Learning
Bits

This post has been updated for Yosemite and now mentions bugs in Apple's version of ssh-add. Thanks to Fredrik Pettai for letting me know.

I don't feel at ease with private keys and other sensitive files floating around on multiple machines and backups. They are of course encrypted, but not accounted for, so it is impossible to "take them back" if ever something goes wrong with a passphrase.

Smart tokens are an attractive solution, because they combine something you know (the PIN) with something you have in the actual, physical sense. Sensitive files are still mobile, but bound to the token.

However, smart tokens are still not mainstream. The software functionality is distributed over several open source projects, which makes it necessary to assemble scattered documentation to see the big picture.

After crawling outdated forum posts on GOOZE and sourcing hardware from an obscure Hungarian web shop (with good service!), I did get token based authentication running with fewer obstacles than I expected. Once you know where to look, it's actually quite simple.

So here is a mini guide to manage SSH private keys with the Feitian ePass2003 in Mavericks and Yosemite.

I recently switched from iOS to Android with the goal of obtaining more control over my smartphone. One major question was if I could significantly reduce the amount of data I would have to "share" with the ecosystem provider (now Google instead of Apple) and with third party app developers.

I do not have a personal Google account and don't use their services except for web search and Maps, and hoped to keep it that way as much as possible. Fortunately, it turns out that I could significantly reduce data leakage on Android compared to iOS. So here are the notes on my setup for anyone who is thinking about switching as well.

My webhost does not support ssh, the only secure transfer method that they provide is FTPES. I therefore had to put together my own Octopress deployment method. Since rake generate also copies unchanged files to public/ (and thus modifies their mtime stamps), I combine the following three steps to only upload changed files and delete stale files on the server:

1. Use checksum-based rsync locally to identify changed files
2. Use lftp to synchronize the content with the web server
3. Use openssl for secure transfer

None of this is difficult. But hopefully, reading this post saves you some time if you have to solve the same problem.

"nscancor" is an R package for canonical correlation analysis (CCA) under constraints. As the name implies, the nscancor function has the same interface as cancor from the "stats" package, but supports enforcing constraints on the canonical vectors, such as non-negativity and sparsity.

The implemented algorithm is based on iterated regression (Sigg et al., 2007), and generalized deflation (Mackey, 2009) adapted from PCA to CCA. By using readily available constrained regression algorithms, it becomes straightforward to enforce the appropriate constraints for each data domain. And by using generalized deflation, each subsequent tuple of canonical variables maximizes the additional correlation not explained by previous ones.

I hope to do a proper writeup at a later date, but for now, here is an explanation of how to use the package and a demonstration of its benefits.

My Retina MacBook Pro (early 2013 model) has been too quiet lately.

I suspect that either the recent EFI or SMC updates modified the fan control curves, with the result that the fans stay at 2000 RPM independent of thermal load. Running multi-threaded code, such as par2tbb which takes all the cores that it gets, quickly overheats the processor to the point of emergency shutdown.

At first I thought that there might be a hardware problem with the fans, but successfully increasing the fan speed using smcFanControl proved otherwise. An SMC reset had no effect, and the firmware installers refuse to re-run.

The solution comes in the form of the Fan Control preference pane and daemon, which lets me specify a linear curve between measured temperature and desired fan speed. Unfortunately, the SMC address polled for reading the temperature does no longer exist on the Retina MBP and thus the reported temperature is stuck at 0 degrees. Fortunately, Fan Control is free software and MacRumors forum members compiled binaries with modified sensor addresses.

I settled on the version which reads the TC0F address. I don't know exactly which sensor this address corresponds to, but comparing with iStat Menus it is close to the "CPU Die - digital" sensor, although the change in reported temperature is substantially slower.

If I find the time I will compile Fan Control myself for further fine tuning, but I am glad that I can run heavy workloads again. My thanks go to Lobotomo Software and MacRumors forum members xqdong and maratus. No thanks to Apple for the botched update.