Category Archives: Tech

Daddy, what’s public key cryptography?

Leave a reply

I was working on an HTTPS issue today, and Ryan came to talk to me. While he
was watching, I figured out what was causing the problem, which was related to the
SSL handshake. Ryan asked about the handshake, and I tried to give him a
laymans-terms overview of what it was. Before I started, I started to picture in
my head what the conversation might be like:

Me: When an SSL connection is made…
Ryan: What’s SSL?
Me: When you want a connection to be encrypted…
Ryan: What’s “encrypted” mean?
Me: When two processes are talking…
Ryan: What’s a “process”?
Me: .

Here’s how I described it:

Me: If I want to send a message to another computer, I write the message
on a kind of postcard, with the address of the other computer on it, and then I
send it. The postcard goes out, sometimes on a wire, in this case through the
air –
Ryan: Like radio waves?
Me: Exactly. Then the other computer receives the postcard, checks the
address, and figures that the postcard is for him. Then he reads the message.
But, if there’s another computer nearby, it can look at the postcard too,
even though it’s got someone else’s address on it. So if I want to send a
secret message to a computer that’s my friend, I don’t want that other computer to be able to read it.
So, I take the data on the postcard, and mush* it all up, and change it, and make it look funny. My friend knows that it’s mushed up, and
it un-mushes it and gets the original secret message out. But the other computer
doesn’t know this, so it looks at the message and says “Huh? What’s that
mean?”
Ryan:
Me: When we first start talking, I tell my friend “Hey, I’m going to mush
up this data, and here’s how I’m going to do it.” and I give him some stuff that
allows him to un-mush the message — that’s called the “handshake”.
Ryan: Like this?
Me: Yes, just like that. It’s a way that two computers say “hello, I’m
going to send you some mushed data, here’s how to un-mush it”.
Ryan: That’s cool.

*Important note: Note that “mush” as used here rhymes with “bush” or “push”, not “hush”.

Then I gave him some examples of why you’d want to do this — when I order
a book from amazon.com (I thought of this because I pre-ordered the 7th Harry
Potter book today), I give them my credit card number. I don’t want someone else
to figure out my credit card number, or they might go to amazon.com and say “Hi
amazon.com, it’s me, Graeme. I’d like to buy 500 books and charge it to this
credit card”, and he gets the books, and I have to pay for it.
Ryan has a fairly limited sense of the value of money, but he gasped at this,
obviously realizing that this would be a Bad Thing. Either that, or I just gave
him a brilliant idea for how to get free stuff, and started him on his way to
being a career criminal. Heh heh heh… oops.

Stopping guestbook spam

Leave a reply

My family web site has a guest book that a number of people, mostly family, have signed. Since I put it up a couple of years ago, I’ve gotten “guestbook spam” every now and again — messages sent by people we don’t know, advertising their cheap V1@grA or whatever, though some just talk about what a great site it is, and how informative, and don’t actually contain a link. I don’t understand those ones, but whatever. Anyway, in the last few months, the number of spam entries I was getting increased astronomically, until a couple of weeks ago I started getting four or five of them a day. I wrote all the code for the website myself, and when someone adds a guestbook entry, I get sent an email containing who did it, when, and the text of the comment. When the spam started getting out of control, I changed it so that there’s now a “delete this entry” link in the email. If I click the link, the entry gets deleted. Very easy, but still annoying.

I have no real idea how these messages were getting created, but I’m quite certain it wasn’t someone actually sitting at a browser looking for guestbooks and adding entries when they find one. It had to be a bot of some kind. I figured that if I were writing a bot to do this, I might look at how the majority of guestbooks handle comments, and then write my bot accordingly. My guess was that they simply start requesting pages using POST, and sending “comment=&name=&email=” as the POST body. If it’s a guestbook-type page, that may or may not enter a comment, and then the bot can move on to the next page. I suspected that the vast majority of guest books use “email” as the name of the email address field, “name” as the name field, and “comment” as the comment field, so I changed my page so that the names of these fields are hard-coded random strings. (If I wanted to, I could change it so that the strings are not hard-coded, but randomly generated at run-time, but that’s just too much work.) The end result is that in the week since I made this change, I have not gotten a single spam entry in my guestbook.

It’s certainly possible for a script to get the (HTML) source for a page, analyze it to find out what the actual field names are, and then submit spam entries that way, but I guess the bots aren’t smart enough yet to do that. I’m sure it won’t be long though…

Feb 5 update: Got two spam entries this morning. Oh well.

The NeXT Big Thing?

Leave a reply

To: All Apple employees
From: Steve Jobs
Date: January 8, 2017

 

As you all know, tomorrow is the 10th anniversary of our announcement of the first iPhone, and we are commemorating this event with our biggest announcement yet: the new Apple iBrain cranial implant. Many of you have had the beta implant for a few months now, and if you think down to the ‘upgrade’ page, you can see the GA upgrade surgery schedule.

The iBrain contains what you’d expect: music and ultra-hi-def video players, hologram projector, satellite videophone, 20 Gigapixel camera, car remote control (thanks to the Segway team for getting that in before the deadline!), and calculator. However, because this device is directly implanted into your brain, it has some very exciting new abilities as well. The iBrain can enhance your memory (imagine remembering what you had for lunch on any given day 10 years ago!) as well as give you vastly improved hearing and vision (up to 20:0.25 on the old scale — remember when people used to improve their vision by actually altering their eyeballs rather than improving the brain’s processing of the existing visual signals from the eyes?).

The iBrain upgrade package includes everything in the base package plus some extras like enhancing your senses of smell and taste, the ability to understand what lawyers are talking about, basic car repair, home repair, and welding techniques, and an impressive multimedia library, including every song, book, TV show, and film ever created, as well as the entire contents of youtube.com (thanks to our recent agreement with Google-Microsoft). Just think – if you want to watch some video of last year’s “The Who – the Farewell-No-Really-We-Mean-It-This-Time” tour, it’s there, as well as every season of “CSI: Toledo”, and the top selling albums of 2016: “Daddy Didn’t Do Me No Favors” by Prince Jackson, “Greatest Hits Vol. 6” by Paris Hilton, and “I Got Issues” by Britney Timberlake. Thanks to our merger with Nintendo three years ago, the upgrade also includes the new Nintendo W00t! gaming system.

You can also get upgrades for the iBrain at the iStore. Packages include a language pack, giving you full fluency in such languages as English, Japanese, Chinese, Spanish, and L33t, courses and even entire degrees from most accredited North American universities, jiu-jitsu, and the ability to fly a B-212 helicopter.

I also want to mention that the employees who volunteered for alpha testing have been doing very well — most of them can now walk on their own again, and a few have begun to speak! Once again, I cannot stress enough that the use of the phrase “insanely great” is absolutely forbidden in reference to this product.

I want to thank all of our employees for all of their hard work and dedication to this project. Be sure to watch AppleTV next week for our exclusive coverage of President Clooney’s Minute Maid State of the Union address brought to you by Allstate.

Steve

Top Ten Signs That You Edit On Wikipedia Too Much

Leave a reply

  1. Whenever you find a spelling or factual mistake on any web page,
    you immediately look for the “edit this page” button
  2. When you see a spelling mistake on your own web site, you immediately
    look for the “history” button to find out what moron added it
  3. Putting hyperlinks in HTML documents is such a pain because typing
    [[whatever|link]] is so much
    easier than <a href="http://whatever“>link
  4. When writing plain-text email, you try to emphasize a word using
    '''word'''
  5. You wish your email client supported categories: being able to add multiple
    categories to an email would be so cool (All joking aside, this would
    be quite a cool feature*)
  6. You see a short web page lacking in content and want to add
    {{stub}}
  7. You see something on a web site that doesn’t seem right, and you want to leave
    a message on the talk page asking about it
  8. You eye your kids’ toys, wondering if they really play with them anymore,
    whether they’d notice if they vanished, and how much you could get for them. Oops,
    wrong list — that should be on the Top Ten Signs You Use eBay Too Much
  9. You wish the web had a “watchlist” so you could find out which web pages
    have changed recently without having to actually visit those pages (though I
    suppose that’s what RSS is for)
  10. You click on a hyperlink that takes you to a 404 error page, and
    you wonder why the original link wasn’t red

* I have frequently been looking for a particular email and cannot
remember
what folder I saved it in. Wouldn’t it be great to be able to “save” it to
multiple folders without replicating the message numerous times? If I’m looking
for a message from my boss regarding IPv6 in SuSE Linux, did I save it in a folder
called “Mark”? OK, so that would probably have been dumb, but was it “IPv6” or
“Linux” or “SuSE”? If
I could mark the message with a bunch of different tags (eg. “Mark IPv6 SuSE
Linux”), then I could look in any one of those folders and find it. Blogger.com
just added this feature for blog articles, and I love it; it’s also
similar to the way you can save bookmarks at del.icio.us. Are you
listening Thunderbird or
Outlook people?

Dumb lyrics and new stuff

Leave a reply

One of the advantages of working at home, which I do every Friday, is that I can put music on actual speakers, rather than use headphones, which I sometimes do in the office. Plus, my selection of music is bigger at home than at work, because I haven’t ripped my entire CD collection yet. For example, right now I’m listening to Tom Cochrane’s excellent live album The Symphony Sessions, which I haven’t listened to in ages. But every time I hear the Tom Cochrane song “Good Times”, I have to shake my head at the following lyric:

Oh, good times we had
Wouldn’t worry about tomorrow ’cause tonight was all we had, yeah
Oh, good times we knew
I’d tell you about them baby, but you were there
you were with me too

“I’d tell you about them, but you were there”? C’mon Tom, surely you could have done better than that.

I got a couple of new things this week: one available to everyone, and one specific to me. Mozilla Firefox 2.0 was released a couple of days ago, and I’ve already upgraded both my home and work machines. Honestly, I haven’t noticed much of a difference. Everything I use pretty much works as it did before — seamlessly. One difference is that there’s a spell-checker built-in, so hopefully my blog postings won’t contain any speling mistaiks spelling mistakes. Strange how the word “blog” is marked as being spelled wrong, and it doesn’t like html tags either…

The other new thing I got this week was a new radio for my car. My old radio was a JVC MP3 player that I got a few years ago, which served me very well, but was starting to get flaky. First off, one of the letters on the display was broken (probably because I dropped the faceplate one too many times), and more importantly, the CD player stopped working reliably. If there was no CD in the player, it would complain a lot, with some cryptic error message, beeping, and cutting the radio out for a couple of seconds. If you tried to put a CD in, it would frequently complain about it and spit it back out, or accept it, spend 10-15 seconds reading the disk, and then spit it out. I’d spend 10-15 minutes trying to get the damn disk in the player, and then I’d have to keep that disk in for the next couple of weeks, because taking it out and trying to put another one in was just too much work.

The new one is made by a company called “Dual”, which I’ve never heard of, but the radio was cheap at Wal-Mart (sorry Tom). Mine doesn’t seem to be shown on the Dual web site, but this one looks exactly the same and has the same features, though I think mine has less power. It has all the features of my old one, I think, plus it will play WMA files, which the old one wouldn’t. There are a few things that annoy me about the new one, though:

  • You can’t see the radio station / CD track name and the clock at the same time. However, powering on and off is much faster, and it shows the clock when the power is off, which the old one did not (unless you pressed the “Display” button).
  • The old radio would let you name radio stations, so if I was listening to Q107, the display would say “Q107” (once I programmed that in) rather than “107.1”. This one just shows frequencies.
  • The new one takes a long time to decode MP3 tracks — when I switch from radio to a CD (even one that I was listening to before I put the radio on), it takes upwards of 15 seconds before a track starts playing. Surely the computer in the radio is advanced enough that it can pre-read the CD so that it has the next, say, 30 seconds of music in memory and ready to play once I switch to CD mode.
  • When playing MP3 tracks, my old one would display the album name once at the beginning of the album, and then display the track name, and leave the track name on during the song. The new one shows whatever you ask for (track name for me), but nothing else unless you cycle through the viewing options.
  • When navigating through songs and albums, they’ve decided that the most useful thing to show is the track number, rather than the song or album name. To jump ahead to another album or track, I need to: (1) let the song play long enough to identify it, (2) wait for 5-10 seconds until it decides to show me the track name, or (3) start clicking buttons until it shows me the track name. Of course, this is a car stereo, so it would have been nice for the designers to give a little bit of extra thought to the usability factor; if I’m futzing with the radio while driving, I want to be able to do stuff as quickly as possible.

All in all, it’ll be fine. I’ll get used to the limitations quickly I’m sure, and it no longer takes 15 minutes to change CDs, so that’s a plus.

Cool Tool: Mozy

Leave a reply

I discovered a cool new web site last week, called mozy.com. Mozy is a web backup tool
— you install some client software on your Windows machine (only XP and
2003 are
supported), and set a schedule, and it backs up whatever data you want to their
site, using https and blowfish encryption. It’s smart enough to not back up
files that haven’t changed since the last backup, and you can store up to
2 GB of data for free. If you need more space, you can pay for it, but I’m only
using a small fraction of my quota so far.

I installed it and backed up some stuff, and it’s worked like a charm so far.
It’s certainly easier than remembering to burn a CD now and again. I keep some
copies of personal stuff (like my family web site and a spreadsheet containing my
weight loss information, for example) on my work machine,
and it occurred to me recently (when someone at Gail’s work was let go) that if
something happened to my job (which I think is unlikely, but you never know), I
doubt that they’d let me burn a CD with a bunch of stuff from my laptop before
leaving. Obviously in the case of the web site, I could simply download
everything, but there are other files that I’d lose. Now I have a copy of all
that stuff online, and I don’t have to think about backing it up.

The best part, other than the fact that it’s free, is that there is no spyware
or other crap installed with it, and no advertising either. Now, I haven’t tried
restoring any data yet, so perhaps that part is painful. I should
probably try that, but so far, Mozy is a really cool tool.

Note: If you click on the mozy.com link above and install and start
using Mozy, you and I will each get an extra 256MB of free backup
space. So if you decide to start using it, use that link instead of going
there yourself, and we both benefit! Alternatively, you can use my referral code
EN5GHI or my email address gperrow AT ianywhere DOT com
when you register.

Spiritual Machines

Leave a reply

I’m in the middle of re-reading The
Age of Spiritual Machines by Ray Kurzweil. It’s a very interesting read: all
about what might (will?) happen in the very near future when computers are able
to process information as fast as or faster than the human brain. Will they
begin to actually think? Will they become self-aware? Will they grow
a conscience? Will they, as the title suggests, become spiritual?

One of the things I found most fascinating was his descriptions of how the
human brain works — sometimes he puts this process into computer terms,
which is good for geeks like me. This particular part stuck with me:

When a batter hits a fly ball, it follows a path that can be predicted from
the ball’s initial trajectory, spin, and speed, as well as wind conditions. The
outfielder, however, is unable to measure any of these properties directly and
has to infer them from his angle of observation. To predict where the ball will
go, and where the fielder should also go, would appear to require the solution
of a rather overwhelming set of complex simultaneous equations. These equations
need to be constantly recomputed as new visual data streams in. How does a
ten-year-old Little Leaguer accomplish this, with no computer, no calculator,
no pen and paper, having taken no calculus classes, and having only a few seconds
of time?

The answer is, she doesn’t. She uses her neural nets’ pattern-recognition
abilities, which provide the foundation for much of skill formation. The neural
nets of the ten-year-old have had a lot of practice in comparing the observed
flight of the ball to her own actions. Once she has learned the skill, it becomes
second nature, meaning that she has no idea how she does it. Her neural nets
have gained all the insights needed: Take a step back if the ball has gone
above my field of view; take a step forward if the ball is below a certain level
in my field of view and no longer rising, and so on. The human ballplayer is
not mentally computing equations. Nor is there any such computation going on
unconsciously in the player’s brain. What is going on is pattern
recognition, the foundation of most human thought.

One key to intelligence is knowing what not to compute. A
successful person isn’t necessarily better than her less successful peers at
solving problems; her pattern recognition facilities have just learned what
problems are worth solving.

It should be somewhat obvious, but it was a bit of a revelation to me when I
first read it. Now it seems that with neural net software, computers are starting
to do pattern recognition almost as well as humans. Kurzweil talks in this
book (which is 6 years old, BTW) about computers that can transcribe human
speech (spoken at a normal speed) with almost perfect accuracy, and computers
that can recognize faces — to the point where some banks trust
their computers to perform face recognition on people to provide automatic
cheque cashing, i.e. if the computer fails, real money is being given
to the wrong people. The bank would have to be pretty damn confident in the
face recognition software to make that puppy available to the general public.

Article on IPv6

Leave a reply

I found an article from the Times Online (a British paper) talking about IPv6 and how it will revolutionize the internet. Not a very good article (even ignoring the fact that I already knew most of it), but because the author obviously skimped on his research:

  • When the internet was developed in the 1980s,… — actually, it was the early ’70s
  • They gave each address a “16-bit” number… — No they didn’t. Each IPv4 address is a 32-bit number.
  • …a new one was written based on “32-bit numbers” — In IPv6, each address is a 128-bit number.
  • The number given for 232 was 340,282,366,920,938, and then a bunch of zeroes, but that’s not accurate. The actual number is greater than the one given by 463,463,374,607,431,768,211,456, or over 4.6 sextillion.

Obviously, with IPv6, we’re going to need bigger tubes.

The Daily WTF

Leave a reply

The Daily WTF is a blog site that lists everything from software architectures to actual pieces of source code that just make you shake your head and say “What the F**k?” (hence WTF). Most are overly complicated ways of doing something easy, like the function that determined if a number was negative by converting it to a string and then checking if the first character was ‘-‘. I guess “num < 0" was just too obscure.

This might be the more frightening (and hilarious at the same time) piece I’ve ever seen on there. Thank God I don’t have to deal with this kind of stuff. The managers where I work are all really good &mdash and I’m not just saying that because my manager reads my blog. Really.

Technorati tags:

Book Review: IPv6 Network Programming

Leave a reply

I bought a book on IPv6 from amazon.com recently, and received it today. (I actually bought two, but the second hasn’t shipped yet.) IPv6 is still fairly new technology, and the one book I have that mentions is doesn’t have enough details — If I’m going to be the IPv6 expert at work (which I suppose I already am – scary), I think I need to have a better knowledge than I currently do.

Anyway, I looked over this book, and the first thing I noticed was the typeface – it looked like the book was written on a typewriter. I quickly discovered that this was because I was looking at an appendix – an RFC describing some aspect of IPv6. RFCs (Request for Comments) are written by the Internet Engineering Task Force (IETF), and are used to decide on standards, like the “official” definitions of various network protocols and stuff like that. Four different RFCs relating to IPv6 were included in the book, and it looks like they took the RFC text directly from the web site with no reformatting. There are five other articles included as well, all of which are also freely available on the web. Once I got to the actual meat of the book (i.e. stuff the author actually wrote himself, I was very disappointed. There are only 80 pages of actual content in this 361-page book, for which I paid (OK, Sybase paid) $50 US. Actually, in the end, nobody will have paid for it, since I’m returning it.

It looks like the content itself is fairly useful, so I wouldn’t mind ripping out the first 80 pages, sending the rest back, and asking amazon.com to refund 78% of my purchase price (80 pages out of 361 is 78%). I doubt they’d go for that. I did write a review on amazon.com, giving the book only 2 stars out of 5. We’ll see if they post my review.

The other book I ordered is from O’Reilly Press, which has produced a lot of good computer books in the past, so I’m a little more hopeful that it will be a keeper. According to amazon, it’s expected to ship sometime in June (the order was placed on March 17), so I’ll post a review of that book when I get it.

Update: My review has already appeared on the amazon page for the book.