Recent Entries

Entry tags:

job,
tech

A short parable on network security

I call this a parable because although I'm sure that there's a lesson to be learned from this, I'm not quite sure what it is. I do have certain points in this story that feel important, and I've labeled those as "parable events". As I said, though, I leave the conclusions to the reader.

My employer (call them "company E") has over the past year tightened up the corporate network, including restricting outgoing connections to nothing other than ftp and web browsing.

The TCP-literate will wonder if I actually mean is that company E is restricting outgoing connections to ports 20, 21, 80, and 443. In fact, that's exactly what I mean. Connections to those port numbers are allowed and others are not. In theory, one can submit tech. requests to network engineering if there is a business reason to allow some other type of access to a certain location.
( Read more... )

Entry tags:

Okay, clearly I'm feeling better

About the whole Google disappointment, because I found this hillarious:

Entry tags:

politics,
tech

ObNonHack

This is a story about an exploit that didn't happen. Mostly, because I chickened out.

The short version is this: for a while, there was a bug in the way google accepted user preferences that meant that it was possible to create an <img ...> tag such that anyone who looked at a page containing the image would have their google preferences changed. Think about this for a second. See that blank box above the smiley face? If Google were still vulnerable to this exploit, you'd see a second little smiley face in that box. Also, merely by loading your friends page with this entry on it, your google preferences would have been changed to whatever I picked. In this case, to have the google buttons and all explanatory text switch to Arabic, to search only for pages in Chinese or Japanese, and to display only one result per page. You'd see this when next you used Google, whether you used it directly by visitng http://www.google.com or through some browser plugin.

Now, freerepublic.com (no, I'm not linking to them) is frequently visited by people who would at the least be freaked out by something like this. Furthermore, it's full of people I wouldn't mind freaking out. Also, it encourages semi-anonymous users to post images in the comments. At least as of Halloween, Google hadn't fixed this exploit. Think about it: right before the election some of the more rabid online right-wing activists have their ability to use Google taken away from them in what looks like an islamofascist plot...

Anyway, as I said, I chickened out. I don't know if there's some sort of moral or lesson here - except that web application security is so difficult that even Google can get it wrong in potentially embarrassing ways - but it kind of seems like there ought to be. If anyone cares about the technical details behind the flaw you can read about it by googling "google setprefs xsrf" and see more details about my specific way to exploit it by looking at what http://xrl.us/rv5j/smile.gif gets you when you feed it through wget.

(And yes, I'd reported this to Google on September 25th, but I wasn't the original discoverer of the flaw itself. Encoding the evil into an image tag was my own creation, as was the exploration of how much evil could be encoded into one little picture.)

Entry tags:

job,
tech

Poke that computer scientist sitting next to you

Or, poke yourself, or something. Whatever's appropriate.

I've got a big huge problem to solve at work and I'd like to look up what's in the literature on solving problems like it, but I'm sufficiently distant from academic computer science that I don't know what the term is for this type of problem or where to begin.

Or, as

mizkit said, “Help me LJ-wan Kenobi! You're my only hope!”

( The problem description )

Entry tags:

meme

My American English (non)-accent

Well, not surprising as I was raised by people from Ohio and Colorado.
( You have a Midland accent )

Entry tags:

katherine

More Katherine

As I was writing my previous post, I knew I was forgetting stuff that Katherine is doing these days. I'll have to remember to post more often; in the mean time, here's two other things Katherine reminded me of this evening:

For a while now, she's been using “dark” as an intransitive verb. As in "Daddy, it's darking!" (at dusk) and "It darked outside" (when we have gone inside before sunset and come outside after it got dark).
Today, I pulled the plug on an electric jack-o-lantern she was holding since I didn't want her to get burned, and her reaction was "It darked out. Daddy, the pumpkin darked out. It needs new batteries."
She's been wanting to count in different languages.
This started a week or two ago when we were driving somewhere and I heard her saying “una, dos, tres, quatro, ...” (or close enough to that), and asked her what she was doing. “I'm counting the stars” (It was light out; this was a Dora reference). I told her she was counting in Spanish. She asked me if I could count in Spanish, and we then counted back and forth up to ten. (I'd say a number; she'd repeat it) When we got home, she said "I want to count in French." "Ok; count in French." "I don't know how. Can you count in French, Daddy?" So we did (I can get to ten, at least) and then tried German and Japanese.
We just did Japanese tonight when I put her to bed, and she's starting to learn bits of it - she responded "shi" to my "san" and "hachi" to my "shichi".

I found my digital camera again recently, and so took a few pictures of her that I'll post either tonight or tomorrow.

Entry tags:

katherine

Katherine update

So I was discovering the tag system that livejournal has, and going through and tagging all my old posts (one of the advantages of not posting too often is that this wasn't too hard to do, though I may go back and shuffle entries around, as well as add some more tags).

Having done this, I discovered that I haven't made a Katherine post since June.

So here's an unordered list of things Katherine is doing lately:

She corrects people. She told me a little a week or two ago when I asked her "Katie, do you want some water?", "No, daddy, it's not called [wɔtəɹ], it's called [wʊtəɹ]".
Last night we were downstairs and on TV a local political show came on called "Issues PA 2006". She yelled at the TV "No, commercials, it's not called “issues”, it's called “tissues”". ("commercials" is her name for all TV that isn't something she wants to watch)
She's started to occasionally say "Santa Claus should make me one" or "Santa Claus should bring me one" when she discovers something she doesn't have.
For example: "Are those your new jammies, Mommy?" "No, Katie, this is my bathrobe" "Oh. Where's my bathrobe?" "You don't have one, Katie" "Santa Claus should bring me one."
She's getting psyched about Halloween. She's been asking when Halloween will come since late August.
Jennifer's mother got her a off-the-shelf costume of a dragon, which Katie has been itching to wear. (we had her put in on once to check for size) I suspect she'll be almost ready to explode from the overhype when Christmas rolls around. Having a child sensitive to the general surrounding culture hype machine isn't a good thing.
She can hang from a monkeybar suspended in mid-air by herself for at least fifteen seconds.
She's learning to ask for things in the polite, formal English that upper- and middle-class parents teach their kids: "May I ...", "please", "thank you", etc.
The other day she asked me in a soft voice (she was a bit tired) "Daddy, may I have some breakfast please?" It was incredibly cute, if a bit Dickensian.

Entry tags:

shell,
tech

How we set up password changing in subversion

This is another computer-geek post, because I was thinking about it today, and thought it deserved to get documented. Most of my friends will not care, so...
( How to allow users to change their own passwords when using subversion *without* apache )

Entry tags:

How Java shuts down

So one thing I discovered as I went back over my old posts is that I used to do some serious computer geeking in my posts. I mean, seriously.

And I haven't done any computer geeking on livejournal in a while, so:
( The insanity that is the jvm's shutdown sequence )

Entry tags:

politics

Guess which kind of man we have in charge?

So I was reading though old livejournal entries of mine looking for other missed comments, and I ran across a post of mine from 2003 talking about the State of the Union speech, and got freshly pissed off at our President. That killed the nice nostalgic buzz I'd been getting from posts about Katherine learning to talk and walk.

Let me preface this by saying that I recently read Terry Pratchett's book Men at Arms, which is pretty much yet-another-discworld-novel. Not generally deep, but enjoyable. However, Pratchett has this habit of occasionally having his characters utter deep wisdom about the world. One such quote from this book was this:

“If you have to look along the shaft of an arrow from the wrong end, if a man has you entirely at his mercy, then hope like hell that man is an evil man. Because the evil like power... they will talk, they will gloat. So hope like hell your captor is an evil man. A good man will kill you with hardly a word.”

Now, this transcript doesn't entirely do it justice, (for that we'd need video) but here's something from Bush's 2003 State of the Union address. Where I've inserted the smiley face, our president paused for dramatic effect and smirked:

“To date we have arrested or otherwise dealt with many key commanders of Al Qaida. They include a man who directed logistics and funding for the September the 11th attacks, the chief of Al Qaida operations in the Persian Gulf who planned the bombings of our embassies in East Africa and the USS Cole, an Al Qaida operations chief from Southeast Asia, a former director of Al Qaida's training camps in Afghanistan, a key Al Qaida operative in Europe, a major Al Qaida leader in Yemen.

All told, more than 3,000 suspected terrorists have been arrested in many countries.

And many others have met a different fate. ☺ Let's put it this way: They are no longer a problem to the United States and our friends and allies.”

I'm not sure what the proper response is to news that a very bad person (or a suspected very bad person) has been killed, but I'm certain that “Heh. Cool.” isn't it.

I should start watching my comments more

Unlike many people, I don't have livejournal set up to email me when people comment on a post of mine. Instead, I post so rarely that I can simply call up my main journal page and generally see which posts have new comments. Occasionally, though, I'll forget to do that and I'll miss a comment on an old entry, such as this one. It would have been nice to see that comment when it happened; I only noticed it because I get so few comments that that one was still hanging around at the bottom of the recent comments page.

I think I may have to twiddle the switch that'll send me email when people comment.

Entry tags:

tech

Why I don't like Word for writing documentation

This is a technical/work entry. I'll do a Katherine update at some point in the not-too-distant future.

Occasionally, even the most insulated-from-the-customer programmer must write some sort of documentation. (I'm actually not nearly as insulated from the customer as I might pretend to be) Recently, a piece of install documentation that I had been maintaining in reStructuredText was officially transferred to the publications group, and since then it has been a Word document, though I am still expected to submit updates. At one point I noted that I would be much happier maintaining that documentation in the plain text format I had been using before, and was asked by publications “Dan, what do you want to do with the doc in plain text that you can't do if it's in Word format?” — this is my reply to that question, with some slight rewording and elaboration.
( Why I find Word inadequate for maintaining technical documentation )

Entry tags:

Rational response to a professional rejection

So the "interesting news" mentioned in my previous entry is that I was at the time doing the interviewing and recruiting dance with Google. I heard the final word from them yesterday, and they aren't going to offer me a job. I may post some more detail later about the interview process (the non-technical details. The technical details are covered by an NDA), but not tonight. It seems that at this point I have a few choices of how to deal with the upset from being told "you don't have what we need":

Screw them, screw the recruiter who contacted me out of the blue, screw it all. Throw a temper-tantrum.
Ponder the inadequate nature of me, and get (more) depressed.
Forget it all, and try to just go on like they never talked to me in the first place.
Try to come up with a list of what they didn't like about me, and see if I can figure out how to improve those areas
Same as above, but set as a specific goal re-applying to Google in a year. (Though this time, I'd limit myself to the NYC office, given how jmartin2 greeted the prospect of a move)

Obviously, I'd like to be able to embark on one of those last two options. So what, from Google's point of view, are my weaknesses?

( Help me get better )

Entry tags:

tech

Another month

Well, I've almost let another month go by without writing anything here.

I do possibly have some interesting news (that people on TooMUSH are already aware of), but I'm not going to say anything about that here at this time until I have more to report. (How's that for cryptic?)

In the meantime, though, I'm going to make a prediction and record it here so that it's all properly timestamped:

Software aimed at the average programmer will succeed or fail based on whether or not someone in India can find the manual online and print it out.

This means that having the only useful English documentation to your product be in a book selling for $30 at the local Barnes and Noble is not sufficient. It also means that webbook-style manuals alone are not sufficient. Sybase, which has had its documentation in webbook-style manuals forever has figured this out - note how they have here both the online and pdf versions; contrast this to Microsoft, who seems to think that it's okay to make documentation freely available, but not easily printable. PDF files that are locked so that they can't be printed are likewise worthless for getting your documentation to that printer in India.

I reach this conclusion based on the number of hits I receive to my personal website from www.google.co.in from people searching for "ant manual pdf". It's been steadily growing, and I haven't been updating the pdf manual I have - it's still the manual for ant 1.4, some three or four years out of date at this point. Those programmers in India really want the documentation in printed form.

This isn't to say that I think it would be worth translating most documentation into Hindi - first off, most programmers in Bangalore are as likely to have Kannada or Gujarati as their home language, and secondly it's not really about India per se. India's just a convenient term for "wherever people are outsourcing programming to these days". I'm also getting a tolerable number of hits from Singapore, Romania, and Hungary. I even got a hit from Sri Lanka this past month, with a search for "Ant documentation Manual PDF".

Entry tags:

math

And now for something completely different

First though, some more Katherine babble. This morning she really, really wanted for breakfast a "simpon squirrel beggle". In normal speech, this would be a "cinnamon swirl bagel".

Now, a game theory theorem that I've had stuck in my head for over ten years. Hopefully writing it down will exorcise it. Namely: In any two-player tic-tac-toe-like game, there can be no winning strategy for the second player.

Proof (and rigorous definition of "tic-tac-toe-like") behind the cut.
( Read more... )

Current Music: BNL - What a Good Boy

Entry tags:

katherine

Smart flowers

Everyone always tells Katherine that she's pretty/cute/gorgeous/etc. She's picked up on this. For example, she will want to run out of the room after I get her dressed in the morning to "go show momma I'm a pretty girl". Or she'll just tell you, flat out, "I'm beautiful" (pronounced "boo-tiful" for extra cuteness). Now, I suppose this is much, much better than having her tell say negative things about herself, but it started bothering me that Katherine was picking up the language of valuing herself through how she looks, so we've been trying to push other positive adjectives on her as well: smart, strong, big, etc.

I think we may have been pushing the other adjectives in too formulaic a manner. This weekend we were at a friends' house and when we left Katherine was given some small flowers from the yard (daisies mostly). Katherine was happy to hold them as we put her into the car. Then, in the car, the conversation went like this:

Katherine: Look, mommy! I got four(*) flowers!

Jennifer: Yes Katherine, aren't they pretty?

Katherine: Yeah.

Katherine (quieter, to herself): Yeah, the flowers pretty. And smart, and (unintelligible), and strong, and boo-tiful.

(*) "four" is the latest word that means "more than one". She'll hold up two cups and say "look, I got four cups". She used to use "three" (pronounced "fwee") for this. Inflation, I guess.

Entry tags:

katherine,
meme

A different kind of book meme

Occasionally it will happen that I'm perusing my livejournal friend's list and will see a bunch of people have posted some details of books based on some criteria that varies with the season and what's hot at that moment. You probably know the posts I'm talking about: "guess the book from the fifth sentence", or "what books have you read involving rutabagas", or "guess the book from haikus about the plot", or the latest, "guess the book from what Amazon says are the statistically improbable phrases".

Anyway, I always feel a bit left out here: first off, my brain is not organized in the fashion that lets me pull a book out of a phrase, even assuming I've read the book at all recently. Secondly, lately I'm doing a lot of reading that wouldn't show up on those lists. Specifically, reading to Katherine. Often, reading the same book over and over again until I have it memorized.

So here's a book meme for parents and others acquainted (voluntarily or not) with current childrens' books:

Post an identifying sentence or two from 10 (or so) childrens' books that you've read recently. Challenge your friends! Mock those non-parents you know when they miss an obvious one!

So, in no particular order:

Look now! Here is one thing more. I take my spots. I make them four.
BOOM BOOM BOOM! Mr. Brown is a wonder! BOOM BOOM BOOM! Mr. Brown makes thunder!
"Could this be a mountain?" he wondered, "I think I've always wanted to climb a mountain."
Does a penguin have a mother, too? (I know, a give-away, but you can't find a sentence in that book that isn't)
5 was a turtle, who bit the dog's tail.
Judy can play peek-a-boo with Paul. Now YOU play peek-a-boo with Paul.
"Hello again." "Hello" "Do you like my hat?" "I do not like it."
AGGLE FLAGGLE KLABBLE!
Poor Kitten! She was wet and sad and tired and hungry.
She sees the seals. They are all sleeping.

(A minor hint on number 3: the "mountain" is a department store escalator)
Update: I've posted the answers in the comments in what I hope is a spoiler-free manner (as links to the amazon page for each book)

Not quite spam

I just got a very bizarre piece of misdirected email. I've gotten unsolicited job offers via email in the past, (distant past, and rarely) and I've gotten email intended for other "Daniel Martin"s (more frequently, and all the time at work, where there were four of us for a while).

However, I've never had them both combined. I just received what appears to be a job offer to have me come to Japan as a DSP expert with 28 years in the business. (For the record, that would mean I started in the DSP business around the age that Katherine is now)
( Cut to spare friends pages )
So is there anyone out there who actually wants this job, or knows who they were trying to reach? I think they might have been trying to reach someone at "Infineon Technologies", but that's just a guess based on searching for "Daniel Martin" and DSP together.

Entry tags:

math,
tech

Obsolete technology geekery

So in the effort to get me posting about anything, and prevent my journal from idling for another month, I'm going to talk about a toy I bought myself on eBay a few weeks ago.

It's a slide rule.

It's a moderately nice one, though the sight on it is slightly askew, such that if I don't touch it, the line isn't quite vertical. It's only a 10 inch model; the really accurate 20-inch and longer ones aren't selling on eBay, or are too pricey.

It has scales L, C, D, A, B, K, Ci, CF, DF, CiF, S, T, ST, LL1, LL2, LL3, LLO, and LLOO.

Just think - there was a time when every engineering student would know what all of those scales meant. I've included a discussion of what those scales mean, and what it means I can compute with this, below the cut.
( The rest gets rather math-heavy )

Entry tags:

tech

Got Trolls? Usenet-style killfile for lj comments

In many ways, people often use blogs in ways similar to what usenet was used for back in the day. That is to say, some of the common behavior patterns appear to have shown up again in blog comment threads that used to show up in usenet.

Specifically, I'm talking about trolls - people who show up in a comment thread to derail the discussion, and do so again and again and again. Examples might include someone who shows up in the comment threads of a blog discussing recent work in microbiology to argue yet again for Intelligent Design theory to be taught in the schools, or someone who shows up repeatedly on a feminist-oreinted blog to snipe about how a woman who is raped after voluntarily consuming alcohol deserves what happened to her.

Trolls are not necessarily bad people, (though some probably are) but they are behaving obnoxiously in context. In usenet days, there was something known as a "killfile" which would cause your news reader to simply not display posts from users you didn't like for one reason or anthoer. Wouldn't it be nice if you, the blog reader, could simply mark certain commentors as annoying, and automatically have their blog comments hidden when you looked at your favorite blog's comments page?

Well now you can

That is, you can if you are using Firefox to browse the web and feel like installing a few things. First off, go install the latest version of greasemonkey. Then, go install this greasemonkey script. This provides the ability to ignore people on some weblogs where I wanted that ability. So far, it covers:

livejournal, though I haven't tested all the obscure different styles available there yet.
pharyngula, and other blogs hosted on scienceblogs.com
slacktivist, and other blogs on typepad.com
The Panda's Thumb
Alas, A Blog
Feministe

It's pretty easy to add a new blog at this point, assuming that the HTML around comments is well structured, so expect the list of supported blogs to grow. Among other things, I intend to add support for comments hosted at haloscan.com (which covers several big blogs, such as Eschaton and Digby's blog) by the time the weekend is over.

Update: Haloscan-based comments are now handled, as are livejournal community and syndicated feed pages. (Which were only excluded because of a bug before)

Update again: Pandagon is now covered and there is experimental support for killfiling people from your livejournal friendslist (e.g. if you like to read a community except for one particular poster). Note that the friendslist support is disabled by default; to enable it you'll have to edit the script to remove the comment markers inside the variable "scenariolist" from the beginning of the line that says "ljfriendsScenario". (You can edit installed scripts from the "Tools-Manage User Scripts..." menu)