Fun Flash music toy, the Dub Selector. There are six different dub machines to play with. I really like this genre of music toy. [Metafilter]
So no, my DSL doesn't always work. Running loopping to ping every 10 seconds, I've had seven DSL outages in the past four days.
Outage for 360 seconds started Sun Nov 18 12:03:34 2001
Outage for 50 seconds started Sun Nov 18 13:24:00 2001
Outage for 90 seconds started Sun Nov 18 18:56:25 2001
Outage for 100 seconds started Sun Nov 18 21:32:55 2001
Outage for 40 seconds started Mon Nov 19 08:19:43 2001
Outage for 50 seconds started Tue Nov 20 21:10:13 2001
Outage for 900 seconds started Wed Nov 21 01:59:12 2001
In Europe, poultry has flavour - chicken is actually yummy! In the US our birds are bred so much for industrial processing that they have no flavour, just like oranges and tomatoes. Great article in the New York Times about this, The Hunt for a Truly Grand Turkey, One That Nature Built.
I'm writing my O'Reilly talk into an article, and I'm fanatic about my images looking good. See how nicely centered and anti-aliased that little picture is? I use xfig to do vector graphics, fig2dev to convert to PNM, then netpbm to scale the images nicely. But netpbm was missing a tool to say "make the image this size by padding it on all sides" (pnmpad isn't that smart). So as a procastrination tool, I wrote up the ugly shell script pnmpadtosize. Unix at its best!
PacBell DSL seems to be dropping my link every day around 10am, for about 5 minutes at a time. So I wrote loopping, a small Perl script that pings my link every N seconds and notes failures. Yeah, trivial hack, but it always takes longer for me to do these things than it should.
Kevin Poulson on dark address space: parts of the Internet that can't find a route to each other. Result is by Internet researcher Craig Labovitz, although I can't find this paper. Some hints by Poulson that this could be related to folks hacking Internet routers to make safe spaces for themselves. Fun stuff. [RobotWisdom].
Way back when, the Internet was only 30 hosts wide. That is, the time-to-live field on packets in the common TCP/IP implementation was set to 30. If two hosts had more than 30 hops on their route, they couldn't talk to each other. The Internet grew bigger than a diameter of 30 sometime in 1992 or so, and all those TCP/IP stacks had to be updated. I think most stacks now set the TTL to 255, the maximum.
Writing installers for Windows packages is a pain in the neck. The commercial packages don't work well and have these funky proprietary scripting languages for the install script. A better alternative may be the Nullsoft Installer, used mostly in WinAmp related programs. Free software, simple and workable.
I'm working on buying a house. Everyone told me how much of an advantage it was, but I never really understood it until I built a spreadsheet to test it out. For instance, if you put 20% down on a $300,000 house your monthly payments are about $2000, but after you count the tax advantage it's really more like $1300! Crazy.
Crop circle research has been an amazing site for a long time, deeply detailed analyses of people who want to believe. There's a wonderfully detailed analysis of a formation near Arecibo, which a remix of the 1974 message SETI folks sent to the stars. Photo to the far right is originally from Lucy Pringle's crop circle photography.
Disturbingly (in)appropriate for the time, but Flight 404 is a poetically lovely Flash work about the thoughts of people on a doomed (fictional) plane.
Fun little utility, http://surfraw.sourceforge.net/. Command line tools that know about web service sites, so you can run google Pixelvision from the command line and have it do the right thing. He has little scripts for about 20 sites. The big drawback is it just invokes lynx; I'd rather it used wget, scraped the result, and formatted it as domain-specific text. Hmm, sounds like a good hack. (PS: I love Debian. I just typed "apt-get install surfraw" and away it went, like magic.) [sweetcode]
I've picked up the new game Civilization III, which has the exact same horrifying addictive qualities as its predecessors. The best fan site seems to be CivFanatics. The forums even had a fix for the ugly font bug - remove the Windows installed copy of LucidaSansRoman. [Memepool]
So someone hacked Passport. Pretty bad, too.
By cobbling together a handful of browser-based bugs with flaws in Passport's authentication system, Slemko developed a technique to steal a person's Microsoft Passport, credit card numbers -- and all, simply by getting the victim to open a Hotmail message.
Pixar has made their short films available on the Web. A complete history of film-quality 3d rendering in seven easy downloads. [Slashdot]
The Register has some details about MessageLabs. About $.66/user/month for spam scanning, about $2.20/user/month for virus scanning. MessageLabs claims they have over 500,000 users, so that gives a revenue estimate of at least a million dollars a month. Not so bad, although I bet their operations are expensive. I wonder how well their service really works? There's a lot of value in centralizing this kind of filtering.
Graphs of Virus Activity published by MessageLabs, a company that scans email as a service. Interesting to see what's in the ecology.
There's an editorial on Advogato with more concern about SourceForge's long-term stability. Good comments - a reply from the SourceForge manager himself, also some info on alternatives: Savannah (GNU), Tigris (collab.net?), and BerliOS (GMD Fokus). Also lots of reports of ad-hoc arrangements people make.
My little home Apache server is overwhelmed by log entries from various virus attacks - Nimda, CodeRed, etc. It's tiresome. If you edit Apache's httpd.conf and replace your old CustomLog entry with this stuff, the logs go somewhere else. It looks like the Debian Apache package will even rotate the new file for you, I'll see in a week.
SetEnvIf Request_URI (cmd\.exe|root\.exe|default\.ida) attack
CustomLog /var/log/apache/attack.log combined env=attack
CustomLog /var/log/apache/access.log combined env=!attack
Discusson on Slashdot on VA Linux taking the "Linux" out of their name. Much pessimism, probably well placed. I can't help but feel that VA is an example of a VC-backed firm cynically going public before they had a stable business figured out. Now the company seems hinged on SourceForge, which is a great free service but as a product? Beats me, but I'd think Collab.net is in a better position in that market. They've been doing exactly this for a long time.
The Register reports that Kuro5hin is already being booted out of the VA/OSDN family. All those open source projects hosted at SourceForge better be sure to have copies of all their files, and a plan for moving if they need to. Are there any good alternatives?
Fun web site, the halfbakery. A place for people to post their wacky ideas, other people to comment on them. Fountains that flow up, flags to mark parking places, "uncooperative supercomputing" (steal those cycles!), and web based web browsers. The site is very slow, so patience is required. Ponder.
Shame on the New York Times for publishingVeiled Messages of Terrorists May Lurk in Cyberspace, an oversensationalized story trying to make the case that steganography is in use all the time on the Internet. Sources in the NYT story refuse to reveal anything about methods or results, and yet are cited as proof that 0.6% of images found contain hidden messages. The article does finally get around to Niels Stovos' excellent work, the one bit of recent published research in steganography detection. He's analyzed over two million images on eBay and found not a single message.
Let's see, who are you going to believe; the CEO of a startup that needs military funding to survive and won't let you evaluate his work, or a grad student who publishes all his methods and results?
The NYT today covers the history of science in Islam. While Europe was deep in the dark ages, the Islamic world was busy translating the Greeks and creating the fields of astronomy, mathematics, and medicine, just to name a few. Nice to have a reminder every once in awhile.
Brewster is a nifty Windows shareware screensaver that simulates the physics of a kaleidoscope. Nice anti-aliasing, too.
One of the things I've learned is that RPC by itself isn't enough to build reliable distributed systems, particularly on the Internet. SOAP + WSDL is interesting because it doesn't just mandate RPC, it can do other things, too. Most people are missing that. I wrote up some of my thoughts on this as an email to the simple web services API group.
Justin Chapweske steps up to bat with a draft idea he calls "the content addressable web". The core idea is to improve the experience of getting big things from the web by naming resources by pointers to the resource, not the resource itself. Then you can have a transparent way to mirror resources. For an added bonus, those pointers can include secure hashes of the contents, so you know you got the correct data. Using URIs this way isn't entirely a new idea, but Justin's version is good.
I'm concerned that we'll never get to a web using "better URIs" to identify resources. We've been running around this idea for eight years, and still nothing. Justin's approach has the virtue of being simple and incremental. For more, see the discussion on the decentralization list.
It struck me that there's one more big risk that MS is taking with .NET. Will that consumers really pay $25-$50 a year? If it works, then someone will finally crack the nut of getting people to pay for things on the Internet. But Microsoft is taking a huge (and uncustomary) risk in trying to be the first to make it work. As a developer/user, I feel they're already making mistake in charging developers for access to My Services. How will ordinary consumers feel?
Obvious counter-strategy: build a totally free alternative service. Plan to give it away the first few years, then either start charging (the Salon model) or monetize the service some other way (the MSIE model). This strategy is high risk, and currently unfashionable. But companies like IBM, Sun, and AOL could afford to do it.
The funny thing is I like the idea of MS charging for My Services. It puts the expectations in the right place; my service belongs to me, I pay for it. I hate the way most "free" services take their toll in turning my data into a marketing channel. MS has promised not to do this. If someone follows with a free version, they should give the same protection to consumers. Maybe this is a pipe dream.
Teach me to report speculation on a mailing list. The report that an HP printer was notifying the FBI of something has a simpler explanation; maybe someone's attacking the printer's web server with forged IP addresses, it's responding, and one of the forged addresses just happened to be an ifccfbi.gov. More info on the cryptography list.
Great article by Andy Patrizio of Wired News (referenced on Slashdot) about fans remaking classic old games like Ultima and The Bards Tale: Gamers Making Retro Remakes. Bunch of smart geeks get together, want to remix Ultima, even get Richard Garriott's permission. The article has a horrible comment from an Electronic Arts spokesman:
"EA owns the rights to Ultima and all of its characters, and in this case, no permission was requested or granted," said Jeff Brown, an Electronic Arts spokesman. "As for Richard Garriott's approval, that's like getting permission from Toto to remake The Wizard of Oz."
I played Ultima I when I was a wee mite, and it had a huge influence on me. A whole world, inside a machine! And created by Richard Garriott, a guy just a few years older than me, not 20 miles from where I lived. When I was 12 I reverse engineered parts of Ultima II, learned a lot. I remember being particularly weirded out because he was using BCD mode on the 6502. To refer to an artist like Garriott as a dog is so deeply offensive.. Technically, he's right, EA owns the IP. But ugh!
There's a disturbing report on the cryptography mailing list that someone's HP printer has been trying to send bits to a host named origin.ifccfbi.gov. Later posters suggest this may be some sort of fraud or counterfeit detection in the printer firmware itself. Do you know who all your printer talks to?
Interesting analysis article in the NYT: Anthrax Offers Lessons in How to Handle Bad News. Talks about how best to convey uncertain and scary information. The thing I like best is this simple set of recommendations for how authorities should speak:
Read up on Jtrix, an open source (LGPL) distributed app framework that's just been announced. They say:
[Jtrix is] for developing applications which smoothly evolve and adapt. That means they are scalable, adaptive and cost effective to run.
It reminds me of my master's work on Hive, a Java framework that includes some sort of discovery mechanism, remote messaging, mobile code, all with an interesting bottom up design. The engineering work on Jtrix looks solid - lots of tests, good documentation. The introduction for everyone (PDF, 29 pages) is the first thing to read if you want depth.
The thing I'm curious is how they make a business case for doing this kind of work - I'd love to have an answer for that for myself. There's a bit about this in the FAQ, but it's not very specific ("we wanted it"). Their parent company, Hyperlink, seems to be an incubator of sorts, but with not much info about their seven years of incubating. Regardless, Jtrix is out there, and it's free, and das ist gut so.
Now that I'm unemployed, it's harder for me to organize my time. So I've started using time tracking software, where I track every minute of my working day in one of several categories ("noodling around", "goofing off", "coding Funes", "job search", and two contracting assignments I'm on). There's a million of time tracker programs out there, but I settled on the AllNetic Working Time Tracker. It's simple, free, and integrates nicely into Windows (tray icon, senses when I'm away). It's still a bit buggy, but overall it's good.
I'll report later what I've learned running this, and if it's not too embarassing share some of the data (no goofing off in the past three days!).