Friday, March 26, 2004

The Code BookOne of the soft drink companies -- that shall remain nameless -- is imprinting ten character alphanumeric codes on each bottle top. By entering the codes into a web site, you can collect points which are redeemable for prizes.

As an academic exercise, one could investigate how these codes might have been generated. Consider that you might use the alphabet (A through Z) and certain numerals (say: 3, 4, 6, 7, 8 and 9). Those numerals might have been chosen to prevent ambiguity during data entry (e.g., the number "1" might look too much like the letter "I"). Anyhow, that range of alphanumerics allows 32 discrete values or five-bit patterns (2 to the fifth power).

Imagine further that, embedded within each code there might reside a random, time-based key. Using the time-based key, one could decrypt the remaining five-bit "bytelets". It might even be possible that a check value would also be embedded within each code to ensure its integrity. For example, a checksum, a CRC or a truncated hash (such as an MD5 value) could be generated and encrypted as part of the code string.

If one could imagine how this was all accomplished then one could theoretically co-opt this "virtual currency". However: given the fact that publishing an algorithm of this sort might technically run afoul of any number of new-fangled laws like the DMCA... even if one were able to deduce the algorithm used for code string generation, it would be highly risky to employ it for evil purposes. So there... you're warned. :-)

BTW

Simon Singh's The Code Book is not just one of the best books on cryptology and "code-breaking" ever written... it might be one of the best historical, non-fiction books of any type ever written. It's startlingly good. Highest recommendation.

Week-long Hiatus

This blog, which has been regularly updated since November, will probably be going on a week-long hiatus starting tomorrow. Mr. T has promised to Tivo the Sopranos for me. My prediction: a Mr. Johnny Sac is going to be sleeping with the fishes quite soon....

Wednesday, March 24, 2004

PHP 5 and SimpleXML

You'd be correct in guessing that there isn't a book out on PHP 5 and XML... thus, we'll revert to version 4 in this link! Whickety whack!Talk about simplicity. I was just reading over Andi Gutman's summary of new features in PHP 5. The Simple XML and SOAP examples struck me as indicative of PHP. Pure, unadulterated simplicity. No language on the planet (that I'm aware of, anyhow) reduces logic so dramatically.

From Andi's new book: Probably when looking back in a year or two it will be clear that SimpleXML has revolutionized the way PHP developers work with XML files. SimpleXML could really be called "XML for Dummies". Instead of having to deal with DOM or even worse SAX, SimpleXML represents your XML file as a native PHP object. You can read, write or iterate over your XML file with ease accessing elements and attributes.

Consider the following XML file:


<clients>
<
client>
    <
name>John Doe</name>
    <
account_number>87234838</account_number>
</
client>
<
client>
    <
name>Janet Smith/font></name>
    <
account_number>72384329</account_number>
</
client>
</
clients>


The following piece of code prints each client’s name and account number:

$clients = simplexml_load_file('clients.xml');
foreach (
$clients->client as $client) {
    print
"$client->name has account number $client->account_number";
}


SOAP: ...the following calls SomeFunction() defined in a WSDL file:

$client = new SoapClient("some.wsdl");
$client->SomeFunction($a, $b, $c);


What's New in PHP 5

Whither the Television Commercial?

TiVo Series2 80-Hour Digital Video RecorderFrom MIT's Technology Review Blog: a brief missive on the 'death of the TV commercial'.

Mailblaster is an online newsletter targeting those who do business with or have an active interest in what’s happening on Madison Avenue. More and more, the newsletter is focusing on alternatives to the 30- or 60-second commercial. They are predicting an evolution from zapping (that is, changing the channel to avoid commercials) to skipping (that is, using your digital video recorder to skim past commercials) to “opt-out“ (that is, being willing to pay extra to watch the show without commercials)...

...One recent article identifies a broad range of alternatives to traditional advertising that are being tested in what many see as an experimental period for the future of branding and marketing. Most of these involve some further blurring of the line between commercials and content, including product placements, programs based on ad campaigns, short interstitial movies, pop up ads on the bottom of your television screen, even the prospect of a whole channel devoted to content generated by a particular sponsor (if this seems unlikely, see if your local cable company is getting the Hallmark Channel, which mostly programs the four or five decades of content generated by the Hallmark Hall of Fame)...


That was so 30 seconds ago

GoogleFight

I would like to suggest the following GoogleFight matchups (hint: use double quotes around each phrase to get a more accurate 'punch count'):

Chevrolet Vega vs. Ford Pinto
Robert Parrish vs. Kevin McHale
Deviled Eggs vs. Potato Salad

GoogleFight

Tuesday, March 23, 2004

A bit more on Richard Clarke

Click here for a surprise, whickety whackHoly Toledo! The Imus program had Laura Ingram or someone on (don't recall who offhand) who was livid over the fact that CBS didn't disclose their financial interest in Clarke's book! The chain she described was: CBS owns Viacom, which owns Simon & Schuster, which published Clarke (again, apologies if I'm mistaken - that's from memory). In any event, an egregious conflict-of-interest, especially if it wasn't disclosed on the program. Uhm, yeah, CBS, we can certainly take your reporting seriously now! CBS' bias was a joke before this. They're simply a historical footnote after this.

CBS News' "60 Minutes" has raised eyebrows in journalism circles for failing to disclose its corporate connection to an upcoming book by former White House terrorism official Richard Clarke that was the subject of a segment of Sunday's edition of the newsmagazine... Clarke's "Against All Enemies" is published by a unit of Viacom-owned Simon & Schuster..."

'60 Minutes' Book Segment Creates Stir

Feech, you Magnificent Bastard, I read your Book!

Sopranos complete 4th seasonI have a new signature that I'll be using on all of my public postings from this point forward. Or at least until I come up with a better one.

Proud Graduate of the Feech LaMana School of Anger Management

Outstanding episode of the Sopranos this Sunday (the only television show I watch, other than the occasional NCAA basketball contest)... unfortunately, events are conspiring to take me out of pocket for the fourth episode. Apparently, one of the "main characters" is destined to get whacked. I've heard that either Silvio (unlikely, IMO) or Johnny Sac (much more likely) are on the chopping block.

NJ.com: 'Sopranos' Forum

Out of pocket... definitely out of pocket

Eastern Caribbean

Day Port - Arrival and Departure Times
0 Ft. Lauderdale, Florida - 5:00 pm
1 Half Moon Cay, Bahamas - 8:00 am 4:00 pm
2 At Sea
3 St. Thomas, U.S. V.I. - 8:00 am midnight
4 Road Town, Tortola - 7:00 am 6:00 pm
5 At Sea
6 Nassau, Bahamas - noon 7:00 pm
7 Ft. Lauderdale, Florida - 8:00 am

Monday, March 22, 2004

Click here for a surprise, whickety whackI find it quite an amazing coincidence that Richard Clarke's accusations (that the Bush Administration was hesitant to act against Al Qaeda) were delayed until his book was published. Seems as though the former counter-terror head wasn't concerned enough to raise a stink until he could make some money off of the deal. But leave it to CBS to position Clarke's book tour as "news".

Condoleezza Rice: "This retrospective rewriting of the history of the first several months of the administration is not helpful... to somehow suggest that the attack on 9/11 could have been prevented by a series of meetings -- I have to tell you that during the period of time we were at battle stations..."

...Rice pointed out that Clarke was in charge of counterterrorism efforts in 1998 when U.S. embassies in African were bombed and in 2000 when the USS Cole was bombed, as well as during "a period of the '90s when al Qaeda was strengthening and when the plots that ended up in September 11th were being hatched."

...Rice said the only time she recalls Clarke asking to brief the president was in June 2001 -- and it was on the issue of cybersecurity...


CNN: Rice rejects Clarke charges

Sunday, March 21, 2004

Do you PHP?

Advanced PHP ProgrammingSurprise! Oracle's Technology Network features an incisive interview with PHP founder Rasmus Lerdorf. So the Java community is finally waking up to the fact that the dominant application serving language on the planet is PHP (when Netcraft recently pinged 47,173,415 domains, it found that 15,205,474 had PHP installed). He has some beautiful comments for those who would demean PHP.

About the lack of enforced structure, all I can say is that I absolutely hate programming frameworks that lock me into a certain way of approaching a problem. That doesn't mean I don't believe in structure and frameworks, but I do believe in people having the power to come up with their own to match their environment...

...One of the big strengths of PHP over many other tools aimed at solving the Web problem is that other tools tend to associate such very specific targeted problem solving with the need to control how users approach the problem structurally. PHP doesn't impose any such structure, choosing instead to focus on making each individual functionality aspect of the problem as easy as possible to use... For example, PHP provides very targeted functions for communicating with a back-end database. These are specific to each database and do not sacrifice any performance to gain uniformity or consistency with other back-end databases. There is also no set way to structure a PHP application in terms of file layout and what goes where...

...Despite what the future may hold for PHP, one thing will remain constant. We will continue to fight the complexity to which so many people seem to be addicted. The most complex solution is rarely the right one. Our single-minded direct approach to solving the Web problem is what has set PHP apart from the start, and while other solutions around us seem to get bigger and more complex, we are striving to simplify and streamline PHP and its approach to solving the Web problem...

What it all boils down to is that PHP was never meant to win any beauty contests. It wasn't designed to introduce any new revolutionary programming paradigms. It was designed to solve a single problem: the Web problem.


Do You PHP? by Rasmus Lerdorf
Beyond MVC

J2EE Best Practices: Java Design Patterns, Automation, and PerformanceIt is important while we are studying and using MVC that we bear in mind the original purpose of the pattern: to reduce the complexity of user interfaces for a large and complex information system. It was designed for a specific purpose and evolved to meet a specific need.

Dr. Reenskaug's work in MVC has not been abandoned. Earlier this year, he began publishing material on his new MVC pattern language.

Nowhere, ever, in any of his papers was it suggested that the MVC pattern could be used to address the needs of n-tiered workflow processing infrastructures. But here we are, 24 years later, trying to pound in nails with a screwdriver. Despite the careful effort of scientists from Reenskaug's generation, it seems that we've not learned a thing...


Beyond MVC: A New Look at the Servlet Infrastructure
The World's Two Worst Variable Names

C: A Reference Manual (5th Edition)...sometimes you'll find variables where all vowels have been removed as a shortening technique, instead of simple truncation, so you have $cstmr instead of $cust. I sure hope you don't have to distinguish the customers from costumers!

There have also been intentionally bad variable names, where the writer was more interested in being funny than useful. I've seen $crap as a loop variable, and a colleague tells of overhauling old code with a function called THE_LONE_RANGER_RIDES_AGAIN(). That's not the type of bad variable name I mean.

Variable naming conventions can often turn into a religious war, but I'm entirely confident when I declare The World's Worst Variable Name to be:

$data

Of course it's data! That's what variables contain! That's all they ever can contain. It's like you're packing up your belongings to move to a new house, and on the side of the box you write, in big black marker, "matter."


O'Reilly Network: The world's two worst variable names [Mar. 07, 2004]

IBM DeveloperWorks: Bayesian Inference in PHP

An Introduction to Bayesian Inference and Decision, Second EditionOne of the most useful, coolest technologies that has come down the pipe has been Bayesian calculation and filtering. New from IBM's DeveloperWorks this morning is a great piece covering it. Paul Meagher introduces Bayesian inference by discussing the basic mathematical concepts involved and demonstrating how to implement the underlying conditional probability calculations using PHP. In this article, the author discusses how Bayesian inference can be used to build an online PHP-based wizard that guides a user through the process making a medical diagnosis...

This three-part series features interesting applications designed to help you appreciate the power and potential of Bayesian inference concepts. It's good that he starts with some basics like conditional probability (the base of the bayesian functionality) and then quickly moves using this functionality to create a probability function. They roam through various formulas, showing you how each relates to the greater whole, and, in the end, help you create a 'medical diagnosis wizard' for your benefit...
"

IBM DeveloperWorks: Bayesian Inference in PHP

Saturday, March 20, 2004

How Would You Move Mount Fuji?Microsoft's first great developer might have been Charles Simonyi. The mission of his new company, Intentional Software, is to destroy the disconnect that exists between domain experts and software developers:

You are tackling the software development bottleneck problem. Can you elaborate on the problem and how you plan to solve it?

The goal is to do something about the bottleneck, to analyze the systemic problem and redeploy the resources in a way that helps resolve the problem. Tools have to be involved--that's the business proposition for our company--but they have to operate in a new relationship between subject matter experts and the programmers.

Currently, the key element to a killer app is what the application does for people. In health care, for example, helping doctors with patient care is a tremendous opportunity. You need subject matter experts, like doctors and health care administrators, who understand the issues of their domain. The biggest problem is that what a subject matter expert is trying to accomplish is not expressed in the code. The code is really the first truly precise description of the problem. The intent of the subject matter expert, however, is not apparent in the code.
"

Software to cut the digital fat

Hungarian Notation

MFC Programming with Visual C++In response to a request for a 'cheat-sheet' on Hungarian Notation, I wrote the following email to a couple of the younger developers with whom I work. The last paragraph is the 'inside joke' given the proclivity of modern academia to stress Java as the de rigeur  programming language.

> > RECOMMENDATIONS for HUNGARIAN NOTATION
> >
> > The following are some common recommended Hungarian Notation prefixes for variables defined in MFC projects:
> >
> > BOOL bFinished;
> > BYTE byteLastProcessed;
> > BYTE* pbyteLastProcessed;
> > CHAR cFirst;
> > CHAR[] (null-terminated) szCommandBuffer;
> > CHAR* (null-terminated) pszCommandBuffer;
> > CByteArray cbaExplodedValues;
> > CByteArray* pcbaExplodedValues;
> > CCriticalSection ccsArrayProtector;
> > CButton* pButton;
> > CDocument* pDoc;
> > CEdit m_edtLogWindow;
> > CEdit* pedtLogWindow;
> > CFile cfileLog;
> > CListCtrl m_lcDevices;
> > CListCtrl* plcDevices;
> > CMapStringToString mapCommandLookup;
> > CMapStringToString* pmapCommandLookup;
> > CPropertyPage m_pageConfigurationOptions;
> > CPropertySheet m_sheetSetup;
> > CString strPrefix;
> > CString* pstrPrefix;
> > CStringArray csaCommands;
> > CStringArray* pcsaCommands;
> > CWnd* pwndParent;
> > DWORD dwValueCount;
> > DWORD* pdwValueCount;
> > HANDLE hBitmap;
> > HDC hdc;
> > HICON hiconMaster;
> > HWND hwndParent;
> > INT nRangeBegin;
> > INT* pnRangeBegin;
> > LONG lTemp;
> > RECT rectClient;
> >
> > I hereby waive all royalties due me for use of these prefixes provided that users acknowledge that the one true hierarchy of programming languages is as follows: "C/C++, PHP, Assembler, Pascal, Perl, FORTRAN, Smalltalk, LISP, Java, Visual Basic, BASIC, ADA, PL/I, COBOL". Users will also acknowledge that C# was recently named "Rookie of the Year", but is - as yet - unranked.


More on C. Simonyi

Donald Knuth's The Art of Computer Programming, Volumes 1-3 Boxed SetJOS had a link to a wonderful interview with Mr. Simonyi. Some excellent quotes:

On the Beauty of a Program

I'll bet you that from ten feet away I can tell if a program is bad. I might not guarantee that it is good, but if it looks bad from ten feet, I can guarantee you that it wasn't written with care. And if it wasn't written with care, it's probably not beautiful in the logical sense.

On Hungarian Notation

So if you have a structure with certain properties, instead of giving it some arbitrary name and then having everybody learn the association between the name and the properties, you use the properties themselves as the name. This method has a lot of advantages. First, it's very easy to create a name--as you think of the properties, you write them down and immediately have the name. Second, it is very understandable, because as you read something you learn a lot about the properties from the name. As these properties get more and more numerous, it becomes difficult to describe them concisely. So "Hungarian" introduces some abbreviated notation to encode the properties in a short space. Of course this is a complete jumble to the uninitiated, and that's the joke.


Interview with Charles Simonyi

Thursday, March 18, 2004

Scrum and Agile Development

Scrum FlowIinterested in agile development methodologies? Scrum is an increasingly popular process that is laser-focused on quality deliverables. Whether you're managing the IT function at a giant insurance company, developing firmware, or anything in between, you'd be well served checking out Scrum (and/or other Extreme-Programming related agile methods).

Scrum: an iterative, incremental process for developing software in chaotic environments. Scrum consists of a series of 30 day sprints, each sprint producing an executable. Between sprints, all interested parties evaluate progress and reevaluate technical and business requirements. Work is reestablished and the team enters into another sprint.

The pulse of Scrum is the key to its success … management determines what should be done prior to every sprint, their determination influenced by prior deliverables and requirements. During the sprint, the team is left alone and produces the best software possible : let in chaos, keep out chaos, let in chaos, keep out chaos, let in chaos, keep out chaos … etc.
...

Agile Alliance

Offshoring: The Root of the Problem

Offshore Software Development - Outsourcing for SMEs and IndividualsExcellent article and even better follow-up discussion regarding the ramifications of IT outsourcing.

I argued that outsourcing software posed other risks, because it essentially exports and helps nurture competition in the one area that is a key, strategic advantage for the U.S. and, to a lesser degree, Europe. Software IP is the key differentiator for our economies, a technology whose impact is pervasive. From the human genome project to Pixar's movies, software is the core technology that makes it work.

This drew baffled looks. "Programming is a commodity, grunt work," said the board member. "Software isn't different from the textile industry," the CEO said.

...Carol Bartz, long-time CEO of Autodesk, Inc. in San Rafel, Calif., defended her company's extensive offshoring of U.S. software jobs, chanting the same Corporate Darwinism dogma.

Then later in the interview, Bartz decried the lack of high-tech students at colleges. Even Homer Simpson would utter his trademark "Doh!" at that logical inconsistency. Bartz is cutting software jobs, is participating in the trend to cut pay for high-tech professionals, then wonders why enrollment in technical majors is declining. Only executives (and politicians) can be that hypocritical and self-serving with a straight face...


Original article and follow-up discussion

Wednesday, March 17, 2004

MySQLFrom Database Debunkings - quote of the week:

SQLite is 'typeless'. This means that you can store any kind of data you want in any column of any table, regardless of the declared datatype of that column. (See the one exception to this rule in section 2.0 below.) This behavior is a feature, not a bug. A database is supposed to store and retrieve data and it should not matter to the database what format that data is in. The strong typing system found in most other SQL engines and codified in the SQL language spec is a misfeature - it is an example of the implementation showing through into the interface. SQLite seeks to overcome this misfeature by allowing you to store any kind of data into any kind of column and by allowing flexibility in the specification of datatypes. Even though SQLite allows the datatype to be omitted, it is still a good idea to include it in your CREATE TABLE statements, since the data type often serves as a good hint to other programmers about what you intend to put in the column.

DATABASE DEBUNKINGS - SQLite
NBC: Clinton Ordered bin Laden Spared

Bin Laden: The Man Who Declared War on AmericaI'm still waiting for Bill Clinton, Hillary Clinton, James Carville, John Kerry or any of the other members of the left who have an explanation for this stunning report from NBC. And I'm taking odds on when we'll hear from the shrill and un-funny Al Franken on this topic. The current betting line says never.

A secret CIA videotape shows that the Clinton administration had pinpointed the whereabouts of Osama bin Laden a year before the 9/11 attacks, but declined to kill him because of White House orders that he should be taken alive... The video, obtained and broadcast by NBC News, "illustrates an enormous opportunity the Clinton administration had to kill or capture bin Laden," the network reported Tuesday...

...Though President Clinton has boasted repeatedly that he issued orders to kill bin Laden, no action was taken when the White House finally got its chance... ...Gary Schroen, a former CIA station chief in Pakistan, told NBC that the White House had in fact ordered the CIA to do just the opposite - take bin Laden alive or not at all.

The directive effectively killed the plan and, along with it, the U.S.'s best chance to prevent the 9/11 attacks.


Clinton ordered bin Laden spared

Tuesday, March 16, 2004

Linux to Windows to Mac

Free download of BadBlueI noticed that BadBlue is being used on an intranet to share files between Linux, Windows and a Mac. While BadBlue currently only supports Windows, browsers on any platform easily upload and download files from it. So users on Linux can easily transfer files back and forth from Windows... and the same for Mac users. It's way, way, way easier than configuring an FTP server or a Samba share.

BadBlue Personal Edition - Download

Washington Post... queries Kerry?

Deliver us from evilThe Washington Post -- not exactly known as a mouthpiece of the right -- recently posted a stunning op-ed piece on John Kerry's two-faced voting record. The "junior senator from France" (props to the Don Imus show) has now skirted several of the central issues that he, himself, has raised: the "world leaders" who are rooting for him to beat the President in the general election; the linkage between Al Qaeda and Iraq now that the attack on Spain has exposed the truth; the Pakistani nuclear network that ran wild during the Clinton years; and, most importantly, the voting record that the Post terms "fuzzy" (as opposed to "lobbyist-driven", or "whichever agenda suits him politically at any given instant"):

The most important confusion surrounds Mr. Kerry's position on Iraq. In 1991 he voted against the first Persian Gulf War, saying more support was needed from Americans for a war that he believed would prove costly. In 1998, when President Clinton was considering military steps against Iraq, he strenuously argued for action, with or without allies. Four years later he voted for a resolution authorizing invasion but criticized Mr. Bush for not recruiting allies. Last fall he voted against funding for Iraqi reconstruction, but argued that the United States must support the establishment of a democratic government.

Mr. Kerry's attempts to weave a thread connecting and justifying all these positions are unconvincing. He would do better to offer a more honest accounting. His estimation of the cost of expelling Iraq from Kuwait in 1991 was simply wrong; and if President Bush was mistaken to think in 2003 that there was an urgent need to stop Saddam Hussein from stockpiling weapons of mass destruction, Mr. Kerry made the same error in 1998.


Time for Clarity

Google Hacks - Whickety WhacksGood SecurityFocus column on the use of Google by blackhat-types. Bottom line: there's a lot of crap getting spidered out there... that shouldn't be anywhere near an extranet or DMZ. That's why the vast majority of companies need a Brooke Paul type as their CISO (i.e., someone familiar with the people, the processes and the technologies). But I guess there aren't a lot of those folks around.

...Let's try our search, but stick to the .edu top-level domain, so we're looking for "budget filetype:xls site:edu". 15,200 hits. Not bad. Things are starting to look very interesting...

The title of these directory listings almost always start with "Index of", so let's try a new query that I guarantee will generate results that should make you sit up and worry: "intitle:"index of" site:edu password". 2,940 results, and many, if not most, would be completely useless to a potential attacker. Many, however, would yield passwords in plain text, while others could be cracked using common tools like Crack and John the Ripper.


Googling Up Passwords and GoogleDorks (good amalgamation of various Google- and security-related hacks).

Win2K LDAP brute-forcer

A casual read-through of GoogleDorks yielded this egregious -- if true -- brute-force attack on Windows 2000's LDAP listener. I didn't check to see whether it's been patched or not, but it's worth noting in case you're running Win2K:

Title: Win2K LDAP authentication bruteforcer - ...I noticed when playing around with LDAP on Win2k that LDAP authentication requests came back with different response codes when using an existing username vs a non-existing one. Using this technique, you can enumerate usernames on the server. In addition, LDAP authentications don't seem to count as invalid logins as far as the 2k user is concerned. This means you can remotely determine usernames, and attempt passwords to your heart's content without bothering the set lockouts. Nice.

Macromedia Flash MX 2004 for DummiesInternet Explorer ever suck up 100% of your CPU for no apparent reason? It could be Macromedia Flash ads -- it was for me on one of my slower machines -- and it was driving me crazy. I found this solution on Ozone Asylum (caution: you should be comfortable editing the registry to use this little hack):

Foolproof way to disable flash in win XP without any pop-up errors, messages, or prompts. Feels like Flash was never even invented. Click Start, Run, type regedit. Go to following dir:

HKEY_LOCAL_MACHINESOFTWARE/MicrosoftInternet Explorer/ActiveX Compatibility

Click Edit, New, Key. Name New Key: {D27CDB6E-AE6D-11CF-96B8-444553540000} (including the {})

Now create [a] new DWORD value inside this key. Rename this DWORD value to "Compatibility Flags". Set Value Data to 400 and Base to Hexadecimal. To enable flash simply delete the key.


Internet Explorer (IE): Disabling Flash

Monday, March 15, 2004


Rollin' Heat

The Bias Against GunsThe least likely folks might be the first in line to carry concealed weapons, according to this Ohio Beacon Journal article.

One is a fifth-grade teacher, another a stroke victim who walks with a cane. Not exactly the folks you would expect to be packing heat. But both recently took firearms training so they can become eligible to carry a concealed weapon come April.

That's when Ohio's new ``concealed carry'' law takes effect -- for those who qualify and are trained.

It's not surprising that some Ohioans want to carry guns. But it is surprising to shooting instructors just who some of those people are.


Some unlikely candidates are ready to carry firearms

Mobbed Up

Sopranos complete 4th seasonThis is one of the most active Sopranos discussion sites that you'll find. And I had a tough time locating it:

NJ.com: 'Sopranos' Forum

Sunday, March 14, 2004

Tough Luck - by Jason StarrI just finished Jason Starr's Tough Luck and submitted this Amazon review.

A worthy successor to the Jim Thompson

The greats of noir fiction had a way of putting you inside the heads of the disenfranchised, the losers, even stone-cold, psychopathic killers. And the most skillful among them -- say, a Jim Thompson -- had the reader gradually empathasizing with these outcasts. Jason Starr can stand toe to toe with any of these authors. His _Tough Luck_ is an expertly written story.

Mickey Prada is a poor kid trying to make good. Working in a fish market while saving for college, he also takes care of his Alzheimer's-ridden Dad. Things are going pretty well for Mickey until a slick-looking mobster walks into the fish shop. Angelo Santoro starts talking football and betting with Mickey. Before long, Mickey's placing 'good faith' bets for Angelo. And Angelo keeps losing. Now Mickey's in the hole to his bookie and Angelo won't make good on his debt.

In order to get out of hock, his lifelong friend Chris proposes a burglary of a fancy home. It'll be easy money, what with the homeowners on vacation. And Mickey will surely be able to pay off the bookie and maybe pick up some nice trinkets for his new girlfriend. It all sounds so simple. But nothing goes quite as you might expect -- and none of the well-drawn characters will ever be the same after _this_ caper.

Starr writes with exquisite attention to detail. The jargon of the early eighties... the fashion... the culture... all are snapshots wrapped around the realistic foibles of each character. I'll definitely be picking up the rest of Starr's books. It's easily some of the best noir fiction going.

Saturday, March 13, 2004


OCR

Neural NetworksThe Code Project has an interesting article on the implementation of a simplified neural network for OCR (optical character recognition).

Neural Network The concept behind a neural network is tantalizing: construct a series of simulated neurons -- actually, virtual circuits -- connected to one another in patterns that mimic a very simplified "brain". Then, train the network by feeding it input and judging its output. Reward correct results by changing the weights that are used to feed connection signals.

Creating Optical Character Recognition (OCR) applications using Neural Networks

More on Neural Nets: Back Propagation

Back PropagationA proof of the Back Propagation Weight Update Rule exists here.

Prematurely Dead

ChokeholdPlastic has an interesting article and cogent discussion on Pro Wrestling's plethora of deaths. I've heard that about 65 current and former pro wrestlers have died in recent years. Abuse of steroids, HGH, pain-killers and other drugs would appear to be the primary culprit.

Every other week, it seems that another pro wrestler has dropped dead at a young age. Mike Lockwood, known professionally as Mad Mikey and Crash Holly, is the latest casualty, but there's a long list of premature deaths which include Road Warrior Hawk, Ravishing Rick Rude, "Mr. Perfect" Curt Hennig, Davey Boy Smith, Brian Pillman, Yokozuna, Terry Gordy, Rocco Rock, Louie Spicoli, Miss Elizabeth, Eddie Gilbert, Art Barr, and Kerry Von Erich. Sadly, this list is far from complete," a somber KJames199 writes. "While Owen Hart died in the ring when a stunt went wrong and the Junkyard Dog perished in an auto accident, quite a few of the deaths can be tied to drug use. Many wrestlers use steroids and/or Human Growth Hormone (HGH) to look like they do, then follow it up with painkillers to let them handle a life where bumps, bruises, and broken bones are a part of the job, and where you often don't get paid if you don't (or can't) work. The cost of this drug use is now being seen with young wrestlers dying at an alarming rate. If NFL football players were passing away at the same rate, it would be an enormous scandal. However, the media (with a few exceptions) seems to turn a blind eye to these deaths, possibly not willing or able to cover fake wrestling in a serious manner...

Last Man Standing — Pro Wrestlers Dying Young and a gallery of deceased wrestling figures can be found at The Dead Wrestler Tribute.

Friday, March 12, 2004

Alan Turing - The EnigmaHave been thinking about Captchas recently (see below for details if you're not familiar with the term). Namely, are there better approaches to Captchas than digitally altered text? Because there's a possibility that OCR software -- say, the kind that the Post Office uses to read hand-written ZIP codes -- can already defeat the "munged text" strategy.

For example, here's a different kind of image-based approach (I don't have any suitable clip-art handy, so bear with me). Imagine, if you would, that each "bird image" and "car image" -- below -- is a different photo of a bird or car, respectively:

Bird image
Bird image
Car image
Bird image
Bird image
Bird image
Bird image
Bird image
Bird image
Bird image
Car image
Bird image
Bird image
Bird image
Bird image
Bird image


Check the boxes underneath the 2 Cars, then Press


My stats are rusty, but I believe the odds that a computer could pick the correct two images (say, cars in this example) is 2/16 * 1/15 or about 1 in 120. Not good enough? Making the user match 3 images ups the odds to about 1 in 600. 4 matches yields odds of about 1 in 1800.

Still not good enough? What if we randomly produce 2, 3 or 4 matches - and force the user to pick all of them? (Obviously, we would change the caption to Check the boxes underneath ALL of the cars). Again, I'm not a stat-dude, but I think the odds now soar to about 1 in a million. I think that's probably good enough. Plus, it relies upon recognition of dynamically chosen images -- not alphanumeric characters -- which requires substantially more computing power to analyze.

Thursday, March 11, 2004


Nick Fury

Nick Fury, Agent of SHIELDGrowing up, my favorite comic book was Nick Fury, Agent of SHIELD. SHIELD stood for Special Headquarters for Intelligence, Espionage, Law Enforcement and Defense. Perhaps I made that up. I've long since forgotten what it stood for. But I do remember the artwork. Johnny Severin, I believe, was the unbelievably great master behind the first few issues. He was so good, reading the comic was almost like watching a movie. Severin was just that talented.

Fury was a former WWII non-com, the leader of the Howling Commandos (subject of another great Marvel comic book). The Commandos fought mostly in the European Theater and Fury's crew came within a whisker of kidnapping and/or killing Hitler on several occasions.

In the late sixties, of course, the James Bond phenomenon was sweeping the country. Fury was modernized as a secret agent, actually the head of SHIELD, with an expanse of gadgets and weaponry that would leave "Q" green with envy. HYDRA (don't ask me what that stood for) was SHIELD's arch-enemy, the SMERSH to Bond's British Intelligence.

The reason Fury was so compelling is best described in this single paragraph:

Nick Fury has trained as a paratrooper, Ranger, demolitions expert and vehicle specialist. He holds an unlimited-tonnage, all-seas license as a commander of ocean-going vessels. Fury has completed Green and Black Beret special-forces training, is a seasoned unarmed- and armed-combat expert, was a heavyweight boxer in the Army, and holds a black belt in Tae Kwan Do and a brown belt in Jiu Jitsu. He has honed his fighting skills sparring with the star-spangled Super-Soldier called Captain America, perhaps the world's finest unarmed-combat expert. The experimental Infinity Formula that Fury first ingested during World War II retarded his aging, granting him the physique of a much younger man. Nick Fury, the oldest of three children born to an American pilot who died in battle during the final year of World War I, grew up in the Hell's Kitchen neighborhood of New York City. At the start of American involvement in World War II, Fury enlisted in the Army. He underwent basic training at Fort Dix in New Jersey under the command of Sgt. Charles Bass, a stern taskmaster who singled him out as the company scapegoat. In short order, Fury proved himself to be an excellent soldier and capable leader, and rose quickly to the rank of sergeant.

You want a piece of Nick Fury? Well, do ya?

Nick Fury, Agent of SHIELD

Wednesday, March 10, 2004

Great jobs for Art MajorsI sometimes think that algorithms were hard-wired into my brain from my very earliest days on the planet. And, no, Lincoln wasn't President then.

When I was a little kid, I remember cutting covers of Time Magazine off. Then, using a ruler, I'd draw a grid of "cells" on each cover. A cover might have a matrix of 50 or 60 cells in the X axis and 70 or 80 in the Y axis when I was done with it. I would then make a judgment call on each cell of the grid as to its relative lightness or darkness level. Using a typewriter, I would manually transcribe each cell into a typewritten character. A really dark cell might be an X or an M. A really light cell might be a space character or a period.

After painstakingly transforming the grid into a typewritten page, I got some pretty cool results. I think I still have my "portrait" of Nixon press secretary Ron Zeigler around somewhere (contact me for pricing info ;-).

The reason I bring this up is there's a technology out today -- sometimes called a Captcha -- that generates text in JPG form to prevent automated access to certain web pages. For example, when you create a Yahoo account, you're asked to enter a textual phrase that appears as a morphed image. The tacit assumption is that only a "real" brain can perform the necessary pattern recognition.

But why are JPG's even necessary? You could use (TT) text in the HTML itself. Here's an oversimplified example:

............ZXX............ ..........
...XXXX....Z...Y.............3333...........
...X...X...Z...Y....6555....3...............
...X...X...Z...Z...6.........3333...........
...XXXX.... ZZZ.....6666.........3.......---
-. X..X.................6....3333........---
-..X...X............6666.................---
-..X....X................................---

which you would probably recognize as 'Ross'. The HTML font size would be very tiny. Colors could be used. The text could be slanted, italicized, whatever.

So why does this matter? One unique aspect of the text-based approach is it conforms to accessibility standards (e.g., the font size can be increased at the browser). One of the complaints about JPG images is that folks with visual impairments can't increase the size. From your Internet Explorer menu, do a View >> Text Size and increase the text-size to see the effect.

This "text-based bot defeater" answers the accessibility issue and provides help to folks with vision problems. At least, that's my take.

Entertainingly dull

Blog on, dudeIs this really The dullest blog in the world? It actually is more entertaining than you might think... at least for about 45 seconds or so. :-)

Rant-o-Matic 2000

Speaking of childish rants -- okay, actually we weren't, but -- I was having a conversation with Mr. T about the fact that he hasn't updated his blog in about a week. His response:

But I'm out of town. Waah. Waaah. WAAAAAH.

Okay, he didn't actually cry. But my response was:

NEWS FLASH: ITS THE F**KING WEB

Not ten minutes later, his blog was updated... with a scathing indictment of one of my blog entries. But he's not bitter.

Tuesday, March 09, 2004


I, Intel

FPGA-Based System DesignSo, I was looking to design my own chips for some custom hardware I was putting together. Well, not really, but I just read this article on how to create your own custom chips. It's pretty neat. You don't need a $500,000,000 fab plant. You don't even need $100. Read on.

You can design your own chips at home with a PC using no more than about $50 of equipment and I'm going to tell you how with the absolute minimum of effort.

I'm going to make some basic assumptions: that you vaguely know a language with C like syntax and have a vague idea that digital electronics is about manipulating binary data represented in wires by a voltage level using logic gates.

You can't design your own components completely from the ground up at home, for that you do need a lot of expensive equipment. But what you can do is program what are known as Field Programmable Gate Arrays (FPGAs) or Complex Programmable Logic Devices (CPLDs). These are large arrays of logic gates connected by a complex network that allows you to connect any gate to any other pretty much however you want. In effect you design a logic circuit on a PC that is downloaded to a chip...


A Verilog Introduction for Hackers

Tomes

A History of PiA great post on Kuro5hin asks:

What books have influenced your life?

Cojones

Intelligent IT Outsourcing: Eight Building Blocks to SuccessInfosys Technologies, an India-based software development company with its U.S. headquarters in Fremont, asked the state for more than a million dollars in tax relief, saying the standard tax formula fails to reflect that two-thirds of its U.S. work is done offshore.

In its petition to the California Franchise Tax Board, Infosys argues that it pays its engineers in California nine times more than those in India and that difference inflates its California tax liabilities.

State tax officials rejected the claim last week. But the request for a lower tax burden by the company -- which derives about 75 percent of its $1 billion a year in revenue from U.S. companies -- left some observers dumbfounded.

``They're asking for a tax break on the grounds their payroll costs one-ninth in India,'' said Lenny Goldberg, director of the California Tax Reform Association. ``It takes a lot of nerve to ask that, considering the context in which they operate.''"


Tax relief for offshoring?

Monday, March 08, 2004

User Interface Design For ProgrammersJoel was kind enough to answer my question on JOS' 'Ask Joel' forum.

Question: A followup to the thread regarding worrying about what customers are saying about your products -- rather than what competitors are doing. What methods are you using to solicit meaningful feedback from customers? What about prospects? Do you do any outbound calls/emails/etc. for this purpose?

Answer: Nothing outbound. Our three best sources for feedback:

* the "Send Feedback" menu item in CityDesk. Goes right into our bug tracking database, and generates so much (excellent) feedback that we simply can't reply to any of it; we're lucky if we have time to tally votes for feature requests.
* a general policy that there should be an email link at the bottom of every page on our website
* online discussion forums

These three methods get us more than enough feedback...


Methods of soliciting feedback from customers

Fourth Season - SopranosGood insight from MSN into the Sopranos' next few episodes.

In Sunday's "The Two Tonys," the old mobsters return. Tony's sister, Janice (Aida Turturro), now married to Bobby (Steven R. Schirripa), resents having to make Sunday dinner. Tony tries to date his therapist, Dr. Jennifer Melfi (Lorraine Bracco).

"Rat Pack" on March 14 introduces the new Tony. In a quietly amusing moment, he wears the suit he had before prison, proving that the "Miami Vice" look is best remembered, not revived. The next week, "Where's Johnny?" proves tough guys share about as well as toddlers, and more blood is shed as they try to divide up business. Paulie Walnuts (Tony Sirico) shows he has never lost his taste for dirty street fighting. And in "All Happy Families," Feech drives the younger guys crazy with his war stories while Carmela and Tony try to deal with A.J.'s problems.

After this year, there is one season remaining. Imperioli, who has written five episodes, knows how he wants to see the finale: "Dark and ugly," he says. "Why not?"
"

'The Sopranos' Returns

Whackometer

Fourth Season - SopranosThe Detroit Free Press reports...

...the online wagering site BetWWTS.com, figures that Johnny Sack (Vince Curatola) will be the first biggie whacked on this season of "The Sopranos," which kicked off Sunday night on HBO.

They've got Johnny at 3-1 (for fun only) odds, followed by Little Carmine (Ray Abruzzo) at 7-2 and Adriana (Drea de Matteo) at 4-1. The odds on Tony Soprano (James Gandolfini) taking a nap with the oysters? 60-1.


Online 'Sopranos' site lays odds on hits by the mob

Sunday, March 07, 2004


Johnny Perry

Johnny PerryFarewell to Johnny Perry.

Johnny Perry's favorite T-shirt declared to the world what few would dare say to his face: "Freak." At 6-foot-5 and 375 pounds, Perry towered like a colossus over most of the folks who worked out with him. His tattooed biceps were 25 inches, bigger around than the waists of some of the girls who swooned over him. Perry knew he was a genetic anomaly, and he reveled in it.

At 27, the Carolina farmboy entered the semi-sideshow world of professional strongmen -- towing trucks, flipping tractor tires and shouldering boulders. There wasn't much money in it, but he got to travel the world and be seen by millions on cable sports channels. A mere three years after turning pro, Perry was ranked second in the United States and fourth in the world. But his goal was to be crowned world's strongest man, the first American to hold the title in 20 years. And if genetics alone couldn't get him there, he would use steroids to help nature along...


Strongman dead at 30

Lethal Passion

Lethal Weapon - Complete SeriesFrom the Telegraph:

Steve Martin, the actor and comedian, has launched a biting satirical attack on Mel Gibson and his Hollywood version of the death of Jesus Christ, mocking the film as a piece of money-making showbusiness - and suggesting that he, too, regards it as anti-Semitic... [Martin] penned a sharply worded column on the The Passion of the Christ for The New Yorker magazine.

While Mr Gibson, who made the film with his own money, claims that his intention was to produce a profound statement of his religious beliefs, Mr Martin - influenced, perhaps, by the film's ticket sales of $127 million in less than two weeks - appears to disagree.

In Mr Martin's column, "Stan", a fictitious studio boss, sends Mr Gibson "studio script notes" on The Passion...

...On the lengthy and gruesome scenes of Jesus being whipped, which have forced many cinemagoers to turn their heads, "Stan" remarks briefly: "Love the flaying."

...Other suggestions he offers include: "Could the rabbis be Hispanic? There's lots of hot Latino actors now, could give us a little zing at the box office." And: "Possible title change: 'Lethal Passion.' Kinda works...

..."Is there someplace where Jesus could be using an iBook?" he asks. "Think about it. Maybe we start a shot in Heaven with Jesus thoughtfully closing the top..."

..."Stan" points out another apparent spelling mistake. "In the description of the bystanders, there should be a space between the words 'Jew' and 'boy'," he writes.


Memo to Mel: Could the rabbis be Hispanic?

Sunday Funnies

Click here for Amazon Junk

Click here for Amazon Junk

Click here for Amazon Junk
Don't even ask why these cops are roughing up Ronald McDonald. Let's just say Mayor McCheese is NOT happy - and leave it at that.

Saturday, March 06, 2004


RFID Domain

RFID HandbookIf you're interested in RFID (wireless ID tags), Sean's new blog is concentrating on culling out the most insightful articles on the topic and separating the wheat from the chaff. Wal-Mart and the DOD are two of the largest consumers of RFID. Their entire supply-chains -- and, thus, a heck of a lot of companies -- will be dramatically impacted by the conversion.

The landscape of RFID is fascinating: the possibility of "Jetsons-style" inventory management with no wastage; the potential privacy issues (can someone track your purchases after you leave the store?); the range of technical implementation options. RFIDdomain can hopefully make some sense of these complex issues, rather than just acting as a shill and press release outlet for anyone with an RFID offering.

RFIDdomain

School of Rock

School of Rock - Widescreen DVDIs it trite to say that this movie ROCKS?

Jack Black's immense comedic and musical talents are brought to the fore in this light, fun-loving romp. Black plays Dewey Finn, an overenthusiastic guitarist who has just been kicked out of his band _and_ threatened with eviction by his roommate's overbearing girlfriend. No doom and gloom for Finn, though, as he sets out to enter the "Battle of the Bands" with a brand new group. But where to find the talent for a new band?

Answering his roommate's phone at the apartment, Finn ends up pretending to be a substitute teacher at a fancy schmancy prep school to earn some cash for his overdue rent. When he discovers that several of his young charges are musical prodigies, he drives them with an all-day curriculum of pure rock education, setting the stage for revenge on his old band. Yes, he plans to enter "Battle of the Bands" with a bunch of 10 year olds as his group.

Formulaic? Yes. Silly? Yes. Will you laugh? Heck, yeah, 'cuz this movie rocks!

School of Rock - Widescreen DVD

Thursday, March 04, 2004

Version Tracking... Off

Linux in a NutshellTurn off Microsoft Word's Version Tracking feature. If there's one lesson you can take away from SCO's embarrassing disclosure that Bank of America (BofA) was the original target of lawsuits, it's simply "turn off version tracking". If you'll remember, SCO had threatened to sue over 1,500 large enterprises for their use of Linux.

...A feature in the word-processing software tracks changes to documents, who made those changes, and when they were made. These notations typically are invisible to someone reading a Word document. But as some lawyers, businesspeople and politicians have learned the hard way, Word can also display so-called metadata in the document--including the original version and all subsequent changes. This information is available by viewing the document under "original showing markup" or "final showing markup.

...Examples of the changes made to the Word document that later became SCO's lawsuit against DaimlerChrysler include the following: • On Feb. 18 at 11:10 a.m. "Bank of America, a National Banking Association" was removed as a defendant and "DaimlerChrysler Corp." was inserted. • Three minutes later, this comment was removed: "Are there any special jurisdiction or venue requirements for a NA bank?" • At the end of the lawsuit, "February" was listed as the filing date, although no exact date was given. SCO previously had said that it expected to file a lawsuit against a Linux user by mid-February...


Document shows SCO prepped lawsuit against BofA

A search engine for tech investors?

Wall Street Journal Guide to Understanding Money and InvestingBright idea from CHI: use a Google-style ranking system using patent citations -- not hyperlinks -- to determine who's coming up with the most cited ideas. Then invest in those companies.

Two years back... I asked CHI to share its top 10 tech-stock picks with... readers... its picks have returned an average of 59.2%, while the Nasdaq 100 and [S&P 500] indexes returned 4.2% and 6.1%, respectively. Each year since 2000, when CHI began issuing monthly buy recommendations to institutional investors (subscription price: $15,000 a year), it has killed the market averages. In 2003, as the average tech-stock mutual fund returned 55.9%, CHI's picks returned 162%.

HOW DO THEY DO IT? CHI uses a strictly quantitative method based on evaluating the strength of public companies' patent portfolios. Based in Haddon Heights, N.J., the firm got its start in 1968 reviewing patents for the National Science Foundation. It still consults for corporate clients, but its investment-research method, on which it has its own patent, is gaining renown. Here's how it works: Every month, CHI looks over the patents of 477 innovators, from mighty General Electric to the likes of genomics outfit Lynx Therapeutics. It checks not just how many patents each company holds but what it refers to as "citation impact" -- how often they are cited in later patent applications...


A search engine for tech prospectors

Carolina's First News!

Did someone forget to password-protect the admin account for Carolina 14's ("Carolina's First News!") school closing system? My favorite one features PWNT Enterprises. And props to Mr. T for the link.

Carolina 14 News: Closings