Press! Press! Press!

It’s the show everybody* is talking about! From the Journal and Courier:

Comedy and music

Purdue University’s answer to “Weird Al” Yankovic will perform this weekend.

The musical comedy group Andy Ober Orchestra will perform with Ship of Fools, a long-standing Purdue improvisational comedy troupe, from 8 to 10 p.m. Friday at Matthews Hall, Room 210, on Purdue campus. Admission is free.

The Andy Ober Orchestra has original songs like “You’re the Bursar,” and it parodies tunes like “Pi Pi Pi” from NSYNC’s “Bye Bye Bye” and “All the Music Sounds the Same,” the group’s take on the Cheers theme song.

The Ship of Fools’ portion of the program will be improv games similar to Whose Line Is It Anyway? For the rest of the semester, the Fools meet from 7 to 9 p.m. every Friday at Beering Hall, Room 2280. The public is invited to watch the games or try their own hand at performing.

Of course, “You’re the Bursar” is a parody of a Smash Mouth song, but who’s counting?

* For sufficiently narrow definitions of “everybody.”

Comments Off

Ship of Fools + Andy Ober Orchestra

Do you have a face? If so, please read the following public service announcement.

Each year, millions of Americans suffer from a debilitating condition known in the medical community as cephalofacial rhythmic adissociatitis. Common symptoms include boredom, chronic failure to locate Friday night entertainment, and periodic blinking.

If you or someone you know suffers from this condition, there is help.

This Friday, March 31, 2006, the Ship of Fools and Andy Ober Orchestra will perform a free show in MTHW 210 starting at 8:00 pm. Four out of five doctors agree that the combined application of improv comedy and Weird Al-esque musical parodies is more effective than placebo at treating cephalofacial rhythmic adissociatitis.

Remember, cephalofacial rhythmic adissociatitis is curable if caught early. Thus, it is recommended that you and everyone you know attend the SoF/AOO joint performance. Studies in mice have shown that even in individuals not harboring any symptoms, the show will provide a preventative benefit.

So, please take the time to attend this Friday’s show at 8 pm in MTHW 210. If you skip it and your face is not rocked off, you only have yourself to blame.

Comments Off

Call for Artwork

As you may have noticed, Music Applet currently doesn’t have an icon. I don’t have the artistic skills necessary to make a good-looking icon for the applet, but you might.

If you’d like to contribute an icon for Music Applet, please e-mail it to me. I’ll choose the best one and add it to a future release of the applet.

Thanks in advance!

(ObLegal: Of course, the icon must be your own creation and it must be offered under the GPL or a compatible license.)

Mother 3

You know, if it weren’t for society’s taboos against genetic engineering and crossbreeding, we could have real-life rhinocerockets and ostriphants.

Oh Shigesato Itoi, if only I could actually read everything else.

Comments Off

They Blinded Us With Science

Saturday was the largest Ship of Fools show ever. We were the opening act of the 2006 Indiana Science Olympiad at Purdue.

How big is that? Let me put it this way: if you computed base 10 logarithm of the cardinality of the audience and rounded the result to the nearest integer, the answer would be 3.

Or, if you’re not a mathematician, think of it this way: the audience was on the order of 1,000 students (mostly grades 7 – 12), teachers, and parents, give or take. An audience so big, we performed on stage at Elliott Hall of Music, a venue of size comparable to Radio City Music Hall. Elliott is big. [Editor's note: How big is it?] It’s so big, it has its own Wikipedia entry.

(On the otherhand, so do quarks, so maybe Wikipediahood isn’t a good measure of size. But I digress.)

The show went incredibly well. The audience was possibly the most enthusiastic and energetic we’ve ever had, both in terms of total enthusiasm as well as per capita. For example, there’s a crowd warm-up we often do called “More Waffles Please,” intended to get the audience willing to yell out suggestions later on. Basically, you divide the audience into thirds, and each group shouts one of the warm-up’s eponymous words whenever the MC points to them. Normally, the audience starts off pretty timid, and it takes a few tries before you build up a decent volume.

This show? First try and they’re good and loud. And they kept that energy throughout the show.

The audience volunteers who came up on stage for a couple of the games also did a fantastic job. Heck, the boy who came up to be a word bank in Hesitation even delivered the closer! (As in, the line you end the scene with, because you know there’s no way you’re going to top it.)

Of course, that’s not to say that the Fools themselves didn’t go a great job too. We had a couple video cameras running to record the show, and I really hope they came out well. There was a third camera (which I don’t think was actually recording) being used to project the action on stage up onto a big screen above it. I’m told that I loomed so large on it that it looked a bit like Attack of the 500 Foot Jesus Paul up there.

However, my sources indicate even this show won’t hold a candle to what’s coming up on Friday!

Comments Off

Quote of the Week #85

I know nothing about evolution. Neither do I care anything about it. To be very frank with you, gentlemen of this House, I don’t see but one good feature in this thing, and that is that it will gratify the monkeys to know they are absolved from all responsibility for the conduct of the human race.

Sam Ervin Jr.

Comments Off

Music Applet 0.9.0 Released

Rhythmbox Applet is dead! Long live Music Applet!

That’s right, with the advent of support for Banshee, the name Rhythmbox Applet is no longer suitable for a GNOME panel applet that lets you control your favorite music player. So, despite Benji‘s best efforts to get me to name it “Kulinibox” (“it’s eponymously cool!”), its name has changed to Music Applet

And accordingly with big changes, there’s been a big jump in the version number (0.9.0) and a new web site for the software, one that should hopefully load much faster than the old one did.

Here’s a quick sketch of the roadmap for Music Applet’s future. This is all subject to change, of course:

  • For 0.9.1: Muine support.
  • For 0.9.2: Album art support (and figuring out how to properly handle features that are supported by only some music players, such as album art and song ratings).
  • For 0.9.3 and beyond: Improving the applet GUI.

For those of you using the old Rhythmbox Applet RSS feed, you’ll want to switch over to the new Music Applet RSS feed, which will carry all future announcements for the software.

SELinux Symposium Notes: Session 7

[Editor's note: It's almost over! Since I had to bail on Session 8 to catch my flight back to Indiana, this is the last set of notes I was able to take. My handwriting gets worse and the content gets more terse with each set. Insert disclaimer here. Enjoy.]

Lessons Learned Developing Cross-Domain Solutions on SELinux (Karl MacMillan et. al., Tresys Technology)

for high-security or untrusted compartmentalized environments
primary goals: confidentiality (H -/-> L) & integrity (L -/-> H); use information flow pipeline
CDS breaks BLP, Biba models — want to control flows, not prohibit outright
let SELinux do the heavy lifting; minimize what app has to do; but apps do need to do transfer policy (e.g. “documents have no executable content” done by app, but SELinux can force filter to be used)
control access to domains to prevent uncontrolled information flows
use multiple localhost aliases (separately labeled) for network-based IPC among local compartments
one-way IPC w/o covert back channels (e.g. timing)? most design for bidi IPC
existing policies often more permissive than strictly necessary — not consider narrow flows
TE works very well for CDS & assured pipelines

Lopol: A Deductive Database Approach to Policy Analysis and Rewriting (Aleks Kissinger et. al., University of Tulsa)

lightweight, interactive, iterative, based on logic programming (Datalog)
operates on policy.conf, translate rules into relations
Datalog evaluation on binary decision diagrams
analysis by forming rules & running queries (primitive rules: reads, writes, [transitive] flows)
generic rules: privileged types, trusted intermediaries, …

Attack-based Domain Transition Analysis .(Susan Hinrichs et. al., University of Illinois at Urbana – Champaign)

what happens if a domain is coopted? information flows, domain transitions (transitively)
look at what a domain can read and write, considering transitions
global domain transition graphs large — domain not bounded as much as we’d like
graph shallow and very wide
consider subgraphs starting at suspect domains & end at sensitive domains
edges: cut edges along paths, or log more carefully, or disable when under threat (via boolean)
nodes: study domain & verify it can’t be misused, insert high-assurance proxy, split domain

Comments Off

SELinux Symposium Notes: Session 6

[Editor’s note: Is he seriously still typing up the notes he scribbled down during the talks at the SELinux Symposium earlier this month?! Doesn’t he know they’re not even necessarily reliable and shouldn’t be used for anything more than recreational reading?]

Experience Implementing a Higher-Level Policy Language for SELinux (Chad Sellers et. al, Tresys Technology)

SELinux has MAC foundation; HLL represents different paradigms, reaching new users, new features
CDS describes information flows, targeted at app developers — compiler & IDE
domains — active entities/security perimeter; shared resources — passive, for domain interaction
access — r/w/rw b/t domain & shared objects
decomposition of domains for better least privilege
challenges: concepts (idealized) v. SELinux details, must integrate w/ base policy [CDS only for cross-domain, not the whole thing]
e.g. IPC not labeled a priori but by creator, same label = equivalent — control resources share label w/ domain and are individually unique
SELinux has many ways to label files, but too complex for HLL; but paths aren’t enough
idea: paths label directories only, sidestepping many issues (leakage, existence, etc.)
hooking into base policy: wrap resource in “baseresource” to define r/w access to it; singleton (likewise for basedomain)

SENG: An Enhanced Policy Language for SELinux (Paul Kuliniewicz, Purdue University)

[Editor's note: Sorry, no notes for this one. I must not have been paying attention.]

Guided Policy Generation for Application Authors (Brian Sniffen et. al., MITRE Corporation)

policy creation/management tools, looking at information flow goals
guided automation, least privilege in use, not toal capabilities of app
idea: find patterns in program behavior, ask writer if things look reasonable
polgen specification language to describe architecture of app
suggest additions from execution traces — limits to how app will be used
can recognize ~12 patterns of operation

Comments Off

CERIAS Symposium

Today (Wednesday) was the second last day of the annual CERIAS Symposium at Purdue University. I only remembered it a little before noon on Tuesday. That’s what being on break for a week will do to your brain, I guess.

Anyway, I didn’t miss the poster session early Tuesday afternoon, where I had a poster on my SELinux policy language work. Fortunately there weren’t many periods of standing around waiting to be asked a question. About half of that question-answering time was spent explaining what SELinux is rather than talking about my work in particular, though.

Sometime in the near future there should be copies of the posters available on the symposium website. People who registered for the conference already got copies as part of their information packets. One nifty thing is that instead of distributing them on CD like last year, they gave each registrant a 128 MB USB flash drive with the posters on them. So, now I have a USB flash drive. Not too shabby, especially when the registration fee is waived for Purdue students.

My main disappointment with the symposium was that a lot of the sessions were very Purdue-centric. It makes sense that CERIAS would be showcasing the work going on here, but it means that a large number of the talks are ones I’ve already heard before. The forensics panel Wednesday afternon was pretty good, though; not coincidentally, it consisted mostly of people from government and industry in the field, instead of being dominated by our professors and grad students.

The final talk on comprehensibility of privacy policies was discouraging. In a nutshell, The Privacy Place did some surveys on how people reacted to and understood privacy policies, both in their “natural” language (read: lawyerese) and in altered formats intended to make them more understandable. The results were that, although people better understood the policies when presented in categorized or annotated forms, they believed they understood the current “natural” language style and believed they were more comprehensive than the other forms.

So, what does this mean? My interpretation is, you’re screwed either way. If the company is honest and wants the visitor to understand the policy, in theory they should use a categorized format, but people erroneously perceive it as less useful than “natural” language. Since the intent behind the privacy policy is to make the visitor comfortable with disclosing information, it’s in their best interests to target perceived, rather than actual, comprehensibility. And if the company is dishonest and wants to sneak odious terms in, their best bet is a long-winded monolithic policy that people will think is comprehensive but probably won’t even bother reading. In either case, the status quo is maintained.

Comments Off

Quote of the Week #84

Scientology, you may have won THIS battle, but the million-year war for Earth has just begun! Temporarily anozinizing our episode will NOT stop us from keeping Thetans forever trapped in your pitiful man-bodies. Curses and drat! You have obstructed us for now, but your feeble bid to save humanity will fail! Hail Xenu!!!

Trey Parker and Matt Stone, servants of the dark lord Xenu

Comments Off

Ship of Fools v. Haman

Oh yeah, the Ship of Fools had another show about two weeks ago that I don’t think anyone’s blogged about yet.

March 5 was Hillel‘s annual Purim Carnival. Of course, everyone knows Purim fell on March 14, but Hillel celebrated it earlier to avoid the conflict with Pi Day. (Avoiding the week of Spring Break was secondary, I’m sure.)

In the fine American tradition of thinking that all Jewish holy days correspond directly to Christian holy days (for example, Hanukkah == Jewish Christmas, Chanukah == Jewish Christmas Eve, Hanukah == Jewish Boxing Day, and that’s all the Jewish holy days the average American knows), Purim is sort of like the Jewish equivalent of Mardi Gras. But instead of getting your sin on before Lent, Purim celebrates Haman’s failure to exterminate the Jews (see also: Book of Esther).

Anyway, Hillel invited the Fools to perform as part of their Purim festivities. Little did we know that the main demographic of our audience was going to be little kids and their parents (with a few of our die-hard fans sitting in front of the kids for good measure). Nevertheless, the show went very well. The kids turned out to be a gold mine of great suggestions, my favorite being Ryan “I give gloriously elaborate suggestions” Garwood getting the suggestion “computer technician from Cleveland” from one of the kids.

There was also the inherent humor in having two of the littlest kids participate in Moving People with Andy and I (the two largest performers that afternoon), a game in which the performers’ movements are entirely controlled by the audience volunteers. Fun fact: kids don’t care about your center of gravity.

We also performed traditional Jewish improv games like Irish Jewish Drinking Song and Do Jew Run. What makes those games different from their gentile counterparts? In the Jewish versions, you go from right to left.

Also, many hamantaschen were consumed.

HB 1266 Update

Remember HB 1266, the Missouri bill that would gut science education? Well, it emerged from committee with a thumbs up.

Memo to Missouri: we’re supposed to be a bad influence on Kansas, not the other way around.

Comments Off

SENG Compiler and Examples

I’ve finally uploaded a copy of the proof-of-concept SENG compiler and some examples of using it to write policies.

For the uninitiated: SENG is an experimental language for writing SELinux policies. In a nutshell, it augments the existing language with higher-level constructs aimed at eliminating the need for macros. It was first presented publicly at the SELinux Symposium earlier this month.

The compiler source code and examples are stored in a Bazaar-NG (a.k.a. bzr) repository. If you don’t already have a bzr client installed and can’t get one from your Linux distribution of choice, follow that link to download one. That done, all you need to do is get started is run the following to check out the latest copy:

$ bzr get

To bring that copy up-to-date, go into the directory you checked the code out to and run:

$ bzr pull

That’s it! There’s a couple README files included that should give you enough to get started. To build the compiler, you’ll need Java 1.5 as well as Ant and JavaCC.

I hope to flesh out the (admittedly meager) example as time goes on, but in the near future homework will be claiming more of my “free” time.

I apologize for the delay in getting this out, but there were some problems with the code that needed fixing before showing it to the world.

Comments Off

Click-Through Agreements Are Dumb

So I ordered something online the other day, and I get its shipping confirmation in my e-mail. It has a link to the UPS package tracker for my shipment. Notice anything odd about the URL?

That’s right, the URL tells the server you agreed to whatever terms and conditions they want to impose on you to access the tracker, without ever presenting them to you.