September 02, 2016 at 11:32PM

Today I Learned: 1) When children start to speak, they do so by making vowel sounds. After a while of making vowel sounds, they start practicing consonants. They'll spend some time practicing both of these, alternating in spurts of vowel practice and consonant practice. 2) When children start to *sing*, they almost all have about the same vocal range, and the vast majority can carry a tune accurately (though some children can only carry a tune if they hear another child singing). The first problems in vocal music development happen when adults start directing song. Adults, you see, rarely sing in the same range as children -- mostly they sing lower, unsurprisingly. So when an adult leads a bunch of children in song, they usually do so in a way that makes it hard for the children to follow. Children generally will respond in one of two ways. Some will transpose the song into a key in their vocal range. Others will try to sing with the adult, in the adult's key, and generally fail. Either way sounds wrong to adults. This is the moment when children typically hear "you can't sing" or "just mouth the words". It's not because the kids can't sing, it's because the adults don't know how to sing like children. 3) Balkan music sounds... kind of strange to most westerners. This is because to a listener raised in the Balkan tradition, the most harmonious interval is a second interval, not a third (a second interval is two notes right next to each other in a scale -- play any two white notes next to each other on a piano with a black note between them to hear a second. A third is two notes each separated by a second -- play any two white keys next to each other on a piano with *two* black keys between them to hear a third). Now, I really like the Balkan sound, but I'm in the odd position of enjoying Balkan music through the filter of western classical harmonic traditions, so I honestly don't know what that music sounds like to a native singer. 4) Music literacy in the US peaked around 1910. At that time, virtually every middle-class American could read sheet music, and essentially every American at least knew someone (usually in the family) who could read sheet music and, usually, play piano. Sheet music was a big industry during this time, kind of like CDs in the 90s or MP3 downloads and streaming services today. 5) Americans in the 19th century sang quite a bit. Song, usually accompanied by piano, was a very popular form of parlor entertainment (and huge numbers of pianos were imported from Europe to fuel the demand for parlor music). Americans also continued to sing straight through puberty, so they learned to sing in child-like registers. As a result, 19th Century Americans sang *really* high to our modern ears. 6) General William Sherman, the general who arguably ended the Civil War by razing a huge swath of Georgia to the ground, was a proponent of slavery, but a stronger defender of national unity. 7) Turkish music (and I think Macedonian music too?) has a few tricks I haven't encountered before. For example, the Turkish musical tradition uses a lot of rythems of 9. That in itself isn't *so* bad, but they also have a habit of stuff like starting the melody on the *second* beat of the nine. That really thows me off. 8) Learned a bit about life on Scottish farms at the beginning of the 20th century. For one thing, I learned that a "town" at that time was not what we would call a "town". A Scottish "town" was essentially a farmer's property -- a big house, a barn, a silo, and a bunch of land for crops and animals. The land-owning farmer was essentially the lord of the town, and his wife the lady. I'm not sure exactly what they did, but they didn't do everything -- most of the labor was done by hired hands. Every year, at the beginning of the season, there would be a big hiring fair where all the local farmers would try to recruit workers for the season to do all kinds of things. The workers would sign on for a six month gig, during which they worked long, hard days (10 hour days were advertised as competitive) every day in exchange for room and board and payment at the end of the six months (somewhere around 6 lbs for a young teen work hand, upwards of 25 lbs for a horseman). 9) Those aforementioned farming workmen ate the same meal every day, three times a day, and I got to try some of that meal. It's an oat gruel, somewhere between plain grits and oatmeal in consistency and flavor. A couple of tablespoons of that stuff would swell up in hot water to make a small bowl's worth, and it was surprisingly filling (though not terribly nutritious). Typically, this stuff was eaten with a ton of salt, and was cooled by dipping a spoon-full at a time in milk before eating it. The workers would use one bowl, which they didn't bother to wash -- as long as milk didn't get in the bowl, that worked just fine. It was fairly tasty, if plain. But then, if you're eating the same meal about 540 times in a row, you probably want that meal to be something pretty plain. 10) Scottish horsemen were the highest-ranked farm hands short of the farmer and his wife. They were quite proud of their role, and, as I noted before, were paid accordingly. I'm not sure why the ability to mind a horse was so highly valued, but there you have it. The horsemen also had a semi-secret fraternity involving a secret word which was supposed to give them power over horses and women. This reputation may have had something to do with their social and economic rank -- farmers knew about this Word, and they *did not* want horsemen to set their horses against them or steal their women (young women were valuable workers as well as reproductive assets). When a young horseman was deemed ready by his (always his) fellows, they would tell him to meet them at some specified time and place in the night. They would blindfold him, strip him to the waist (practically scandalous at the time) and bring him to see "Old Nick" (and old common name for the devil), who was one of their own dressed up in a pig hide. They'd have him shake hands with Old Nick, using a cow's foot to shake with to deepen the illusion. They would then make him take a vow not to ever use the Word except to horses in service of their work, etc., and once he agreed, they'd tell him the word. Then they'd take off the blindfold, show him what was up, and have a good laugh and a drink. Finally, just before leaving for the night, one of the brothers would ask for the newly-inducted member to repeat back the word, which he almost always did... in violation of his just-taken oath. A waiting horseman with a whip would then give him a lash on his still-exposed back, just to remind him the importance of keeping his oath. 11) There's a small genre of Scottish songs called "waulking songs", which have nothing to do with walking and probably weren't called that by the people who sung them, but some ethnomusicologist called them "waulking songs" while collecting them and that name has somehow stuck. Waulking songs were used during the final stage of creating a new cloth blanket or cloak or other large item. This came after all the spinning, weaving, and dying. One of the final steps was to soak the cloth in urine and then dry it out. This both set the dye so it wouldn't wash right out in the first rainstorm and also shrunk the cloth somewhat, making it less porous. The urine-soaked cloth needed to be dried, and worked by hand so that it dried evenly. To do this, the cloth would be sewn or tied into a loop and laid around the edge of a table. A bunch of women (or, in a few parts of the country, men) would gather around and work the cloth dry. Working a large loop of cloth evenly turns out to be pretty challenging, even with ten or twenty people working in parallel. A good way to keep it evenly-worked is to pass it around regularly. Well, that introduces a new challenge -- how do you spin around a large loop of cloth every few seconds, continuously, for a half hour or so? This is where waulking songs came in. Waulking songs, like sea shanties, have a regular rythem with a frequent strong beat that would signal the women to pass the cloth. By singing these songs, they kept the work synchronized. It also kept them entertained, which is important to do when you're consistently working 10 or 12 or 14 hours a day of hard labor. 12) There was an Italian regiment in World War II that specialized in spying on Americans. They learned to speak flawless American English and would kind of just waltz behind enemy lines and pretend to be Americans. This was, by one account, pretty successful.f 13) You can sing pretty much any songs together as long as they're in the same keys at the same times. Turns out a LOT of old American songs use the same chord progressions, so it's not hard to sing five or ten different old American tunes together at once without sounding too bad. 14) There was a big shift in American popular music in the late 1800s driven by massive amounts of immigration from Germany and the surrounding areas (a product of a series of German revolutions). The influx of Germans brought with it a big shift in musical sensibilities. Before this, most American parlor music was essentially Irish or Scottish, modified for American tastes. Germans brought with them Romantic sensibilities -- much more complex harmonies, and a greatly increased emphasis on dying or dead young women. Slightly relatedly, guess where Blues came from? It turns out that early blues was basically ragtime music slowed waaay down. Obviously it has evolved since then. 15) Fire trucks cost order-of-magnitude around $1 million. 16) Some of the most popular American singers of the early 20th century were black women. Blues were quite popular in the early 20th century, as were travelling vaudeville troupes. There were several very famous black women who travelled with those troupes, singing blues. It was acceptable for both black and white audiences to listen to these performers, and as long as they stuck to double entendre and implication, it was a way for otherwise genteel folk to listen to some raunchy music. Incidentally (though not so incidentally to the women involved, I'm sure) it was considered standard practice for traveling singers to prostitute themselves to make a little extra cash. 17) The speed of sound in water is determined by its density, which in turn is affected by salinity, temperature, and pressure. A combination of a bunch of effects makes the density profile (and, thus, the speed-of-sound profile) of open-ocean water somewhat complex. Near the surface, there are a bunch of effects (evaporation, surface waves, sunlight and photosynthesis, mixing with air, etc) that make the density profile really messy. At large depths, density is dominated by pressure, which linearly increases with depth. Between these two regimes is a region with a U-shaped density profile -- the density decreases for a while, I think largely because differences in salinity due to evaporation, before starting to rise again as you get down to the linear regime. One consequence of the U-shaped density profile is that there's a depth band that acts like a mirror gallery for sound -- sound produced at certain depths will bounce around at that depth. This means it doesn't dissipate into the upper and lower layers, which in turn means that it propagates *very* far*. If you drop a microphone down into that band, you will hear everything in a very, very large radius. This is useful for sonagraphic ocean research... and it's also really important for submarines, because a submarine in that band is extremely conspicuous to anyone listening. * It's basically a fiber optic line, but for sound instead of light, and in a plane instead of a line. 18) A timing attack is not, as I'd previously assumed, some sort of DDoS-like attack. It's actually a method of hacking a password by exploiting one of the time-saving feaures of equality comparison in standard code. The point of a timing attack is to figure out a password by repeatedly trying different passwords and using information about how *long* it takes for each access request to come back. This can work because of the way equality of things like strings are usually calculated. A standard string equality algorithm starts by checking the first letter (or byte) of the two strings. If they're equal, then it moves on to check the next letter (or byte). If they're not equal, the algorithm returns "false" and, in the case of a password-checking algorithm, the access request is denied. The key point here is that a password which is correct in the first 127 characters but wrong on the last character will take *longer* to check than a password which is wrong in the first character. How do you take advantage of this? It's simple. Try a bunch of passwords of approximately the right length with every possible first character. Repeat a few thousand times. Record the average time-to-rejection of each password. You should see that one of the passwords consistently takes a few tens of microseconds longer to process than the others. That password is the one with a correct first character. Now repeat the process, using the correct first character and varying the *second* character. Repeat for every character. Password cracked. I'm frankly surprised that this works -- I would think that such a small singal would be drowned out by all the noise in processing time and, especially, signal transmission time. Apparently, though, you can detect small enough differences just by collecting enough timing examples. 19) Bcrypt is a cryptographic hashing algorithm* based on Blowfish. Blowfish is cryptographic hash involving a lot of blocking and xoring and modulo addition and frankly I don't have a clue how it works. The key point is that it's very efficient, pretty fast, and gives a strong hash. The only real weakness of blowfish, to my knowledge, is that it can be broken given enough (computing power x time) by just trying all the possible passwords until you find the one that hashes to the right value. This is a general weakness of all hashing algorithms... ...except Bcrypt! Sort of. Bcrypt is based on blowfish, but it goes through multiple rounds of blowfish-like hashing, with a variable number of rounds that you can set manually. The major advantage of this scheme is that if you're concerned about someone brute-forcing the attack, you can simply increase the number of rounds of encryption, and the attack will take longer! This simple feature makes bcrypt *scalably* secure. * For those who don't know what a cryptographic hashing algorithm is, here's an introduction to modern cryptography: A common problem in cryptography is the problem of checking a password. Say you're a bank, and you want to know whether someone trying to log into their bank account is actually them. The simplest thing you could do is to have the user send you a password, and have a database of everybody's correct passwords, and when the user sends you what they think is the password, you check it against what you have stored and see if they're equal. This is really insecure for a couple of reasons: 1) If someone intercepts the packet(s) with the password, they now know the password; 2) If someone hacks into your system and gains access to your database, they have *everybody's* password; 3) *You* know the user's password, which could be undesirable. I'm not going to talk about how to fix issue 1, but 2 and 3 can be fixed with proper cryptographic hashing. A cryptographic hash is an algorithm that takes a password (say, "adminpass0") and does something to convert it into a number in a deterministic way that's really, really hard to reverse. Usually this involves multiplying by really large prime numbers and taking mods and stuff like that. In any case, a cryptographic hash typically produces a hex string (say, "5810fe0a0b53bc80") called a "hash"**. Again, the key property of a hash is that it's relatively easy to turn a password into a hash, but really, really difficult to go the other way around (it's basically the difference between multiplying together two large numbers and trying to find the prime factors of the result). Now, instead of storing the user's password, you store the *hash* of the user's password. The user now sends you the password (still not securely at this point! Again, I'm not going to touch on that particular problem). You hash the password on your end and check whether it has the hash you stored. If it does, then you let the user in! If it doesn't, then they must have had the wrong password, and you let the request bounce. This way, you can tell whether the user supplied the right password without ever having to store the value of that password. ** I guess the idea behind the "hash" metaphor is that you start with an intact thing, like a potato, which gets irreversably turned into a muddled-up thing, like a hash brown. Never thought about that before. 20) Learned a couple of musical French games. I'm not going to try to describe them in detail here -- suffice it to say there was hand-slapping, broomstick contortions, musical improvisation, and a lot of singing. 21) Tartan weave probably was invented so that skeins of cloth of different colors could be easily used together in the same cloth.