Musings of a professional geek
November 5, 2013Posted by on
[Language Warning, sensitive folk will not like the words which follow...*]
While flipping through SlashDot I found a link to Programming-Motherfucker, a satirical manifesto for coders.
Initially I thought it was clever in a snarky “vent their frustration” kind of way. Dev folks frequently get frustrated and seeing something like this might help them keep calm and carry on.
Then I got to reading the site and it is actually be useful. At the moment it derides and talks down the tasks peripheral tasks to the coding, which is kind of a shitty approach but given the target market for developer snarkiness it is acceptable. Preaching to the converted is always easier. That said, by also providing guidance (i.e. not a manifesto, but a link list) for how to code better there is real material to be found within the questionable wrapper.
So as satire, its a good 5 second gag and might realise some value to vent frustration. As a manifesto it is not so much.
If you are a frustrated dev (or a closet try-hard frustrated dev like me) then it might be worth a laugh.
If you are looking for a jump point on how to start learning to code a language from the perspective of a developer, then this is an excellent start. My advice is to totally ignore the blunt manifesto aspect of the site and seriously look into he links and the associated technologies. There are some cool things hiding in there.
* perhaps having a warning of strong language on my blog is a little late or silly, but I can still see the trees in the forest of internet language, and sometimes it is better to say upfront that the blog content will be harsh. Especially if somebody actually click the links.
October 30, 2013Posted by on
This is how I think most website help is written. I know it isn’t true, but Abstruse Goose » Arithmetic for Beginners’s comic resonates profoundly. Kudos sir.
October 30, 2013Posted by on
Across the three blogs that I write, there is a steady stream of spam comments. Anything from 5 to 200 comments a week which are never published, as they go straight to the spam bin. That is entirely normal for blogs. What I find odd is that it seems the same set of spammers are using automated systems to write clearly junk messages, and despite the fact that none of those messages ever get approved as comments they continue to send them.
For years I’ve seen the same junk arrive in the spam queue, and none has ever been published. I don’t even regularly view the spam comments as (a) it is filled so full of junk that finding a false positive is hard, and (b) I’ve never found a comment that was a false positive in all my years of blogging. A cynic might suggest that the real comments are too low; heh.
For me the spam queue is a funny odd place I visit periodically (once or twice a year) to have a laugh about how poor their systems are, and how good the WordPress spam filter is. It is regularly automatically emptied after a month, so it has a zero maintenance effort.
Why do they bother? Why can’t they learn?
I guess it is due to the fact that sending a spam message to a blog costs almost nothing. Principally once the scripts and URLs are loaded a spam engine could sent garbage through-out the internet with no real cost except the outbound data cost. Piggy-back that cost onto some other bulk subscription and its the same argument as spam email: if you “fool” one person in 100 million, then the cost is justified.
What a shitty system, and what an equally terrible model to try and make money.
If the system is more about trying to get back-links to create some sort of page rank then they’re really barking up the wrong tree trying to leverage from my blogs. Heck, I’d guess my blogs would be amongst the most obscure corners of the Internet.
- Why don’t they upgrade and actually make a more intelligent system which spends more energy/time targeting the soft targets, and strays clear of the harder ones?
- Include a check for the comment key phrase on the page where it is made. If after 100 attempts and zero positive links, then stop creating the spam to that server for a while.
- Why is the content so obviously junk when you quickly cast your eyes over it. If the goal was eyeball exposure or to try and fool somebody into clicking then almost all the messages need a grammar and spell check. This junk must be coming from an engine, so have some pride and spell check your work a little.
I could see a system which trolls the internet looking for regular content updates as valuable to them. If the same system also did a verification check for a useful back-link then you’ve found a great little site where the admin is asleep at the wheel, or thinks any traffic is good traffic. The basic logic of how to run a good exploit is not even being used, and that is a good thing, but it also kind of frustrates me.
Heck, if the spammers could click the right links then some of the pay-per-click fee systems might self-implode in a huge waste of money. The scammers get spammed and create self referential pits of useless comments and content.
Perhaps this is an opportunity for a better comment spam system. I’d not ever want to create that software as ethically I think that is worse than putting gambling ads on pension slips. How in hell do you even market software to spam people? …
In an ideal world the rest of the Internet could get on with what we’re up to, and only have to concern ourselves with the background hiss of the wasted bandwidth from all the re-posts and never-read-comments buzzing through the routers.
Not a bad thing at all I guess.
October 17, 2013Posted by on
The mighty SlashDot has a post about the Random Number Generators that come supplied with the Linux OS may not be random enough, or specifically may not emulate entropy well enough*. As I find RNG in programming to be darn interesting (also know as PRNG – pseudorandom number generation, because you know it can never be really truly random) I’m sharing it here so I can ponder it and thrash it out.
As a fan of this stuff the /. post page is wonderful. Arguments back and forth, supposition and analysis on the arguments and allegedly brutal attacks between Linus and the community, and the fall out when cooler heads prevail. It is a great example of the online debate that happens around the open source community, where we can actually read for ourselves and appreciate the breadth of the impacts and discussion. The impacts from the choices made in the development of RdRand, vs /dev/random and /dev/urandom are very important within the scope of PRNG, but they are also a very small part of the overall Linux kernel, such that the scope of change and the community based observations can be consumed.
I love it for the fact that it is a debate amongst a niche community (relative to the Internet) where passions drive separate and disparate goals. Here is a bit of info and a quick meandering.
As the header in the SlashDot article quotes from the source article:
“As a followup to Linus’s opinion about people skeptical of the Linux random number generator, a new paper analyzes the robustness of /dev/urandom and /dev/random . From the paper: ‘From a practical side, we also give a precise assessment of the security of the two Linux PRNGs, /dev/random and /dev/urandom. In particular, we show several attacks proving that these PRNGs are not robust according to our definition, and do not accumulate entropy properly.
These attacks are due to the vulnerabilities of the entropy estimator and the internal mixing function of the Linux PRNGs. These attacks against the Linux PRNG show that it does not satisfy the “robustness” notion of security, but it remains unclear if these attacks lead to actual exploitable vulnerabilities in practice.’”
It is ponderous to think of how random and how entropic a PRND process has to be when shipped with an OS. I can follow that the best possible solution should ideally be used, but can also see a point at which the degree of randomness/entropy desired is provided by a range of tools; and perhaps for most installations that vulnerability in the RNG’s breadth of entropy is actually fine. Meaning – how random does a media box for a TV need to be? I’d start the analysis with a purpose in mind to keep to the best of the communities use for the OS, and consider the edge case where a specialised implementation might be performed anyway, which renders the default delivered in the OS package somewhat moot.
i.e. A server running primarily as a file server, or providing innocuous functions probably needs very little in advanced RNG as it has very little Crypto base tasks to perform. Sure there might be a few impacts which are less than perfect around the edges, but not many. Conversely a system which is being depended on for very high security functions or transactions does not want a vulnerability which could be exploited, or a value which could predicted.
If the default OS packages have a security flaw inherent rather than a point of vulnerability in their implementation then that is fixable. The debate and banter really got into high gear in the comments when the specialists joined the discussions.
The debate also breached the possibility of some of these tools for randomness having vulnerabilities which were either exploited by, or designed by the American NSA. Respectfully it is an discussion that I find distracting at best. If the community can not find over time the vulnerabilities in the code, be they either intentional or not, then the experiment has failed. In truth so far, the experiment is working. At least from where I am sitting looking at the body of work for Linux, and all the derivations.
Firstly, what in hell does the entropy have to do with the random numbers in a program?
If I understand it (which is questionable) then the entropy as in use by an algorithm needs to be sourced so that it is not predictable. This is not “entropy” meaning “decay”, this is “entropy” meaning “unpredictable”.
How random does a program’s RNG need to be?
For me, a 1 in 1000 generated number range being guessed correctly 1 in 200 times shows a problem. That is not a huge problem if app itself is just a toy, but in a commercial product I think that can be considered undesirable. This is the range of random that one of the default tools in the Linux distro potentially could create if an attack was performed and it was not setup correctly. I think that is a narrow attack probability, but it is there.
Like everything else in IT, the context of use is really critical to how severe the impact is, and how much work is invested to getting to a better result.
i.e. N 1 to 1000 can be correctly guessed roughly every 200 attempts – that is poor. I guess that 1 in 200 is really low by layman’s standards, but exceedingly high by crypto and pRNG standards.
A chance of guessing a 1 in 1000 number being 1 in 1000 is obviously darn reasonable, and not an issue at all. Another part of the setup which can sometimes be performed incorrectly (especially in Windows based apps using the default RNG functions) is when the app is not seeded properly.
I found this a long time ago when writing a simple dice roller program where my seed value was going through a small algorithm, but about a third of the time the result was the same. This meant that it was likely (1 in 4) that the app would have the same result for the first “random” number. Not sufficiently random at all. My implementation in this case was the problem, which I fixed, but it did get me thinking about how better to do it.
I’m still pondering and reading. Read more of this post
October 3, 2013Posted by on
I’ve recently taken the plunge to update from IOS6 to IOS 7, and then 7.0.2 (or whatever the patch version was to fix the security hole). The experience of doing the update was kids stuff, and worked without issue. That is not to say that my experience from that point forward has been wonderful.
Instead I’m bemused by some of the choices the designers and product managers made.
Overall – I’ll adapt and accept it. Meh.
I’d probably be happy any phone or tablet device at this stage, as long as it has the apps I regular use:
- phone, contacts, calendar, notes, etc
- books and pdfs without DRM lock-in
- multiple email account support
- browser, video/youtube, podcasts, music, camera
- social media apps
- rss, weather,
- wow auth app, and logs app
- flashlight, calc, timers,
I think a few users will be frustrated by change, but those users are typically frustrated by most changes in tech gear. I can accept the changes as attempts to improve and move forward. By comparison I think this update is leaps ahead of most Windows OS updates in presentation and design.
As much as it makes me sound like an Apple apologist – I still like the overall features.
July 31, 2013Posted by on
How would you feel living in a rotating skyscraper? This proposed building in Dubai is about as strange and mythic a building I’ve seen which also is supposed to be functional.
- each floor can rotate 360 degrees each 90 minutes,
- controlled via voice commands by tenants,
What I love is the idea that no particular part of the building is permanently facing a cardinal direction. Our house is primarily south facing which means we get little light through it. I think if the house rotated even every week it would be an incredible change in the way we live. If this actually gets built I’d love to read commentary from the inhabitants of the building to see how the rotation was used, and what unexpected experiences they had.
I’m a little suss on the power and mechanics needed to make this happen, especially as the floors are to be controlled independently from each other. The other odd feature is the idea of using voice commands. I get that it makes some things easier, and perhaps these will be intelligent enough to understand complex instructions.
“Rotate faster”, “Face the north”, “match the next floor”, “offset downstairs 90 degrees clockwise”…
The engineering required to do that is totally beyond me at the moment. What do you use to do that? A linked rotating core downward through the building, which is broken into segments at each floor? Each floor must be on a very structurally sound independent plate, and the torque and load limits must apply.
Can I put a grand piano and pool table out on the edge of my floor and hope that it does not tip downward over time?
Laughing Squid pointed to the article – Proposed Dubai Skyscraper Features Independently Rotating Floors Operated By Voice Command.
June 25, 2013Posted by on
A billion-pixel image of most things is likely to be wasteful. Not Mars, mars is bloody cool. But then what geek does not like images from another planet, taken by remote controlled robots, by nerds, in huge resolution? It’s frigg’n Mars people.
Billion-Pixel View From Curiosity at Rocknest. Coming soon – Streetview.
June 16, 2013Posted by on
I liked this, although the idea of keeping something secret while using facebook is ironic too (source).