SoylentNews

For those of you in the Unites States, today is Mother's Day.

I have no masterful prose to offer here. Rather, I'd like to extend an opportunity for the community to share their memorable experiences. A time when you especially felt supported or nurtured or challenged.

In my case, my Mom passed away several years ago. On this day I especially feel the loss of the exceedingly gentle and yet tough woman who sacrificed greatly so that I might have a chance at a good life. She taught me manners. To say "Please" and "Thank-you". She encouraged me to do my homework, sometimes at the threat of losing certain privileges. When I was just a few years old and puking my guts out from some illness, she sat by me gently stroking my back, encouraged me to have some flat Coca Cola and saltines to give me strength, and applied cool compresses to my forehead to help alleviate my fever. She offered perspective and gentleness when I was getting over my first childhood crush, when I failed my first try at my driver's license, and when I faced career changes in my life.

I realize that some here may have had less than wonderful moms; I have met some of you and my heart goes out to you. I hope that with time, you may be able to find peace.

For those who have had special times, I encourage you to please take some time to visit or call and make a small sacrifice for her.

Also, I ask you on this day to put aside for a moment the black-and-white minutia of the latest gadget or OS and share a vignette of a special time you shared.

I'll close with this: "Mom, I don't know if there is a heaven, but if there is, I know you are there. I hope I've grown to be a man you are proud of; I know I wouldn't be half the man I am without you. Thanks is too little, but it is all I have to offer. I miss you."

1. CEO
2. Lawyer
3. Media (TV/Radio)
4. Salesperson
5. Surgeon
6. Journalist
7. Police Officer
8. Clergyperson
9. Chef
10. Civil Servant

Among the least psychopathic professions were teachers, artists, doctors, nurses and accountants. The survey is not a very well controlled one, but is reasonably robust because it has a very large sample size.

The important problem, or thing about psychopaths is that such people lack the moral dimension in their intuitive experience, a thing that non-psychopaths find difficult to comprehend. A psychopath may conduct himself in a perfectly legal and moral manner in all things, but this is a purely intellectual choice and not an emotional one. He is able to comprehend the emotional states of others but the evaluation of such states is, again, unemotional. However the psychopath is usually intrinsically driven by personal gain and as a result, the comprehension of others' emotional states is often used in a manipulative and exploitative way.

The article by Wolf, however, deals with how our social system has been geared to favour psychopaths because in all probability it was designed by psychopaths:

We can retain our innate skills at surviving alone, or we can adopt a different pathway and join a cooperative society. Unaware of this choice, it is therefore thrust upon is in our early childhood. Failing to develop to our potential is disease, and a disease plagues humanity which is heretofore unrecognized in its gravity and effect on our society, largely because the effects have long been experienced. Our very paradigm is defined by this disease. That disease, psychopathy, is no more than the failure of some to develop empathy, that skill necessary to the continuing peaceful existence of a cooperative society. And having run its course unchecked for centuries, this disease has completely altered humanity so profoundly, that our very paradigm is based in large part on the erroneous conclusions by those affected by the disease both directly and indirectly.

He attributes the origins of this social system to the Roman Empire which favoured leaders that were successful warriors. Theirs was a meritocratic system, as is ours today. The difference is that today's merit is political prowess as opposed to military and strategic prowess. To my understanding, Michael Wolf is proposing that neither of these should be considered to be 'merit'. He goes on to show that fundamental social constructs we have are designed to erode society's defences against psychopaths:

A democracy with our style of justice system is a system designed to fail. Our justice system discourages development of moral reasoning, and as the consequences of abiding by our justice system are loss of all privileges as well as basic human rights; we are compelled to comply and thus highly prone to its influence. We do not develop as we should, and as a result, democracy actually ceases to exist. Anyone who suggests that our effective system is democratic is either a fool, or an outright liar.

The questions I am left with are more fundamental even than those that Michael Wolf asks. The very reason psychopathy is "in charge" right now could well be that, given the physical realities of the world in which we live, this is an advantageous trait, at least in the short term. However in the long term the survival of the species seems to depend on cooperative and collaborative effort that looks after members of society which are weaker in certain respects, but not necessarily others. Some types of diversity are clearly advantageous, but others can pose a critical threat to a society.

One problem in breaking through the blindness of the general population on this is that people have been conditioned into accepting what could be termed as existential subjectivism, which leads to moral relativism. This is the very thing psychopathy thrives on. The psychopath does not recognize moral absolutes, but will use use whatever tool is needed to achieve his goals and will argue that this is the best way, including systematically imposing moral restrictions on others whilst totally ignoring such rules in his own conduct in order to gain advantage. People today have become subjugated to this view and indeed this is promoted in the media, but it is a form of voluntary intellectual enslavement. It is paradoxical, but subjecting one's self to moral absolutes and standing up for them is the one way to demand and achieve real freedom. Moral absolutes must be recognized and enforced at all levels of society, not just the middle classes, if there is to be a hope of improvement of the current social malaise.

Wolf's argument that the justice system is flawed is basically correct. For the purposes of reliably determining the right from wrong in a conflict situation, there is a need for a justice system where judges are unbiased. It is the method of reasoning that is broken, even at the very base level of the affording people "rights" - a product of humanism. The anti-psychopathic way of judging situations is to look at the obligations people have towards each other and assessing whether, given the circumstances presented, people have fulfilled their obligations. Crimes are therefore always ones of omission - failure to protect, respect and support others, especially those who are weaker. In judging merit, likewise we should look at the track record of candidates for leadership in a similar way - have they met their social obligations?

The question of democracy is also touched upon. Indeed nearly all democratic government in existence today is corrupted beyond redemption by blackmail and bribery. A lack of transparency is one reason and is a result of secret associations between individuals and society's failure to address them. This is in contrast to the Roman Empire which had explicit laws banning organized secrecy. Such a law today would break many a modern society. A second failure of modern democracy is the excessive ratio of voters:representatives, which nearly completely dilutes the ability of people to be properly heard.

So in conclusion, the article by Michael Wolf is a worthwhile read for those who are interested in the topic of 'what is wrong with the world'. The recognition of the existence and prevalence of psychopaths is being spun as "psychopaths are necessary, and psychopathy is good" by many voices, yet in fact it is an unbalanced and pathological personality trait that, if left unchecked, erodes and weakens humanity ... at least according to a non-psychopath!

This is a generic journal entry posted entirely so that you can tell me I'm awesome, call me a dick, or impart useful information since SN lacks a messaging feature and I'm not giving out my email address.

I discover that Slash's Template system is based off of Template-Toolkit v2.07. Therefor, a lot of useful information can be gained by reading that documentation.

I also discovered some old yet interesting discussions buried in the TT mailing list's archives. It wasn't easy to find the discussions, so I will post the links here.

Disclaimer: I'm not an expert, in fact I'm brand new to the Slash code-base. This information could be wrong or missing important parts. If you happen to find any mistakes or have any further insight to add, please comment.

Note about Terminology: I am not a PERL programmer. I read an O'Reilly book on the language and interpreter around 10 years ago, so you will have to excuse my Terminology, which will probably resemble Java more than PERL (For example, I don't think there technically is a "class" in Perl 5, however I still use this term).

• A "[static] class" is a file that defines methods (functions/sub-procedures) and properties (limited scope variables, arrays and constants) that are organized in a single file. A "static class" need not be instantiated in order to access the methods and properties it encapsulates. The inner methods and properties of a static class can be accessed directly, without creating an Instance of the object that the class defines. In this context, a "class" refers to a Perl 5 package.
• An "instance of" a class is an object. Objects are the product of non-static classes after calling the new, or "Constructor" method of the class. An "object", essentially, is the current state of the data encapsulated by the object's class.
• To "instantiate" is the act of creating an instance of an object.
• An "inner-class" is a class that is not organized in it's own file, but instead inside an existing class' file). In order to access an "inner-class", it's outter-class must either be static or an instance of the outter-class must be used. Hense the outter-class "encapsulates" the inner-class.
• A "method" in this context would refer to a Perl 5 sub-procedure, contained within a package.
• "Compile" in this context means to use the process|input method to transcode the template data into executable Perl, that can be cached on the server that runs Slash.

Slash::Display
The Slash::Display class --essentially-- represents a customized instance of the Template module (Template-Toolkit). This custom instance encapsulates the full Slash Template system. Similar in focus to the original Template-Toolkit, from what I can understand the main focus of Slash's Template system is the ability to store template data (The "Providers") in Slash's MySQL database.

In Display.pm, the slashDisplay method calls get_template, which instantiates the Template object defined in the Templates module. The Slash::Display::Provider, Slash::Display::Plugins and Slash::Display::Directive objects are sent as arguments to the base Template class's constructor method (new).

The instance of Slash::Display::Provider (Along with any Slash::Display::Plugin objects it may have) is "compiled" (Unless already "compiled"/cached) and then run. This is all done using either the process method (Display.pm, line 218) or with the input method (Display.pm, line 215). Both of these methods are inherited from the base Template class (Display.pm, line 47).

Slash::Display::Provider
The Slash::Display::Provider class defines an object to represent (model) the data of a template that's stored in the Slash database.

Slash::Display::Provider is based on TT's Template::Provider class. Slash::Display::Provider inherits ("Subclasses") Template::Provider and then, --among other things-- overrides the fetch, load and refresh methods to add the ability of storing and loading templates from a Database (As Slashcode does.)

Note:On the same line that creates an instance of the base Template object, the Slash::Display::Provider object is instantiated (Display.pm, line 392) and passed in to the base Template object as an argument.

• [Mailing List Discussion] Subclassing Template::Provider as Slash::Display::Provider

Slash::Display::Plugin
The Slash::Display::Plugin class defines an object to model a Template Plugin stored in a Database. Template Plugins --I think-- extend the functionality of Slash to support a particular feature or features that the template adds. Is this right? It is different from the primary Slash Plugin system, which I have yet to explore..

Slash::Display::Plugin is based on TT's Template::Plugins class. Slash::Display::Plugin inherits (Subclasses) and extends Template::Plugins and then, --among other things-- overrides the new ("Constructor", which instantiates an object) method and adds the display method. The display method displays output from the Plugin followed by a callback to the slashDisplay method, which displays output from the template.

• [Mailing List Discussion] Subclassing Template::Plugins as Slash::Display::Plugins

Slash::Display::Directive
The Slash::Display::Directive class inherits from the base Template::Directive class. The purpose of this class seems to be to act as a container to encapsulate data ("Directives") used to control and configure the Template Parser.

The Slash::Display::Directive object is defined by an inner-class of the Slash::Display::Provider class (Provider.pm, line 201).

On IRC (in #Soylent), MrBluze and I have been discussing how to make a better messaging system. You would need to be able to easily send to individuals or groups, have messages either public or private, be able to verify that the message came from who it claims to be from (and someone who's a contact on your list), and all without relying on specific server software or a specific hosting company).

So below is a very basic proof of concept that does the following:
- Creates two identities (a sender and recipient).
- Gives them each a public and private key
- Creates a message that the recipient can verify is:
          - Intended for, and only readable by the recipient.
          - Created by the sender, and not just someone using their name.
- Formats the result in plain text (base64 encoded) so it's easy to transmit.

This means the message itself could be send via any text medium, public or private, as only the intended people will be able to read its contents and they'll know who sent it based on the message itself.

It's all very basic and preliminary but I had to figure out a few things about how to use openssl and hashes properly, so it may be instructive to other people interested in this kind of thing.

I'll get around to adding more comments at some point.

<?php

function encrypt_longer_string_public_key($source_string, $key, $chunk_length=100,$delimiter = "...")
{
    $source_array = str_split($source_string, $chunk_length);
    $result_string = "";

    foreach ($source_array as $source_chunk)
    {
        $encrypted_chunk = "";
        openssl_public_encrypt($source_chunk, $encrypted_chunk, $key);
        if ($result_string != "") $result_string.=$delimiter;
        $result_string.= base64_encode($encrypted_chunk);
    }
    return $result_string;
}

function encrypt_longer_string_private_key($source_string, $key, $chunk_length=100,$delimiter = "...")
{
    $source_array = str_split($source_string, $chunk_length);
    $result_string = "";
    foreach ($source_array as $source_chunk)
    {
        $encrypted_chunk = "";
        openssl_private_encrypt($source_chunk, $encrypted_chunk, $key);
        if ($result_string != "") $result_string.=$delimiter;
        $result_string.= base64_encode($encrypted_chunk);
    }
    return $result_string;
}

function decrypt_longer_string_private_key($encrypted_string, $key, $delimiter="...")
{
    $parts = explode($delimiter, $encrypted_string);
    $number_of_parts = count($parts);
    $result_string = "";
    foreach ($parts as $one_part)
    {
        $one_part = base64_decode($one_part);
        openssl_private_decrypt($one_part, $decrypted_part, $key);
        $result_string.=$decrypted_part;
    }
    return $result_string;
}

function decrypt_longer_string_public_key($encrypted_string, $key, $delimiter="...")
{
    $parts = explode($delimiter, $encrypted_string);
    $number_of_parts = count($parts);
    $result_string = "";
    foreach ($parts as $one_part)
    {
        $one_part = base64_decode($one_part);
        openssl_public_decrypt($one_part, $decrypted_part, $key);
        $result_string.=$decrypted_part;
    }
    return $result_string;
}

function verify_hashed_string($string_with_hash, $hash_algorithm = "sha256")
{
    $extracted_hash = substr($string_with_hash, -64);
    $extracted_text = substr($string_with_hash, 0, -64);
    $calculated_hash = hash($hash_algorithm, $extracted_text);
    if ($calculated_hash == $extracted_hash) return $extracted_text;
    else return false;

}

// 1) Create a new key:
putenv("OPENSSL_CONF=c:\\wamp\\www\\nospamplease\\openssl.cnf");

if (file_exists(getenv('OPENSSL_CONF'))) print "config file exists<br><Br>";

$config_args = array(
    'config' => getenv('OPENSSL_CONF'));

$sender_key = openssl_pkey_new($config_args);
$recipient_key = openssl_pkey_new($config_args);

// 2) Extract the private key string.
print "sender key is "; var_dump($sender_key); print "<br><br>";
print "recipient key is "; var_dump($recipient_key); print "<br><br>";

openssl_pkey_export($sender_key, $sender_private_key, NULL, $config_args);
openssl_pkey_export($recipient_key, $recipient_private_key, NULL, $config_args);

// 3) Get the public key.
$key_details = openssl_pkey_get_details($sender_key);
$sender_public_key = $key_details["key"];

$key_details = openssl_pkey_get_details($recipient_key);
$recipient_public_key = $key_details["key"];

// 4) Display the keys. The hash of the public key could be used as a "to" identifier.
print "Sender Private Key: $sender_private_key<br><br>
    Sender Public Key: $sender_public_key<BR><BR>";
print "<hr>";
print "Recipient: Private Key: $recipient_private_key<br><br>
    Recipient Public Key: $recipient_public_key<BR><BR>";

// Show some text before and after encryption and decryption
$original_text = "This is totally a secret message";

// Add a checksum to the end.
$inner_message_hash = hash("sha256", $original_text);
$hashed_inner_string = $original_text.$inner_message_hash;

// Encrypt the message with senders private key.
$inner_encrypted = encrypt_longer_string_private_key($hashed_inner_string, $sender_private_key);

// Add a checksum to the end of the encrypted messaged, after a base64_encode of it.
$outer_message_hash = hash("sha256", $inner_encrypted);

$hashed_outer_string = $inner_encrypted.$outer_message_hash;

$outer_encrypted = encrypt_longer_string_public_key($hashed_outer_string, $recipient_public_key);
//$outer_encrypted_as_string = base64_encode($outer_encrypted);

print "<br>Original message:<br>$original_text<br>";
print "<br>Hashed inner string:<br>$hashed_inner_string<br>";
print "<br>Inner string encrypte:<br>$inner_encrypted<br>";
print "<br>Outer string (inner string encrypted + hash of encrypted string)<br>$hashed_outer_string<br>";
print "<br>Outer string encrypted:<br>$outer_encrypted<br><br>";

// Now go the other way, decrypt it and show the decrypted message. Verify each step.

$outer_decrypted = decrypt_longer_string_private_key($outer_encrypted, $recipient_private_key);
$outer_decrypted = verify_hashed_string($outer_decrypted);

if ($outer_decrypted) print "outer decrypted is : ".$outer_decrypted."<br><br>";
else {print "couldn't verify outer decryption";return;}

$inner_decrypted = decrypt_longer_string_public_key($outer_decrypted, $sender_public_key);
$inner_decrypted = verify_hashed_string($inner_decrypted);
if ($inner_decrypted) print "Inner decrypted is: $inner_decrypted";
else {print "couldn't verify inner decrypted"; return;}

?>

In this week's poll on Pipedot I ask you to rank popular websites using the Borda Count voting method. In other words, how much do you trust these sites to maintain your data and your online privacy.

Instructions:

Rank any number of options in your order of preference.

Notes:

• The highest preference is "1" and will reward the highest number of points
• The largest number you can enter is the count of the options (In this case "8") and will award 1 point
• Don't duplicate numbers
• You can leave some options blank; no points will be given to these choices

This marks the 3rd voting method supported. Approval Voting was added last month.

My swimming pool is approx 24 cublic metres in volume. Now, in order to filter the water properly, the books say you must run ALL the water through the filter within every 24 hour period. Ever since I've had the pool, I've run the pump about 12-15 hours a day, on the original advice of the installer.

So, in an ongoing effort to reduce our energy bill, I decide to see if this pump runtime can be reduced, and I dig up the PDF for the pump, a Sta-Rite 5PRD-1B. According the PDF (If I'm reading it right), the pump can shift about 15 cubic metres of water AN HOUR. This means I only need to run the pool about 2-3 hours a day to ensure full filtration? If this is correct, a) my pool installer was an idiot, and b) I've been wasting electricity for years! :(

There's a little graph on page 2 of the PDF that shows the throughput.

Can anyone who knows more about this stuff than I do, confirm my findings?

So ... I've recently gotten back into minecraft, and figured that perhaps there are other MC players here at SN, so I wanted to know if there was enough interest to setup a MC server in general. I'd probably use CraftBukkit, and I'm open to running mods if others are interesting. Leave a message below if you'd be interested.

Mods I'd like to run:
  * Traincraft
  * Railcraft
  * Mystcraft (useful for getting new ores without having to reset maps; age creation would be restricted to admins though; mystcraft is a server hog).

Leave your thoughts below.

The torrent has ended. We lost Crewman Willikers in the wash. He had tied himself to the helm, and tried to keep course. We lost the wheel too; but the carpenter had a spare; and was able to patch it up. On the other hand he's not so sure of the patch to the hull, and wants us to find port. The sails will need patching, but for the most part the ship is sound.

The navigator says we're more than 200 off course; but the damn man wont provide any units. Could be parsecs for all I know. or Milliliters. or Pascals. bastard.

where's the damn grog?

Since we've got a fair number of complaints about us running too many site news articles, I'm going to condemn this to my journal, then link it next time we *do* post something about the site. For a large portion of today (4/16), SoylentNews users had issues with commenting, and moderation was completely hosed. This was due to a backend change; we shifted the site behind a loadbalancer in preparation of bringing up a new frontend and give us considerably more redundancy and latitude with working with the backend.

This change had been setup on dev for the last week with us testing it to see what (if anything) broken, and it was discussed and signed off by all of the staff. Last night, I flipped the nodebalancer to connect to production instead of dev, then changed the DNS A record for the site to point at the loadbalancer.

I stayed up for several hours at this point to ensure nothing odd was going on, and satisfied that the world would keep spinning, I went to bed. What I found though was I broke the formkeys system. Slash knows about the X-Forwarded-By header, a mechanism for when a site is behind a proxy on how to relay client IP information (this mechanism was already used by both varnish and nginx), however, for security reasons, we strip out the XFF header from inbound connections unless its on a specific whitelist. On both dev and production, we had whitelisted the nodebalancer to pass this header in properly.

Or so we thought. Linode's documentation doesn't mention, but the IP address listed in the admin interface is *not* the IP used to connect to the site; instead it uses a special internal IP address which isn't listed or documented anywhere. Our security precautions stripped out the X-Forwarded-By header, and made it appear that all inbound users were coming from the same IP. This wasn't noticed on dev as slash ignores the formkeys system for admins, and the few of us beating on it with non-admin accounts weren't able to do enough abuse to trigger the formkey limiters.

Our peak hours are generally evenings EDT, which means the low traffic at night wasn't enough to trip it either (or at least no one on IRC poked me about it, nor were there any bugs on it on our github page. However, once traffic started picking up, users began to clobber each other, commenting broke, and the site went to straight to hell. When I got up, debugging efforts were underway, but it took considerable time to understand the cause of the breakage; simply reverting LBing wasn't an easy fix since we'd still have to wait for DNS to propagate and we needed the load balancer anyway. After a eureka moment, we were able to locate the correct internal IPs, and whitelist them, which got the site partially functional again. (we have informed Linode about this, and they said our comments are on its way to the appropriate teams; hopefully no other site will ever have this same problem).

The last remaining item was SSL; we had originally opted out of terminating SSL on the loadbalancer, prefering to do it on the nginx instance, so Port 443 was set to TCP loadbalancing. This had the same effect as there is no way for us to see the inbound IP (I had assumed it would do something like NAT to make connections appear like they were coming from the same place). The fix was utlimately installing the SSL certificate on the load balancer, then modifying varnish to look for the X-Forwarded-Proto header to know if a connection was SSL or not. I'm not hugely happy about this as it means wiretapping would be possible between the load balancer and the node, but until we have a better system for handling SSL, there isn't a lot we can do about it.

As always, leave comments below, and I'll leave my two cents.