dtm: (Default)
So yesterday my train home was held for 15-20 minutes after it arrived at Princeton Junction, with the doors staying closed and people not being allowed off. At the time, we were told: "Ladies and gentlemen, the dispatcher has requested that I not open the train doors until the police arrive."

We weren't told why the police were arriving. After they had let everyone off and were continuing on to Hamilton we were told: "I apologize for the delay; there was a security issue that needed to be addressed. Thank you for your patience." At the time, I figured it was an unruly customer who'd taken a swing at one of the ticket collectors. (There are signs up saying that assault on train personnelle performing their duties is punishable by up to 5 years in prison) Annoying, but I'm willing to put up with some delays if it's necessary to ensure that people aren't fighting on the train.

So what was this security issue? Two guys with a video camera were filming the inside of the train. It turns out that the two men were journalists from Hong Kong. Apparently they were working on a documentary about a Hong Kong engineer who had designed part of the new train cars. (And these new double-decker cars are nice)

Despite the title of this post, I've been thinking as I write this if after all the situation was handled appropriately. I mean, yes, the police taking anyone away for questioning (even if the people went "voluntarily") after a legal activity bothers me; so far as I know, the US has not yet implemented Soviet-style prohibitions on taking pictures inside moving vehicles, so I'm bothered by that. On the other hand, the two men weren't held overnight, I can see how videotaping various structural components of the train could be suspicious, and then there's the matter that yesterday was Tuesday, September 11th. (One wonders why the two men didn't start by contacting NJTransit's PR department)

So maybe the actions of NJTransit were appropriate, if a bit frustrating to commuters. For the record, my arrival in Trenton was delayed only a bit over 15 minutes (certainly less than the 20 quoted in that post). I've been delayed longer from wet tracks.

What definitely wasn't appropriate though were the multiple calls to 911 mentioned in that post from commuters stuck on the train wanting to know where the police were. Being 20 minutes late getting home isn't an emergency.
dtm: (Default)
Dear NJTransit: (written at 6:53)

I appreciate that train scheduling is a hard problem, and that real-life train scheduling is complicated by factors beyond your control.

I also realize that it is not in any way your fault that I live a brisk fifteen minutes' walk away or that I'm functioning on very little sleep. It is, I suppose, also not your fault that I aimed to catch the 6:19 train this morning. The fact that the 6:19, 6:28, and 6:43 trains are all MIA, though, is going to have to be your fault.

I would very much like to get on a RiverLine train now.

Dear AT&T: (at 7:31)

You know what would have been cool? To be able to post that last bit before the insanely overcrowded (packed standing room only) RiverLine arrived. Unfortunately, a wireless internet connection that I get dropped from every minute and a half, and get anemic rates with at best, isn't really that useful there. It would be nice if I got more than one bar throughout Burlington.

Dear Firefox Team: (at 7:34)

You know what would be nice? If having your wireless connection crap out on you didn't cause your web browser to lock up and become completely unresponsive.

Kthx, bye

Update: Total door-to-desk time? 3:02. Ugh.
dtm: (Default)
Well, today I went and had my first day at Google, and here's what I can share:
  • This job is going to rock, eventually. I'm going to spend at least the first three months wandering around in a dazed and confused state.
  • This commute is going to suck, and that gets to start right away.
  • I'm going to need to figure out a better eating schedule and learn to either read menus ahead of time or decide to be more adventurous with food spontaneously. When confronted with the food today, I just choose the first food I saw that was easy, recognizable, and safe, and it wasn't too filling.

I'm panicking slightly about the commute right now, but I think that a good chunk of that is hunger combined with the fact that the train was late today meaning that I get home half an hour later than I'd planned.
dtm: (Default)
Sorry that there's not been any detailed post about getting the Google job. The short version is that they didn't hire me back in August, but then in early June a different Google recruiter said, "I found you in our database; would you be interested in this other job?" And this time, after another phone screen and on-site interview (this time in NYC), they offered me the job.

The long version is that, plus lots of reflection and angsting about "why am I doing this?" and "how am I going to tell my boss?" and "how is [livejournal.com profile] jmartin2 going to handle me being in New York five days a week?" Maybe I'll post some of that later.

Anyway, that's not what prompted me to get off my virtual duff and post. What prompted that was finishing Flowers for Algernon this morning, and then sitting down this afternoon to watch one of the weekly syndication Simpsons episodes and having it be the episode Lisa the Simpson.
dtm: (Default)
So, I don't want to really jinx anything by celebrating prematurely, but one of the things that was happening in June is that a long process was begun that appears now to be headed toward a successful conclusion.

Long story short? I'm not this guy any more.

More details as I can share them later.

Update: Post unlocked.

I got the emailed pdf of the offer letter, and barring something truly bizarre am going to take it. I'll be working for Google in New York.
dtm: (Default)
Some people might deduce from my posts this past month that either I have abandoned livejournal or that nothing happened during June. The latter is not true, and I don't think that the former is either, but I still can't get into the regular blogging habit.

#include <std/apologies/long_journal_update_lag.h>

So now for something completely different; namely, a rant about a particular instance of idiocy common as dirt on the web:
Dear web page designers:

See all the hits this search generates? Almost without exception, every result there is either telling you how to do something that's a bad idea or asking about details of how to implement a bad idea. What I'm talking about is this: most of the time when you need to type in actual physical address online, there will be a text box for your name, one for your street address, one for your city, one for your zipcode, and a drop-down box for your state.

Now, every state has this convenient little two-letter abbreviation, and anyone typing in an address in a particular state already has the abbreviation quite literally at their fingertips. Why is it that I can't type "NJ" into the state box? Why do I need to type in "NNNN" or "NNNNN" or "NNNNNN" to get my state? (Depending on whether the creator of the box has included Canadian provinces in the drop-down or not, and on whether they sorted the options in the dropdown by abbreviation or by state/province name) I can't even get a standard bunch of keypresses memorized to type my state!

This is not a new issue; there was a use-it.com article about this in 2000. The big boys (aka amazon) do this correctly, with a text box. And yet still, you'll find advice like this (from a page supposedly made in 2005):
Sometimes you may want to replace text fields with drop-down menus. This might be because selecting from a menu is easier than typing. But it could also be because the script that handles the form can't interpret just any text entry.
For example, you will often be asked to choose your state from a drop-down menu. This might be because picking it from the menu is easier than typing the name of the state.
Along the same line, you may often asked to enter the 2 letter initials of your state from a drop-down menu as well.
This could prevent confusion for the script that handles the form input. If, say, the script was programmed to only accept capital letters, then a drop-down menu would secure that no invalid entries were made.


Look, if the script on the back end blows up when given input like that, then fix the script. Or make a wrapper around it to validate data first, representing the form to the user if they type in a bad state abbreviation. (Since for security reasons, you need to do that already anyway, and you know it)

Don't make me guess how many "N"s to press, and don't make me jump back to the mouse, especially when you lay out your form like a standard US postal address so that I'm jumping back to the keyboard for the zipcode anyway.

Is this a small annoyance? Absolutely. It's trivial in the grand scheme of things, and even fairly small in the world of web-based annoyances. But it's totally unnecessary. In fact, implementing the drop-down is probably more work than putting another text box there. Please - go play an extra minute or so solitaire instead of making yet another state drop-down box. Your time will be better spent.
dtm: (Default)
I got a comment with the subject line "Marsians ready to atack! nobody help us" and the body "MESSAGE" at 5:17 AM this morning (on my previous post, a small note about Ruby-Quiz), from an IP address that's at the top of the list of proxies at proxylist.blogspot.com.

Googling on that phrase produces a bunch of hits, most of which have been taken down by now, and which seem to be pharmaceutical spam. They appear to have taken advantage of a bug tracking system on a .gov site to post their full ads as attachments to bug reports, and they then post links to the attachment in the comment spam. Innovative little buggers, even if they couldn't configure their engine properly for the spam run that hit my LJ.

I wonder if large bugzilla installations are going to have to deal with becoming unwitting ad-hosts to spammers in the future, and if this will have the effect of making bug submission a moderated process, where newly submitted bugs aren't generally visible until a human being approves them as not being spam.

Update: They tried again, on the same post, with "MESSAGE" as the body again, and the subject "New explanation of pharmacy".
dtm: (Default)
From the quiz solution summary on http://rubyquiz.com/quiz122.html: (ellipses in the original)
You have shown me the light and it tells me... Daniel Martin is crazy. I'll leave it to him to explain his own solution, as punishment for the time it took me to puzzle it out. I had to print that Array inside of the inject() call during each iteration to see how it built up the answer.
Update: I did in fact accept my punishment and post an explanation of my twisted implementation of the Luhn algorithm.

Update: Sorry; anonymous comments aren't shown on this entry any more. Three spam deletions is my limit.
dtm: (Default)
So today I got an email message on my work account titled "FW: EAP Support: Coping with Tragedy at Virginia Tech" and with the text:
Our EAP provider, Horizon Health, has provided the attached articles to help support us in the aftermath of the incident at Virginia Tech.
(with an attached word document I haven't opened yet)

Now, the shootings at VT were awful, and surely traumatic for those who witnessed them or knew one of the victims. And yes, they will eventually lead to a national dialogue about how our society approaches guns and mental illness. (though probably not much serious discussion about the visible have/have-not divide at some undergraduate institutions)

And for those directly affected, psychological counseling and support is now vital. However, that kind of support isn't going to come from a brochure. Presumably, then, this brochure is directed at the rest of us, who need something after 30 college students are killed in Virginia but are expected to take news like this completely in stride:
April 18 (Bloomberg) -- Car bombings in Baghdad killed at least 166 people in the worst violence in the capital since the U.S. military began a troop ``surge'' two months ago aimed at ending attacks.
Or this: (from over the weekend)
Two months into the U.S.-led Baghdad Security Plan, at least 289 people were killed and injured across Iraq on Saturday, including 36 dead in a car bomb attack in the holy Shiite city of Karbala. The carnage of a crowd teeming with women and children set off an angry mob of hundreds against the governor and police.
Or this: (from April 7th)
McCloud was the 105th homicide victim this year in Philadelphia, where the death toll is outpacing last year's by about 20 percent.
You'll forgive me if I don't receive this emailed brochure as convincing evidence that our corporate-contracted Employee Assistance Program really truly cares.
dtm: (Default)
Continuing my pattern of occasional technical posts just that my journal won't be completely dormant, here's another one:

If you do much web development at all, you probably work with a template language of some kind. You know, the kind of thing where you write HTML with various placeholders in spots that get filled in by the web application - examples include jsp pages, Django's template system, Smarty templates, PHP pages, or HTML::Mason.

Anyway, the problem with virtually every HTML templating language out there is that they make it easier for the person writing HTML templates to add an XSS hole than to avoid it. This isn't a matter of making it possible for page writers to shoot themselves in the foot - that's always going to be possible, given any reasonable system - it's a matter of making it easier to do than to avoid.

More for people who've ever worked in such environments )
dtm: (Default)

I started, and at some point may continue, a big long livejournal post about a rather technical topic - ways in which people make themselves vulnerable to XSS attacks - when I ran across this example that is just too horrid not to post about on its own.

How to achieve triple vulnerability to XSS attacks )Update: I had a technical detail wrong, which must make writing browsers painful in trying to parse tag-soup HTML.
dtm: (Default)

So I've thought about several different journal entries I could write lately, but I somehow just don't feel I have the requisite will-to-type to write any of them. So here are some scattered thoughts I'm not journaling about:

dtm: (Default)
And now for something totally geeky. Of interest only to those programmers whose programming interests encompass both java generics and functional languages that tend to represent lists as singly linked lists most of the time. This is just kind of wandering about, with no coherent theme or conclusion to the post.
(Haskell-style lists in java, with generic type safeness) )

Update: figured out a better way to do append in the ? extends E model.
dtm: (Default)
So last night as I was giving Katherine her bath, I started singing the silly "Willoughby wallaby W____, an elephant sat on ____" song. (A Google search for those unfamiliar with this song)

Anyway, Katherine really got into it. I would start a line ("Willoughby wallaby Wommy, an elephant sat on ....") and she'd finish it ("Mommy!"). I got tired of this game long before she did; she kept asking me to do more, and occasionally pointing to things for me to have the elephant sit on. Occasionally she'd ask me to do something that began with "w", and I'd have to explain that that wouldn't work. ("Do the washcloth!")

After the bath, Katherine continued the song in her room by herself. Here's what I remember:

Willoughby wallaby winosaur, an elephant sat on Pinosaur.
(This is what she named the green toy she's using as a pillow here a few weeks ago)

Willoughby wallaby wocks, an elephant sat on my crocs;
Willoughby wallaby wora shoes, an elephant sat on my Dora shoes.

Willoughby wallaby wink, an elephant sat on my drink;
Willoughby wallaby wouse, an elephant sat on my house.

Willoughby wallaby wanties, an elephant sat on my panties;
Willoughby wallaby wattress, an elephant sat on my mattress.

And there was much more I don't remember. We continued this morning in the car on the way to day care, where the elephant sat on "wight"/"the light", "ween"/"the green", "wed"/"the red" (we go through several traffic lights in short succession); on several of the kids at her day care; on Dora, Boots, Backpack and Swiper (Swiper got sat on more than once); on "wee"/"the C", and "wetters"/"the letters".

Also, after she had asked me to do another word that began with "w", and I explained that it wouldn't work, she showed me that I was wrong:

Willoughby wallaby wonsin, an elephant sat on Wisconsin.
dtm: (Default)
So this morning with it snowing, my wife and I saw how a morning ritual from our youth has translated into the present day: we saw the snow outside, then sat infront of the web browser trying again and again to load kywschools.com. (Which was naturally only responding intermittently since everyone else was going there too)

Not any faster than the old way, really.

(And then when we finally got through, we couldn't remember the number for Katherine's daycare after all)
dtm: (Default)
So, we need a new bank. Anyone have any suggestions?

We're currently banking with Wachovia, but starting in April they're going to be deducting a $6/month fee if you use Quicken to get transactions automatically and manage your accounts. As this would, over the course of a year, be a visible percentage of our average checking account balance, we're thinking of jumping ship.

Given my history with big banks, I was looking at this extremely local bank, but their web site does not, alas, fill me with great confidence. Also, as our main reason for jumping is the end of free Quicken support, it would make little sense to jump to a bank with no Quicken support. (the list of Quicken-supporting banks)

So what do other people use that you're happy with? Any place in particular that we should avoid?
dtm: (Default)
So just to make my journal more active, and because I'm terrrible about coming up with original posts of my own, I'm going to pass this on on the assumption that there are some people on my friends list who are both female and were interested in math/science at some point. From [livejournal.com profile] astrogeek01:
If you're a woman in science, or a woman who once wanted to be in science, there is a book being written about us. The author is still looking for interviewees. Write to her! The more data the better, especially if you've left STEMM areas! There really is no in depth research on the people who leave, and it's a big missing area and we want to know!


De fimo

Jan. 31st, 2007 09:06 am
dtm: (Default)
It's been a long time since I posted, and I told [livejournal.com profile] jmartin2 that I'd make the next livejournal update of this kind since she's been doing a lot of that lately.

Anyway, if you've been reading her journal, you know that [livejournal.com profile] jmartin2 and I have been trying to get our daughter Katherine potty-trained. The basic way this works is that she gets all excited about wearing underwear, and then refuses to go sit on the potty and do anything while dancing around uncomfortably.
Warning: explicit acts of parenting ahead )
dtm: (Default)
So as I may or may not post about later, yesterday I spent an unexpected several extra hours in CWA (Central Wisconsin Airport).

Among the other things I discovered (such as that the gift shop closes at 6 pm, and that after it closes there's nowhere to buy anything in the airport) was the fact that whoever programs the blinking sign above the baggage claim doesn't understand scare quotes. In among the standard "find this service at this location" messages and a cutesy "Happy Holidays" message, was a message presumably meant to express general patriotic support of some sort for our military.

The sign showed this:

Followed by this:

(The images were made by manipulating the output of signbot to join the message into one long banner)
dtm: (Default)
I call this a parable because although I'm sure that there's a lesson to be learned from this, I'm not quite sure what it is. I do have certain points in this story that feel important, and I've labeled those as "parable events". As I said, though, I leave the conclusions to the reader.

My employer (call them "company E") has over the past year tightened up the corporate network, including restricting outgoing connections to nothing other than ftp and web browsing.

The TCP-literate will wonder if I actually mean is that company E is restricting outgoing connections to ports 20, 21, 80, and 443. In fact, that's exactly what I mean. Connections to those port numbers are allowed and others are not. In theory, one can submit tech. requests to network engineering if there is a business reason to allow some other type of access to a certain location.
Read more... )
Page generated Sep. 19th, 2017 06:50 pm
Powered by Dreamwidth Studios