Skip to content

Category: Uncategorized

nose-picking

Published March 26, 2004

Funny: According to a 'top Austrian doctor', picking your nose and eating it is good for you:

'Medically it makes great sense and is a perfectly natural thing to do. In terms of the immune system the nose is a filter in which a great deal of bacteria are collected, and when this mixture arrives in the intestines it works just like a medicine.

'Modern medicine is constantly trying to do the same thing through far more complicated methods, people who pick their nose and eat it get a natural boost to their immune system for free.'

E-Paper finally on the market

Published March 25, 2004

Tech: ... nearly. The Sony Reader EBR-1000EP. 170 pixels-per-inch is a nice resolution, and in general it looks very cool, esp. considering the E-Paper aspects (ie. looks like paper, back-lighting not required, easier to read). However -- never mind that it's only available in Japan so far, even once it becomes available in the US, its pricing structure is moronic:

All three of the Impress Watch articles say it will cost around 40,000 yen - approximately $400 USD. And this is just for the reader, subscribing to the e-book service costs $5-10/month. They do, however, have the option of just purchasing single books for 350 yen, about $3.25.

Dammit -- I don't want e-books and their DRM and lock-in -- I just want a HTML viewer like Plucker or iSilo, so I can use Sitescooper!

Also, it's not yet foldable. Once I can fold up the reader into a little ball in my pocket, then fold it out again into an A4-sized 'page', I'll be a happy man.

Still, getting there -- let's hope they get a clue and kill off that DRM. Otherwise, I can't see myself buying one, even once the price comes down.

Funny: (in a geeky way): mentioned on LWN -- 'granted, drawing circles w/ GIMP is a bit like finding 2 + 2 by evaluating the integral of 2dx over the range 0..2.'

(jm: worth noting that the same applies for Photoshop, for that matter -- in this respect GIMP has emulated Adobe's 'you need to buy Illustrator to do that' attitude. That's really quite bizarre when you think about it. Wonder if GIMP 2.0 fixes that?)

Blocked By SonicWall!

Published March 24, 2004

Censorship: This is pretty funny -- a friend writes that SonicWall's 'Content Filter' has judged my home page and FOUND IT WANTING: 

  The URL
  http://jmason.org/
  is currently rated as:
  category 4 - Pornography

w00t! It's true, I have some pretty hot pics up there -- the accuracy of their content filtering product amazes me!

Antarctica – the Big Dead Place

Published March 24, 2004

Funny: Big Dead Place: 'This site is dedicated to Antarctica and to thinking about Antarctica.' It's also pretty funny, and full of meat for an Antarctic obsessive like me.

'The Thing' review: 'Common icons of Antarctic life are repeated throughout the movie with uncanny precision: spilled fuel; ubiquitous barrels; plentiful whisky; anti-intellectualism; resentment toward Norwegians being the first at Pole; general madness; obsession with generators; and black flags planted in the snow .... the most noteworthy deviation from actual USAP practices is that in the film everyone has a flamethrower. In the movie, fire is a tool against insidious dangers and is employed as an agent for the community against the threat of a larger hostile organism. In the actual USAP, employees are forbidden flamethrowers.'

Also -- 'The Finn's Tooth' -- looks like they took cocktail advice from Eric Rescorla! (link via MeFi.)

Bet you never thought of this

Published March 24, 2004

Tech: Excellent post from Colin Charles here:

Which brings us to an interesting point. Computers today are largely based on metaphors that the average urban bloke understands. Like we have a desktop, to represent our workspace. How do we transpose such an idea to someone in a rural area? What about a blinking cursor, in a language like Urdu that has no translation? They've resulted in calling it a 'firefly'!

That's taking Danny's 'eating out of the trash bins outside a cubicle farm' comment even further...

Jon Udell’s forged S/MIME signature, and spam

Published March 23, 2004

Spam: Jon Udell: How to forge an S/MIME signature, and Liudvikas Bukys' take on the results: 'Jon Udell tries his hand at S/MIME signature forgery, revealing that PKI is not a panacea. A digital signature proves something. The proof is strong but the something is weak (if it just demonstrates that you clicked a few things to get a persona certificate).'

He then suggests two ways to use this info in useful ways:

The first is 'higher-class certificates (where certificate authorities demand more proof, and encode that fact in the certificate). But higher quality means harder to get and less actual deployment. And higher quality means more attractive target for theft of keys.'

In the anti-spam case, it also means that you trust the certificate provider to both (a) accept money from their customers to issue them certs, and (b) take away those certs from their own customers if they infringe by sending spam messages. This is the hard part. There's an active financial disincentive for a company to do this; the people who benefit (the end-users) are not their paying customers, whereas the people who get hurt (the infringers) are. Economics dictates that they water down the requirements, in order to maximise their profits -- making the system useless.

On the other hand we have: 'reputation systems. Of course, building robust reputation systems is not easy. Users may wish to have multiple sources of reputation information to fit their own definitions of good and bad behavior and how fast those judgments are made. It replays the whole DNS blacklist deployment. Some reputation systems may seem arbitrary and capricious. Others may be too slow or too tolerant. They are all lawsuit targets. Will there be too many to choose from?'

'zackly. An excellent illustration of how S/MIME or other PKI will not solve the spam problem, and we'll still have the same DNSBL situation as we have now (although hopefully working a lot better).

S/MIME may solve the forged-email problem, like SPF does -- however, like SPF it will still need to work with reputation systems to be usable as an anti-spam scheme.

New EU patent activity, and TRIPS says software is a ‘literary work’?

Published March 23, 2004

Patents: FFII: Conferences and 'Patent Riots' in Brussels 2004-04-14
: 'The Foundation for a Free Information Infrastructure (FFII) calls on its 50.000 European supporters and on 300.000 petition signatories, including more than 2000 CEOs of European software companies, to take to the streets in Brussels on April 14 and in national capitals around 1st of May, and to temporarily block access to their websites, in protest against new moves by the EU Council and Commission to legalise patents on computerised calculation rules and business methods'.

Last year, the European Parliament voted to exclude software and business methods from patentability. Now, it appears the EU Council is secretly planning to push that through regardless -- so FFII are planning another round of protest for 2004-04-14.

In other news -- the European Patent Office and other pro-patent bodies have always insisted that the WTO Trade-Related Intellectual Property (TRIPS) treaty required that software be patentable. However, this poster thinks not:

Article 10 of said treaty clearly states: a.. 'Computer programs, whether in source or object code, shall be protected as literary works under the Berne Convention (1971).'

This is the strange thing you see, the statement doesn't seem to mean that much on first glance. It is only when reading it closely that one realises that it does not simply say that 'computer programs are automatically copyrighted under the Berne Convention', it specifies they 'shall be protected as literary works'.

Literary works cannot be patented because they are not inventions. Indeed if literary works could be patented one would have to concede that books, screenplays, and music could be patented as well although according to my research there is no provision for this in law. We would also have to apply patent laws to these areas since we are not allowed, apparently under article 5 to restrict on the basis of the field of technology.

On reflection, it's actually a very interesting comparison. Like literary works, it's not the idea of what software does (the plot summary) that makes it valuable, it's all the fiddly details of its implementation (the full story). Hmm! Maybe TRIPS got that right after all...

Editable Text-to-HTML converters

Published March 23, 2004

Web: Dive Into Markdown -- a great post from John Gruber about editable-text-to-HTML formats (he's the author of Markdown):

... my actual workflow looked like this:

  1. Write in BBEdit.
  2. Preview in a browser.
  3. Switch back to BBEdit for revisions.
  4. Repeat until done.
  5. Log into MT, paste the article, publish.

Eventually, it dawned on me: this is madness. The primary advantage to using a computer for writing is the immediacy of editing. Write, read, revise, all in the same window, all in the same mode.

Totally agreed (although note, I'm using my own, very similar, EtText instead of Markdown ;). But this weblog is 100% EtText-driven, instead of HTML -- I just throw an email at it, and it publishes it. I don't think I've used the web interface in months.

Which reminds me -- I really should steal some ideas gather inspiration from Markdown for EtText at some stage. ;)

LOAF

Published March 20, 2004

Social: LOAF is 'a way to share your address book without abandoning your privacy.'

A nifty use of Bloom filters to share your address book in a one-way manner -- when you receive a mail, you can query your LOAF db to see if any of your correspondents previously corresponded with the sender; but they cannot look up the LOAF file to determine your correspondents, unless they know that correspondent's email address in advance.

This, BTW, would be a very good way to implement a 'Do-Not-Email' list -- although the other two problems with those still apply.

Interesting stuff -- although I wonder how acceptable the 4-8Kb MIME part overhead per message will be...

Windows Partition Pain

Published March 20, 2004

Computer: Argh. When I bought my laptop, I had no option but to buy it with Windows XP -- IBM doesn't seem to sell them any other way. (you can pay extra to buy it that way from EmperorLinux, but really, the main reason I wouldn't want it is to save money, I'm afraid.)

Anyway, so I kept the XP partition safe, and jumped through various hoops to keep it in one piece; after all, it had cost me money to pay for that Windows license, and you never know when I might need it to upgrade some firmware or whatever.

Well, after trying (twice) to upgrade some firmware -- the BIOS, namely, to get APM hibernation working -- and having XP crash on me both times, I left it for a bit.

That was a couple of weeks ago. I just tried to check some files on the /windows partition -- and something has scribbled all over the FAT32 sectors. Rien de Windows plus. :(

(Prime suspect right now is the Phoenix BIOS 'suspend-to-disk' tool -- I just looks flakey, and I know it goes in and tweaks with some kind of undocumented BIOS wierdness. I bet anything it's told the BIOS that the first FAT32 partition was a suspend partition, and one of the failed susp-to-disk attempts scribbled all over it.)

I suppose I'll probably reinstall at some stage... if only to get this bloody BIOS upgraded and suspend-to-disk working!

Nominative Determinism

Published March 20, 2004

Names: Popbitch sez 'Microsoft are just about to launch their new Windows Server 2003. The project manager who oversaw its development? Todd Wanke.'

Sure enough, it's true. But that's not all he did -- he was also involved with the Windows 2000 Customer Love Team. No smutty jokes please, I'm being perfectly serious here...

Prior Art: Representing Queries in a DNSBL Lookup

Published March 19, 2004

Spam: DNS blocklists are a well-established, low-latency way to query a database of IP addresses for info. If you need to query a database over the internet quickly and in a connectionless manner, they're ideal.

Declude have a page called how ip4r (DNSBL-style) DNS lookups work, which describes the general method:

  • input: the DNS zone for the DNSBL (e.g. 'sbl.spamhaus.org')
  • input: IP address to query about (e.g. '1.2.3.4')
  • perform A, or TXT query to retrieve data: 'dig
    4.3.2.1.sbl.spamhaus.org. TXT'
  • output: data (waves hands... not important right now)

All well and good, if all you have is a single IP address as input. But what if you want to attach more query parameters -- such as your user ID, or some numeric value to set a 'sensitivity' level, like the SpamAssassin threshold system?

Easy-peasy: encode it in the looked-up hostname. Assuming you want to pass
a user ID number of '9583495' and a threshold value of '7' along with the query above, here's one way to do it:

  • 'dig threshold.7.uid.9583495.4.3.2.1.sbl.spamhaus.org. TXT'

Note that to avoid charset issues, marshalling into an '-a-z0-9.' namespace is probably safest. Of course, a dynamic DNS server is required to process these. But the protocol itself, at least, will support it.

(Just brain-dumping here so I have an URL to point to in future, and to get it into archive.org etc...)

Megalithomania!

Published March 18, 2004

History: Megalithomania is an incredible website 'originally dedicated to Irish megaliths, but now expanded to include all sorts of antiquities that are of importance/interest.'

The author visits sites each week, writes up brief reports, takes photos, and logs the log on this excellent website; every site is added to a map, and there's a whole load of ways to find sites by location, by clicking on a flash map, by date of visit etc.

It's a triumph of usability, very pretty, and who knew there was a kist in Dublin Zoo's tapir enclosure?

Hope everyone had a good Paddy's Day! (PS: note: most definitely not 'Patty's Day'.)

Apple doing a Speech-Driven Interface

Published March 17, 2004

UIs: Apple planning 'Spoken Interface' for 10.4. Damn! This was one of the main reasons I chose Linux over MacOS X for my new laptop!

You see, Linux has xvoice, which combined with a scriptable window manager and the now-samizdata version of IBM's ViaVoice for Linux, means that a whole lot of UI navigation can be performed via voice.

Well, now it seems Apple are into the idea too -- and they'll probably do the job right and without the samizdata. ;) (Found via WorldChanging).

Politics: The full Bruce Sterling 'State of the World 2004' speech.

More on the WSJ interviewee

Published March 16, 2004

Spam: So this Orlando Soto guy again -- the story hit Slashdot today, and the /.ers did some digging. It appears that Mr. Soto runs dduo.com, listing himself at the bottom of the page as 'Orlando Soto - Webmaster/Owner'. He sells a wide range of apps, including:

  • IP Ad Web Sender: 'Send your advertising message to millions of people instantly! Target your advertisement geographically! Advertising message on someone's screen, the second you send it! To send messages, IP Ad Web Sender uses a program called net send which is part of windows and is installed by default in Windows 2000, Windows NT and Windows XP.'

Yep, that's Messenger spam. But don't worry, he flogs the solution too:

  • IP Blocker: 'Protect yourself against a new type of annoying pop up spam message called IP Ads that can be sent directly to your computer anytime while you are online.'

Or you could just save your money and turn it off the easy way.

GPRS, and the price of it

Published March 16, 2004

Tech: GPRS roaming works... technically. Joi Ito gets a $3,500 bill for checking his mail around the world. Yowch.

FWIW, I've never met anyone who's used GPRS for anything other than the odd demo, or emergency use only, except for employees of the mobile carriers -- and they get it for free.

My bet is that the basic failure was a disconnect between the real world and the specification stages -- someone somewhere picked up one of those massively-inflated analyst reports a few years ago, said 'I'd like a piece of that road-warrior market which will be worth $5 billion by 2005, it says here!' and set prices (to stun) accordingly.

Sad, Lonely Man Turns to Spam for Comfort

Published March 16, 2004

Spam: WSJ: For Orlando Soto, No Day Is Complete Without Some Spam.

Mr. Soto routinely comes home to some 150 e-mail pitches, and he loves getting them all ... he buys stuff pitched in spam e-mail -- again and again. He buys spam-pitched aromatherapy oils for his wife and pharmaceuticals for himself. ... He buys stuff via spam for himself and to resell on Web sites he sets up -- a business idea he got from a spam pitch. ...

It's mind-blowing -- leaves you wondering how one man could be so gullible, and hand over so much money to some of the world's dodgiest vendors, without even any concept of comparison shopping (and without falling victim to identity theft and a cleared-out bank account). Until you get to this line:

In the past, Mr. Soto says he has sent out spam himself,

Aha.

but he doesn't any more for fear of the increasing multitude of federal and state spam regulations now on the books.

Of course. (link via Craig)

Aliso Viejo and Dihydrogen Monoxide

Published March 15, 2004

Funny: AP: SoCal city falls victim to Internet hoax, considers banning items made
with water. It's the old 'dihydrogen monoxide' hoax again:

'It's embarrassing,' said City Manager David J. Norman. 'We had a paralegal who did bad research.'

The paralegal apparently fell victim to one of the many official looking Web sites that have been put up by pranksters to describe dihydrogen monoxide as 'an odorless, tasteless chemical' that can be deadly if accidentally inhaled.

So -- ha ha, stupid Aliso Viejo city officials. But seriously -- why is a paralegal making decisions on scientific issues? Isn't that what the EPA and their environmental scientists are there for? Tail wagging the dog, I think.

Thank you, MS Word Metadata

Published March 15, 2004

Politics: California AG forwards anti-P2P screed on behalf of the MPAA.

However, the metadata associated with the Microsoft Word document indicates it was either drafted or reviewed by a senior vice president of the Motion Picture Association of America. According to this metadata (automatically generated by the Word application), the document's author or editor is 'stevensonv.' (The metadata of a document is viewable through the File menu under Properties.)

Sources tell Wired News that the draft letter's authorship is attributed to Vans Stevenson, the MPAA's senior vice president for state legislative affairs. MPAA representatives have issued similar criticisms of P2P technology in the past. Stevenson could not be reached for comment.

Funny: Humorix: Feds Unveil Practical Method To Combat Spam. ''If a spammer
has access to a list of millions of clue-impaired users, they won't need to bother sending spam to anybody else', Thullweppon argued.' (thanks to Kenneth Porter for the link!)

Closed-Source Runtimes

Published March 11, 2004

Open Source: A good entry at sourcefrog.net describing some reasons people are driven to use open source -- the closed-source component library one, in particular, drives me nuts.

I've run into this in the past -- here's an example I can point to. That's a fixed version of Java 1.0's java.util.StreamTokenizer class, to fix a bug where space cannot be treated as a special character. (Hopefully it's now obsolete, seeing as I wrote that 9 years ago!)

Note that I probably do not have permission to use and redistribute that class. Also note that the bug fix I submitted to Java 1.0 probably never made it into the code, because I was an individual user and not a major corporate client. The bug may have been fixed independently, however, given that StreamTokenizer still exists, but I doubt my fix ever got near the dev team. (However it still means I can say I fixed a bug in James Gosling's code ;)

Invariably, getting access to source, and being allowed to fix bugs in it, is a key issue -- and one that continually drives developers to open source/free software libraries. RMS has been saying this for years, of course.

Music: A massive selection of links to mp3 blogs. gabba > Pod looks very interesting... they even had a copy of Egyptian Empire's Horn Track recently, one of my favourites.

Markdown: another ‘Plain Text to HTML’ lib

Published March 10, 2004

Web: Plain text, transparently turned into nice markup, is an idea that's clearly never going to go away.

Setext has been around for over a decade, I wrote EtText myself for use in WebMake and elsewhere (including this very weblog!), Zope came up with StructuredText, and more recently, there's been Textile and reStructuredText. Now welcome the newest arrival: Markdown.

First impressions: looks an awful lot like EtText, TBH, but I'd presume that's the shared heritage from Setext. ;)

My feedback: I'd recommend supporting '-' (dash) for list bullets -- it turns out that's a whole lot more widely supported than '*' (asterisk), including in Vim. Also, automatic link inference is very handy; picking up http: URIs and turning email addrs into mailto: links may not look super-pretty, but saves a lot of typing, and EtText Auto links are pretty handy for stuff that's never going to be anything other than a link (take uncommon nouns like 'SlashDot', for example).

Irish MEPs and their votes on IP Enforcement

Published March 9, 2004

Ireland: Now that the IP Enforcement directive has passed, Irish readers might be interested to find out how their MEPs voted on it.

First off, the good ones:

  • PATRICIA MCKENNA - GREEN PARTY MEP (DUBLIN) since 1994
  • NUALA AHERN - GREEN PARTY MEP (LEINSTER) since 1994

Both of the Green MEPs voted along party lines on a key amendment, amendment 54, which would have limited enforcement to commercial-scale counterfeiting rather than individual infringement.

But on the other side, we have these, who voted for applicability of the directive to all 'IPR', according to FFII. The hall of shame:

  • JOE McCARTIN - FINE GAEL MEP (CONNACHT/ULSTER) since 1979
  • JOHN CUSHNAHAN - FINE GAEL MEP (MUNSTER) since 1989
  • DANA ROSEMARY SCALLON - INDEPENDENT MEP (CONNACHT/ULSTER) since 1999
  • NIALL ANDREWS - FIANNA FAIL MEP (DUBLIN) since 1984
  • GERARD COLLINS - FIANNA FAIL MEP (MUNSTER) since 1994
  • JIM FITZSIMONS - FIANNA FAIL MEP (LEINSTER) since 1984
  • LIAM HYLAND - FIANNA FAIL MEP (LEINSTER) since 1994

Unsurprising to see the conservative FFers (and Dana!) in there -- but what do FG think they're doing?

Considering that FFII read this as permitting 'surprise raids on teenagers in the middle of the night by private security firms on the flimsiest of evidence', as passed, this is a 'hall of shame' issue.

The moral: vote Green!

More on the new EU IP Enforcement Directive

Published March 9, 2004

EU: EU Reporter (PDF) thoroughly trashes the new law:

The legislation as structured is opposed by lawyers and judges, who have said that large corporations will be able to slap pre-emptive injunctions on small manufacturers and put them out of business without any fear of having to pay compensation if their action proves to be no more than to gain commercial advantage.

Music companies will get the right to demand raids merely on suspicion of a breach including on private homes.

WITHOUT PROOF factories could be closed, assets and bank accounts frozen by opportunist actions based on patents claims, Greg Perry, Director General of the Brussels-based European Generic Medicines Association told EU Reporter. ...

Pressure from the current 15 Member States is being blamed by a large swathe of industry for rushing bad legislation into law. Surprisingly, one of Britain's largest corporations has slammed both parliament and Council saying: 'It will take many years to undo the damage that this legislation has the potential to do.' Unsurprisingly the corporation, normally close to the British Government, refused to be named.

‘Group Coca-Cola Schemes’, and the EU IP Enforcement Directive passes

Published March 9, 2004

Ireland: Bad news from home.

A truly ground-breaking concept, the 'Group Broadband Scheme', has been watered down into a shadow of what it could be with a requirement that all community internet access schemes be operated in association with 'an Internet Service Provider or Authorised Operator'.

In other words, rather than a radical new way to provide affordable non-profit, community-owned high-speed internet access in rural areas, it's just business as usual:

'With the launch of the 1st Call for Group Broadband Scheme proposals, it is clear the Minister intends to require that any application for funding under the group broadband scheme initiative be made in association with an Internet Service Provider (ISP) or Authorised Operator (AO)', said (Ireland Offline) chairman Christian Cooke, 'a so-called Broadband Internet Service Provider (BISP)'. .....

Experience in the UK has shown that the commercial provision of broadband in rural areas is not financially viable. Low population and wide dispersal lead to lower margins than can be supported by a profit-oriented enterprise. ....

Ireland Offline warned that the prerequisite of partnering with a BISP as a condition of GBS funding, there is a very real danger of companies cherry-picking more lucrative areas, leaving communities for which the funding should have been made available ... without any services.

'In short, in its current form, the group broadband scheme initiative bears no resemblance to the group water schemes, to rural broadband provision', said Cooke, 'and every resemblance to the packaging of subsidized local monopolistic franchises, monopolistic because no competitor could go head-to-head with a subsidized service. It is therefore better to think of them as not so much like group water schemes as 'group coca-cola schemes'.'

IrelandOffline press release here.

In other EU news -- the EU Parliament has approved the IP Enforcement Directive. The Greens report:

  • Patents are included within the scope of the directive.
  • only 3 parts of the directive are limited to 'commercial scale'. This means that the provisions of Articles 7(1), 8 and 9 can potentially be used against consumers. In the US this kind of legislation has been used to target, amongst others, children and their parents for downloading music.
  • there are concerns amongst ISPs that they can be attacked for 'providing' the means to download content which is protected by copyright.

James Heald: 'Exactly what will now happen, and exactly what surprises it may lead to, will now depend on the different details of how the directive is now implemented from member country to member country across Europe.'

Back to the drawing board, pt XVII

Published March 8, 2004

Security: Educated Guesswork forwards a great illustration of real-world security-measure subversion.

Public places with relatively unattended and un-secured toilet facilities, like train stations, have historically had a problem with intravenous drug users using the cubicles to inject. So about 10 years ago, some bright spark came up with the idea of lighting these places with ultraviolet lights, under which the blue blood in someone's veins cannot be seen.

Apparently, this works -- or at least worked until recently, when the IV drug users figured out an ingenious circumvention technique -- highlight your veins beforehand using a UV marker. In normal lighting, the ink is invisible -- but once in the UV-lit area, it shows up, apparently better than the veins show up under normal lighting anyway!

As EKR says: 'remember, folks, your opponent will change his behavior to oppose you. That's why he's called your opponent.'

Health: An oldie from 1998. City Limits: 7 1/2 Days. An undercover investigative reporter gets incarcerated as a mental patient in Brooklyn -- for a lot longer than he planned. Horrific.

Life: yesterday, I saw Mohammed Ali in the flesh. I was totally star-struck.

Sharing With Social Networks

Published March 6, 2004

Social: Next-Generation File Sharing with Social Networks. One thing -- the central server is not actually required, as WASTE showed. Otherwise good stuff...

I have a feeling that whatever clients are built to implement social-network-based sharing will need a way to deal with a user being a member of multiple indepedent networks, where Network A has a policy that would not permit Network B's users to connect, but User X is a member of both.

MS Word’s change history feature strikes again

Published March 5, 2004

Security: SCO accidentally leaked their previous lawsuit plans -- to sue Bank of America -- through MS Word's ability to retain prior changes in a Word document.

This seems as good a time as any to re-plug
find-hidden-word-text, a quick perl hack to use 'antiword' to extract hidden text from MS Word documents in an automated fashion, based on Simon Byers' paper Scalable Exploitation of, and Responses to Information Leakage Through Hidden Data in Published Documents. It works well ;)

Safety: Great Malcolm Gladwell article on S.U.V.'s. My favourite bit:

when, in focus groups, industry marketers probed further, they heard things that left them rolling their eyes. .... what consumers said was 'If the vehicle is up high, it's easier to see if something is hiding underneath or lurking behind it.'

Bradsher brilliantly captures the mixture of bafflement and contempt that many auto executives feel toward the customers who buy their S.U.V.s. Fred J. Schaafsma, a top engineer for General Motors, says, 'Sport-utility owners tend to be more like 'I wonder how people view me,' and are more willing to trade off flexibility or functionality to get that.' According to Bradsher, internal industry market research concluded that S.U.V.s tend to be bought by people who are insecure, vain, self-centered, and self-absorbed, who are frequently nervous about their marriages, and who lack confidence in their driving skills.

... Toyota's top marketing executive in the United States, Bradsher writes, loves to tell the story of how at a focus group in Los Angeles 'an elegant woman in the group said that she needed her full-sized Lexus LX 470 to drive up over the curb and onto lawns to park at large parties in Beverly Hills.'

Social: Ted Leung: Google requires that its employees spend 20% of their working hours on 'personal projects'. Wow.

IBM Service Rocks

Published March 5, 2004

Hardware: So IBM Thinkpads come with a predesktop area -- a hidden 4GB partition of recovery files, Windows XP install disks, windows drivers, etc. taking up space on the hard disk.

I haven't used Windows much at all on this machine, given that I don't use Windows when I can avoid it, but I did pay several hundred dollars for it -- since it's now impossible once again to buy an IBM laptop without doing so (or without paying quite a lot extra). So I want to keep it around, and I want to make sure I can reinstall if things go wrong.

Having a hidden partition just isn't quite safe enough for me -- because I've had hard disks go belly-up before, or scribble on the partition table, or so on -- these things happen. Thankfully it's easy enough to get CD-ROMs shipped from IBM support if you ask nicely, so I did so yesterday afternoon at about 3pm.

This morning at 9am, there was a knock at the door, and I received a package shipped from Durham, NC containing the reinstall CDs.

It's great dealing with professional hardware companies again ;)

X11 Window Managers, and Dr. Evil

Published March 5, 2004

Linux: wmctrl and Devil's Pie -- two nifty tools for window control. Both are command-line tools that use NetWM, a standard for X11 window managers, to hook into window manager policy and apply scriptable control to windows as they appear (in the Devil's Pie case) or to pre-existing windows (in the wmctrl case).

I've just reverted back to sawfish from KWin recently, in order to get this control back; I probably wouldn't have if I'd found these in time.

(In case you're wondering why I reverted: specifically, sawfish allows the user to control window position very efficiently from the keyboard using corner.jl, and the KWin folks weren't interested in a patch to do the same there. In addition, sawfish has wclass.jl , which allows windows to be controlled by name; it's very handy to say 'Show Mail', and have xvoice de-iconify your mailreader in response. Both are killer features for rodent-free use of a UNIX desktop.)

Funny: Dr. Evil's monologue about his childhood from the first Austin Powers movie. Sheer genius. 'Sometimes he would accuse chestnuts of being lazy, the sort of general malaise that only the genius possess and the insane lament.'

Open Source: Tim Bray goes through a couple of open-source studies; first is the clueless 'Where do you want to go, Aiden?' essay I mentioned here a couple of days ago, but the second is a study from a couple of French economists I hadn't heard of. I'll just reproduce the translation:

Choosing software is not a neutral act. It must be done consciously; the debate over free and proprietary software can't be limited to the differences in the applications' features and ergonomics. To choose an operating system, or software, or network architecture is to choose a kind of society. We can no longer pretend that free and commercial software, or Internet standards and protocols, are just tools. We have to admit at least that they are political tools. After all, fire and the printing press are 'just tools.'

Ireland: Some new Irish weblogs:

Ted Jesus Christ GOD

Published March 4, 2004

Spam: Kottke passes on news of the second coming -- in spam:

It is now that blacklisting and filtering and blocking and Blocking of Port 25 and Blocking SMTP connections and filtering out email and anything related that does not allow any person in the United States of America to send email to anybody and then have opt-out or opt-in and that COMPLY with the CAN-SPAM Act of 2003 are doing something that is ILLEGAL and you are a CRIMINAL for doing this you have CRIMINAL LIABILITY and CIVIL LIABILITY and your company CANNOT protect you in the slightest. If your company asked you to murder somebody would you do this? Of course not for most. Then do NOT do illegal and criminal things now that are out side of the law and outside of Federal Law now with the passing of the CAN-SPAM Act of
  1. The corporate veil can be pierced and board members of the corporation and officers of the corporation and executives of the corporation and managers of the corporation and employees of the corporation that are involved in the slightest in the writing of or approval of or enforcement of Terms of Service or Policies or Procedures or Business Decisions or Business Practices or Zero Tolerance Policies that would or does interrupt or cancel or block or filter or blacklist or harass or defame the character of or slander Ted Jesus Christ GOD in the slightest from sending legal email now and into the future are COMMITTING A CRIME and have CIVIL LIABILITY also and can be pursued by the US Attorney and State Attorneys and District Attorneys and the FTC and also if doing certain things also the ATF and the FBI and more. If calling TJCG a SPAMMER and then BLACKLISTING or BLOCKING or FILTERING or putting into list or putting into any Product or Service anything related to stopping the emails of TJCG you are also committing DEFAMATION OF CHARACTER and LIBEL and SLANDER and damaging the good reputation of TJCG.

What, no divine retribution?

E-Voting in Ireland: signatures needed!

Published March 2, 2004

eVoting: Are you an academic, or do you know any academics, working in the field of computer science in Ireland? If so, you should consider signing, or collecting signatures, on
this ICTE statement. It's eminently reasonable -- 'since computers are inherently subject to programming and design error, equipment malfunction, and malicious tampering, we join with (the ACM) in recommending that a voter-verified audit trail be one of the essential requirements for deployment of new voting systems.' (thx for the pointer, Simon!)

Clemens Vasters’ ‘Letter to Aiden’

Published March 1, 2004

Open Source: Clemens Vasters: Where do you want to go, Aiden? Sadly, Clemens misses the
point dramatically.

Point one: I've worked on open-source and proprietary software. I still do. I work on them both simultaneously (or, at least, proprietary 9-5 and open-source outside work hours ;). I have a good few of the things you're supposed to have 'by the time you're 30'.

It's not an all-or-nothing thing; working on open source doesn't mean retreating into a garrett and staying up all night. Nothing is black-and-white like that, and surely Clemens should be able to recognise that aspect of the real world by now. ;)

Point two: Open source work does found a career. It acts as a fantastic testament to your ability -- especially if you've written good code or organised a team. I'd be much more happy to hire someone who had demonstrated that ability, over people who had no OS dev experience, if I was interviewing candidates in the day job. (In fact, I have in the past. ;)

For one thing, a tar.gz from Sourceforge is a lot easier to verify than some assertion that when you worked for some big company, you were Very Important and did Amazing Things, but sorry, they were all secret and proprietary so you have no proof.

Point three: 'It doesn't matter whether you love what you are doing and consider this the hobby you want to spend 110% of your time on: It's exploitation by companies who are not at all interested in creating stuff. They want to use your stuff for free. That's why they trick you into doing it.'

This is total FUD -- pretty much just shouting 'it's an IBM conspiracy!'

For the record, I've never even talked to anyone from IBM about open source, as far as I know -- aside from when I stood up once at a conference and attempt to ask an IBM manager about their crappy software patent policy and how it conflicted with their avowed support of open-source. (Obviously their payoff cheque was late that month ;)

More good comments on slashdot, believe it or not (with the threshold at 3, that is).

(finally, an aside: I suspect the guy's name was 'Aidan' BTW.)

Getting into KDE 3.2

Published February 29, 2004

Linux: I'm really getting into KDE 3.2. I've been looking for a music player that is better at handling large collections of MP3s better than the venerable XMMS, without much luck:

iTunes is, of course, the 'gold standard', but is Mac/Windows only, so that's not going to work on my Linux machine.

Rhythmbox is getting there as an iTunes clone, but right now is woefully incomplete. It fails to play lots of my music, has serious interface shortcomings -- you can rate songs, but then there's no way to use those ratings, and you cannot edit any of the tag metadata in the released version.

JuK is the new KDE music player app. Initially, I wrote it off -- it uses the clunky interface of 'one big list', at first glance.

But after Rhythmbox managed to confuse itself sufficiently so that it would only open as a 3-pixel-high window (seriously!), I gave JuK another try. Summary: it kicks ass.

It turns out that the multi-pane 'artists, albums, and tracks' mode of iTunes and Rhythmbox isn't actually necessary, since JuK improves on it using a very nifty dynamic 'Tree View' mode.

Another nice feature is the MusicBrainz integration; it has built-in support for querying MB's servers to get correct tag data for your music. In fact, its tagging support is fantastic -- this is unsurprising, as it looks like it started off as a tagging app.

Being a well-written KDE app, it exposes some nifty scripting support via DCOP, and a quick look-over with KDCOP reveals a nice set of APIs -- for example, running dcop juk Player playingString tells me the name of the track and artist playing right now. I'm not sure if there's a way to register for callbacks on events like 'track change' just yet, here's hoping...

No sign of rating support just yet, though; my dream player would allow me to rate my tracks, and then make a dynamic playlist which selects tracks by rating, playing the top-rated ones more often and never playing the bottom-rated ones. Here's hoping it's in the pipeline ;)

All in all, though, it looks like I'll be giving JuK a try.

Using social-networking services to filter spam

Published February 28, 2004

Spam: filster: Linking reputations networks to email whitelists. Very interesting -- a tool to use the social network data from Orkut, FOAFweb, Reputation Research Network, and CPAN to whitelist email senders in SpamAssassin. Only problems I can see:

  • needs an anti-forging mechanism like SPF to avoid spammers forging their way through your whitelist -- but the author does cover that.
  • some of the site terms of service may prohibit scraping -- Orkut's, for example, is very strict.

Still, a very nifty idea, and one worth more investigation... the combination of FOAF and SPF in particular, given that tribe.net (if I recall correctly?) will be generating FOAF data, is quite cool.

Radio Tivo

Published February 27, 2004

Radio: Community Projects at Moertel Consulting: My new Radio VCR. That is so cool.

Interesting tidbits:

He records using Speex, the open-source speech-recording codec, in real-time. I wonder how well it'd work with a more music-oriented codec, like Ogg Vorbis. Bit-rate used is 16Kbps, which seems to be pretty reasonable according to the Speex folks.

The resulting output is 10 MB per hour. That works out as 1.4 years of radio time on one $95.00 hard disk, which strikes me as pretty excellent buffering room ;)

Next step: Retroactive Radio Recording.

However, I'm thinking a really nifty application of this would be a single drop-in Knoppix CD-ROM for radio stations to stream their output without paying up the big bucks to You Know Who and Those Other Guys.

Silly: The Moaning Goat Meter, by xiph.org -- a load meter written in a proper programming language, and with an inexplicably spinning fish that stares at you.

READY…

Published February 26, 2004

Jeff Minter reminisces: 

  * COMMODORE BASIC *

  7167 BYTES FREE

  READY...

7k free. Hard to imagine these days; even my watch has more than that.

‘Goblin-fancier’?

Published February 25, 2004

Insults: Tom takes issue with my assumption that 'anyone not living in a hole would know that SpamAssassin includes a probabilistic classifier'. Hmm. OK, I should have made it clear I meant anyone following anti-spam filter development. Henceforth I'll over-qualify every statement on this weblog accordingly.

But at least I know that badgers are CLEARLY down, since they do live in a hole. DO YOUR RESEARCH, FARRELL.

Thermal Depolymerization

Published February 25, 2004

Green: There's been a bit of chat on the intarweb recently about a new high-tech fuel source that avoids the fossil-fuel trap, namely thermal depolymerization. Here's a couple of links that are relevant:

Sounds possibly useful although: (a) is there enough biomass produced to produce fuel in useful quantities, and (b) I bet it stinks downwind of that. ;)

Craigslist genius

Published February 24, 2004

Funny: Craigslist: wanted: web designer (why this phrase may get your ass beat)
. 'sneakily trying to advertise for a web designer to make you a porn site is weak. just say in your ad that you want to show naked pictures of women fucking dogs so i can decide, before i apply, if i want to see that sort of thing, and not AFTER you've sent me a mentally and emotionally scarring photo of a maybe-blonde (it was hard to tell, at that angle) and a great dane, and THEN ask me if i am comfortable with that kind of content.' (via swhackit!)

Slashdot Anti-FUSSP Form, and DSPAM’s FAQ

Published February 24, 2004

Spam: Slashdot: This will fail because... Tick the boxes to produce
a generic slashdot comment on a new anti-spam proposal. Very funny.

So, regarding the Noise Reduction probabilistic-classification tokenizer tweak posted on Slashdot yesterday -- it does look interesting; basically, it operates by monitoring the 'noisiness' of the token stream, and if the current probabilities for the tokens from the stream differs from what's defined as acceptable for too long, it 'dubs' them out. In other words, it ignores those tokens until another sequence of 'useful' tokens is encountered. Plus I'm totally down with the Janine ref ;)

However, it's disappointing to come across this in the DSPAM FAQ list:
Why Should I use DSPAM Instead of SpamAssassin? -- a lovely selection of anti-perl and anti-SpamAssassin FUD, generally overlooking SpamAssassin's training components ('leaves the end-user with no means of recourse or satisfaction when they receive a spam'), and in general taking a combative tone. Is that really necessary?

BTW, in case you've been living in a hole for the last year -- SpamAssassin does include a probabilistic classifier, in the form of the BAYES rules. It's easy to train, uses good tokenizing and combining algorithms to get high accuracy (although doesn't yet do multi-word windowing until we've determined that that works acceptably for the db size increase), and, importantly, has been measured on corpora that are not my own mail.

A story: way back when, in June 2001, the SpamAssassin README boasted of it's 99.94% accuracy rate. This was true -- it was measured on my mail feed over the course of a couple of months. However, once measured on someone else's mail, that dropped pretty quickly. Measuring a spam filter on the developer's mail feed, (where presence of HTML is a killer spam-sign!), is a sure-fire way to get (a) great but (b) non-portable accuracy figures.

sleep(1) in Berkeley DB?

Published February 23, 2004

Code: Berkeley DB, the de-facto std for open-source high-performance database files on UNIX, is displaying some odd behaviour -- it appears to be sleeping for 1 second inside the database library code, under load, for some versions of libdb. If you're curious, there's More info here.

‘Social networks’ spam filtering technique

Published February 19, 2004

Spam: /.: New Method of Spam Filtering: 'A simple and easily implemented scheme for combating e-mail spam has been devised by two researchers in the United States. P. Oscar Boykin and Vwani Roychowdhury of the University of California, Los Angeles use their method to exploit the structure of social networks to quickly determine whether a given message comes from a friend or a spammer. The method works for only about half of all e-mails received - but in all of those cases, it sorts the mail into the right category.'

Abstract here. It appears it classifies 53% of the emails and leaves the other 47% as undiagnosed.

The problem with this scheme is that it relies on the data in the To, From, and CC fields being accurate. Currently, there's no means to stop spammers faking those addresses.

A trivial way to get around this filter, similarly to the other filters that trust the From address, is for a spammer to send a message using your address in both the From and To fields. Most people would include themselves in their web of trust, hence the spam would get through.

A more resilient method uses IP addresses from the Received headers in conjunction with the From address. Once you do this, you can no longer use To and CC data -- and the scheme becomes pretty much similar to SpamAssassin's auto-whitelist.

Life Hacks

Published February 18, 2004

Work: Life Hacks: Tech Secrets of Overprolific Alpha Geeks, Danny O'Brien's ETech talk.

Amazingly, despite not being an alpha geek ;), I already use all these things:

  • a todo.txt file (anything else is inconvenient).
  • everything incoming comes through email, including RSS (thanks to rss2email). Again, anything else is inconvenient; I couldn't be bothered with another desktop app.
  • I hack scripts for every repetitive task I run into
  • I sync instead of backup; everything has a CVS repository running on a remote server, even my home dir
  • I have a nasty tendency to web-scrape data

These tips definitely are good advice. Although I have a feeling the result is optimised to a weblogging UNIX geek who spends hours hacking perl/python scripts. ;)

I'm looking forward to LifeHacks.com when it does eventually go live... should be interesting.

BitTorrent

Published February 12, 2004

Net: Great NYTimes article interviewing Bram Cohen about BitTorrent (u: sitescooper p: sitescooper). Good to see that it landed him a job with Valve, but let's hope that's not the last piece of free software from Bram...

One of the best things about the article, BTW, is that it does take notice that BT isn't a tool for piracy. Refreshing, given how these things are often covered.

Future Firefox Features

Published February 11, 2004

Web: More on the Firefox crappy-movie-now-web-browser thing, from Chris Blizzard:

  • A mind-controlled UI: but it only works if you think in russian!
  • Flashback mode: whenever you hear a helicopter overhead the browser will
    • redirect all page loads to web.archive.org, circa 5 years ago.
      • Stealth mode: using specially malformed headers, Firefox will load your web pages and web servers will be unable to log your vists.
      • Mach 6 Technology: advanced compression algorithms will make the web faster than it's ever been before!
      • Arctic compliant: you can land firefox on an ice floe in the middle of the north atlantic. Not sure why you would need this, but hey, we had some extra bandwith.

Lovely Filelight

Published February 9, 2004

Linux: Doing my backups -- it's a good feeling to know your data will (probably) be safe if your computer suddenly carks it.

This time around, I have way too much data to actually back up the lot -- so I'm being selective. Filelight is very helpful here; I can see exactly where my disk space is going, spot tmp files that I should have cleared up long ago, and so on.

One thing is clear -- I have too many MP3s. How am I supposed to listen to all of those?

Firebird now Firefox

Published February 9, 2004

Web: Donncha notes that Mozilla Firebird has been renamed 'Firefox'. Retro cruddy 80's Cold War movie reference? check!

I like it. In fact, I'm looking forward to Linux kernel 2.6.2 'Red Dawn'.

BTW, my current favourite Firebird^H^H^H^Hfox extension: Session Saver. Load and save the current list of open tabs, and have them automatically saved when you quit the browser. Given that I often have a few tabs on stuff I'm researching, leaving them until I'm a bit less busy (which can take days!), this fits perfectly with my modus operandi.

Funny: This is GREAT!

And if that's too much product placement for you, there's Students for an Orwellian Society: 'Because 2004 is 20 years too late.'

How To Increase Voter Turnout With New Technology – The Right Way

Published February 7, 2004

eVoting: One of the desired features for new voting mechanisms is that they will increase voter 'turnout', encouraging people to vote who are too busy (or too unmotivated) to visit a polling station.

This has been used to suggest internet voting (see the fiasco that was the now-scrapped SERVE project) and voting-by-phone. Both offer a scary number of vote-fixing opportunities and possible failure modes, and are fundamentally a bad idea.

However, it turns out there is a great system to implement absentee voting securely, reliably, conveniently (for the voter) and even cheaply! A comment on Bruce Schneier's Crypto-Gram newsletter (scroll down to comment number 3) details this.

I've copied the entire mail here, since it's hard to link to in the other location, and is well worth a page to itself:

From: Fred Heutte

Thanks for your cogent thoughts on ballot security. I almost completely agree and was one of the first signers of David Dill's petition. I am also involved professionally in voter data -- from the campaign side, with voter files, not directly with voting equipment -- but we're close enough to the vote counting process to see how it actually works.

I would only disagree slightly in one area. Absentee voting is quite secure when looking at the overall approach and assessing the risks in every part of the process. As long as reasonable precautions like signature checking are done, it would be difficult and expensive to change the results of mail voting significantly.

For example, in Oregon, ballots are returned in an inside security envelope which is sealed by the voter. The outside envelope has a signature area on the back side. This is compared to the voter's signature on file at the elections office. The larger counties actually do a digitized comparison, and back that up with a manual comparison with a stratified random sample (to validate machine results on an ongoing basis), as well as a final determination for any questionable matches.

Certainly it is possible to forge a signature. However, this authentication process would greatly raise the cost of forged mail ballots, absent consent of the voter. In turn, interference or coercion with absentee voting would require much higher travel costs (at least) than doing so at a polling place, for a given change in the outcome.

It is true that precincts have poll watchers, and absentee voters do not. But consider this. Ballot boxes, which are often delivered by temporary poll workers from the precinct to the elections office, are occasionally stolen, but mail ballots are handled within a vast stream of other mail by employees with paychecks and pensions at stake. The relatively low level of mail fraud inside the postal system is a testament to its relative security, and the points where ballots are aggregated for delivery to the elections office are usually on public property and can also be watched by outside observers if need be.

Oregon has had some elections with 100% 'vote by mail' since 1996, and all elections since 1999. So far, no verifiable evidence of voter fraud has emerged, despite many checks and some predictions by those with a political axe to grind that we would be engulfed in a wave of election fixing.

The reality is that Oregon's system, which is based on some common-sense security principles, has proven to be robust. The one lingering problem has been the need of some counties to make their voters use punch cards at home because of their antiquated vote counting equipment. But while this is a vote integrity issue -- since state statistics show a much higher undervote and spoiled ballot total for punch cards as compared to mark-sense ballots -- it is not a security issue per se. And with Help America Vote Act (HAVA) funding to convert to more modern vote counting systems, the Oregon chad remains in only one county and will go extinct after 2004.

The mark-sense ('fill in the ovals') ballots we have work well, and have low rates of over-votes and under-votes, despite the lack of automated machine checking that is possible in well-designed precinct voting systems. This suggests that reasonable visual design and human-friendly paper and pencil/pen home voting is a very reliable and secure system. When aided by automated counting equipment, we even have the additional benefit of very fast initial counts.

The increase in voter participation in Oregon since the advent of vote-by-mail -- 10 to 30 percentage points above national averages, depending on the kind of election -- leads to the only other issue, which is slow machine counts on election night after the polls close due to the surge of late ballots received at drop-off locations around the state. Oregon in fact isn't really 'vote by mail,' it's vote-at-home, with a paper ballot that can be mailed or left at any official drop-off point in the state, including county election offices, many schools and libraries, malls, town squares, etc.

The great advantage of the Oregon system is that it relies on the principle that if you appeal to the best instincts of the citizen, the overwhelming majority will 'do our part' to ensure the integrity of the democratic voting process, whether it is full consideration of the candidates and issues before voting, watching to make sure all ballots are securely transferred and counted, or favoring those laws and policies that insure that everyone eligible can vote, that their votes are counted, and that the candidates and measures with the most votes win.

The system is also cheaper than running traditional precinct elections. What's not to like?

It's so simple, and so sensible. Next time someone suggests 'i-voting' or 'm-voting' or whatever, you know what to point to...

Firebird Extension Idea

Published February 7, 2004

Web: I watched a hilarious Rob Corddry segment from The Daily Show last night, repeated from earlier in the week. Having not seen The Daily Show in a while, since dropping everything but basic cable, I went looking through The Daily Show video archives to see if I could find a few more good ones -- with no luck.

Every link on the Video page links to something like this:

javascript:openMediaPop('/multimedia/tds/cord/cord_8065.html','','SRM','high');

Which opens a popup with this page. Now, the interesting thing is that I do have Real Player installed -- but for some reason, Firebird hasn't figured this out. If I could just get through the twisty-turny maze of Javascript 'detection' code, I could get the URL for the .ram file directly from the server and play it.

So this is where my idea for a new extension comes in. It should do this:

  • intercept Javascript calls to navigator.userAgent, navigator.plugins et al, and allow the user to select what plugins to report;
  • add a context (right-click) menu item to list the URIs used in data attributes of object tags, and allow those to be cut and pasted -- or launched in any helper apps registered for that filename extension. Alternatively, it could just replace the object with a link to open that file in the helper app.

The first allows the user to choose what plugins to report are installed, and navigate their way past broken 'detection' scripts like Comedy Central's and The BBC Radio Player's.

The second then allows the user to get hold of the URL for future use, or pop it up in an external viewer.

David Hasselhoff’s role in ending the Cold War

Published February 6, 2004

Funny: The Beeb reports that 'Baywatch star David Hasselhoff is griping that his role in reuniting East and West Germany has been overlooked.'

Speaking to Germany's TV Spielfilm magazine, the 51-year-old carped about how his pivotal role in harmonising relations between the two sides of the divide had been overlooked.

'I find it a bit sad that there is no photo of me hanging on the walls in the Berlin Museum at Checkpoint Charlie,' he told the magazine.

Hating ABIs

Published February 5, 2004

Software: OK, one of my current UNIX pet peeves, perfectly illustrated by the new RPMs for KDE 3.2. 

  : jm 1015...; sudo rpm -Uvh *.rpm 
  Password:
  error: Failed dependencies:
      libiw.so.26 is needed by kdenetwork-3.2.0-0.1

I don't have a wireless card in this machine.

WHY does kdenetwork, a network configuration applet, link with a shared library component of the wireless-tools package? Why is this not simply a shell script, or even an optional binary command? Have the UNIX desktop environments forgotten all about the UNIX way in their rush to implement 'components'? To quote Doug McIlroy :

This is the Unix philosophy. Write programs that do one thing and do it well. Write programs to work together. Write programs to handle text streams, because that is a universal interface.

(my emphasis added.)

Hint: if you don't intend to call some third-party code over and over
again several times a second -- in other words, so that performance is essential -- you do not need to link against it as a shared library. Calling it as a command, with fork and exec, will work just fine and avoids this kind of 'DLL hell'.

A related issue is how this emphasis on binary or component ABIs impacts scriptability and plugins. Ever since Netscape came up with their plugins, we've had this new model that third-party application extensibility meant linking shared libraries into the app (with ABI issues), or calling out to components over distributed-object transports like CORBA or MCOP (with API issues), instead of the traditional 'helper app' model.

As a result, generally, when I install a new version of Mozilla, I have to try and remember what plugins I had in the last one, track them down, download the latest version to work around ABI changes, and hope they work in this version of the browser.

Inevitably, they don't -- I haven't found a working Java plugin in over a year. On the other hand, I can always click on a .ram link to listen to a RealAudio stream, because it doesn't really matter if the browser and realplayer were built with different compilers in the 'helper app' case.

In addition, and paradoxically, scriptability is becoming less of an option in the modern UNIX GUI apps. Let's say I want to be able to do the kind of thing Windows has had for years with it's 'Send To' menu; put a simple shell script into an 'actions' directory, and it'll appear in the right-click context menu, so that I can right-click on a file and select 'Run frobnicator' to frobnicate it. (Similar is possible from MS Internet Explorer.)

Is it possible in Firebird? Not a hope. But you can write an extension -- 100KB of undocumented Javascript. Great.

In fairness, the file managers have the right idea -- GNOME's Nautilus does support this nicely, and so does Konqueror. But there's an ongoing tendency to adopt the ABI dynamic-linking model, or the distributed-object model, in places where it's just not necessary, and a simple UNIX pipe or command API -- the 'helper app' model -- would work beautifully.

hmm. </rant> ;)

More interesting bits on ‘rscheearch at Cmabrigde Uinervtisy’

Published February 4, 2004

Spam: Gary Schrock on the SpamAssassin-talk notes:

... that study that's being talked about in an email doesn't exist. There's something in the Trends in Cognitive Science journal about it, that discusses why that email is actually as readable as it is. I'd try to pass on the knowledge, but while I may work in a lab that does psycholinguistics, that doesn't mean I understand it enough to pass it on. But the short story is there's no such research at Cambridge.

(The irony here is that this was being talked about in the lab where I work earlier today, and when I mentioned this email someone in the lab was able to hand me to article from Trends. Unfortunately the journal is only available online with subscription.)

No Longer Possible To Spoil Votes In Ireland?

Published February 4, 2004

eVoting: 'Spoiling your vote', e.g. writing in 'none of the above' on a ballot paper, is a legally-permitted response to a ballot in Ireland and many other countries. Secrecy in how you vote is constitutionally required.

Aengus Lawlor on the ICTE list points out that it appears the new e-voting system in Ireland will no longer permit spoiling to take place in secrecy.

Indeed, in the 7 constituencies where e-voting machines were trialed in the 2002 Nice Referendum, no spoiled votes were cast. Compare:

  • Carlow-Kilkenny: turnout 47,192, Spoiled Votes 244 (that's 0.51%)
  • Cork North-West: 29,056, 144 (0.49%)
  • Dublin Central: 28,880, 115 (0.39%)
  • Dublin North-Central: 36,532, 93 (0.25%)

with the e-voting constituencies:

  • Dublin South: 51,229, 0
  • Dublin South-West: 31,336, 0
  • Dublin West: 25,659, 0
  • Dun Laoghaire: 50,070, 0

A pretty notable anomaly there, ignoring the wishes of 0.5% of the electorate.

On a separate issue -- let's hope the Powervote systems aren't as bad as the Diebold ones. Here's the RABA Technologies' assessment of Diebold AccuVote-TS Voting System security (PDF, 167KB), noting locks picked in 10 seconds, default passwords used to re-encode a voter card as a supervisor card, etc etc.

BUA Training — clueless interview

Published February 2, 2004

Media: ever wondered why SCO is being targetted by the MyDoom virus?

Wonder no more. Apparently, according to William Campbell of BUA Training in this hilariously off-the-wall interview with RTE's Morning Ireland radio show, it's because of the Browser Wars and 'Open System Software'. He goes on to explain:

'if you go to a website, such as openoffice.org, you can download a free copy of what is the competitor for Microsoft Office, an equivalent of Microsoft Word, and equivalent of Microsoft Excel, which probably most of you have on their computers.' 'These competitors, they don't really exists as companies, although there are some companies such as Open Office.org and eh, Star Office and lynux, but em, Microsoft has put all the commercial competition out of business, or they bought them up or whatever.'

Complete transcript here.

Sounds like Morning Ireland needs some new 'computer experts' ;)

Public Service Announcement

Published January 31, 2004

Admin: If you have anything hosted on dogma.slashnull.org, our old shared server, get in touch with the boxhosting list, Vin, or even myself ASAP. It's going to be gone in 2 weeks...

Applauding the Landing

Published January 31, 2004

Travel: Maciej writes up a few reasons why he likes Poland. Aside from the hilarious description of day-to-day formality in speech, there's this snippet:

In all of Eastern Europe, it's traditional for passengers on an airplane to applaud when it lands. The cynic in me is tempted to call this a legacy of the Tupolev days, when a safe landing was truly a special occasion, but I prefer to think of it as an acknowledgement that flying ten kilometers above the Earth at near-sonic speeds is something to appreciate. For unknown reasons this custom irritates the stuffing out of certain of my American friends, who will be glad to know it is slowly dying out, reserved now only for more spectacular landings in heavy rain or turbulence.

This is something that's traditional amongst the older Irish travellers, too (I've noticed it on charter flights to holiday destinations). The youngsters don't do it, of course, unless the plane has just stopped safely after skidding sickeningly sideways across the tarmac.

I've always wondered if it was an Irish thing, but now I see it's not; and given the two nations involved, and the distance between them, I suspect it's something that people always used to do, and they're just not doing anymore in the places where air travel is commonplace.

Shame, I'm sure the staff would love the appreciation ;)

Blogsplosion!

Published January 30, 2004

Social: It's a blogsplosion! (neologism, Creative Commons license, cheers.)

First off, we have Old Rottenhat, a fantastic group-weblog featuring several old mates of mine, musing on music (Eoghan), psychogeography (Delaney), quitting work (Dr.), and random comments (Krossie). It's great reading.

Next, Tom has finally set us up the blog in the form of Linux and Goblins, 'your home for neither of the above', with some trademark Tom-style moaning, half-baked ideas, and pestering of some politician git called Phillip Boucher-Hayes.

Both are now firmly ensconced in the sidebar, and on my daily list... an RSS feed for Old Rottenhat can be found here, and I'll be making one for Tom too when I get the chance.

Referrers from IAEA.org

Published January 27, 2004

Spam: Ever seen this in referrer logs, and wondered if the International Atomic Energy Agency really had linked to your site? Sourcefrog has.

Of course, it isn't them. In reality, it's a spambot called Atomic Harvester 2000. This is how spammers get 'targeted lists of email addresses'; they throw a couple of search terms into this, it hits Google, and scrapes all email addresses from the pages found. More info:

Server Moved

Published January 26, 2004

Admin: taint.org has moved to a new server. Let's see if it works!

New Server

Published January 26, 2004

Admin: So, taint.org has moved to a new server. With any luck, this message should show up there and get blogged...

US/Ireland Cultural Differences

Published January 26, 2004

Culture: Five killed in separate road crashes. Donncha notes 'There were 2 terrible road accidents this morning. One of them was just outside Cahir, in Co. Tipperary. I drove past there dozens of times in the past and I was shocked to hear the news.'

It's interesting to note this cultural difference. In Ireland, a road crash with multiple fatalities is national news, on the 6 o'clock news; in California, as far as I can see, it's pretty much an everyday fact of life -- unless there was a juicy 'road rage' story attached, it won't get reported.

Are there more deaths in the US than Ireland? It seems not. The US department, NHTSA, notes that California had 3,956 fatalities in 2001, which works out at 11.47 per 100K population. The Irish dept, NRA (heh -- that's National Road Authority) notes a 2001 rate of 10.7 per 100K population. (However, Ireland's rate has dropped since then, due to an increased emphasis on road safety; the 2003 rate is reported to be the lowest since the 1960's. Not sure what it is now, though.)

So, interestingly, the death rate is comparable -- so where's the difference? I reckon it must be simply a PR issue; Ireland's road safety authorities have made it a PR priority, so that public awareness of road safety is heightened. As a result, road crashes are headline news.

Record business protects Irish and British consumers

Published January 26, 2004

Music: ... from CDWow selling us cheap CDs. Paddy forwards on the news -- 'CDWow.ie will now charge EUR 3 on every CD sold from their Irish site. And they wonder why people download music illegally...'

It seems that IRMA and the BPI both joined forces in this case against CDWow, hence this decision affects Ireland, too. The record industry are very happy -- 'it is not the consumer that will suffer, just CD Wow's profit margins.' Not entirely clear how the consumer doesn't suffer due to a 3 Euro surcharge, but I'm sure they have it all worked out.

Globalisation where it suits the producers, rather than the consumers, is the name of the game here.

More at The Register.

(Thanks, Paddy!)

Using Subversion With Fedora Core 1

Published January 26, 2004

Linux: If you use Fedora Core 1, here's a yum stanza to download and install Subversion.

Add these lines to /etc/yum.conf: 

  [subversion]
  name=Subversion at Summersoft
  baseurl=http://summersoft.fay.ar.us/pub/subversion/bin/subversion-latest/fedora

Run:

yum install subversion

That's it! svn will now be kept updated using yum.

The IKEA Walkthrough

Published January 26, 2004

Funny: The IKEA Walkthrough: 'IKEA is a fully immersive, 3D environmental adventure that allows you to role-play the character of someone who gives a shit about home furnishings. In traversing IKEA, you will experience a meticulously detailed alternate reality filled with garish colors, clear-lacquered birch veneer, and a host of NON-PLAYER CHARACTERS (NPCs) with the glazed looks of the recently anesthetized. ... with practice (and this IKEA Walkthrough!) you will soon be able to muster the sense of numb resignation necessary for victory.' (defectiveyeti)

Debugging Thoughts

Published January 26, 2004

Software: Nelson Minar: Primitive Debugging. Nelson quotes Kernighan, 'The most effective debugging tool is still careful thought, coupled with judiciously placed print statements', and assents from a viewpoint a quarter of a century later. Strange but true; I find this also. Why is that?

IMO, it's all usability problems.

  • debuggers are labour-intensive. To print or explore a complex data
    • structure requires lots of typing, or liberal cut and paste from a side window with your debugger commands ready to go. DDD does a very good job of helping with this, since it's built around a data display model.

      • It's easy to make a mistake that requires a full restart. If you're single-stepping through some code, hit a loop, and want to skip several steps, you might select 'continue until loop exit' -- then find that you've gone too far. What can you do? Restart from scratch.

        There is a fix for this -- backstepping. However, so far it seems to be only available in research models; I don't know of any deployed debuggers that support this.

Even given a good debugger, I find myself throwing in a printf() every time. By now, my brain's hard-wired to debug using printf.

(More correctly, my own equivalent, a 'JMDB' statement. This is a little bit of usability sugar; I've defined that in my editor as a language-dependent macro to output a 'JMD' string -- so I can find it easily in code and output -- and the file and line numbers, along with whatever data I want to log.)

It's too late to save me ;)

Orkut Down for Tweakage

Published January 26, 2004

Social: orkut - under construction: ' Based on your suggestions, I'm taking orkut.com back to the lab for some fine-tuning and improvements. It will likely take a few days to finish them. None of your data will be lost and I should have some nice surprises for you when I bring it back online. I'll email you when it's ready and running again.'

Probably taken offline mainly to deal with this wee buglet ;)

Orkut.com is interesting on a few levels:

  • the Google link paid off massively. It has a lot more geek cred than it would have had otherwise (especially given the in-my-opinion fugly MSN-style design, and -- ugh -- .aspx URLs ;)

    As far as I can see, it's not really Google-affiliated; just written by a Googler in his spare time. The Google names I know don't seem to be in there, and no games of 'Six Degrees of Sergei Brin' are possible ;)

  • the invite-only startup gave it some good initial buzz.

But IMO it needs a few tweaks: the main one IMO is export. Friendster, Tribe.net et al all give the impression that they want to lock you in the trunk so they can 'monetize' your network, or something. If that's the way it'll work, great, it's a toy, and that's all they're getting from me.

These things are just toys until I can get my data back out again in a machine-readable format (FOAF, RDF, etc.) I want to augment it with other social data; like an anti-spam web of trust based on who I know, and being able to graphviz my social network, dammit! ;)

Brian McCallister has a few more useful comments.

Puzzles: a UK crypto guy says the Voynich manuscript is gibberish and reckons he's figured out how it was made. 'They have shown that its various word, which appear regularly throughout the script, could have been created using table and grille techniques. The different syllables that make up words are written in columns, and a grille - a piece of cardboard with three squares cut out in a diagonal pattern - is slid along the columns. The three syllables exposed form a word. The grille is pushed along to expose three new syllables, and a new word is exposed.'

Spam: NY Times on the Spam Conf 2004.

Moriarty Tribunal Reading Weblogs

Published January 21, 2004

Ireland: So, Sarah Carey got called up to testify at the Moriarty Tribunal, since she was involved with ESAT. In the process she notes that she 'was slightly freaked out when the Chairman, in the process of reprimanding me for leaking information, made reference to my media activities AND my website! So are they reading my blog?'

Sounds like it...

She definitely deserves bonus points for the tagline.

Tridge’s Spam Hashing System

Published January 21, 2004

Spam: Andrew 'tridge' Tridgell's junkcode directory really does contain some useful snippets, like he said. Here's spamsum, a checksum algorithm for hashing spam text:

The core of the spamsum algorithm is a rolling hash similar to the rolling hash used in 'rsync'. The rolling hash is used to produce a series of 'reset points' in the plaintext that depend only on the immediate context (with a default context width of seven characters) and not on the earlier or later parts of the plaintext. A stronger hash based on the FNV algorithm is then used to produce hash values of the areas between two reset points. The resulting signature comes from the concatenation of a single character from the FNV hash per reset point.

Very very nice!

What Invention Are You?

Published January 21, 2004

Funny: The latest 'personality test' page, via forteana -- what surreal invention are you? Justin is 'a hi-fi that looks bigger than it really is!', and taint.org is 'a housebrick that keeps your teeth clean and never needs repairing'.

Also -- even better -- Giant Battle Monsters. Apparently 'taint.org is a Collosal Man-Eating Plant that breathes Fire, is Susceptible to Electrical Damage and Extremely Hydrophobic, was brought back from a Distant Volcanic Island, has a mean Left Hook, and eats Metal.'

Tales of Tel Aviv

Published January 20, 2004

Politics: G2: Tales of Tel Aviv.

Tomer, aged 33, a promoter in the music business who personifies Israel's lost generation, the soldiers of the two intifadas: 'There's no prize any more for being a good soldier or a good citizen, we all have a mental scratch - for some of us it's a scar, for others it's a Grand Canyon. The saddest thing for me is seeing people in their mid-20s with such an empty look in their eyes. All the symptoms are of people losing hope, of seeing no solution.

At the moment I'm trying to promote the Geneva accords as much as possible. We've all made so many mistakes in this region, what else have we got to lose? But mainly, I'm just sad.'

Serbian Football Hooligans

Published January 20, 2004

Sport: Observer: Football, blood and war: an insane article about the
crossover between Serbian nationalist paramilitaries and football hooliganism:

The crowd watched as a group of Serbian paramilitaries (the self-styled 'Tigers'), dressed in full uniform, took up positions in the north stand. There were about 20 of them and, one by one, they held aloft road signs: '20 miles to Vukovar'; '10 miles to Vukovar'; 'Welcome to Vukovar'. More road signs were brandished, each one bearing the name of a Croatian town that had fallen to the Serbian army. From high up in the stand, Arkan, the notorious commander-in-chief of the Tigers and director of the Red Star supporters' association, emerged to receive the delighted applause of supporters who were no longer fractious but united in hatred of a common enemy - the Croats.

Mind you, that was 1992. Still, very scary. (Via the ie-rant mailing list)

New Spammer Trifluidityck

Published January 14, 2004

Spam: The new hash-busting, Bayes-avoiding, spam evasion trick: inserting random dictionary words into the middle of another word. Like so:

Subject: SPAM(30.8) Be your own bovertigoss...

and

Subject: SPAM(29.6) Earn huge monteleostey quickly from home...

I'm not sure exactly why increasing monteleosity (something to do with the intensity of light emitted on a mountain, I think), and becoming a bovertigoss (a kind of antipodean rodent) would help me, though. It certainly isn't helping the spammers -- both messages were autolearned as spam on arrival.

More Crazy Laws

Published January 14, 2004

Tech: Great. More on the 'prevention of banknote scanning' thread; Ed Felten notes that the European Central Bank is

considering recommending legislation to the EU to require inclusion of currency recognition into digital imaging products. Predictably, the ECB's proposal is wildly overbroad, applying to 'any equipment, software, or other product' that is 'capable of capturing images or transferring images into, or out of, computer systems, or of manipulating or producing digital images for the purposes of counterfeiting'. As usual, the 'capable of' construction captures just about every general purpose communication technology in existence -- the Internet, for example, is clearly 'capable of ... transferring images into, or out of, computer systems'.

Let's hope that proposal gets shot down in the way it deserves.

Annoying Non-spam Tricks, pt. XVIII

Published January 13, 2004

Spam: OK, I just noticed that I have a few hits for the SpamAssassin rule HTTP_ENTITIES_HOST in my corpus. This searches for obfuscated hostnames in the URL links in mail messages, and is generally a very reliable sign of spam -- because who would want to hide a hostname apart from spammers?

Well, Buy4Now.IE, for one, it seems. WTF? I have a mail here that uses this markup: 

  <a href="''http://www&#46;buy4now&#46;ie/fbd''>





Totally and utterly nuts.  If they really wanted a way to tickle
malware detectors, mail filters, and anti-spam measures, they
could hardly pick a better one.   I have no idea why they did this.




grr....

The EURion Constellation

Published January 12, 2004

Tech: PDF file: how do photocopiers decide not to photocopy modern banknotes? 'a geometric pattern ... of five 1 mm large circles'. Fascinating stuff from Markus Kuhn, as usual! (via HackThePlanet)

The True Story of Monopoly(R)?

Published January 12, 2004

Games: Anti-Monopoly: 'A professor and a freelance writer are determined to set history straight on the origin and theft of a favorite American pastime'.

Details how Monopoly(R) is very similar -- and allegedly based on -- The Landlord's Game, a socialist educational game from 1904, which was introduced as follows: 'the object of this game is not only to afford amusement to players, but to illustrate to them how, under the present or prevailing system to land tenure, the landlord has an advantage over other enterprisers, and also how the single tax would discourage speculation'.

Apparently, once Monopoly(R) was set to succeed, this original was bought out and buried for $500. Here's some more links that seem to back that up...

MonopolyCollector.com says 'the Landlord's Game was very similar to Monopoly(R), with the purchase of properties, utilities, a public park square, and a 'Go to jail' square. Many feel Darrow just added items to this game and improved some features.'

This article and its second part provide lots more detail.

Here's a description of 'The Landlord's Game', and another.

The Spam Conference 2004

Published January 10, 2004

Spam: So, next Friday I'll be in Cambridge, MA for the Spam Conference 2004, a one-day extravaganza of probabilistic classifiers, spam-bashing, and hopefully, some socializing too.

Anyone else planning to attend? If so, see you there!

Back to work you slackers

Published January 9, 2004

Funny: The staff of O2 Retail, Kennedy Road, Navan have set them up the foneblog, it appears, and are messing about... Why not give 'em a call? Looks like their number is +353 46 21803!

On the subject -- Dervala on texting. I couldn't get over the text frenzy that took place over New Year's -- I'd forgotten all about it in the few months I'd been away.

Some Good News, For Once

Published January 9, 2004

Food: So I'm reading Fast Food Nation, which looked well set to put me off burgers and beef products for life.

Then I get to the epilogue, and find a glowing write-up for In-N-Out Burger, our local chain; they provide healthcare for their workers, use quality-assured beef, and have received top marks in food quality and cleanliness for years! Hooray! And they even have a secret menu (although the 4x4 seems a bit Elvis, if you ask me).

Beef's back on the menu!

Society: The Age: They are afraid, very afraid: 'it would seem that terrorists have
succeeded in frightening a nation. They may be aided by several decades of over-reaction to the social malaise that is endemic to the poorer and disenfranchised parts of America. It seems that at least one generation has already grown up in the grip of largely irrational fears.'

Misc: some snippets:

Google-Flop: Self-Reinforcing Stupidity

Published January 9, 2004

Web: What's the link between Debian Linux and Dueling Banjos? Any ideas? No? Well, according to Debian Weekly News of September 16th, 2003, it's become what's called a Google-flop:

No Dueling Banjos from Debian. Some of the most bizarre mails on debian-devel over the years have been repeated requests by various people for the sheet music for dueling banjos. Several list subscribers have been eager to assist the posters in their search. Jim Penny called this the Dueling Banjo Effect and explained that this has become a self-perpetuating Google-flop. People use Google which points them to Debian to get this sheet music, and the act of asking reinforces Google's notion that Debian is a good place to get the music.

(thanks to Rick Moen for pointing this out on the ILUG list.)

Nicorette

Published January 8, 2004

Funny: Getting Even With Nicorettes (NYTimes): a very funny article about giving up smoking by taking up a full-time nicotine gum habit.

'I'll be at a party,' he said, 'and someone will say, `Oh, is that Nicorette?' and I'll say, `Yes, do you want some?' They'll say, `Oh, I don't smoke,' and I'll say, `Try it anyway.' There's this excitement and curiosity, and then on about the fourth chew, this look comes over their face that says, `Oh God, why are you giving me lead?'

'It's like prank gum. It's like going to kiss your grandmother and finding her tongue in your mouth.'