The Risky Business of Spreadsheet Errors

The Risky Business of Spreadsheet Errors [risks]

Building Your Own Mobile Phone

Build-it-yourself cell phones – hardware and software [bash]

Personally, I’d just be happy with a phone that was scriptable with Python, but hey.

Sunglasses display

I want one. :)

Does Visual Studio Rot the Mind?

Does Visual Studio Rot the Mind? – Ruminations on the Psychology and Aesthetics of Coding [robot]

I really enjoyed this article, if only for the profound sense of relief it drenched me in. When I program, I program in emacs, mostly, (but not always) in python, and mostly (but not always), under Unix. I haven’t done any “visual” programming for over seven years, and haven’t missed it. I found the experience painful. I do sometimes, however, worry that I’m getting stuck in the dark ages, or missing something great – that I would be so much more productive if I just “got with the program” and did things The Modern Way.

The article reinforces my underlying belief that what I do is right, for me at least. I remain convinced that the programmer’s most important tool is their brain, and that the programmer’s key task is organisation. Any tool that gets in the way of that task, and which prevents me from wielding my brain to full effect, diminishes my ability to program well.

The other thing the article confirms for me is that yes, Windows programming really has been horrible since day one. So much of what I read there had me nodding, saying to myself “Yes! When I did this I knew it was wrong! I knew it was stupid!”. I’m definitely better off out of it. :-)

Python Browser Poseur

Python Browser Posuer (formerly “Python Browser Probe”):

… exposes browser functionality at the level of a shell-like interpreter so that testers can quickly write tests in a simple language designed specifically for that purpose. Anyone familiar with a command line should be able to write test scripts for even the most complex web applications with PBP.

Handy. Other approaches to this problem exist and will be blogged about when I can be bothered to try them out (as will this, further). For now, a bookmark.

Cover stories

Spotted on the cover of ACM’s “Computing Reviews” (vol 46, number 8):

Information wants to be free. Information also wants to be expensive. Information wants to be free because it has become so cheap to distribute, copy, and recombine – too cheap to meter. It wants to be expensive because it can be immeasurably valuable to the recipient. That tension will not go away. It leads to endless wrenching debate about price, copyright, “intellectual property”, the moral rightness of casual distribution, because each new round of new devices makes the tension worse, not better.

The above is an obvious truism for anyone paying attention much today, and hardly worth blogging. What’s interesting is that those words weren’t written today – they were written an eon ago, in 1987. It’s from “The media lab: inventing the future at MIT” by Stewart Brand. I find it interesting that this perception existed even back then, before HTTP was invented and the net exploded onto the public consciousness. I also find it interesting that the term “intellectual property” gets quotes around it, presumably because of its unfamiliarity and dubiousness – which don’t think it would today.

Also, from vol 46 number 5:

Technology is a servant who makes so much noise cleaning up in the next room that his master cannot make music. — Karl Kraus, “Half-Truths and One-and-a-Half Truths”, 1990.

Get yer UKUUG Linux 2005 coverage ‘ere!

Since I didn’t get very far with writing about the UKUUG Linux 2005 Conference, I refer the interested reader to the Ping Wales coverage: day one (tutorials), day 2, day 3 and their first feature arising from the show, which looks at Cutter Project’s work, and is probably more coherent than my hastily penned efforts.

Compatability declaration

/me LOL at the OpenBSD yp(8) man page:

If ypbind cannot find a server, the system behaves the same way as Sun’s code does: it hangs.

Also, /me was very impressed by Tom Cosgrove’s talk earlier on Exploit Mitigation Techniques, describing some of the Cunning Stuff which OpenBSD does to make Mr Script Kiddie’s (or even Mr Mafia Funded Russian Hacker’s) life less fruitful. 2 second summary: Much good use of randomisation, basically… :-)

UKUUG Linux 2005 Conference, day one, first session!

The UKUUG Linux 2005 Conference is taking place right now here at Swansea University. Naturally, I’ve been taking a look.

I skipped the tutorials yesterday, although it sounds like the one on Zsh was quite interesting and in particular showed off lots of shiny things you can do with that. One of the reasons I didn’t go is because, well, I really can’t swap from Bash can I? What would the wife think? Well, it turns out she’s clued in enough that apparently, if Zsh really is that good, she’ll consider changing her name. ;-)

I’m currently missing some talks, but this morning there was a really good one on “Experiences of a large linux deployment in education“. It seems that schools in this country waste shedloads of (taxpayers’) money on IT, paying and re-paying for proprietary software licenses, constantly churning hardware (eg 3 year cycles are typical), usually without real in-house IT expertise. The government’s target is a 1:4 ratio of computers to pupils, which 33% of schools had met last year, but that number is going to decrease not increase because many of those schools have now run out of budget for upgrades they’ll need over the next couple of years. Their installations are expensive, complicated, fragile in the face of “improperly-motivated” students, and require lots of time-consuming installation and maintenance.

The guys speaking this morning went into a school in Felixstowe last September and installed IBM Blade application servers and loads of thin clients running Linux and KDE. They have a Windows 2003 Terminal Server for their legacy Windows stuff. The students don’t resist using Linux – they don’t care, they pick it up in no time – but there’s been resistance from staff, who are only just dealing with Windows. So the staff continue using Windows laptops to admin this stuff, with NX bridging the gap. KDE’s a win for them because it looks like Windows, but also because it’s apparently got a very tight and manageable “kiosk mode” in which it’s completely locked down. Over the 12 months since rollout, the school has had one “tampering” incident to deal with, as opposed to the previous situation of having to rebuild/reinstall one or two boxes per week because of malware or general student breakage. Win.

The thin clients can run on old boxes people are giving away. They heard about someone giving away 40 PIIIs, spent 47 quid hiring a minibus, and went and collected them. A classroom of PCs for 47 quid. The school in question has smashed the 1:4 ratio, and slashed their IT budget by about 30 grand per annum. Using thin clients really has made the system trivial to maintain (they’ve only returned to the school for upgrades and development, not maintenance – the school has an IT guy, but he’s not a Linux guy… It just works.) and easy to expand.

Sounds good to me. Only shame is they’ve only done this on the educational/pedagogical side, not the schools admin/office side, which is apparently much hairier and where fat clients are still, realistically, necessary. Cutter Project for more info.

After that I went to hear about “Adopting a driver – from fixing typos to breaking thousands of machines worldwide” which was a bit more technical (though not hugely), and mainly about the woes of freeform open source development. Interesting, but less of a jaw-dropper than the first.

Then coffee in the Digital Technium atrium – a woefully small space for nigh-on a hundred geeks to drink coffee, talk, and (largely) sit around tapping away at laptops. Shame.

I decided to skip the current session and come here for some work. So I should really do some now, I guess. :-)

What bored students get up to over the summer

One of our ex students has created a Javascript VI clone. Well, sorta. I’m not quite sure why, however… :-)

Ad Hoc, Self-Supervising Peer-to-Peer Search Networks

Ad Hoc, Self-Supervising Peer-to-Peer Search Networks – nice paper on a proposed architecture for p2p networks, built on primitives which are so simple they’re obviously right. :-) Abstract:

Peer-to-peer search networks are a popular and widely deployed means of searching massively distributed digital object repositories. Unfortunately, as such networks grow, they place an increasingly overwhelming load on some or all of the participating nodes. We examine how to reduce the load on nodes by allowing them to self-organize into a relatively efficient network, and then self-tune to make the network even more efficient. Unlike previously studied architectures, our “ad hoc, self-supervising” networks avoid restrictions on who a node can connect to or what information can be exchanged. This makes the network topology quite flexible and tuneable. Our results indicate that our ad hoc networks are more efficient than popular supernode topologies for several important scenarios.

Thirty years of research on query languages, no substantive change?

Thirty years of research on query languages can be summarized by “we have moved from SQL to XQuery.” At best, we have moved from one declarative language to a second declarative language with roughly the same level of expressiveness.

From The Lowell Database Research Self-Assessment [spotted in Communications of the ACM]

Operational Semantics of a Simple Process Algebra in Python and Haskell

As promised, though I’m still working on the shiny LaTeX article which actually explains all this stuff…

From the README:

This is an investigative/learning exercise in transforming process algebraic expressions into labelled transition systems according to their operational semantics, using Python and Haskell.

It started out just as an exercise in operational semantics, using Python because it’s the language I get things done fastest in. That proved interesting enough that I wanted to re-do it in Haskell, which I’m learning and which arguably handles this sort of thing better.

The Python version is more advanced. It includes mu-recursion, which the Haskell doesn’t, and is quite tidy IMHO. OTOH the Haskell is less developed, and in particular the functions for actually creating the graphs could, I’m sure, be improved. Always nice to have some future work to do…

I’m publishing this in case anyone is interested in the code. In particular, it is perhaps useful as an example of:

I’m working on a paper describing the problem, the semantics, and the approaches taken in the two languages, but it’s very much an ongoing WIP and isn’t ready to publish yet.

Homepage for this work:

gimbo gimbo, where art thou?

I’m still here, I’ve just been too busy to blog. However, while I’m waiting for ghc-6.4 to compile (that’s my excuse anyway), I thought I’d do a quick blogdump…

I was going to write about my week in London, and a bit about what I’ve been reading lately, but I started by writing the stuff below instead, and now I think that’s enough for one post, so I’ll publish this and follow up with the rest maybe tomorrow or Sunday. (Short version: London fun except bombs, Quicksilver OK, Accelerando completely barmy but getting a bit dull at 40%). Colin, I should warn you that the rest of this post is of the kind you don’t like. The London diary thing might be better. Sorry!

Work’s been truly excellent this week. No students so no teaching, and also no admin for a while too. Some time I need to do some preparation for next year’s teaching, but for the next two months I’m mainly going to be focussing on research at last, aiming to break the back of my MPhil. I made a breakthrough on the parsing side last Sunday (or rather, I cleared up a misconception I’d been harbouring), but have spent this week on a different tack, learning about operational semantics through the magical medium of Python. Specifically, Markus gave me a toy process algebra and its semantics, and outlined the algorithm for turning expressions in the PA into their labelled transition systems, then I went away and programmed it.

It’s been excellent fun, and I got it basically done in no time at all, mainly because I chose to do it in Python. It’s quite remarkable, in fact… For months I’ve been struggling to get anywhere with my research, and it’s been very depressing and making me feel like I can’t hack this stuff. Now I realise it’s just that I’m a complete Haskell newbie. If I was doing my research in Python, I’d probably have finished by now. Alas, I have to do it in Haskell, because of the system we’re interacting with, but it’s encouraging to realise my problems relate to the language/paradigm I’m working in, not some basic failing on my part to understand what the heck I’m trying to do.

Anyway, I’m writing up an article explaining what I’ve done, and either later today or early next week I’ll publish it and my code, so anyone who reads the above and says “huh?” can take a look if they want. (JOn? You reading this? ;-))

Next week is graduation week at Swansea University and I’m acting as a marshall on Monday, which is Science day. So I get to see all this year’s third years do their stuff. With luck and effort, I should be there myself this time next year.

What else is new? I recently made the shift from ion to ion3. Ion’s been by window manager of choice for about three years now, mainly because I can’t be bothered with all that tedious point-and-click move-and-resize nonsense you have to do with windows in most WMs. TR occasionally moans at me that it’s modal but I don’t see it as a problem, it works for me and is extremely keyboard friendly and fast, so I’m happy. But I’ve been feeling behind the curve, and in particular some apps (eg the Gimp) don’t play well with the tiled model – which is why ion3 is nice because it adds optional “float workspaces” which act more like a conventional tedious point-and-click point-and-resize window manager if and when that’s what you need. Making the move was non-trivial because my config files had to be ported to Lua, but now it’s done and I’m very happy with my window manager indeed. Once again, I’d recommend looking at Ion if you’re getting dissatisfied with your Gnome/KDE experience and want to strip things down.

Finally, a couple of Python goodies via the Python-URL: try/except vs if/else in terms of speed (an oldie but a goodie, especially when advocating Python to curmudgeons), and Sparklines, which are kinda weird and kinda cool, but I’ve no idea if they’d actually be useful.

Emergent Chaos, and Chip & Spin

Emergent Chaos – a weblog on “security, privacy, and economics” (via risks). To pick but three consecutive good examples: Equifax CEO says identify theft is epidemic, fingerprint privacy is rubbish (as any fule kno), and the UK government does plan to sell your ID card information. One to watch.

Another one to watch, though less frequent, is Ross Anderson at Cambridge. In particular, check out Chip & Spin to find out why Chip & Pin is increasing fraud, not decreasing it.

On subject of which… Bash & I went out for dinner last night, and we noticed they were taking card payments using a wireless terminal. So out came my Palm Tungsten, and up was fired wiffi, which duly reported no 802.11 signal in the area. “In that case, ” asked Bash, “what’s the terminal doing?”. Answer at Chip & Spin, although you can guess a lot of it.. Obviously without a network connection, it wasn’tt performing any online back-end checks that, for example, I had enough money in my account to cover the bill. So it’s basically the card authenticating itself to the terminal, and authenticating me via the PIN I entered. But what suprised her most was this: if the chip happens to be broken (eg fried), the system should fall back to magstripe – which this particular terminal happened not to support. So what happens then? Answer: no authentication whatsoever. Zero. Nada.

Go read the paper. Seriously. It’s great.

Thimblebys in New Scientist!

Blimey, the Thimblebys are in New Scientist – and where do I spot it byt Robot Wisdom? Jorn, apparently, is unconvinced. On the other hand Andy, who’s seen it up close and played with it, is very impressed.

As it happens, I’ll be in London next week at the Royal Society Summer Science Exhibition, helping demo this very software to the masses. Come and see! (Map here.)

Javascript – not actually rubbish?

Javascript – LISP with a different syntax?

I’ve been hearing murmurings along these lines from People Who Know, particularly PhD Student People I Know Who Know, one of whom was apparently writing a Tetris clone in Javascript recently. So yeah, this could be good.

A shedload of Ruby links

I definitely want to learn Ruby this summer, starting as soon as I get this exam team stuff out of the way (or possibly sooner). Here, then, is a collection of resources which I might find useful. I might revisit this post and expand it later as I find new stuff or add thoughts on what’s here. If anyone has anything to add, feel free.

I have already mentioned why’s (poignant) guide to Ruby.

The first edition of Programming Ruby: The Pragmatic Programmer’s Guide is available free online.

Later, like the world and his wife right now, I want to be Rolling with Ruby on Rails. More at the Ruby On Rails homepage.

Then, learn some Javascript and tackle Ajax on Rails.

In terms of reference material…

The Ruby home page.

Ruby Central and the library reference.

RubyGems – CPAN for Ruby, I think?

Ruby Garden looks worth watching and has the Ruby FAQ.

And ooh, RubyForge.

That should be enough to keep me going for a while.

Hyperthreading crypto key vulnerability

So I guess everyone else has seen this already, but (for reasons stated in my previous post) I missed it until the latest RISKS Digest dropped onto my doormat. Anyway, it’s a nice example of a covert channel, and I was flailing around unsuccessfully for a nice example when I spoke about them in one of my Operating Systems lectures this year (poor preparation on my part), so I should bear this in mind for the future.

Security researcher Colin Percival recently (13 May) announced a security vulnerability caused by the combination of the Hyperthreading and shared cache features of Intel Pentium 4 processors. By carefully measuring the time required for instructions to execute in one thread while the other thread is performing a cryptographic calculation, the secret key can be determined.

(My emphasis.)

Here’s the paper (PDF).

Insightful comment at the end of the RISKS post:

The RISK here is a classic example of relying on underlying abstractions (the hardware memory model) to behave in an ideal manner, rather than understanding their implementations. Many security flaws result from the adversary breaking the veil of abstraction to look at the soft, juicy parts inside. Even when the higher-level model is perfect (or formally verified), the mapping to implementation can hide a multitude of sins.

Indeed. We computer scientists just love abstraction – it’s a powerful conceptual tool which allows us to build very powerful; but when you actually have to deal with reality, rather than some mathematically ideal space, everything suddenly gets very messy and the thick straight lines you drew between the layers turn into fuzzy fractals instead. Or something.

Solipsis: p2p virtual worlds in python

Yet another interesting-looking python project I don’t have time to get into: Solipsis – “a peer-to-peer system for a massively multi-participant virtual world“.

It seems to be pretty much “framework” status, however, so I wonder how much lifting would be required to do anything useful or impressive with it. “ Solipsis is a public virtual territory. The world is initially empty and only users will fill it by creating and running entities. No pre-existing cities, habitants nor scenario to respect…” Ah well, one to file away for possible future student project material, anyway…

Encryption with Python

Encryption with Python, including a nice little bit of flamage, and a link to the Cryptography FAQ.

Also interesting: Beautiful Soup, a Python HTML/XML parser which “won’t choke if you give it bad markup. It yields a parse tree that makes approximately as much sense as your original document. This is usually good enough to collect the data you need and then run away.” Nice.

Hacking proximity cards

An important aspect of security is, of course, physical security. So note ye well these notes on hacking proximity cards [robot]. It’s worrying how simple all this stuff is… Once again we see that just because some technology is widespread or ubiquitous, that doesn’t mean it’s actually at all secure. Sure, a certain amount of effort is required to break these mechanisms, but someone will go to that effort. The trick is to design systems where the amount of effort is astronomical and uneconomical.

The Tory Programming Language

One for the low-level junkies (and yes, you are junkies): the Tory programming language [simon].

The following example loops endlessly, outputting the ascii values 0 to 255:

We will spend more on hospitals!
We will jail anyone not in jail already!
We will spend billions limiting immigration!
We will deport anyone we can deport!
We will abolish schools!


Python notes by Andrew Dalke

Python notes on statistics, parsing, and screen scraping. Ah, the hell with it: lots more good notes in the diary – something I should watch.

Python vs PHP

A “python vs PHP” thread on comp.lang.python.

CASL on Slashdot – kinda

Wow… CASL gets mentioned on Slashdot, albeit in a comment attached to a predictably religious thread on commenting your code.

DHTML/Javascript calendar

Linked for my pleasure, a DHTML/JavaScript Calendar [smallcool].

Continuations for Curmudgeons

Continuations for Curmudgeons [lambda].

Reading by the light of the palm

For reading text documents on my shiny newly-acquired Palm Tungsten C, CSpotRun, which seems really good, and notes/utility for converting to the right format.

Also, Coldsync Conduits, for syncing from Unix.

Using OS X as an NFS Client

For my future reference, Using OS X as an NFS Client.

Context Free Design Grammar

Context Free Design Grammar and some very pretty pictures [lambda].

NetworkX – “complex networks”, ie graphs, in Python.

NetworkX — graph creation, manipulation, rendering, and other funky stuff in Python. Looks like a nice toolkit for working with graphs, basically. Check the screenshots for “mmmm” and tutorial for “ooooh”.

(By the way, this is graphs in the “nodes and edges” sense, not the “plot y vs x” sense, for which, see gnuplot/ or (looks much better!) the pure python and very funkilicious matplotlib.)

Python course in Bioinformatics

Python course in Bioinformatics – an introduction to Python and Biopython with biological examples.

tinyurl considered harmful

Interesting observation: tinyurl considered harmful, at least if you care about URL-based phising attacks.

I’m a little late on the uptake here – didn’t read RISKS while at BCTCS or in China.

You smell lovely, gimbo, and other programming for kids links [python-daily].

Schneier on Security

Looks like it’s time I started following Bruce Schneier’s weblog

calc2latex, Mr B returns, and Colour Me DNR

calc2latex – OpenOffice macro for turning macros into LaTeX tables. Makes creating LaTeX tables a snap, apparently. Only one problem: you have to use OpenOffice. ;-)

In other news, Jorn is back.

In other other news, I have a strange urge to put a “Do Not Resuscitate” sign on my door.

IMAP in Python: imaplib

Discussion of/tips on imaplib, Python’s IMAP handling library.

Zooming demo of The Humane Interface

Zoomdemo – a large (8Mb) Flash demonstration of (part of) how THE, The Humane Environment should work. THE, now renamed “Archy” is Jeff Raskin‘s answer to all our HCI woes. Interesting stuff: no tabbing or linking, but lots and lots of zooming in and out. It’s not as smooth an experience as it should be because of limitations of Flash (it is just a demo, after all), but I like the way you zoom in on something then discover, sat next to it, a tiny something else to zoom in on later… [risks]

Tablewidgets in Python/tkInter

File under “could be useful to me some time”: python wrapper for TCL’s Tablewidget.

Google Maps

Holy crap on toast – once again, Google rules the world. [null]

Mozilla Calendar in Firefox continues to be rubbish

Mozilla Calendar in Firefox continues to be rubbish. I’ve been (reasonably) happily using Firefox quite some time now, and have been generally happy with it. I’ve also been using the Mozilla Calendar plugin for quite a while to keep track of my day to day activities. It’s almost usable. Sure, the rendering is pig ugly, and sure, it’s unresponsively slow, and sure, there’s no easy way to change which calendar file an event lives in (cut-and-paste seems to be the way to go, except when it decides not to work). But hey, it’s free, it’s early days and I guess I could live with those peccadillos.

Lately, however, I’ve wanted to share calendars with Bash, who joyously delights in the smooth love that is iCal under OS X every day. Cue research into setting up a WebDAV server and setting up remote calendars. It is, of course, easy to do in iCal and just works. It is, of course, a complete pain in the arse to do in Firefox and (so far) just doesn’t work.

There are pages online which tell you what to do. Their instructions don’t work, and in fact don’t match my experienced reality. Some of them tell you the subscription URL should start with “http://” not “webdav://” – wtf? Most of them tell you you’ll need to enter a username and password, but I never get prompted for one – wtf?

But the cardinal sin, the Unforgivable that is committed by Firefox’s Mozilla Calendar plugin, is this: it fails silently.

Here ye, students of code: failure must never be silent.

It is stupid and baffling that my experience is as follows: a) tell Firefox I want to subscribe to a remote calendar; b) give it a name and type in the URL of the calendar (eg webdav://; c) click OK; d) there is no further feedback, but I get a new calendar in my list – a calendar which contains no data; e) if I open that calendar’s settings, the remote URL is blank. In the words of “Jerry Springer: The Opera”, WTF? WTF? WTFFF?

OK, so I just upgraded both Firefox and the Calendar plugin to the latest version. The only change I see is that everything’s running even slower.

Why is it the fate of web browsers to bloat until useless? I thought Firefox was supposed to be lightweight? What reason is there for its terrible performance? How is it supposed to take over the world on that basis?

If anyone can tell me what I’m doing wrong, I’d love to hear it. Otherwise, I’m going to give the ludicrously pre-alpha Sunbird a try, but I don’t hold out much hope that it will be better, or indeed any different at all. :-/

What is this Linux thing?

What is this Linux thing? – TR sorts the odds from the ends. One for me to print for my Operating Systems class, I reckon, assuming I can persuade the person who owns the copyright. Oh, wait.

Cellular Automata notebook

Nice overview of cellular automata, via Will.

That’s just one tasty nugget from Cosma Shalizi‘s extensive and apparently ever-growing list of notebooks on various topics (complete with RSS feed).

Branches and tags in CVS

CVS Branch and Tag Primer, which I think will be an occasionally useful reference until I persuade certain people round here that subversion is better…

Interviewing at Google

A snapshot of what’s it like interviewing for a technical lead position at Google [smallcool]. Scary.

Hackers and Painters

Developers have much to learn from Hackers & Painters, a review of Paul Graham‘s book “Hackers and Painters”. Sounds like there’s lots of functional programming evangelism going on here, and it’s interesting to read that Graham asserts:

The programmers you’ll be able to hire to work on a Java project wont be as smart as the ones you could get to work on a project written in Python.

… particularly because I’ve heard that quote before, but it was Haskell that was being bigged up, not Python. All the same, it’s nice to have my status as a cognoscenti reaffirmed in public. ;-)

Lisp in Web-based Applications sees Graham expanding on what makes Lisp great, if you don’t want to buy the book just yet… There’s a particularly interesting bit about using closures to elegantly solve the problem of HTTP’s statelessness. Quote: “by using closures, we could make it look to the user, and to ourselves, as if we were just doing a subroutine call.” I’ve bolded the important bit: all web apps these days make it look to the user like you’re just doing a subroutine call, but to make it look like that to the developer is much more impressive. Sure, there are mechanisms in Java or whatever, but I love this idea of using closures: so much simpler and more elegant. (Here’s a nice explanation of closures, for the unsure.)

Finally, I disagree that “its hard to find successful adults now who don’t claim to have been nerds in high school”. For my whole life the world has seemed to be full of successful ignorant bullies and deceivers, and I don’t really see any signs of that changing. It’s a nice dream for a geek to have, I guess, and I can see how rising to the top during the dotcom bubble would surround you by enough successful nerds that you might think it was even true.

But who cares about the iniquities of the world when we’ve got shiny shinies like Haskell and Python to play with, eh? :-)

Bugs! Get ‘em!

The ‘Ask Tog’ Bughouse, a list of the most common/persistent/annoying bugs bugs in computing [risks].

In particular, we have The 10 Most Persistent Bugs (with “The macintosh dock”, listed as “confusing a demo with a product – more here) and the pandemic bugs (including, for example, “Double clicking”, “Non-resizable text boxes”, and “‘Please wait’ messages”, which comes under the principle “Thou shalt not bore the user”).

Fom the same RISKS post, we also have the following:

Security D’ohLTs

I’ve been watching security people for years as they’ve slowly increased the security of everything they can get their hands on until any idiot can wander in.

This must be borne in mind if they ever let me loose on teaching a security module:

The goal of security is not to build a system that is theoretically securable, but to actually make it secure! The universities, at least as evidenced by their graduates, are only interested in theory. That needs to change, and change now.

Also, The Airport Experience, written in October 2001 on the confusion of “inconvenience” with “security”.

I particularly liked:

A steel door with a kill zone behind it will stop this latest escalation in its tracks. Even the occasion crazy who manages to sneak aboard a knife is going to be in real trouble. The pilot, from the safety of the cockpit, will simply ask everyone to put on their seatbelt. Then the pilot will do a little flying like back when he or she was in the Navy. A few barrel rolls and the crazy will be on the ceiling, begging for the handcuffs.

Finally, I should perhaps mention that TR, whose opinion I respect, thinks this guy is an idiot. :-)

Project Crispy. No, wait. Project Papyrographic. No, wait. Argh! Choice overload!

About to publish your next super-marvy kick-ass utility written, of course, in python? Can’t think of a good name for the project? Then you need pyname – a list (three lists, in fact) of English words containing “py”.

What’s on my USB?

“What’s on my USB?” – super nifty Windows apps you can’t live without, unless you’re a smug French-coffee-drinking Mac User, of course, in which case maybe Bash can tell you what’s cool some time [gamma].

Rate My Network Diagram [act].

Unison: bidirectional cross-platform synchronisation

Andy’s neato app of the day is Unison, for bidirectional cross-platform directory synchronisation. I’ve always used rsync until now, but that’s a big pain if you want to be able to modify both versions of the data. So this is nice.

Found mentioned in the lifehacks log via via Oblomovka via found43. Too much good stuff on the interweb today.

Oh wow… It’s written in Ocaml! w00t!

Python Paranoia

Paranoia in Python. No, not the irrational feeling that just because python is dynamically typed it is to be feared – in fact, it’s a port from C of a text adventure game based on the beloved RPG of the same name. Remember, The Computer is your friend.

80 hour weeks at Electronic Arts

Any of my students considering a career in the games programming industry should read this to get an idea of what we mean when we say to them that “it’s very competetive” [null]. Admittedly this account refers to just one company, but there’s a reason why this company operates in this manner. :-)

The Implementation of Functional Programming Languages

The Implementation of Functional Programming Languages by Simon Peyton Jones is now available for download, about a month after I spent a good half a day photocopying Markus’ copy (mainly for chapter 5). :-) Great book, with the sweetest introduction to the lambda calculus I’ve yet come across in for the bargain. [lambda]

Swansea University to get “most powerful computer in UK”

Swansea University gets “the most powerful computer in UK”. At least, that’s what the Vice Chancellor called it in his email to all staff yesterday. If that’s really true then it boggles my mind that the University’s own announcement is only three paragraphs long, and finishes with “For further information on the launch, click on the banner on the homepage” with no indication as to which banner, or indeed homepage, is being talked about.

Update: the Clinical School’s announcement has much more detail.

Concurrency: the Next Big Thing in CS

The Free Lunch Is Over: A Fundamental Turn Toward Concurrency in Software [lambda].

Even if this article happens to not be on the money (only time will tell, and figure 1 looks dodgy if you ask me), it’s got lots of interesting things to say about hardware. The “space is speed” anecdote about the compiler is particularly cool and bears waffling about in a lecture some time.

We desperately need a higher-level programming model for concurrency than languages offer today.

Over the last year or so I’ve had a growing feeling that this might be the case. Not because of hardware, but because of my teaching and research experiences. On one hand I’ve been teaching Java, and realised that while multi-thread programming is easier than ever in mainstream languages (basically thanks to Java and C#’s built-in support for monitors), it’s still pretty clunky, and harder than is truly useful, because ultimately these languages still come from the sequential world. On the other hand, I’ve seen that plenty of people in the CS community have put a lot of thought into concurrency over the last 30 years, and it’s a field which isn’t running out of problems to be solved/ideas to be had. On the contrary, it seems we’re only now starting to get to grips with it. I’m not talking about our understanding of mechanisms such as threads, semaphores, and the aforementioned monitors, but rather the nuttier mathematical details of “what happens if…”, when multiple processes communicate. For example and in particular, process algebra… Now, this is a world I wasn’t aware of before I returned to academia, but it seems it’s starting to permeate into “the real world” – see the article above.

And then, mainly through reading lambda, I’ve learnt of the existence of languages (e.g. Erlang, Oz) where it’s is a (the) central concept. Admittedly, these languages look rather strange to my imperative eyes, but maybe this is the kind of thing we’ll be teaching in the years to come, which should add another interesting dimension to the perennial “discussions” on which language to teach first. Can’t wait. :-)

Boris Smeds vs The Evil Dr Doppler

Here’s an article with lots of interesting things to say about data communication, system testing, and the way modern space exploration works. I may recommend it during CS-244 Data Communication & Computer NetworksTitan Callinghow a Swedish engineer saved a once-in-a-lifetime mission to Saturn’s mysterious moon [risks].

In short: Cassini is at Saturn, and about to launch the Huygens probe into Titan’s atmosphere (splashdown 14th January 2005). The communication link between Huygens and Cassini was not thoroughly tested before launch. Some thoughtful engineer realised this might be a problem, and after some pushing against resistance, managed to test Cassini’s response to how they expect the signal from Huygens to look. Surprise suprise, Houston we have a problem. Turns out, the original engineers took account of doppler shift in the carrier wave, but not in the encoded data. D’oh! Problem is encoded in firmware, can’t be fixed after launch. Double d’oh! So instead, they’ve altered Cassini’s trajectory to eliminate the doppler shift. Hurrah for Boris Smeds!

Structure and Interpretation of Computer Programs

According to this thread, Structure and Interpretation of Computer Programs is a jolly good read, the spiritual predecessor of Concepts Techniques And Models Of Computer Programming. The advantage of SICP over CTAMCP is that whilst the latter is on my Amazon wishlist, the former is freeeeeeeeeeeee!

Also, Python is now available on Nokia S60 phones. And so it begins.

By the way, Gimboland got hit by comment spammers yesterday – I noticed about 20 minutes before going out for the evening. D’oh. Anyway, was a cool night but I haven’t fixed fings yet, so comments, like risoles, is orf.

And a little later… Right, comments are back on, but I have to approve them – what a drag. Had to upgrade to the latest MT to make this worthwhile but hey ho, hopefully that’s it for the spammers.

I’d just like to say…

I’ve been really getting into using pushd and popd lately (que?). Yay stacks.

Hone your tools

As I chopped firewood in the back yard a few minutes ago, I remembered a proverb I’d spotted on the glorious interweb some time during the last fortnight:

If you have a week in which to chop down a tree, spend six days sharpening your axe.

I thought I’d try to find some way to relate this to programming, but frankly it seems so obvious as to not be worth the bother. :-)

Ecks Em Hell

Reading this article about how Python is not Java, I laughed out loud (sorry, I LOL’d), at this misquote from Jamie Zawinksi:

Some people, when confronted with a problem, think “I know, I’ll use XML…” Now they have two problems.

Nice. Keep it simple, stupid.

But read the following comment about how, OK, in Java, XML is a Good Thing. But for my money, that’s more a comment on Java’s relative brokenness than XML’s utility which, as the man says, is basically good for one thing: portability of data. And hey, the Unix folks knew that all data should be represented as text to make it portable back in the sixties… :-)

And this says it all about Python:

To do this, become more demanding of Python. Pretend that Python is a magic wand that will miraculously do whatever you want without you needing to lifting a finger. Ask, “how does Python already solve my problem?” and “What Python language feature most resembles my problem?” You will be absolutely astonished at how often it happens that thing you need is already there in some form. In fact, this phenomenon is so common, even among experienced Python programmers, that the Python community has a name for it. We call it “Guido’s time machine”, because sometimes it seems as though that’s the only way he could’ve known what we needed, before we knew it ourselves.

Strong typing

Gimbo! Read this article about strong typing. (TR says it almost makes him want to learn ML, so it must be good).

Ooh, it’s all about the fact that Milner-Hindley type inference is w00ty. Excellent: Swansea’s finest at work…

Python interface stuff

I’m currently working on a laaaaarge and very complicated database system – a real beast. I think it’s about time I wrote some nice GUIs to help me wrestle with this beast… You know, drag myself off the command line and into the 1980s and all that. Naturally, I’m working in python, and since I’ve inherited some Tkinter based code, and it looks reasonable, I think I’ll try that out.

These things must be multi-threaded, because there are some very long-running operations taking place. Remembering I’d seen some good stuff online on this very task, I fired up the googlesaw, and found the following: A short example of Tkinter and threads by the venerable Fredrik Lundh, the classic (in that I’ve met it before, back in my Frontier days) Threads, Tkinter and asynchronous I/O from the ActiveState Cookbook (OK, I’m not exactly doing async I/O, but you could consider long-running database ops from that point of view), and finally (for now) a complete Python Tkinter sample application for a long operation, which pays attention to progress bars and the like.

Writing the words “ActiveState Cookbook” reminds me that I’ve got “The Python Cookbook” in dead tree form on my bookshelf. Maybe I should look at that too… Yep, there are a few Tkinter bits and bobs in there (and some database stuff I should probably check out). Groovy.

Bonus level, this looks cool: A Sinus Plasma, using Pygame. That takes me back to my Amiga days, when I used to watch these crazy colourful “demos” with swirly sine waves, the precursors of all the nifty visualisation plugins for winamp, itunes, etc. I always wondered how it was done – apparently it’s bloody simple. :)

Python goodie snippets

A couple of snippets from the Daily Python-URL digest: closures in Python, and object orientation isn’t everything.

Operating Systems in Python

More project ideas for next year: further to this post about writing an operating system kernel in Haskell, it looks like some crazy dudes are doing similar things using Python. Ladies and gentlemen, we present: Cleese, and the delightfully-named Unununium [python-list].

Apparently Cleese started with the idea to “make the Python intepreter a micro-kernel and boot directly to the Python prompt.”, but it doesn’t look like there’s been any movement there over a year, and hasn’t released any files.

Unununium looks interesting, and very much under development. The introduction states that components and a unified filesystem namespace (a la Plan 9) are key goals.

OK, maybe all this is too flakey and out-there for a decent project, but nonetheless, nice to know it’s happening.

Generating Python module dependency graphs

Generating Python module dependency graphs in three easy steps. Yay.

10,000 factorial in lisp

And now, in lisp, courtesy of the delightfully-named Sam Vevang:

(define (fact a b) ; where a is 1 and b is 10000
  (define (iter a result)
    (if (> a b)
        (iter (+ a 1) (* result a))))
  (iter a 1))

Sam tells me that when he runs this on the STK scheme interpreter, it gives the same result I got.

Man, I really need a commenting system, don’t I? :-(

Welcome to

Gimboland continues to turn into… Peter William Lount, editor of shows us how to do it in Smalltalk. Apparently Smalltalk’s been able to do this since about 1980. When I did my first degree, the boys doing straight Computing (I was doing Computing & Pure Maths, not gay Computing, by the way) met Smalltalk as their first O-O language, but alas I never had any serious exposure. The main impression I was left with was of every Smalltalk program being somehow an image of an entire virtual machine, which seemed odd and limiting but was probably neither (this was ten years ago, btw). *Shrug*

Moving on a few years, it had to happen, Daniel Berger wrote and told me how to do it in Ruby. He say:

Hi, I thought this might interest you. Here’s a “factorial” method in Ruby:

class Integer
    def factorial
        (1..self).inject { |f, n| f * n }

… and, with that in place, we can now do this:

10.factorial -> 3628800
10000.factorial -> really big number

Or, you could just do that as a standalone method, rather than defining it within the Integer class like so:

(1..10).inject{ |sum,n| sum * n } -> 3628800

Yes, Ruby handles bignums “out of the box”. :) Regards, Dan

Fair enough, though to my mind this is at least as esoteric as the Pythonic reduce-based method mentioned previously. Again, provided you know the semantics of insert, I guess it makes perfect sense. For my money the Haskell version is still the nicest, just because it’s closest to how a mathematician would naturally go about defining factorial. Smalltalk comes close – it looks the part, but there’s still some odd syntax there, IMHO.

This is great. What started out as a glib comment which at the back of my mind I thought was probably wrong but hey, no-one ever reads Gimboland so what the heck, has turned into a nice little thread… :-)

Any other takers?

Domain Specific Languages

For my later digestion, a raw dump of a number of bookmarks on Domain Specific Languages and Haskell: one, two, three, four (which has many more links). Thank you.

More on factorial in Python

More stuff over at tiddly-pom on the whole 10,000 factorial thing. Julian does a good job of pointing at me and laughing (rightly so, rightly so), and there are a couple of imperative approaches to the problem suggested, including one using generators – yay.

Of course, something I forgot to point out about Stephen’s reduce based solution is that it’s a functional approach, and so has more in common with what’s happening in the Haskell version than these imperative versions. Anyway.

Fast Easy Database Access with Python

Fast, Easy Database Access with Python. Idioms and tips for making SQL interaction that little bit less painful, that little bit more pythonic…

hOp – a micro-kernel based on the Glasgow Haskell Compiler

Wow… Potential third year project supervision material for next year: hOp, a microkernel based on the Glasgow Haskell Compiler, in which “experimenting with writing drivers in Haskell should be reasonably easy“. Funky as. [lambda]

Python still amazingly cool also

Oh, how quickly we forget. Or to put it another way, how stupid I am. Or to put it another way, what a fickle language whore I am.

Further to my recent joy regarding Haskell, Stephen Judd appeared from nowhere and reminded me that of course, Python also handles arbitrary-length integers “out of the box”. How the hell did I forget that?

In fact, he went one better and gave me a single line of Python for calculating 10,000 factorial, viz:

reduce(lambda x,y:x*y, range(1,10001))

Admittedly this is harder to grok than the Haskell version:

bigFac :: Integer -> Integer
bigFac n
  | n == 0 = 1
  | n >  0 = n * bigFac(n-1)

(at least, without knowing the semantics of reduce) – but it does also seem to run a bit quicker on my box.

Hurrah for Python!

Of course, this all just reminds me that I’m spending too much time lately thinking about theoretical computer science, and not enough time getting my hands dirty programming… :-/

Update 2007-01-26: Of course, the python version is not easier to grok than this alternative Haskell version:

product [1..10000]

Now that’s beautiful, as is the definition of product.

RISKS roundup

Stupid Security [risks] — chronicling the stupidity that passes for “stronger security” post-September 11.

Also: Internet attacks jump significantly this year.

… in the first six months of 2004 there were at least 1,237 newly discovered software vulnerabilities and almost 5,000 new Windows viruses and worms capable of compromising computer security. … Even more troubling was the sharp rise in the number of “bot,” or robot, networks, which comprise a large number of infected PCs that can then be used to distribute viruses, worms, spyware and spam to other computers. The survey notes that in the first half of 2004, the number of monitored botnets rose from fewer than 2,000 to more than 30,000. The botnets, which range in size from 2,000 to 400,000 “zombie” machines, are often “rented out” to commercial spammers who use them to distribute junk e-mail while concealing their identities.

Why Haskell is cool (again)

Why Haskell is cool (again). Over a year ago I was mucking around Haskell but didn’t get deeply into it. Today I picked it up again, and while playing around with tutorials did something which, in my geeky way, I find cool.

With four lines of code, and with no more knowledge than a beginner has, I was able to calculate 10000 factorial. (For my non-mathsy readers, that is, 10000 times 9999 times 9998 times 9997 … times 3 times 2 times 1).

This is a Very Big Number (it’s here if you don’t believe me), and until today I haven’t come across a programming language which can even represent/work with anything this large “out of the box”. I’m sure there are other languages which can – I just haven’t met them. It’s interesting.

It took about seven seconds to work it out. Nifty.

Erlang Tutorial

Erlang Tutorial (PDF) [lambda].

Eddie! Eddie!

The EDDIE Tool:

a system monitoring, security and performance analysis agent developed entirely in Python.

Looks nice: you can add extra rules which can arbitrary python expressions (and thus arbitrarily complex), and it does all the usual stuff you’d expect, such as SNMP. The author also suggests Pythonistas might find it interesting as…

an example of a threaded, multi-platform software package, providing easy access to system statistics and using Python’s power to offer a dynamic and programmable rules engine.

Well, I wouldn’t know about that sir.



a Python object database, offering an easy way to maintain a consistent persistent collection of Python object instances used by one or more processes

Neat, and if it’s lighter-weight than ZODB, potentially useful to me…


pyparsing — an object-oriented approach to text processing in Python.

Ping Wales launches

Ping Wales – Welsh IT News Online. Launched yesterday after much blood, sweat, and tears by a number of people close to me, most notably the wife… Anyway, God bless Ping Wales, and all who sail in her.

Where Python meets Haskell

Alex Martelli explaining how Python’s list comprehensions and (new and groovy) generator expressions relate to Haskell, and why Python doesn’t (in generally) do lazy evaluation. As someone with a foot in both camps, but no deep understanding (alas – yet) of what’s actually happening, this is pretty interesting stuff…

We have a winner

Oh, I love my wife. While all the rest of you were ignoring my pained cries for help on the virtual dekstop front, she was coming up with the goods. Ladies and gentlemen, we present VirtuaWin, which is wonderful because:

  • I can set the number of desktops to anything up to 9. Not dynamically, but that’s OK.
  • I can configure hotkeys for various features and in particular I now have my beloved Alt-1, Alt-2, etc. – joy. Also a hotkey for making a window sticky/unsticky.
  • I can install a third party extension module to display the (configurable) desktop name when I switch, which means…
  • I can turn off the system tray icon, so that most of the time the app has no graphical presence whatsoever.
  • It handles Excel correctly.
  • It’s free, and it’s GPL.

Those are the reasons why it rocks my world. It has many other options though, so if the above doesn’t sound good to you, lose not heart. For instance, if you like to flip between desktops by putting the mouse to the side of the screen (I don’t), you can tell it to do that. Similarly dragging windows between desktops. Etc. And generally it just “feels” very robust and well engineered. I’m very impressed.

Oh, it’s lovely. Happy Andy.

Virtual desktop woes

Are there any decent virtual desktop programs for Windows XP? I need the following: a) it must be discreet – preferably no graphical presence, although if it puts something in the taskbar/notification area which I can hide, that’s OK; b) it must have hotkeys for switching between desktops, and preferably they will be configurable (I want to use Alt-1, Alt-2, etc. as in Ion on Linux); c) when I switch away from a desktop and then back again, it should restore everything as it was when I left it; d) it’d be great if you could dynamically create and dispose of desktops, as in Ion, but I expect that’s asking too much and I’ll have to be happy with a fixed number (say, 4).

Now, I don’t think that’s too much to ask. Unfortunately, it seems almost impossible to find anything to satisfy just a), let alone anything else.

I used Microsoft’s very own Virtual Desktop Manager “Power Toy” for a while (can configure it to show only one small icon in taskbar – acceptable), but it fails badly on c) – open Excel, switch to a different desktop, switch back and viola – Excel’s toolbars and menus have disappeared, never to return. Googling for this issue led to a couple of mentions, but no solutions.

So I tried Jeremy Stanley’s VDM, which satisfies a) perfectly (-h on the command line hides it completely), and more critically avoids the Excel problem provided you also specify -a on the command line. Unfortunately you can’t reconfigure the hotkeys (it’s Ctrl-Alt-n instead of Alt-n, boo hiss), and worse, it doesn’t always restore windows to the right depth order, so you often end up with the wrong window on top. Alt-tab boredom. More boo hiss.

Someone must have solved this problem properly?

ASCII banner generator

Something I want to bookmark: ASCII banner generator.

Candygram for Gimbo!

Candygram, “a Python implementation of Erlang concurrency primitives”. Ooooooh.

With Candygram, developers can send and receive messages between threads using semantics nearly identical to those in the Erlang language.

Interessant. Very informative FAQ.

Let’s hear it for Firefox

I finally ditched Opera in favour of Mozilla Firefox and (about two weeks later) I can definitely say it’s absolutely fantastic. Earlier Mozilla versions have always seemed too slow and clunky for me, but Firefox is definitely up to speed, looks good, and works well.

I’m particularly impressed by the extensions mechanism… I’d heard that Mozilla was not so much a browser as a platform upon which programs (e.g. browsers) can be written, and that seems to be borne out here. From what’s available, it seems that it’s fairly straightforward to write extensions which range from fairly trivial UI tweaks (e.g. close tab with double-click) to complex apps in their own right (e.g. the Sage RSS aggregator, or the Mozilla Calendar extension). This wide range (and the fact that these things seem – mostly – to work), speaks to me of good design.


Seems to be a bug in the Linux version (or at least mine), where the fabulous add search engines feature, allowing me to have a single box in my address bar which can do google, wikipedia, imdb, etc., etc. searches, doesn’t work. I can go through the motions to add searches, but nothing happens. Works in Windows. Bah. Like the question of whether the Pope is a Catholic, I’m looking into it. (Update: fix here, namely change permissions of /usr/X11R6/lib/firefox/lib/mozilla-1.6/searchplugins/ .)

The window giving me a view of which extensions I’ve all ready installed is horrendously slow. No idea why, but this seems to be one part of Firefox which has inherited the speed problems I used to see everywhere on Mozilla. It just takes forever to scroll, basically.

Not many annoyances.

Some groovy tips: a whole thread of tips here, which included a pointer to a load more tips on, including one of my wishlist items: remove the close button from the tab bar (since it’s redundant). Change the width of the Search Bar – yay!

So yeah, Firefox. It’s good.

PS: Oh, except that I really miss Opera’s wand feature (for automatically filling in userids, passwords, etc.). Nothing I’ve seen so far in Firebird comes close.

Languages for pi-calculus

Ignore this post unless you’re me and it turns out that yes, I have ended up looking into this (which I might or might not)…

Via this discussion at lambda, some stuff about programming languages supporting the pi-calculus, in particular a PDF paper on PiLib: A Hosted Language for Pi-Calculus Style Concurrency, and Pict, “the canonical example of a Pi-Calculus language”.

SCons – python-based Make on steroids


an improved, cross-platform substitute for the classic Make utility with integrated functionality similar to autoconf/automake and compiler caches such as ccache

… written in Python.

Handling .tar.bz2 tarballs in python

I’m sure this will come in handy at some point in the future: how to handle .tar.bz2 tarballs in python. I’d probably have just used popen2() and called tar and bzip2 directly otherwise…

PSF seeking grant proposals.

Note to self: The Python Software Foundation is seeking grant proposals. Ooooooh. Being paid to do cutting edge research work in python – the Gimbo academic dream! Pesky MPhil will have to be dealt with first, however, methinks…

Bluetooth security flaws

Your Bluetooth phone is a security risk [risks]

Then, German researcher Herfurt developed a program called Bluebug that could turn certain mobile phones into a bug to transmit conversations in the vicinity of the device to an attacker’s phone.

Yay technology.

Tasty Nuggets from the Programming Front

Several tasty nuggests from Lambda the Ultimate, which I’m enjoying immensely:

First and foremost, not only is there a shell named after my wife, there’s now also a programming language which happens to look rather zarjaz, and might actually persuade me to give Mono/CLI/CLR a look [lambda].

Next, here’s a paper on crash-only software [lambda].

It is impractical to build a system that is guaranteed to never crash, even in the case of carrier class phone switches or high end mainframe systems. Since crashes are unavoidable, software must be at least as well prepared for a crash as it is for a clean shutdown. But then — in the spirit of Occam’s Razor — if software is crash-safe, why support additional, non-crash mechanisms for shutting down?

Finally, an interview with Knuth (from 1996, think I’ve read it all ready) [lambda].

Richard Feynman and The Connection Machine

Richard Feynman and The Connection Machine [lambda]. I’ve been casually meaning to read a biography of Feynman for a while – he sounds like one hell of a guy. Cool picture, too.


iCalShare – just over a thousand iCalendar format calendars for you to download into iCal, Sunbird, whatever… It needs more categorisation in my opionion, and, well, quite why anyone (even my brother) would want to know all of the dates of the latest Yes tour is beyond me, but there you go.


One of the things we study in the Operating Systems course I teach is the Morris Internet Worm. It’s a nice story, but perhaps a little old, and although I’ve spoken about more current exploits, worms, etc., I think I need to include some newer material actually in the notes. The Witty Worm I mentioned yesterday is one candidate, and oh my, here’s another [RISKS]. Hell, in any given month there are probaby a few good candidates…

In the same issue: a reminder of the uselessness of Security Through Obscurity, and it’s bigger, better-armed brother, Security Through Legislation; also, why Caller ID is broken under Voice Over IP.

RISKS is just the best – I can’t believe I’ve been unsubscribed for so long (over a year). It’s scary to read about the scale and repetition of all these problems, then slightly reassuring to realise that intelligent people are paying attention, then deeply troubling to realise that mostly, the people in charge and the people at the sharp end simply aren’t listening or don’t understand.

Exciting things in the world of web programming

This (which I was looking for last night – see below) plus this equals potentially interesting times ahead.

Executive summary of speclation contained therein: Programmers are leaving the Microsoft platform (and not adopting .net in the required droves), because web applications are a much more hospitable world for third party developers; the problem with web applications is that they don’t have the marvy user interface capabilities of conventional desktop applications; now along come Apple with some HTML extensions enabling javascript (i.e. easy) and safe operating-system-friendly ways for web applications to draw directly to the screen in beautiful and flexible manners and we suddenly have a mechanism for funky-ass interfaces delivered over the web. Possibly. If it happens. Oh yes, and Apple have teamed up with Opera and Mozilla over this, so it’s us (the aforementioned) vs them (Microsoft and Internet Explorer), only this time we’ll be creaming their asses. Possibly. Yay!

Robot Baby Rampage

A miscellaneous collection of cool stuff I either came across while looking for something I saw a while ago and now want to tell you about but can’t find, or came across a while ago, for some reason didn’t blog then, and have just come across again… (It does parse, honest – keep trying.)

Bruce Schneier’s analysis of the recent Witty Worm is a scary insight into the kind of crap we can expect to kill our networks from now on [gamma]. Something for this year’s Operating Systems course (chapter 9, “Security”).

Witty was wildly successful. Twelve thousand machines was the entire vulnerable and exposed population, and Witty infected them all — worldwide — in 45 minutes.

Zulu Family Sues Disney Over “Lion” Song [act]. Bash has a copy of the original recording, “Mbube” (Zulu for “The Lion”) on this compilation, and very cool it is too. Recorded in 1939, I think he certainly gets first dibs. I suppose it’s out of copyright now (?), although aren’t Disney guilty of ridiculous feats of copyright extension in their efforts to protect their revenue streams? Which is nicely ironic. So they’re suing for 1.5 million dollars, about 9 million rand, which is probably enough to buy a large chunk of Durban. ;-)

One for an algorithms course: Sorting Algorithms demonstration applet, which is very cool indeed at getting across why quicksort is so much better than bubblesort, for instance [gamma]. :-)

MD5 hashes are getting cracked [via act, although apparently also via slashdot so I guess I'm the last to know].

At the moment we can crack md5 hashes in this character range: a-z;0-9 [8] which means we can break almost all hashes (99.56%) which are created from lowercase plaintext with letters and/or digits up to length of 8 characters.


“Asterix collection” latin quotes translated to English [act]. I will keep it close next time I read these marvellous books…

As you can tell, I’ve been reading Advanced Combo Tricks a bit lately. It’s good, if pig-ugly. OTOH Gimboland is long overdue for a style update so who am I to talk?

Our lungs are dumb. Special air,please.

When I find the time to learn Ruby, I will do it at why’s (poignant) guide to Ruby, for the simple joy of learning a new language via the medium of cartoon foxes. And I will buy the t-shirt [null].

Random quote from sidebar illustrating general bizzar-o-ness of guide:

You could make it seem like I did tons of drugs. Like I was insane to work with. Like I kept firing people and locking them in the scooter room and making them wear outfits made of bread. Yeah, like I could actually be baking people into the outfits.

« less retromore retro »