Running your own SIP registrar

My last post described the best way I've found to set up a secure P2P authenticated VoIP call on your Android handset. I endorsed the Ekiga free SIP service to be your registrar for your unique SIP address. Since the registrar is the central database to look up other users, there is a case to bring this service into your control, rather than to depend on a third party.

This is not a trivial task, since it requires server infrastructure and an esoteric configuration process. It also requires routine maintenance and security updates to ensure the registrar is available when any user (including yourself) wants to contact another.

There are three major applications that offer a SIP registration service. They vary in complexity and user community. They also have a wide variation of ZRTP support. Since ZRTP is a P2P authentication protocol, a middle man like these applications does not have to get in the way, it just has to pass along the correct signalling information so the peers can move onto the encryption key exchange.

Asterisk

Asterisk is the most mature application for SIP services, though it is far more complicated than the others. It has a GPL license and a large user community. There is an industry conference dedicated to service providers and developers. Asterisk also carries a dual license to legally use it with commercial support and distribution. It has been built to run on a wide range of hardware, from huge multi-core server systems to tiny embedded computers.

Asterisk requires a patch to support ZRTP (note: this is more than a patch, weighing in at 9.9MB it is more like an upgrade to the application, including a binary modification to the proprietary build). This is because Asterisk can also handle media, such as a RTP stream, which is where the ZRTP key exchange happens. It's not that Asterisk doesn't support ZRTP, it's that Asterisk mangles the ZRTP information before it can get to the peers. Unpatched, this means an encryption key exchange is not possible.

Freeswitch

Freeswitch is similar to Asterisk in functionality, but only carries an MPL license so it may be redistributed commercially without purchasing commercial support. It has a large user community and also has an industry conference for operators and developers.

Much like Asterisk, Freeswitch handles media so it requires a modification to the source tree to support ZRTP. The process differs in that the source code to call ZRTP functions is present in the code base, but if you don't compile it with the option to link to Phillip Zimmermann's libzrtp, these functions will be ignored.

Each process to enable ZRTP for these two applications present a licensing quagmire, so I chose to stop looking into Freeswitch and Asterisk until the library for ZRTP support may be freely distributed along with the rest of the source code. The Freeswitch community is in the negotiation process with Mr. Zimmermann to include this library.

GNU Sipwitch

GNU Sipwitch is a much newer project therefore has fewer features then the other two applications. It also has a GPL license. Two points! In our case, less features is better since all we need is a SIP registration service. Sipwitch solves this problem well, though I'll describe some trouble I had in practice later.

Because of its simplicity, I chose Sipwitch as my registration service. The documentation is sparse, and it took me a few days of trial and error, coupled with my past experience debugging the SIP protocol to figure out how to alter the default configuration to allow registered users to call each other.

I'm holding off on a tutorial in this article since I'm in the process of debugging a media transport error between two calls made with Sipwitch. Expect a simple process to set up a server in a cloud environment with Sipwitch in the coming week.

Created at 2012-01-17 07:36:48 UTC Permalink
Free SIP Providers with ZRTP support

This is a follow up to my previous post. After you have CSipSimple installed on your mobile handset, you will need a place to register a SIP username so you can contact others. The fastest way to get started with this is to use one of a handful of free SIP providers. I like the Ekiga free SIP service.

The only drawback to this service is the userbase is large enough that the namespace of easy to remember words is frequently occupied. Chances are you will not be able to register your name and must make some novel admendments to ensure a unique name. Since telephony is closely associated with numbers, not words, it will be easier to find a 10 digit number combination to use as your username. This makes username input simpler since CSipSimple gives you the familliar telephone dial pad as the default interface.

After you create a user with Ekiga, you must input the username and password into CSipSimple to register with the service. There is a preset configuration screen for the Ekiga service in the Account Add interface. Fill in the forms and your handset will be registered if you have an active data connection.

Calling another user with CSipSimple will initiate the ZRTP handshake if both people have enabled it. Subsequent calls do not require this verfication, since it checks a Short Authentication String (SAS) for each peer.

Another SIP provider that is similar to Ekiga is IPtel. It supports the same features, including ZRTP.

At this point, now you should have everything you need to start an anonymous conversation on a mobile handset. The one drawback of this configuration is you may not fully trust the third-party SIP registrar, namely Ekiga. The solution to this is to run your own registrar, which is the next installment.

ZRTP me ASAP!

Created at 2012-01-15 03:07:11 UTC Permalink
Open Source SIP Client for Android

The first step in the OSTN is a client. We can't make a phone call without a phone. In this case there are three primary goals and a number of optional features. The primary goal is an application which speaks the SIP protocol for signalling. It must also speak the ZRTP protocol for peer to peer encryption key exchange. Finally the client must have source code freely available with a license that allows free redistribution.

As of today, the only client for Andriod that fufills this qualification is named CSipSimple. Also as of today, the ZRTP functionality is only available from a nightly build of the binary package. Your mobile handset will not allow you to install this package until you enable "Unknown sources" in the Applications settings of your phone. By default this option is disabled on all phones. To do this, open Settings from the application menu and select Applications. Check the "Unknown sources" box. Some handset vendors disable this process (referred to by the euphemism "sideloading") though there are workarounds. Remember, don't install the version from the market, since that does not support the ZRTP protocol. You must type in the URL for the nightly build in the handset's browser and download the .apk. Once the package is installed, future updates may be installed through the CSipSimple application settings menu.

CSipSimple offers some nice features. It abstracts the dizzying array of configuration options required by any application that wishes to speak the SIP protocol with another. It also has some template configuration for external service providers, which I will get to in my next post.

CSipSimple. Do it!

Created at 2012-01-14 05:19:02 UTC Permalink
Open Source Telephony Network

Over the last two months, I have been working on a project to research and develop a set of tools to provide secure peer to peer Voice over IP on the Android mobile platform. It is called the Open Source Telephony Network, or OSTN. This work is done under the umbrella of The Guardian Project.

The project will continue for another four months and I will post my public findings here. It's well underway and I have developed a functional system in the SATELLITE lab in New York City. The goal by the the end of the project is to offer an alternative to Skype or Google Talk, which are both good voice services but don't offer the kind of security needed by human rights activists and journalists.

Right now the stack looks like this

Sounds simple enough, though the development landscape for these applications changes quickly, as does the legal implications of various implementations of both protocols.

On top of that, there are networking issues that make building this kind of network a challenge.

Stay tuned!

Created at 2012-01-10 22:03:09 UTC Permalink
Rapleaf Analytics Accuracy

Things have changed since that performance in the previous post from over two years ago. It's time to get back to some documenting!

I spent this beautiful saturday afternoon reading about a direct marketing company called Rapleaf. From their own site:

Learn about your audience. Analytics can tell you a rich story about your loyal users, and help you understand who is using your product.

They have a privacy section (registration required) where you can look at your own information as seen by Rapleaf. I signed up and recorded some numbers about their score on how well they know me despite never contacting me personally and asking for this information. Results!

They got two thirds of my personal information correct. The items they got incorrect were biased in an overly optimistic direction. For example, if Rapleaf thought I was very interested in underwater basket weaving but in reality, I am not at all interested in that, I would give it a value of 1 in the distance from reality attribute. If Rapleaf thought my estimated income was lower than it is in reality, then that category got a negative value.

The aggregate distance is my attempt to represent how much bias is contained in their data. The value of 22.78 makes sense as it is roughly 1/3. So that balances out. Obviously if they were 100% correct, all the values in the distance from reality would be zero and there would be zero percent bias.

I am very interested in analytics companies like Rapleaf. Since email addresses are now used as a unique identifier with higher frequency, they now have much more context embedded in those tiny characters than in the past. I'm curious how difficult it is to have an active email address that is used for communication with other living persons that will have a 100% bias in Rapleaf.

Created at 2011-07-30 21:15:40 UTC Permalink
Perl Poetry

It's about time! I wrote some Perl poetry. I'm rather proud of it. Copy and paste, it'll execute.

#!/usr/bin/perl

my $years = rand 110;

foreach($years) {
  tell about.
  do potential($years);
}

sub potential {
  use strict;
  my $time = $_[0];
  if ( $time > 0 ) {
    sort $time * potential($time - 1);
  } else {
    die;
  }
}

Created at 2009-10-14 00:05:24 UTC Permalink
Twitter Axiom

"If it involves Twitter and you can think it, it exists"

Does this exist?

  1. "fave" tweet with link
  2. robot finds user.faves
  3. robot extracts link
  4. robot places link on del.icio.us

Created at 2009-09-28 14:33:54 UTC Permalink
Christian AIM bot on the loose

Interesting conversation tonight.

11:39 ashencoho: Ezekiel 23:20.
11:41 Lee Azzarello: Bowery, 1978
12:00 Wednesday, September 23, 2009
12:00 ashencoho: eh?
12:01 Lee Azzarello: do you like punk rock?
12:01 ashencoho: not really
who dis?
12:02 Lee Azzarello: dunno, you sent me a message first. who are you?
12:03 ashencoho: no i have no idea who this is
12:06 Lee Azzarello: interesting, this is the second time I got a message on AIM with a bible passage
12:06 ashencoho: from me???
12:06 Lee Azzarello: and it's the second time I responded with a random location and date
yea, from your AIM nick
12:06 ashencoho: nick???
12:06 Lee Azzarello: login/username/nickname
12:06 ashencoho: haha you got the wrong guy cheif
chief
oh ok
well this is scott
and i dont like the bible
so i dont quote it
12:07 Lee Azzarello: neither do I, but check this:
12:07 ashencoho: well i mean the bibles ok, but people use it to justify ridiculous shit
12:07 Lee Azzarello: 11:39:31 PM ashencoho: Ezekiel 23:20. tha'ts from my AIM client log tonight
12:08 ashencoho: ok?
12:08 Lee Azzarello: so that's not your AIM username?
ashencoho
12:08 ashencoho: no, it looks a lot like yours...
12:09 Lee Azzarello: but mine is spelled differently, or are you seeing mine with the same username from me?
12:09 ashencoho: why are you IMing me if thats the screenname that IMed you in the first place?
12:09 Lee Azzarello: that's what I'm trying to figure out. neither of us have that screenname
12:10 ashencoho: what the fuck
im abandoning this
12:10 Lee Azzarello: but somehow we were connected by some weird bible quote
12:10 ashencoho: what??
12:10 Lee Azzarello: for serious
12:10 ashencoho: i just want to know how you got my screenname in the first place?
12:11 Lee Azzarello: I didn't. I just replied to the original message from a screenname "ashencoho"
12:11 ashencoho: oh ok
12:11 Lee Azzarello: and somehow that got to you. I understand that your screenname is not that now.
neither is mine
12:11 ashencoho: well this says your name is PassedOutCoho
12:11 Lee Azzarello: woah. weird
12:11 ashencoho: haha
this is so odd
12:12 Lee Azzarello: obviously some christian propaganda
12:12 ashencoho: not cool
where are you even from?
12:12 Lee Azzarello: well, thanks for clearing this up
I'm from NYC
12:12 ashencoho: holy crap
im in north carolina
12:12 Lee Azzarello: not too bad. I saw a NC licence plate today
12:13 ashencoho: word
well this is too weird for me
i feel like we're both getting hacked right now
or maybe its just me
12:13 Lee Azzarello: eh, whatever, we're just talking about the hacking, right?
let's call it a night
12:13 ashencoho: alright, peace
12:13 Lee Azzarello: peace

Created at 2009-09-23 01:17:28 UTC Permalink
Calendar Aggregation

I wrote about Anthology's calendar aggregation last January. Here's the email I wrote:

Hello John, I noticed the calendar on the Anthology site didn't have a iCal format available. I wrote a script to scrape the site and generated one on Google calendar. Here's the deets:

http://lee.rockingtiger.com/posts/19

If you want some help in the future generating an iCal feed without my silly hack I'd be happy to help make it a feature of the site.

Thanks for keeping it real!

Best,
Lee Azzarello

The response from John Mhiripiri Director of Administration & Exhibitions
Hi Lee,

Thanks for your interest. We will try to have a look at what you've done.

John

Oh snap! Thanks dude. I guess scheduling underground art films is so hard you have to blow off free help. But I joke. He probably didn't understand the point of creating a syndicated calendar format when he had a perfectly good print edition and a web page. So now I'm writing again. This time I received a flyer from The Kitchen. Another arts institution in NYC. Great calendar, on paper. Went to their site, even worse. Their online calendar is burried in a Flash file. Fail!

This has to change. I want to see events on my phone calendar without doing hours of data entry. Note to The Kitchen, if your intern does data entry, I don't have to because your intern already did it!

I have some ideas on how to solve this problem.

Created at 2009-09-11 21:25:13 UTC Permalink
Indirect Logic

I've become very interested in logic. How it effects human behavior and machine behavior alike. Just today I discovered that my brain does not respond logically to inverse logic. I approached the exit to a shop. There were two doors, one was locked and one was unlocked. The locked door had a paper sign taped above it's handle with an arrow pointing to the unlocked door and words stating "please use other door". As I approched both doors to exit, I pushed on the locked door, looking directly at the sign. A few seconds went by and I pushed the unlocked door after reading the sign and understanding the meaning.

I interpret my initial failure as a reaction to indirection. The sign did not inform me which door to use, though it was placed on the door not to use. After reading the sign it was obvious which door to use since the arrow was pointing to it, but the keyword "other" is indirect. It does not specify anything more than the fact that this door is not functioning as a door, so it should not be used. It does not answer the question of where the "other door" is located.

I think a more direct instruction would be to place a sign on the unlocked door stating "please use this door". There's not contextual shift and the problem remains within this single point of view.

Of course the most logical solution would be if the shopkeeper would unlock both doors, since a locked door isn't much use during business hours.

Created at 2009-08-25 15:47:09 UTC Permalink
Emotional Contagion and the Harmony of Collective Murder

Listening to 4 minutes of Herzog speak gave me some emotional contagion. So much that I transcribed it.

Of course we are challenging nature itself and it hits back, it just hits back and that's all and that's grandiose about it and we have to accept that it is much stronger than we are. Kinsky always says it's full of erotic elements I don't see it so much erotic I see it more full of obscenity. it's just...and nature here is vile and base. I wouldn't see anything erotical here I would see fornication and asphyxiation and choking and fighting for survival and growing and just rotting away. Of course there's a lot of misery but it is the same misery that is all around us. The trees here are in misery and the birds are in misery i don't think they sing they just screech in pain.

it's an unfinished country it's still prehistorical. the only thing that's lacking is the dinosaurs here. it's like a curse weighing on an entire landscape and whoever goes too deep into this has his share of that curse so we are cursed with what we are doing here. it's a land that god if he exists has created in anger. it's the only land where creation is unfinished yet. taking a close look at what's around us there is some sort of a harmony, it is the harmony of overwhelming and collective murder. and we in comparison to the articulate vileness and baseness and obscenity of all this jungle, we in comparison to that enormous articulation, we only sound and look like barely pronounced and half finished sentences out of a stupid suburban novel, a cheap novel. and we have to become humble in front of this overwhelming misery and overwhelming fornication, overwhelming growth and overwhelming lack of order. even the stars up here in the sky look like a mess. there is no harmony in the universe, we have to get acquainted to this idea there is no real harmony as we have conceived it. but when I say this i say this all full of admiration for the jungle, it is not that I hate it; I love it. I love it very much but I love it against my better judgment.

Fucking hell Werner, where do you get your certainty? Can I have some of that drank?

Created at 2009-07-28 14:44:24 UTC Permalink
Shit is stupid

Lee Azzarello
Lee Azzarello

Created at 2009-07-16 16:50:31 UTC Permalink
Mixtape

bun

Created at 2009-07-02 17:46:53 UTC Permalink
No Gods, No Gangsters

Taking a break writing here in favor of a short adventure in apartment hunting.

Created at 2009-06-29 17:53:22 UTC Permalink
The Outer Limits

In an homage to the Television Apocalypse, Youtube is showing classic television shows like The Outer Limits. It's excellent psychodrama. Here's a transcript from episode 1008 titled The Human Factor.

Man: if this machine works it will be possible for two minds to communicate directly. To share the same thoughts and emotions simultaneously.

Woman: emotions?

Man: psychiatrists think the intellect is a useful but devious trait. this machine will let me know what the subject is really feeling, way down underneath the intellect.

Woman: I'm not sure I want to go through with it.

Man: be a good girl. (pats her on the shoulder patronizingly)

Man: take a look at the oscilliscope.

Woman: Huh. Well you can't tell too much from that, can you?

Man: Not too much. But in a moment I may know what you really think. because I intend to amplify those waves and feed them back to a machine into a terminal instrument which is capable of translating them back into the thoughts and emotions that produced them. and that terminal instrument is my own brain. Now relax, I'm bringing up the power.

Created at 2009-06-12 16:27:56 UTC Permalink
The abundance of personal backup

It's 2009. The Bandwidth of a consumer Internet connection is going up. Laptop computers are ubiquitous, small storage devices are everywhere and can meet or exceed internal storage, everyone's making movies, sounds, pictures on their computers. I'm doing this. But where the fuck am I going to put this stuff when I don't want it available on the laptop but I don't want to delete it? There are a lot of solutions to this problem. Most notable is Apple's TimeMachine product, which makes the decision for you by dedicating an entire external USB disk to the role of incremental backup. But what if I want to control what gets backed up and what doesn't? Some things should not be backed up. Cache files, auto generated image thumbnails, temporary files, garbage directories generated by OS X, private documents with very particular accounting of where each copy resides. Apple has taken the road of abundance and thrown assumptions of privacy and efficiency out with the bathwater. Fortunately, OS X and GNU/Linux have neato user obsequious tools like rsync and rdiff-backup. For my Mac, I wrote a simple script that backs up my entire home directory in one command with an optional file to exclude directories to backup.

#!/bin/sh
EXCLUDE_FILE="$HOME/bin/full_backup.exclude"
rsync -rv --progress --stats --exclude-from=$EXCLUDE_FILE $HOME/ $1

Search for EXCLUDE PATTERNS in the rsync manpage for the exclude patterns file format. Basically, one on each line with shell wildcards accepted. This will copy everything in my home directory except for the files (or patterns) in the .exclude file to a directory passed in as an argument at runtime. It will also give you an realtime progress meter for each file! Neato.

Created at 2009-05-24 18:00:05 UTC Permalink
Jazz. It's abstract. It's good.

Kevin Farrell and Devin Maxwell are

Four Trio

This recording is produced with love by arsenic-free music: "we have arsenic-free music, they don't"

Their take on Giant Steps

Created at 2009-05-22 18:34:12 UTC Permalink
My new favorite band

Doom Metal. An excellently named genre. I can't stop listening to Nadja's cover of Needle In The Hay, my favorite Elliot Smith song of all time. Oh yeah, and Lala is my new favorite music site.

doom

Created at 2009-05-19 17:33:13 UTC Permalink
More previs for movie!

I learned how to make materials, atmosphere and a sun! Here's my first test render with the finalized model.

First Lighting Test

I have decided to give the movie a working title of "radio astronomy". Not too catchy but it makes me feel funny when I say it.

Also, the Wacom tablet is not worth it. While the x.org drivers and the kernel drivers in CentOS 5.3 work well, somehow the application specific configuration is different and crashes, making the pressure and tilt useless. Would be nice to debug sometime but right now I'm not doing much painting or drawing.

Created at 2009-05-04 21:27:08 UTC Permalink
Linux 3D workstation Photographic Proof

A picture tells a thousand words. Here's my story from this weekend

New 3D workstation

On deck: Wacom tablet installation and configuration for the OS, Blender, Gimp and Inkscape. Oh my!

Created at 2009-04-27 12:56:23 UTC Permalink
Building a 3D workstation with CentOS 5.3

Dove in head on. Here's my list:

The Good:

The Bad:

The Ugly:

Created at 2009-04-26 17:51:11 UTC Permalink
Building a CentOS graphics workstation for previsulation

Got a nice 2 way AMD64 workstation with an ATI R350 video card. Old hardware but better than anything else I have for the previs work. CentOS is...well it's interesting. The video card worked by default for GLX mode and the monitor resolution was auto detected to 1280x1024.

There are a lot of missing pieces, most of which are related to software. CentOS has a much more conservative selection of packages then I'm used to. Notable differences from Debian:

There are wacom tablet drivers and userland utilities to configure the tablet, though Gnome provides no configuration panel, therefore manual editing of xorg.conf and command line tablet calibration will be required.

Created at 2009-04-24 13:05:47 UTC Permalink
So, You Wanna Make Debian Packages?

About 11 days ago I set out on a journey to create a custom Debian package repository to serve my own custom built packages based on very specific versions of source code. Through the oral history of my predecessors and some experimentation, I have accomplished my goals. It was not easy. I'll outline my process step by step here, so other can continue the tradition. Yea knowledge!

Before you start out with any labor, you must first answer some preliminary questions and sketch out your architecture. The first question you have to answer is "who else will be using these packages". If the answer is "no one" this article is not for you. apt-get install checkinstall for that. If the answer is "many other servers and workstations controlled by others aside from myself all running various versions of Debian or Ubuntu", then read on.

My needs

  1. Build packages from scratch for 32 and 64 bit systems
  2. Serve both binary and source packages from a centralized repository
  3. Maintain all crucial dependency information for custom shared libraries
  4. Serve multiple architectures and distributions from a centralized repository
  5. Ignore restrictions in policy that only apply to uploads to be merged into stable by a Debian Developer

The first step is building the packages from scratch. I'm building source packages on a 32 bit system and building the binaries on specialized build servers in Amazon EC2 for 32 or 64 bit CPUs. Download the source tarball and extract it. Then configure and compile the code to test that the source will run. If true, delete the extracted directory and reextract it to a fresh directory. Then check if someone has already built a package of a different version of the same source code. If so download that source package. You can probably use most of the work and skip over a lot of the mysterious oral history contained in the Debian New Maintainers Guide. In my case I could download previous versions. copy the debian/ directory form the source package into your freshly extracted source tree. Now the fun starts.

Make a copy of the original tarball of the source but rename it to end in .orig.tar.gz. Then enter the debian/ directory of the already extracted source and open the changelog and stare at the contents for a while. Then duplicate the topmost changelog block and update it for your information. Don't forget to make your package a version bump or at least have a different version. Save and close. Next install all the following packages. There are many helpers for building packages, there are merely the ones I selected. aptitude install pbuilder reprepro nginx dpkg-dev debhelper devscripts fakeroot dh-make autotools-dev cdbs dpatch

Next open the control file. Verify all dependencies for the versions on your build system. All we need to do here is make sure the package knows about it's supporting libraries. Adjust the version numbers as needed. Now you have to open the rules file. If you added any custom configuration options when you first compiled the code, you need to find the section that calls ./configure and add those options. You also need to read through the build target and see if the original author of it is doing some weird things with the build process. If it matches up pretty well with your own successful compiliation then you can move on.

In some cases you might need to patch the source code or perhaps the original author's patches won't apply cleanly to your new source code. This is what dpatch is for. Compare the old patches with an interactive dpatch shell by entering dpatch-edit-patch [patchname] where patchname is what you want to call the patch. Tuxmaniac has a Short tutorial.

Run a test build/clean directly with fakeroot debian/rules [build|clean] Where build or clean is the target you wish to test. If the build process is functional, it's time to build the source and binary packages! Yea! But not yet...Aw :c

Build dependencies. During your testing you might have noticed that the test build fails due to missing build deps. You can install these deps by hand each time but that's a pain. Fortunately pbuilder provides a nice shell script that will figure these out and install them. Just run this in your debianized source directory: /usr/lib/pbuilder/pbuilder-satisfydepends

Magical! You have all build dependencies installed. Now you can try and build the package. I'm using debuild like so: debuild -us -uc

If debuild succeeds, you should have a bunch of files one directory up. An explaination of their roles:

Whew, that was epic. Fortunately, now that you build once, you can build anywhere! To build binaries for another architecture, you merely have to upload the .dsc, .orig and .diff tarballs and rebuild on another system that meets your requirements. You can extract source packages with dpkg-source -x *.dsc

Next up, serving them from a repository!

Created at 2009-04-23 18:14:22 UTC Permalink
Snarky laughs for a monday morning

Found this poster in the hallway of my office this morning. It is advertising the Wall About film festival. Sounds cool: I haven't heard of it, the poster is designed well and it has the word "film" in it. Relevant to my interests. Then I had the misfortune of reading the text on their web page. I'll copy verbatim to save the agony of looking at the whole thing.

Wallabout is: a collaborative project putting cultural assembly into explicit practice; a collective celebrating artists’ efforts and the co-production of art; a festival promoting the continuous flow of creative episteme and the techne. It is a question leading to a question leading to a question. Wallabout is committed to challenging our minds while exulting the works of to-day. Wallabout is about it all.
Sad thing is I'm still interested. Can't judge poorly the whole event for one bad writer. Fucking art.

Created at 2009-04-20 12:52:35 UTC Permalink
Tarkovsky, The Mirror

I rented this DVD as a reference for my film not knowing what to expect. Well, here's the 8 minutes of chapter 2, see for yourself:

Discover Simple, Private Sharing at Drop.io

That shot when the male character leaves but is stopped by a wind explosion across the whole meadow. Yeah, that's only 11 minutes into a 2 and one half hour film. So that's how you want to play, I see.

The movie is un-fucking believable. It's long, meticulously composed and shows seamless technical mastery of camera, light and color. And some of it happens to be in black and white. The story is deep and reflective (The Mirror, ha!) and I couldn't stop thinking about it after it was over.

Created at 2009-04-19 21:00:59 UTC Permalink
Film pre-production workflow

"Workflow" is a word I hear a lot but no one has a definition for it aside for what "works for them". So perhaps a good workflow is what works for me? Let's see. Since I'm a real software developer and a fake filmmaker, I will take my software workflow, which is quite productive and adapt it to directing/producing a film. Here's my software toolset as it stands:

  1. Git, the awesomest revision control system for files on a disk
  2. Vim, a text editor. Yes, a fucking text editor. It's totally crucial. Stop using notepad, really
  3. Blender, a 3D modeling and animation program that can import and export many other program's formats
  4. Autodesk Maya, the mothership of proprietary 3D applications. Not free, in fact you better have a hook up cause this shit is as precious as a fistful o' Benjamins
  5. Inkscape, a 2D vector drawing program. Its paths can be imported into Blender
  6. The Gimp, a 2D bitmap painting program. Good for doing "photoshop stuff"
  7. Flickr, a photo sharing community online. Has extensive metadata for photographic reference and camera details for most photos
  8. Google Earth, a crucial architectural reference for cowboy previsualization, h'ya!
  9. Drop.io Manager, a private collaboration webapp. Transfer, preview and share any file without worrying about your secrets leaking out on the intarwebz before production's complete (fee required)
  10. OpenOffice Calc, a fucking spreadsheet application. It does that stuff and yes, everyone needs a spreadsheet sometimes
And this is just pre-production. I'm satisfied that I have got this far with the use of only two fee-based applictions. Of course Maya is useless when opperated by me since it's a highly specialized skill to opperate in a meaningful way. I have inside connections to a special individual who knows these secrets (much love T).

Out of all these programs, probably the git + vim combo is the most unusual. I'm going down the editor/DRCS route since I'm working on a myriad of computers (read: I don't have a "graphics workstation"). My primary offline storage device for all assets is a USB keychain I carry with me at all times, so it's nice to have a system to sync that with other storage media and not worry about blowing over crucial changes.

So yeah, that's my "workflow" right now. Seat of my pants style. This list will only get more complicated when the Red camera comes into play. Stay tuned...

Created at 2009-04-18 21:13:23 UTC Permalink
Untitled Production Notes

I'm working on a short film. It is currently untitled. Here are my production notes up until now.

Doing previsualization from nothing to something. Can't get a permit more than once so that rules out coverage on location. Started with a top down photograph of the architectural footprint from Google Earth, used the software measuring tools to determine some rough distances between points. Took the photo and brought it into Inkscape. Began tracing paths and curves around significants parts of the landscape. Got the proportions right. Imported curves into Blender, two week crash course in 3D modeling.

Got the right paths converted into polygons and through a lot of guess work, some arithmetic and a lot of measuring defined one unit in a realistic scale. Read online that the building is 6 stories, guessed that one story will equal 10 feet and fudged the height of the building to 60 feet. Couldn't find any specs on the water tower so calculating height is impossible. But lo and behold, there is a treasure trove of photographic coverage on Flickr, and thanks to Flickr's camera metadata reader, I got lucky and found a dude who did helicopter shots with a Nikon D50. Both building and water tower in frame. Got the lens mesaurement and the aspect ratio of the shot. Exported data from Blender to Autodesk FBX format, solicited T for some help with that precious software. Imported FBX and T did her magic by creating the same camera and locking it to the photograph. The original geometry was composited with the photograph and the camera was moved and scaled to make the 3D building fit with the size and angle of the photograph. That gave us the water tower height reference in a perspecitive view. She created a cylinder of the proper height and exported both building and water tower as a Wavefront OBJ format file. I imported that file back into Blender and now I must match it up to the scene I have.

This process was facinating. The photographic reference was what I was missing all along. It's amazing that I can use the Internet as a reference for not only visual information but also camera and lens details which can apply to a 3D world. It made me think of my first calculus class, since the number of known values was so little but it wasn't merely a 2D plane so things like angles, tangents and lens curvature influenced the results. We have come so far from those days of proving our physical world on paper to taking what was written on that paper and transforming it into a computer program so we are no longer required to do the math necessary to make the simulation correct.

Created at 2009-04-18 19:57:12 UTC Permalink
Chef Conventions

Two small notes about chef conventions (assumptions), after I got my test installation running.

  1. It assumes the target system has sudo installed
  2. It uses the name of the directory in cookbooks as the recipie key
These were two unexpected annoyances but were easily worked around. The Resource class that handles APT is quite nice, despite my initial concern that it was only installing one package at a time.

Created at 2009-04-02 13:00:40 UTC Permalink
Chef: Build Automation in Ruby

I'm experimenting with Chef after attending Ezra Zygmuntowicz's talk about it at Philly E-Tech conference last week. The back story is that I began writing my own framework in Perl two weeks ago to automate building up EC2 instances. I made some progress but it was far from extensible. So I'm trying chef. If all goes well I'll have a framework in place to create new nodes so I'll never have to log into them, they will "just work". The goal being a base Debian EC2 image creation and a tiny bootstrap script passed as per-instance metadata to get chef installed.

First Impressions? Not too good. Here's my test, ported from a subroutine I wrote in perl with some file I/O and a big ol' system() call.

  1. Generate list of debian packages to install
  2. Install them

Sounds straight forward, right? Chef failed for two reasons:

  1. There is no configuration option to pass to apt to allow untrusted packages. I'm pulling from a repo that needs to first install a GPG key to authenticate, but that package is untrusted. Chicken and egg problem. Chef halts.
  2. The list of packages is treated as an array of strings and each string is iterated over. This is sub optimal since it means apt will be run array.size times. I would much rather run apt 1 times by passing it a big ass string delimited by spaces.

But these are trivial issues. I'm happy that this kind of framework is being developed and I hope to contribute to the Debian centric classes. Pretty soon it might actually feel like writing a recipie and cooking for reals.

Created at 2009-03-31 19:25:50 UTC Permalink
Philly -> NY, day four

Three days of rest for the vacation and I'm ready to go back. The way back was not as eventful as the way out. I woke up late. Real late. Didn't leave Philly until 1PM and I had to catch the ferry at 7PM. That's 6 hours to cycle 85 miles. And the weather forecast was for rain at 5PM. Sounds AWESOME. I also had a 10 pound load (including laptop computer) and no matter which way I turned there was a headwind from the north.

It was everything I expected. Not since PBP 2007 did I suffer so much on a bike ride. Fuck that.

With more time and better weather the route is very pleasant. Few turns, good roads and a nice pace between towns. Here's my map and near finalized cue sheet. WARNING! Page 3 is the route back. Page 1 and 2 is the route out.

Created at 2009-03-29 18:12:41 UTC Permalink

I am a hacker and systems architect specializing in data analytics and human computer interfaces.

Photos

Music

 lazzarello's Profile Page

  • Login

    • copyright, CC by:sa