Philip Ratzsch: April 2009 Archives

It's well and widely known that languages evolve over time. Sometimes they change if words fall into disuse ('haberdasher' in English), a word takes on a new meaning (historically, the Arabic word for 'house' meant 'tent'), proximity to another culture (the British Isles being repeatedly overrun helped produce English as we know it today) or sometimes for no clear reason at all (the so-called Great Vowel Shift responsible for the English 'burning' versus the German 'brennend').

Periodically though, pronunciations will change simply because they're easier to say. Euphonic assimilation is responsible for 'goodog' as opposed to 'good dog' in English, but sometimes the change will actually alter a letter. Eventually it may be accepted as the common spelling. Typically though it seems to be confined to 'classes' of letters. A 't' may evolve into a 'd' for example, as they are both 'dental' letters, produced through a similar process involving the speech organs.

While listening to the song 'Vergissmeinnicht' by Eisbrecher recently, it dawned on me that 'vergissmeinnicht' meant 'forget-me-not' ('eisbrecher' incidentally, means 'ice breaker'). It's a fairly obvious conclusion even if one (such as myself) doesn't speak German.

F and V are both labiodental fricative (I've also seen them referred to as 'plosive') letters. The difference between the two of them being that V is voiced and F is not. It's easy to see how over time one letter could gradually be replaced by the other. The major limiting factor as I see it in English is that there are English words that already are 'place holders', prohibiting some changes from taking place. 'Very' would have a hard time becoming 'fery' as 'fairy' and 'ferry' already exist. Not that it's impossible, but it would seem to me to be easier to transition if there were no sound collection already existing.

Language is a very time-sensitive subject. Some researchers think that spoken language evolved out of a need to warn others in the pack about impending dangers. Clearly there's an advantage to being able to warn others quickly. As such, it makes sense that spoken language would, like electrons in an atom, seek a 'low-energy' state where the least amount of energy was exerted to communicate the message.

This implies perhaps that some transliterations are more likely to happen than others. A Z is more likely to evolve into an S than vice versa as an S is easier to say. Hence the name 'euphonic'.

Anyway, it seems that an F is a more 'natural' letter than a V as a voiced letter should always require more effort than it's unvoiced alternative. Since the English equivalent of vergissmeinnicht starts with an F, it seems to suggest that perhaps the original shared root started with an F which was the sounds maintained by English. The questions then arises as to why a language would intentionally adopt a sound that requires more effort? The alternative is that the original root contained a V sound and while English has settled on an F German maintains the original sound.

The second syllable consonant, G, is shared by both languages.

The puzzle for me is the third syllable. English uses a palatal T sound whereas German has an unvoiced sibilant (or palatoalveolar fricative). The sister letter of T is D and that of S, Z. Were German to use a D here or English a Z the resemblance would be clear but I'm at a loss to explain why we're left with the two sounds we have. It's possible I suppose that S evolved out of a now lost palatal sound similar to an open 'sh' sound.

Looking at the two sounds we have to work with, the S seems to me to be the winner in terms of ease of pronunciation. Could it be that in the ages before Germanic split into upper and lower Germanic the root was *FGS (for those of you playing along at home, the * indicates a supposition or uncertainty)? I'd love to know. If an email was sent out detailing this at some point, I didn't get it so please forward it to me.

As for the rest of the word, 'mein' is a fairly commonly known German word, as is 'nicht'. Being the semi-agglutinative language German is, they all get slammed together. I guess we English speakers prefer hyphens.

Since I spent so much time on it, here's a chunk of the song that spawned this whole diatribe:

Verzeih mir - bleib bei mir
und ich sagte noch Vergissmeinnicht
Ich schenk dir zum Abschied
ein letztes Licht
Vergissmeinnicht

Translation:
Forgive me - stay with me
and I still said forget-me-not
I'll give you as a goodbye
one last light
Forget-me-not

For those of you playing along at home who also have to have an ASA running 8.0 or 8.1 code, pay attention. The rest of you, go about your business. Move along, nothing to see here...

Cisco recently announced that a flaw exists in ASA 8.0 and 8.1 code that can force the device to reload itself if a specially-formed HTTP packet passes through it if SSL VPN is being used. There are a couple of other conditions, but from what I've read they're all pretty non-standard configurations.

The moral of the story - keep your code up to date.

There's also a paper being released at Black Hat Europe next week that will supposedly reveal a fundamental flaw in BGP and MPLS of a comparable seriousness to Kaminsky's DNS exploit of several months ago. So all those of you who run BGP (yeah yeah I know, no one who runs BGP is going to be reading the blog of little old me), heads up.

While digging through some old files, I found these two functions I had written during my fiddlings with the Nginx web server.  At the time at least, there weren't Nginx equivalents of the a2ensite and a2dissite commands used to enable and disable sites in Apache. 

Since I can't remember if I posted them already (and I'm a bit to busy to check right now) I thought I'd post them again just to be sure.  Usage of these functions blah blah I take no responsibility blah at your own risk blah blah created in a factory that processes tree nuts.

# Enables a site used by nginx
function nginable
(
  if [ $# -lt 4 ]; then
    echo "Usage: nginable -s|--source source_config_file -n|--name site_name [-r|--restart]"
    echo "-s|--source The config file defining the site"
    echo "-n|--name The name to appear in the sites-enabled directory"
    echo "-r|--restart Include to restart nginx after the site has been enabled"
   return 0
  fi

  if [ $1 = "--help" ]; then
    echo "Enables a site used by nginx"  
    echo 'Usage: nginable -s|--source source_config_file -n|--name site_name [-r|--restart]'
    echo 'Ex: nginable --source ./site_config --name nginx_tutorial --restart'
    echo "  If no pathing information is given, the config file"
    echo "  is assumed to exist in /etc/nginx/sites-available."
    return 0
  fi

  args=`getopt :s:n:r $*`

  for i
    do
      case "$i" in
        -s|--source) shift;SOURCE=$1;shift;;
        -n|--name) shift;NAME=$1;shift;;
        -r|--restart) RESTART=1;;
      esac
    done

  SITESENABLED=/etc/nginx/sites-enabled
  SITESAVAIL=/etc/nginx/sites-available

  # See if nginx is running
  PROC=`pgrep -c nginx`
 
  if [ $PROC -gt 1 ]; then
    NGINXON=1
  else
    echo 'Nginx does not appear to be running...'
  fi
 
  # Check for target directory
  if [ ! -d $SITESENABLED ]; then
    echo "[ERROR] Can't find sites-enabled directory"
    return 1
  fi

  # Check for config file
  if [ -f $SITESAVAIL/$SOURCE ]; then
    SOURCE=$SITESAVAIL/$SOURCE
    echo "Site detected - $SOURCE"
  elif [ ! -f $SOURCE ]; then
    echo "[ERROR] Can't find config file $SOURCE"
    return 2
  fi

  # See if a site by that name already exists
  if [ -f $SITESENABLED/$NAME ]; then
    echo "A site called $NAME already exists in $SITESENABLED"
    return 3
  fi

  # Enable site
  ln --target-directory=$SITESENABLED --symbolic $SOURCE

  # See if restart was called for and check syntax
  if [ $RESTART ]; then
    if [ $NGINXON ]; then
      /etc/init.d/nginx stop
    fi

    /etc/nginx -t
    
    if [ ! $? -eq 0 ]; then
        echo "[ERROR] Errors found in config files"
        echo "        Disabling new site..."
        rm $SITESENABLED/$NAME

        if [ ${NGINXON} ]; then
          /etc/init.d/nginx start
          echo "Restarting nginx..."
        fi

        return 4
    fi
    
    if [ ${NGINXON} ]; then
      /etc/init.d/nginx start
      return 0
    fi

    echo "Site $NAME enabled"
    return 0
  fi
)

# Disables a site used by nginx
function nginoff
(
  if [ $1 = '--help' || $1 = '-h' || $# -lt 2 ]; then
    echo "Disables a site used by nginx"
    echo "Usage: nginoff -n|--name site_name [-r|--restart]"
    echo "Ex: nginoff --name nginx_tutorial --restart"
    return 0
  fi
 
  SITESENABLED=/etc/nginx/sites-enabled

  # See if nginx is running
  PROC=`pgrep -c nginx`
 
  if [ $PROC -gt 1 ]; then
    NGINXON=1
  else
    echo 'Nginx does not appear to be running...'
  fi

  args=`getopt :n:r $*`

  for i
    do
      case "$i" in
        -n|--name)shift;NAME=$1;shift;;
        -r|--restart)shift;RESTART=1;;
      esac
    done

  if [ ${NGINXON} && ! ${RESTART} ]; then
    echo "[WARNING] If nginx is not restarted, site errors may occur"
  fi
 
  if [ ! -f $SITESENABLED/$NAME ]; then
    echo "[ERROR] Can't find an enabled site called $NAME"
    return 1
  fi

  rm $SITESENABLED/$NAME

  echo "Site $NAME disabled"

  if [ ${RESTART} ]; then
    if [ ${NGINXON} ]; then
      /etc/init.d/nginx stop
      /etc/init.d/nginx start
    fi
  fi

  return 0
)

While this isn't a post directly related to my latest random technological fiddlings, I still feel it's important to raise here.

A bill is making it's way through the United States Senate spear-headed by West Virginia Democratic Sen. John Rockefeller, the head of the Senate Committee on Commerce, Science, and Transportation, and Sen. Olympia Snowe, a Republican. This piece of legislation would, in effect, give the president the authority to shut down any network in the U.S. they so chose. The bill dresses all this in a nice suit of "Oh wait, only for national security reasons".

What's scary is that what exactly constitutes a national security concern has always been somewhat ill-defined. During the 1960s, any organization that spoke against the government could be monitored under exactly that same justification. During the McCarthy era, countless individuals, organizations, and businesses were monitored and sometime hauled in front of congress to answer questions about their political beliefs, often at the expense of common sense and decency.

The idea that these individuals might have communist leanings was all the justification that was needed to declare them a potential threat to national security and all by kill them.

As more and more bits of information (well, there's Rush Limbaugh, too) are being placed at the fingertips of the world, this becomes a more sweeping proposal with each passing second. The internet has grown and evolved in a way no one could possibly have predicted and simply switching it off would be chopping off the national arm.

The bill doesn't simply stop at essentially switching off the U.S. edge devices though. It would give the president the ability to also power down private networks and dictate how those systems are configured. As is well and widely known, the open source movement is a critical part of the internet, from a security standpoint as well as from one of it's overall development. I for one, am none too keen on the idea of a body of officials (one of whom famously once described the internet as 'a series of tubes') dictating to me how I can and can't configure the router sitting on the floor of my room.

One of the bill's provisions is to create a licensing requirement for people who want to work in computer security. There are driver's licenses, and I still got rear-ended by someone who didn't know (by her own admission) that she didn't know that wet surfaces increased breaking distance. Creating a certification could be a beneficial bullet on anyone's resume, but having a mandatory license will have the same effect that teaching anything else seems to; directing people to one way of thinking and academically punishing you for not learning something precisely the way it's taught.

The danger also lies in that a license is bound to make people think they know what they're talking about. We all know that there are plenty of idiots out there with college degrees, and I seriously doubt that the Senators have a four-year study program in mind; best-case scenario, it turns out exactly the same type of people.

Imagine the security products vendors could sell with "U.S. Government Approved!" stickers on the box. Creating a mandatory license will only serve to give credence to the voice of people just studious enough to pass it and in the eyes of those who recognize that, diminish the value of the license of the people who are competent.

One of the most effective ways to learn something is to be burned by NOT knowing it at a key moment, and that's how a lot of people know a lot of things. As some of you may know, I spent about eight years in the United States Marine Corps (and no, I don't feel that makes me inherently a bad-ass); there's a apropos expression: "No combat-ready unit has ever passed inspection and no inspection-ready unit has ever passed combat". There is no way that training can compensate for experience.

After graduating from an intensive Arabic language program, I rapidly found out that what I knew was perfect for a laboratory situation, but completely unsuited for something as simple as a coffee shop.

The first thing to learn is how to learn what you need to forget.

The Rockefeller/Snowe bill, quite simply, must not be allowed to pass.