Skip to Content

Thursday, March 25, 2010 - 01:00
F the CC - Joe Biden's F-Bomb

So the Vice President of the United States of America said "Fuck". On the air. Twice.
Big fucking deal.

I've been prodded by a few people about this, so here's my 90 second commentary:
Joey-B dropped the F-Bomb twice during daytime programming hours (well outside the 10pm - 6am "Safe Harbor" for cussing up a storm on the air).
The last time I checked the FCC was to levy a fine of $7000 for each violation (i.e. every time a word slips out over the air), scalable up to $32500 based on other factors, like a history of prior infringements (and we clearly have at least two violations here).

So I have a few quetions.

  1. Is the FCC going to fine all the broadcasters who carried this speech live-live (no delay) and/or those who carried it with a net & failed to hit the bleep button fast enough?
  2. Is the FCC going to fine either Joe Biden (personally) or the US Government (as an entity) for producing/distributing profane material?
  3. Will we ever get rid of our nation's irrational fear of the word FUCK and the sight of breasts?

... seriously folks, it's just a word. Get over it and move on.

Sunday, March 21, 2010 - 23:39
Is our house of representatives too big?

I'm a small government guy. If that comes as a surprise to you, then I need to write about politics more on this blog. However, a though has occurred to me regarding the size of our house of the lower house. Perhaps it is too big.I say it is too big because of a concept called Dunbar's number. Basically humans can only have social connections with about 148 people. When the first congress met there were 59 members. When the current sitting one hundred and eleventh congress first met, there were 434 members.I'm not sure how to solve this problem. Perhaps we can draw up congressional districts without regards for state lines, and have the state legislatures appoint senators. The lower house can be reduced to about 125 members, which will account for the local office, and non elected people in the capitol building the congressmen will have to interact with regularly.I don't pretend to have a clear answer to this problem, I just know that 400+ is to many people.

Sunday, March 14, 2010 - 22:23
NLM Memory Tuning

Sometimes, it pays to look at the obvious, even when it's a system with which you (think you) are intimately familiar.

Friday, March 5, 2010 - 14:31
Interesting (impractial) OpenSSL attack

While I usually read El Reg for teh lulz occasionally they come up with an interesting nugget, like their article on a "severe" OpenSSL vulnerability (quotes theirs). This vulnerability comes to us courtesy of the University of Michigan, and is tied to a simple oversight in the OpenSSL code: It doesn't perform a verification pass on signatures before sending them to a client.
So all you crypto-nerds, how many of you do a verify on your signatures before you send them? Hands please? Nobody? Not even me? -- Yeah, we all tend to trust that our math Just Works. I mean it's a computer, you put in fixed input through a deterministic algorithm and you get the same output ever time. Right? Nope.

    Computers, as we all hopefully know, aren't perfect. Trillions of minor errors happen every day, and they're usually compensated for: ECC RAM, cross-checks of math, etc. But because OpenSSL doesn't do a cross-check it's possible for those minor errors to creep into a transmitted signature. As the good folks from UMichigan explain in their paper if you can induce some minor errors in the OpenSSL signature math and collect a good signature and a large enough set of flawed signatures you can eventually derive the private key used for the signing.

That is all well and good, except it relies on errors in the system generating the signatures. These errors are rare (and pretty random) in the real world, so no problem, right? Wrong again Sparky! These clever folks came up with something I wouldn't ever have thought of.

    Those of you who have worked on old Commodore computers probably know one of the first symptoms of a power supply going wonky is that the system starts acting up: Lots of random crashes, video corruption, etc. Why does that happen? Because the voltage being supplied to the system is fluctuating. Fluctuating voltages (specifically down-swings) cause all the magical voltage regulation hardware to go out of regulation, which feeds out-of-spec voltages to the chips, which in turn start making mistakes in their math.

The bottom line for this attack is an extension of that well-known Commodore problem: By putting controlled voltage fluctuations into the power supply of real computers (SPARC boxen running Linux) the UMichigan folks were able to induce errors in the math used by the real-world OpenSSL code and recover an actual key.
Continue reading "Interesting (impractial) OpenSSL attack"

Tuesday, March 2, 2010 - 14:43
Running remote X sessions against old Linux distros

Accessing modern systems remotely has been made much easier with the advent of VNC and RDP. Remote X sessions require some thought and rumination as to "how we used to do it," and a little bit of good luck.

Sunday, February 28, 2010 - 23:11
Born Trilogy (@rob_t_firefly takes the blame for this)

So the point of this whole thing is trivial enough that I went ahead and did it: Go to Wikipedia and type in your birthday (month and day). Then you write down 3 events, 3 births, 3 deaths and 3 holidays.December 29
Events

  • 1778 – American Revolutionary War: 3,500 British soldiers under the command of Lieutenant Colonel Archibald Campbell capture Savannah, Georgia without firing a shot.Way to go Georgia, just roll over and take it. Bitches.
  • 1890 – United States soldiers kill more than 200 Oglala Lakota people with four Hotchkiss guns in the Wounded Knee Massacre.120 years later we're still treating the natives like shit & using the treaties to wipe our national ass -- Progress, we no can has
  • 2003 – The last known speaker of Akkala Sami dies, rendering the language extinct.Interesting tidbit in honor of all those linguistics courses I took.

Births

  • 1800 – Charles Goodyear, American inventor (d. 1860)A subtle reminder from the universe to check your tire inflation and wear pattern
  • 1921 – Robert C. Baker, Inventor of the chicken nugget (d. 2006)Cue ironic chorus of "Nugget Man"
  • 1967 – Andy Wachowski, American directorI still won't forgive him for the Matrix sequels. Filthy humans ruinsed a good thing.

Deaths (Excluding the "event" death)

  • 1731 – Brook Taylor, English mathematician (b. 1685)
  • 1737 – Joseph Saurin, French mathematician (b. 1659)
  • 1891 – Leopold Kronecker, German mathematician (b. 1823)

Apparently not a good day to be a mathematician… Do I get any bonus points for a trifecta?
Holidays
Only 2 and nothing relevant: The 5th day of Christmas (but nobody cares aside from the song) and apparently St. Becket's day (patron saint of secular clergy, so I suppose that's appropriate with me being an ordained minister and all)

Friday, February 26, 2010 - 16:57
The Wheel: Let me reinvent it for you! (update-notifier redux)

OK, for the record: I DESPISE Linux. I Hate, Loathe, Abhor and Revile it. I am a BSD-Bigot and proud of it, and if all the BSDs suddenly evaporated I would eschew Linux in favor of a commercial Unix (probably AIX).
Why do I hate Linux so much? Simply put, it's shoddy code written by shoddy coders. In my experience shit mysteriously breaks for no reason, standards and conventions are arbitrarily ignored, critical components of the system are perpetually at version zero-dot-something, regression testing seems to be a myth, and the average Linux developer seems to make no effort to ensure their code will work on anything except their particular favorite distribution (to say nothing about porting it to <GASP> a BSD system, or <HORRORS> Commercial Unix).
This particular tirade was kicked off by the Ubuntu update-notifier program suddenly and mysteriously no longer popping up update notification balloons. As some of you know my company ships a Linux-based appliance (built around a very stripped-down Ubuntu plus our commercial packages), and one of the things that made me go with Ubuntu was that they had gotten the update-notifier thing working beautifully and it had been stable for several versions.
Lo and Behold about a month ago our support guys came to visit me and asked "Hey, is the update notifier bubble broken?" I looked upon it and saw that it indeed appeared to be non-functional, but as all good (lazy) admins are wont to do I demanded they test and verify the breakage.
The breakage came back to me verified earlier this week, and as I really couldn't be assed to figure out why the update-notifier is happy to display the "you must reboot!" dialog box but refuses to display the "Yo, bitch! You have updates!" notifier icon & bubble I took the easy way out and re-implemented update-notifier in Python.
Continue reading "The Wheel: Let me reinvent it for you! (update-notifier redux)"

Tuesday, February 23, 2010 - 13:17
Trigonometric Programming: The tangent function & Software Development

Blocked waiting for my either the software development group to give me new code to test or my FreeBSD build VM to give me a new OS build to test, so how about some random thoughts on programming?
 
I've reached the inescapable conclusion that all software development cycles can be expressed as a single equation: y=tan(x+(π/2))
X represents time (on a totally non-linear scale) with each interval of width π being the development of a software release and the zero point where the function crosses the X axis representing the release of the X/πth version.  The Y axis represents the state of the code - how "bug free" it is.  I'll call the Y value within a version the "completeness" of the code for simplicity.
This functional model actually works surprisingly well:

  • During pre-0.0 release (X|0...π/2) the software is riddled with bugs and brokenness ("completeness" is negative - that shit don't work!).
    • At some point (X=(π+ε)/2) the software becomes at least functional (miniscule positive completeness), and is released to the unsuspecting public.
    • The initial release is buggy as shit, and massive patching and bug fixing happens
      (This is roughly from X|(π+ε)/2...3π/2 -- For the sake of argument let's call the 3π/2 mark the .1 release, or in MS parlance, "Service Pack 1")
    • The software continues asymptotically approaching infinite completeness -- that nirvana state of having no bugs...
  • ...At which point Marketing comes along and says the users want new features -- On our graph this corresponds to one of the vertical asymptote at multiples of π.
    • Development begins on the next (N/π)-dot-zero release, starting al over again from negative completeness.

 
In practical terms software development is not a true function: Each development window is independent and shifted toward X=0, with some overlap between the currently released version and the version under development.
 
 

Wednesday, February 17, 2010 - 22:07
Been doing some heavy ExtJS development

So for the past couple of months I have been doing some heavy ExtJS work. Nothing too fancy, no extension development....but some real heavy use of Ext and some 3rd party extensions.The backend of the application I am working on is PHP, and I have come up with a psuedo framework for the application itself. By using the __autoload() functions in PHP and passing a couple of standardized arguments for every ajax call whether it be a submitting of a form or loading a data store for a grid/combo Ext component. Through Ext lovely use of the xtype property I am able to create arrays in my PHP Objects json_encode() them and pass them back to the front end where they become full fledged objects....this is not a standard practice for the interface but it is used in a specific element of the application that is very dynamic and very custom. Now I am sure if I found some Ext developers in my area and could sit down with them and show them the application they could do away with PHP generating the code and come up with a couple of extensions to do exactly what I want, but for now PHP is filling in the gaps and doing exactly what I want.I originally started looking at ExtJS when version 1 was released, then version 2 came out and I started on a project at my former location, but never really was given the time to actually fully develop an application using Ext...then a couple of months ago I started on the current project I am working on and presented the idea of using Ext to my boss, he said I could proceed and I think overall everyone has been very happy with it.Somethings I have seen improve for each release of Ext. I am going to start with the items that I have seen the biggest change in and work down to those that have changed but maybe not that much. Of course these are just my opinions* Documentation* Speed* Overall Community Support* UI ReliabilityDocumentation- The documentation has GREATLY improved and since the release of 3.0 I have started to see more and more examples of code in documentation itself. One thing that is still lacking just a little is an overall explanation of the properties/config options/methods/etc... for an object....some of these have a great amount of explanation and others not so much. Of course you can likely find someone to give a little bit more information on #extjs on irc.freenode.net but I think such details should be in the documentation. One thing I would love to see in the documentation along with the curret code example, is an actual working element produced from the code example, I know there are examples, but having everything in one place is a great thing to have and not all classes that have code in the documentation have samples...although most of them do.Speed- The speed of Ext overall has increased SIGNIFICANTLY and I dont think there is anyone out there that is using Ext that could ask for more speed improvements although I am sure the team is working on them. Overall Community Support- I have see the community grow in leaps and bounds for Ext, this past year was the first Ext Conference, and although I moved to Florida just in time for it, unfortunately I was getting married later that month and with starting the new job and having to take time off for the wedding/honeymoon I as unable to attend. I believe this years conference, if there is going to be one, will be in California as that is where the new Ext office is located (figures I come to town and everyone leaves!) Going with community tow books have come out recently The "Ext JS 3.0 Cookbook" and a not yet released in paper back form but available but available through Manning Publishing's MEAP program "Ext JS in Action" these has both bean great reads so far and I would highly suggest for anyone involved in Ext development to purchase them.UI Reliability-  This one really isnt an improvement but something negative that I am starting to see I have noticed a couple of UI bugs creaping in and out of the 3.x releases such as, tabs not having the site images, a form having trouble placing buttons correctly and having them cut off on the left hand side.  Now  the tabs issue was corrected with the release of 3.2 but the 3.2 release introduced the buttons issue, which I believe is my fault in that I have not set the proper config options for my objects but it was working correctly in 3.1 and now is showing up in 3.2But overall Ext is great and the changes they have been/are making to the release cycle are going to help the overall package shine like no other.

Monday, February 15, 2010 - 10:52
Cops and Doughnut Shops

I was coming out of the PATH train at the WTC this fine President's Day morning (2010-02-15), book and dunkin doughnuts coffee in tow, when I passed by a women in a NYPD winter uniform jacket standing outside a patrol car. I verified that there was no "traffic patch" above her shoulder patch and noted that another female uniformed officer was sitting in the passenger seat of the patrol car. I uncharacteristically forgot to make note of the precient or other divisional market of the car. I'm not sure why I do this, I chalk it up to being aware of my surroundings.As I passed by she inquired where I got the Dunkin Joughnuts coffee from. I replied, "Jersey." She thanked me as I walked away. I then remembered there was a Dunkin Doughnuts on Church Street going in the directions of Chambers. She thanked me again, and I continued on the A train.Some of you might be asking what I find so weird about this encounter? Well, quite frankly, cops tend to know food places in their precincts pretty well. Putting aside stereotypes about cops and doughnuts, due to the nature of their work, they tend not to get a regular lunch break. They eat when and where they can while on duty.Of course I don't know the full story. Perhaps she was just transferred to this precinct. Maybe she was working a special tour. She could have even been making conversation because she though I was cute. I will never know the reason.



Powered by Drupal, an open source content management system