Could this be an OpenSSH bug?

 

Last week I tried to SSH into my webhost account (on Site5) from work and—forgetting my password—it locked me out after several failed attempts. SSHd would just close the connection without asking my password.

work:~$ ssh user@example.com
Connection closed by xx.xx.xx.xx

I could log in from any other location, so I figured it was an IP ban and after a few days and a support ticket, I’d be in, but things got strange.

  1. The Site5 techs could not find any evidence of a block on my account. They were pretty responsive.
  2. It couldn’t be an IP block because I could log in from a virtual machine which used my workstation IP as gateway.
  3. When connected to VPN (different public IP) it still refused me.
  4. It couldn’t be a port 22 block because I could attempt a login to a different account on the same host and it would give me a password prompt.
  5. Could it be Snow Leopard? I could log in from another workstation running it.
  6. My machine? I could log in to several other hosts, including another account on a different Site5 host.

On the server I had an ~/.ssh/authorized_keys file with an old public key—the file hadn’t been touched for 2 years. I deleted it and—voila—SSHd would again ask for my password and log me in fine.

Why would the presence of authorized_keys cause SSHd to refuse to give a password prompt to one particular client’s connection to one particular account? OSX did give me a default RSA keypair, but even if the public key had been forwarded, SSHd should revert to password auth if it doesn’t find it in authorized_keys.

Chord Theory: 13 is probably 7(13)

 

A 7th add 13 chord is often voiced r-5-7-3-13, sometimes leaving out the fifth. To pin this to a key, a G7(13)—G⁷⁽¹³⁾ if your chart can handle Unicode—is usually voiced G-D-F-B-E and is a common (in jazz and standards anyway) way to make the resolution from G7 to C more subtle and harmonically interesting. In G7 – C, the F resolving to E is hard to ignore, but in G7(13) – C, the E is already present, making the removal of the F more subtle. The dissonance between F and E (a major seventh interval) gives the G7(13) a richer sound.

The consensus on the web seems to be that this is actually a 13th chord, even though there’s no 9th or 11th present:

“In modern pop/jazz harmony … a thirteenth chord does not imply the quality of the ninth or eleventh scale degrees.” [Thirteenth on Wikipedia]

I disagree. Since the true 13th chord is an extension of the 11th chord, it should sound more like an 11th than a 7th. Elevenths almost always imply a suspended, missing, or nearly inaudible 3rd, but the 3rd in 7(13) is usually very prominent. If you really think G13 and G7(13) are the same chord, play these two voicings one after one another on guitar:

  • G13 3-x-3-2-1-0 →  G7(13) 3-x-3-0-0-0

Clearly there is movement; they are different chords. If you see a 13th chord in a pop music chart, know that it is really a 7(13).

Some easy V7(13) to I resolutions on guitar (with the 3rd kept on top)

  • A7(13) x-0-5-6-7-xD x-x-0-2-3-2
  • G7(13) 3-x-3-0-0-0C x-3-2-0-1-0
  • D7(13) x-5-4-5-0-xG 3-2-0-0-0-x
  • E7(13) 0-5-6-6-x-xA x-0-2-2-2-x

About the Eleventh (and its third)

As I mentioned, 11th chords almost never have the 3rd present*. You will almost never hear a B in a G11 chord. Some people write these as F/G, and, for voicing purposes this OK, but I dislike the notion that G11 should be thought of as an F chord. 1) it has a D in it. We could write it as F6/G or Dm7/G, but that’s taking us down the wrong path. 2) “G11” gives the reader a better impression that the chord will resolve to (and that our key is) major C.

*So it might really be a 9sus4, but writing it is as 11 seems a less egregious error than writing 7(13) as 13.

AFA Leader Would Like to Fix Gays by Force of Law

 

I support the American Family Association’s right to pay for the Tebow ad—Americans have no right to not see promotions of ideas they might disagree with—but the AFA’s new leader, Rev. Bryan Fischer, should be watched. He has an interesting idea to fix a country that’s so broken that gays can…continue to exist: Fischer suggests we legally force all “active homosexuals” through an “effective reparative therapy program”.

Did your stomach just turn a little? Classically Liberal gives this the skewering it deserves, pointing out the necessary costs to taxpayers, to civil liberties, and the innocents caught up in the eventual SWAT raids. Don’t think for a moment there wouldn’t be raids. The war on drugs has gradually eroded away quite a bit of the privacies and 4th Amendment protections that could be expected in the earlier days of the war on gays. If you gotta catch ’em in the act, no knock warrants would be the norm. Oh, but what a new industry we could build on fixing gays—there’s a lot of em and more every year!

I eagerly await to read Fischer’s proposed law. Who would set the standards for these programs? What would suffice as proof of efficacy? Would the desire for non-traditional sex with the opposite sex be considered satisfactory or still in need of repair? What would be the penalty of “failing to stop acting gay”? Indefinite therapy? Body chemistry experimentation? Jail time? If a gay is homosexually assaulted in jail, would that get him/her more therapy, more jail-time, or both? Would we re-open the previous research done on gays in asylums and institutions? If gay sex is an offense, would we not need to label them all “sex offenders”?

The whole notion is thoroughly disgusting. Classically Liberal points out—if we’re to make our laws truly consistent with the guiding passages—surely there will be goodies for straight people, too.

The alleged Pauline verse also says that this applies to “whatever else is contrary to sound doctrine.” I suppose we will need courts to determine “sound doctrine” from unsound doctrine. And, I know people like you well, I grew up with you guys and went to your schools. So I know that by unsound doctrine you mean, and this is only a partial list: Mormons, Catholics, Jehovah’s Witnesses, Christian Scientists, Spiritualists, Scientologists, Quakers, Shakers, Unitarians, Muslims, humanists, Hindus, Buddhists, Sikhs, Taoists, Christadelphians, and hundreds of other sects, cults and churches. Even the mainstream Protestants aren’t of “sound doctrine” in the eye of fundamentalists. Once “sound doctrine” is put under federal law there is no limit to who can be incarcerated in your moral America.

And in case he missed anyone: anyone having had engaged in premarital/extramarital/oral/anal sex, of course. If we’re truly going to protect the American Family, we’re going to need to break down a lot more doors.

Yet Another Sexting Prosecution Attempt

 

You know what could help teens deal with the new pressures that technology brings to adolescence? Felony records and “sex offender” labels! The latest case brings felony charges against kids of 12 and 13 (via Radley Balko). I’ve been meaning to write about this issue, but just read these instead:

Or if you’d rather enjoy the rest of your day, don’t.

“Scary Web Error!”

 

Apparently on a few AT&T phones, a few Facebook users were dropped into accounts of other users.

After typing Facebook.com into her Nokia smart phone, she was taken into the site without being asked for her user name or password. She was in an account that didn’t look like hers.

… AT&T spokesman Michael Coe said its wireless customers have landed in the wrong Facebook pages in “a limited number of instances” and that a network problem behind those episodes is being fixed … Coe said an investigation points to a “misdirected cookie.” …  Coe said technicians couldn’t figure out how the cookie had been routed to the wrong phone…

Well that’s a new one. Sites could store the UA string in the server-side session on login and make sure it doesn’t change. This would prevent the auto-logged-in-as-other-user problem (except for users with identical phones), but, despite this being a sensible security option, I don’t think many sites do it. If these problems start becoming more common that may need to change.

Configuring Sendmail for UF’s SMTP

 

Our Ubuntu web host, hosted with OSG, was not able to send mail (using PHP mail) outside of UF. An OSG tech said our From: header should be a valid address at UF (check) and that the logs at smtp.ufl.edu showed those messages never made it there.

The solution was to configure sendmail to use smtp.ufl.edu as the “smart” relay host (as it’s described in the config file):

$ sudo nano /etc/mail/sendmail.cf

Ctrl+w and search for smart. On the line below, add smtp.ufl.edu directly after DS with no space. The result should be:

# "Smart" relay host (may be null)
DSsmtp.ufl.edu

Ctrl-x and save the buffer.

Restart sendmail: $ sudo /etc/init.d/sendmail restart

As soon as I did this, the queued messages were sent out. I still don’t know why messages to ufl.edu succeeded while others sat in the queue.