~traviscj/

Friday started off a pretty decent day in Brazil. I finally got comfortable enough with my phrase book to start busting out phrases to the Taxi driver and it ended up making our taxi rides a fair bit more comfortable, quicker, and cheaper. So, there’s one place that Portuguese is coming in really handy, even if it is even just a tiny bit of it. It’s getting a lot more comfortable interacting with the native Brazilians here, probably for all of us, but it was pretty pronounced today, and I was feeling pretty good about it. I had intended to get some pictures at IMPA, so I happened to have my camera today.

Later in the evening, I ended up going for a walk with a new friend I met on the trip, and in the middle of a really great chat about all sorts of stuff, we ended up getting held up by a couple of guys with knives at Copacabana beach around 22:00 or so. Honestly it was really really stupid to be there, and even stupider to be there with anything valuable. So, if you hear people telling you not to go there after dark, heed their warnings, unless you want to learn your own expensive lesson! It really doesn’t feel dangerous at all while you’re down there, because it’s relatively well lit and just not what you’d think of as all that scary, but the truth is that you’re isolated enough for them to get away with basically whatever they want. Again, the bottom line is, heed the warnings and don’t be there that time of night. Failing that, give them what they want–they’re gonna take it anyways. Never carry passports or credit/debit cards unless absolutely necessary(ie, on the way to or from the airport or ATM, respectively). Don’t get caught up in the heat of something and forget your good common sense.

Anyways, basically everything is back to normal now. It was an experience I would have rather not had, but what can you do? Life goes on…

Sorry for not getting this updated a little bit sooner, but it has been an eventful week sortof. Apparently it’s been almost a week! Time flies, apparently.

Wednesday was pretty standard. More classes, more modeling, more cool climate stuff. IMPA has pretty good coffee for free on supply until 4pm, and all of us Seattlites are pretty much living on it, and on the verge of staging a coup when they try to shut it down. There are currently a bunch of very fun, very loud Irish guys outside the 9-bed dorm room, so everyone in our room is pretty sleep deprived. Hence the coffee addiction. We also finally formalized some ‘cab groups’, or a set of people we’re going to share taxis with for all the taxi rides we’re taking to and from IMPA and other places around Rio.

After the aforementioned somewhat bad sleep, we got up and got on with the day on Thursday. The destination of the day is Corcavado, the statue of Christ the Redeemer at the top of one of the highest mountains in Rio. After taxing to the bottom, Nathan bought us some tickets to ride up the tram. The tram is apparently the safer way to get to the top of the two common ways, the other being to actually walk. Since the area is so deserted it’s an ideal opportunity for muggers looking to rob you, so the train is highly recommended. In any case, the ride is very cool. It feels like you’re going straight up the side of the mountain most of the way, which I guess you are, but it’s a very intense climb, somewhat like a Disneyland ride or something. After getting to the top, you climb a whole bunch of stairs and finally stand next to this HUGE statue. Really truly unlike anything I’d ever seen before. It’s visible from pretty much anywhere with line of sight from inside the city, and it’s downright huge from immediately next to it. It also has gorgeous stones at the base. A lot of people took pictures in the same pose or reaching up towards the statue, but it’s also a great spot to get pictures with the city in the background, or either Copacabana or Impanema beaches. Our cab group left a little sooner than the rest, which ended up being good since one of our cab group members needed to finish a Summer Quarter exam. It was a really good day though, well worth the side trip!

So Monday morning was really lazy. Some people went to get a volleyball, a bunch went down to the beach again, and I let my sunburn cool off. It was also really warm and sunny, which is a nice change from Seattle! We left for IMPA around 2, got on taxis to get over there, and eventually made it. The taxi drivers are apparently pretty vicious. We took 5 cabs, 3 got charged around 15, one around 20, and one 25. So they try to rip you off.

IMPA was throughly amazing. The area around it was very pretty, and they even had some monkeys. There are apparently large ones and small ones, and we just saw the small ones. Nathan gave us a walking tour, and then we had about an hour and a half of lecture. We talked about how to model the temperature of the earth, taking into account energy balance(ie, input from the sun, reflected light as a function of ice, ice as a function of temperature, etc). The Botanical Gardens(Jardim Botanico) were also quite impressive. We walked all the way from IMPA back to the hostel, around Lagoa Rodrigo de Freitas, which was pretty interesting.

Tuesday(Aug 19), I went down to the ATM, stopped for some Acai Berry drink around the corner which was very delicious. Fruits here are a whole different world. The pineapples are so sweet and not sour at all, the bananas are much sweeter, everything is delicious. Some of the food here is really cheap. There’s a store with R$ 1 hamburgers that kinda reminds me of McDonalds. Also very prevalent down here are Caipirinhas, which usually sell for R$3. They’re made with cachaça, lime, sugar, and ice. Anyways, we left around 10 for Sugarloaf mountain and rode the tram up to the top. I got a ton of pictures that I’ll have to upload when I get a faster internet connection and time to pare down the pictures to the best few. We also hung out at the hostel most of the afternoon and made it to the beach just about at 4, which it turns out is about exactly when the tide is coming in(ie, the bad time to show up at the beach).

I’m going to try to make it to the beach tomorrow morning, so perhaps I’ll get some pictures of that up!

I finally made it to Brazil. It was a very long and tiring flight, but I was seated next to a couple of very nice locals that fed me all sorts of useful information. I ended up pre-buying a ticket from the Taxi company, but apparently this is sortof a bad call, because they way overcharge if you don’t have them use the meter. Anyways, not too big of a deal. He took me right up to the hostel, and a bunch of familiar faces were there.

We all decided to go to the beach, but first we stopped off to buy Speedos. Which I really wasn’t too comfortable with, but there’s safety in numbers and you gotta get an even tan, right?  Someone went up to find Nathan, and then we stood outside until the the place opened. Once we’d all bought one, we went back to the Hostel to get our towels and stuff, then back the beach, spent a couple of hours there, then headed back to the hostel.  I immediately fell asleep for like 5 hours, but woke up feeling a bit better. After that, we went to some cafe, and after figuring out what to do(totally different ordering proceedures), we finally got our water and food, and managed to pay for it and soforth.

After that, a bunch of people went to a Favela Funk Party, but I stayed behind. They definitely are a bit crazy, it’s really packed onto the side of the hills, and they do actually have the armed gaurds and stuff. I’ll have to try to get some pictures at some point, and post them here. We’ve had a pretty good night just hanging at the hostel, it already feels a bit like a new home. Anyways, I’m on a friends laptop so I’ve got to finish up real quick, but again, Hi to all my family and friends kind enough to read this post and those coming, I miss you all already!

Well, I made it at least as far as Atlanta. The Boeing 757 we flew in had touchscreens in each monitor that told me I’ve traveled 2326 miles so far. Landing was pretty smooth, and the flight was relatively easy. A bit longer than I’d expected, and a little bit more restless than I’d hoped.

I stopped to get some food immediately on arriving, somewhere called Krystal Hamburger. They have a Sausage Scramble Combo, a cup full of scrambled eggs, sausage, and grits! How awesome.

I did have one little hitch, though. Since my layover is like 13 hours, they wouldn’t print my boarding pass for the Atlanta -> Rio flight. They did say they’d check my bag all the way through, but I guess we’ll see. Here’s hoping…

David and I were working on our Math381 model, and I was getting frustrated because the data we collected and the results from the simulation were not lining up properly, which was quite frustrating. We were hoping to see something like this:

Instead, we were getting stuff distributed like this:

I realized that we needed some function to force a bunch of this junk further left. Recalling an old adage from Mr. Cone’s AP Chemistry class, I decided it was the right time to whack it with an X squared. This is vaguely appropriate, because rand() has a range [0,1), so squaring it should put a whole bunch of stuff further right, but not everything(ie, the first half will end up in the first quarter, the first 3/4 will end up in the first 9/16, etc). Imagine my shock when I saw this:

This is almost picture perfect what we were hoping to see! I was expecting to see something like this, but I was not expecting it to work out so perfectly. The burden is now on trying to justify that choice…

I know that about every other iPhone owner has posted to their blog about this and almost a month ago already, but I’ll throw my own take into the mix.

I originally planned on waiting a while before installing the second major revision of the iPhone software, but Sharvil tried it almost immediately and told me that I needed to give it a shot. So, I finally upgraded it, and have not been disappointed. Some highlights:

• Contact list has search! Sweet! Sad that it only searches the Name fields and not other things like addresses and notes.
• Maps and the GPS stuff are getting a lot of press, and they’re cool as always, though it seems very much like the old one, so it may be the case that the gain here is restricted to people with the 3g models.

But of course, the most buzz is over the apps. Here are some I’ve liked:

• Shizam is majorly cool. It uses some sort of algorithm to listen to a song and link that back to the song’s information, and allowing you to purchase it from the iTunes Store, watch it on YouTube.
• Remote is awesome. It lets you remote control your iTunes via wifi, and it sports a far better interface. I found came across this editorial about precisely this, called: Dear Apple: Please Make the iPhone’s Native Interface Like the Remote App. They definitely have a point here, I’d love to see those changes integrated into the standard iPod interface.
• The Facebook app is impressive. It allows chats, way better photo support(drag scrolling, names placed over faces for a second then disappearing, a totally sweet comment interface), good integration with emailer and phone dialer. I’d like to see a way to update sections(ie, add a new favorite quote or interest), but this was clearly built as a more of  a communications + photo tool rather than the more general purpose Facebook, whose sole purpose is to suck huge chunks of your life away, and it serves that purpose excellently.

And of course, the more playful apps:

• PhoneSaber, a lightsaber program that makes appropriate noises and lets you switch colors at will.
• iPint - a program to let you enjoy some virtual brew.
• iLight - a simple program to white the screen and maximize brightness, letting it function as a flashlight. It actually works quite well, too.

Some more ways Acronis fails, just for the record:

1. Completely useless log files. Error messages are crucial in applications. Acronis says ‘Error creating file’. This could mean:
   1. I couldn’t resolve the FTP server’s hostname
   2. I could resolve the hostname, but could not connect to the FTP port
   3. I could resolve the hostname and connect, but I could not authenticate.
   4. I could resolve, connect, authenticate, but I could not create a new file.
   5. Any number of other things. I could not create a temporary file(Why? No permissions in Acronis’s temporary folder?  No hard drive space? It already exists? The folder that should be the temporary folder doesn’t exist?)

   Another error we’ve gotten a few times is ‘Failed to process pair script (some hash).’ While it might be useful to someone, it’s not really any help. A lot of the same stuff applies: Is the file corrupt? What’s wrong with it? Improper syntax? The configuration files are XML, they should be editable as such. Point being: Acronis, get your stuff together and write some real, honest error checking code. It’s boring code to write, but it’s boilerplate stuff, and basic. This is what you hire interns for. Please do so.

2. The GUI stinks. Everything is wizard based. This in itself isn’t so much of a problem, but it becomes one with their absolute awful support of stuff like, oh, say, remembering passwords. To see how this is an issue: Say I realize that I want maximum encryption on my backup archives. So, I load up the tasks list, click the one I want to change, click the ‘changed settings’ button. It asks me what I want to backup(2-3 screens), then where I want to back it up to. I tell it the FTP site, and it asks me for my login for that site, then allows me to navigate(keep in mind this is already stored in the configuration file I’m trying to edit, in some encrypted form(hopefully, though I would not bet 2bits on it)). Then, it asks me if I want to sign in to the FTP anonymously or use a username and password. Upon selecting non-anonymously, it asks me for the same username and password. Every single time you try to change any part of the configuration.
3. The command line stinks. There are just a couple of commands, including trueimagecmd and trueimagemnt, but both of them are completely inconsistant on file argument parsing: trueimagemnt uses the more standard UNIX conventions of [-(shortopt)|–(longopt)] (arg) while trueimagecmd uses the completely zany –(longopt):(arg). The command trueimagecmd allows a –verify command, but doesn’t include it in the runtime help or the manual page. None of this seems like too big of a deal, but Acronis is basically the only program that we actual require any GUI at all for on 2 of our 4 main servers. It’d be very nice to have backups and not need a GUI.

That ended up being a pretty long rant… but at least now I’ve probably got it out of my system for a while!

I have been meaning to write for almost two weeks that I’ve got my Visa back from the Brazilian Consulate in San Francisco, which is pretty cool. I saw a picture of it and it looks really sweet. I’m slowly turning into a world traveler! It took about a week inside the consulate, then they FedEx Next Day Air’d it to Memphis, then Spokane, then the Tri-Cities, then Prosser. They dropped it off with Mom.

I finished my Typhoid oral vaccine earlier this week. I felt a little crappy for about an evening, and then kinda leveled off. One of my roommates went to South America and had no ill-effects from the shot, so I’m gonna say that I highly recommend anyone to go that route instead. I also finally got the Hepatitis and Tetanus vaccines today. She warned me it’d hurt and told me to take some asprin, but I passed on the painkillers and have been quite okay anyways–I’ve made it hurt far worse with pushups.

All I really have left at this point is some stuff at work, my math381 project, to move out of Stevens Court, and to pack for the trip. That’s gonna make for a very busy 13 days, though… Wow.

 I’ve been waiting to write about this until I could see how it all ended up going, but I think we’ve just about seen the end of all of our issues.

The story goes something like this: Originally, we used external hard drives plugged in via USB to our servers to back up our servers. This worked well, except that we had two external drives and 7 servers. About this time I started working this job and immediately set up a MediaWiki website for storing documentation and a Mantis Bug Tracker website for storing information about ongoing projects–I think I’ll try to write a post about that at some point as well. Anyways, these two websites originally ran on my personal webserver in Prosser, but we decided to run them on a company-owned server instead, and that this new machine could act as both a backup server and a webserver for those two websites.

This presented a challenge, however. We chose a different physical location for the backup server to add some level of off-site storage, but we wanted to ensure it was properly encrypted. At first, we tried to use sshfs along with host-keys to authenticate our servers. This worked well for short connections, but due to either sshfs or network misbehavior, this proved completely unreliable for the kind of long-term(weeks long) connections we wanted to have between these machines. This in turn caused backups to fail, which is both highly frustrating and completely unacceptable.

Happily(we thought), Acronis released a new edition of the TrueImage software, Acronis TrueImage Echo. This supported both  AES encryption and FTP storage. While SFTP would have been preferable, we decided that AES encryption along with a very minimal whitelist of IPs allowed to connect to FTP ports would be sufficient. In the process of testing this new setup out, I discovered that Acronis was failing to AES encrypt files transmitted via FTP. This is a major deal since AES is really the only reason that FTP was acceptable at all.

This is where the story gets really interesting. We contacted Acronis about this issue, and after an initial volley of ‘You must be doing something wrong’(a typical Acronis assumption, sadly) and subsequent, ‘Oh, um, heh, can you please send some more log files our way?’ After finally convincing them of the issue(which they did say they had verified) we heard nothing. Nothing for about three months. My old boss emailed them asking what the status was, and we were told the the fixes were forthcoming, though no hard deadlines of any kind were sent, and we have (again) not heard from them in over six weeks. Here is part of their actual response:

We have contacted our developers and they explained that the fix is one of the complex ones to implement. Currently we are doing our best to expedite the development.

According to our development team the case is still open which means the fix is not approved and will not be implemented in the coming update.

After their noncommital answers and our utter frustration, we reported the problem to several security websites, notably Secunia. Secunia immediately picked up on it, and after further description of the problem, set an initial disclosure date of July 23, 2008. Apparently, Acronis failed to respond to them as well, so Secunia emailed us back asking if we’d like to further delay the disclosure or release it immediately. We picked immediately. Secunia released the disclosure a couple of days ago, and it’s now available at the link referenced at the end of this post.

As far as my commentary on this goes, Acronis fails for several reasons here:

1. Failure to design a network backup with the realities of networks in mind. Implementing a backup client where the only options for data backup are FTP and SMB is not merely shameful, it’s irresponsible. Asymmetric key cryptography works, and it works well. SFTP is not an exotic protocol, it’s been a default part on nearly every Linux install for years.
2.  Failure to design a robust encryption method. I’m not sure if their AES was tied directly into functions that were only called open writing a file to disk or what the failure here was, but something is completely amiss if one mode of operation correctly encrypts data and another mode fails to. Even if this was the case, an ethical choice without expending really any work is to add a dialog box warning of the situation. A simple, ‘Use of FTP and use of encryption are mutually exclusive, please choose FTP carefully.
3. Failure to identify major issues and deal with them appropriately. Acronis should have issued this advisory to all registered customers immediately upon verifying it. This is an easy enough problem for an administrator to work around, but they have to know about it first. They should have also fixed it in the four months since then. I’m not sure what they’ve been up to here. Saying that a fix is complicated is not an excuse for anything, ever. AES is complex, but it’s already been written, and it’s already been written in spite of it’s complexity. If your software is that complex, that’s your fault, not your paying customers’. If your developers are incapable and incompetent, that’s again not your paying customer’s fault, it’s yours.

In the end, our holdover solution until we can deploy a new solution(read that last part as: Until Travis can convince management to ditch Acronis in spite of the financial expenditure) is to set up a VPN with OpenVPN, only run our FTP on the backup server’s OpenVPN IP address, and completely discourage it’s use to anyone who will listen.
Secunia Advisory 30856