when your home country wins a medal, and the agony of defeat when they lose a close race.  Why is it that sports fans celebrate and cheer together and feel good when they find a random person on the street that likes the same team?  Why do we love politicians when they say the things we agree with but despise them when they change political parties?

Why do humans so closely value group identity within a group of strangers?

I’m not sure, but my theory is that it’s evolutionarily programmed into us.  For larger groups of people, it would be reinforced into our ancestors that we needed to bind ourselves together in order to survive.  It was only by acting as a team that we could survive an attack by a larger tribe or group of animals.  We could defend our resources from raiders who attempted to take them from us.  A lone wolf could not defend his land better than a group of wolves.  Similarly, a tribe of people could defend themselves better than a single family.

People who ventured too far away from the tribe were outcast and died without access to group resources.  Those who stayed within the tribe lived to pass on their genes to their ancestors.  And this was reinforced from generation onto generation.

Some social psychologists reason that religion is one way that people bind to each other and find group identity.  If previous tribes would punish the outcasts (leaving the tribe is bad because it weakens it and everyone doing it would threaten its survival, and therefore had to be discouraged), then religion, too, would need a mechanism to discourage leaving it.  Belief in divine punishment would be a way of getting people to conform to a set of beliefs.  It’s not quite that simple and religion is more complex than that, and this is only a theory, but it kind of fits with what we know about human evolutionary behavior and group identity.

If you leave the group (immoral behavior) and there are no consequences, then you are more likely commit immoral behavior.  But if leaving the group meant you would suffer harm, then you are more likely to continue on with moral behavior.

Maybe this instinct of the fear of consequences is what leads us to behave morally in real life.  After all, if anything goes, then why not anything?

Read Full Post »

Today we took a friend on a hike near Mt. Rainier.  Mt. Rainier is the highest mountain in Washington state standing a little over 14,000 feet.  It’s a two-hour drive from where we live and worse yet, it’s a popular attraction, pulling in lots of tourists especially on a day like today when it was +30° C.  Thus, we planned to leave the house around 6 am to get there by 8:30 am after picking up our friend so we could beat the crowds.

This was further complicated by the fact that I had to take some friends to the airport this morning to catch an even earlier flight.  Thus, I’ve been up since 4 am, and I didn’t sleep well the night before. 

Confused smile

Anyhow, this hike was going to be different than previous ones.  My left hip still hasn’t fully recovered from previous hikes and the wife has a sore foot plus Achilles tendon which has been flaring up all week (in spite of her protests to the contrary).  What made this hike easier was that it was flatter with much less climbing.  It did go up and down but the inclines were gradual and it wasn’t that much effort.

Name of hike: Berkeley Park
Length: 8.2 miles
Low point: 6259 feet
High point: 7057 feet
Total elevation gained: 1982 feet

Below is a Google Earth map of the route we took that shows you the terrain.  The end point in the top left hand corner is a very steep 400 foot ascent in 1/3 of a mile, or roughly a 1200-foot-gain per mile.  For comparison, an ascent of 500 feet per mile is my limit of “easiness” before a hike starts to feel difficult.


Even though the hike is fairly flat, it has a lot of up-and-down.  It climbs, descends and then climbs again.  We would pass hikers on the way up who would exclaim “Oh, whew, it’s all downhill from here.”  Well, that wasn’t really true:


There’s actually 3 large up and down portions, and above you can see the steep ascent to the top where we stopped.

Of course, we’re not really at the top, we only go to 7000 feet or so. The real peak of Mt. Rainier is still another 7000 feet above us and is a long way to go:



A number of people I know are in the category of “I climbed Mt. Rainier!” I’m not in that category and I have no plans to join them.  From the top of the peak of where we were, we did see some people climbing down from the top of the mountain so it is possible and my friends aren’t just making these claims up.

In the following picture, it’s nearly impossible to see the scale of just how high this peak is:


Our friend came this high (where the picture was taken) while the wife and I scaled to the top.  It drops down 100 feet from this point and then climbs up 400 feet in 1/3 of a mile, a very tough climb.

Yet from the top up here, you can see a lot.  We took a picture of our friend  down below, my camera zoomed to the highest level:


From here, she (wearing pink) doesn’t look that far away.  But according to the Pythagorean theorem she is ~2400 feet (0.45 miles) from me.  Hmm, that doesn’t sound that far.

Here’s a picture from Mt. Rainier from the top of the peak we climbed:


I decided to take a huge panorama picture of about 270° (3/4 of the way around a circle).  You’ll need to click on the picture to see a better shot of it, this blog shows it way too compressed:


That panorama shot turned out really well, I think!

And that’s what we did today.

Read Full Post »

I have a confession to make.

I have so far watched zero Olympic events. I only caught about 15 minutes of the opening ceremonies a week and a half ago as I was up in a hotel in Squamish, B.C.  But after watching those 15 minutes, I got bored.

It’s not that the Olympics aren’t cool, they are.  And I have plenty of friends who are playing close attention to it.  And I do feel guilty about not watching them.  But the problem is that we don’t have a TV at our place.  We got rid of cable a long time ago and all the TV we watch now is on Netflix or Hulu.  There’s no live TV.

I haven’t bothered to figure out how to stream the Olympics.  You see, every time I try to figure out how to stream live TV, it always turns out to be a huge pain in the arse (with the exception of CFL games which I can get on ESPN 3).  I have to perform an Internet search and wade through a bunch of useless results before I find a web site that makes me register or download software.

No thanks.

That means that I pretty much have to give up watching the Olympics even though there are a number of events I’d like to watch:

  • Track and Field (well, mostly just the sprints)
  • Swimming
  • Badminton (which I’ve tried watching before but got bored because the rallies are way too short)
  • Beach volleyball
  • Rowing

Yet I am too lazy to figure out a way to do it.  I’m relegated to merely reading up on Yahoo.ca the next day about how Canada did, followed by how the USA did, followed by other notable events of the Olympic Games in London.

Maybe I’ll pay more attention during the Winter Games in Russia in 2014.

Read Full Post »

As the wife and I have been doing a bunch of hiking lately, it’s not without its consequences. Injuries are starting to pile up.

For myself, I have bad hips.  But that’s made worse by tight hip muscles.  To that end, as my tensor facia latae muscle (on the side of my hip) moves back and forth over the greater trochanter (the bony protrusion on your hip that sticks out the furthest), it hurts.  It started hurting this past weekend as we made our ascent up a fairly steep trek.

The wife has different injuries than me.  She has a tendonitis in her Achilles tendon. She started doing research on the Internet about how to treat it, but has yet to find any treatment that says “Don’t bother resting, continue doing what you are doing and it will magically get better in spite of the stress you are putting on it.”

That’s the problem with being a weekend warrior and not a professional athlete – your body isn’t used to the excessive shock you put on it on it every 6-7 days.  And then it protests.

Man, getting old sucks.

Read Full Post »

When the wife first started dragging me hiking, I had a difficult time finishing the hikes.  I would get winded and at the end my muscles ached, not to mention my hip.

But as time has passed, I’ve improved.  By no means am I going to win an Iron Man competition, but I can complete most hikes of 8 miles fairly easily and I have much more endurance (the wife now lags behind me instead of vice versa).  And ever since getting the GPS and tracking my hikes, I look forward to doing the walk and then mapping it on Google Earth.

Today we did a 9.7 mile hike near Mt. Baker in northern Washington.  The wife got me up at 5:30 am again (one part about hiking I do not enjoy) and we drove 2.5 hours to trailhead.  This was a moderately difficult hike.

Name of track: Skyline Divide(I keep wanting to call it SkyDrive)
Distance: 9.7 miles
Starting elevation: 4067 feet
Highest elevation: 6583 feet
Elevation gained: 3447 feet

I’m going to skip showing you the topographical map and instead show you the Google Earth image.  I played around with the angles to show you how close we got to Mt. Baker.


This hike contained a lot of saddles – a dip between two peaks.  Those stupid things are what I call “Hope Killers” because you hope that you’ve gotten to the top, but no, your hope is killed and you have to descend and then ascend again.  But wait! After 4 miles I don’t want to descend again only to have to go up hill one more time!  Going down should mean the end of the “going there” and instead be “the return path.”


See those ups and downs in the chart above?  Those are saddles.  Ups and downs.

What follows are pictures from the hike:


At the end of two miles, and 1700 feet elevation gain (which is tough), you come to a grassy knoll.  Out there in the distance?  That’s Mt. Baker.


That’s me standing and posing for a picture in front of the mountain.  This was on the way down.


To get an idea of where we were, we didn’t go to the top.  In the above image, we went to a peak that was still a ways off from Mt. Baker itself.


The last part to the top where the hike finishes is a tough slog of 300 foot gain in less than half a mile.  Above is the wife going for a walk at the top of this part as if to say “I’m finished.”


But as you can see, she was so excited to get to the top that she leapt for joy.

I also decided to perform a magic trick at the top here.  I’ve been working on something special – my levitation effect.  Below is a picture of me practicing it.  Obviously, there’s no wires or forklifts to hold me up, the below shot is completely unfaked.


It was hot today; I brought along two liters of water but it was a mistake to bring that little.  The sun beating down on us up there was tough to take, and the horse flies drove us down after resting for 50 minutes (the wife said every five minutes for 25 minutes that she was ready to go; finally I said “These flies are killing me, and so is the sun. You can stay but I need to leave).

panorama 1

And that’s the story of the time we went to Skyline Divide.  It was a tough hike today because of the hot weather, steep elevation gain in the first two miles, continuous up-and-down in the saddles, and horse flies.

But I survived.

Read Full Post »