« Previous Entries

Category

Technology

• Miscellaneous, Technology

  Why I’m dropping TWiT

  April 21st, 2009 (2 months, 1 week ago) by Jeff | Permalink | 2 Core Dumps

  I hate breaking the drought of (real, non-Twitter summary) updates with a gripe fest, but this has been bothering me for a couple weeks and I just wanted to get this off my chest. If you don’t listen to the podcast “This Week in Tech” (or TWiT), feel free to ignore this post. Of course, if you’ve considered listening but haven’t gotten around to it yet, this might be informative enough to help you reconsider, but I’ll leave that up to you to decide.

  I’ve been a fan of Leo Laporte for a number of years, ever since we first discovered TechTV (before it died a miserable death at the hands of Paul Allen and G4). “The Screen Savers” was one of our favorite shows and became a nightly staple in our house for several years. When Laporte left TechTV and “The Screen Savers” was canceled (or, more properly, devolved into “Attack of the Show”), we had a small sense of loss. The show was entertaining and informative, and a big part of the entertainment value was Laporte’s friendliness and personality. The network was never the same after that, and now we largely ignore G4’s existence on our cable listings. (“X-Play”, the only remaining show from TechTV’s original line-up, is the only thing still worth watching on G4, and even then it’s not nearly as good as it used to be.)

  When I discovered a year or so ago that Laporte had gone on to create his own podcasting network, I was thrilled. Several old TechTV allumni were among the guests and cohosts, and the selection of podcasts has been diverse, engaging, and ever expanding. The flagship of the network, of course, is TWiT, a weekly roundtable of tech industry players and journalists discussing the latest tech news. The show is often wild and unpredictable, spiraling down rabbit holes and meandering in bizarre directions, but that’s often part of the fun of the show. The bottom line, though, was that the show was about tech news, and it and Slashdot were two of my main ways of keeping on top of what’s been happening in the tech world.

  Something happened in recent weeks to change that, however. Since I can’t follow the live streams (both for practical and technical reasons), I can only guess the sequence of events based on what’s been released in the podcasts or written by others after the fact. But from what I can tell, the TWiTters have been hosting a live wine tasting show right before TWiT starts recording on Sundays. Now I’m a teetotaler myself, but I won’t condemn anyone who wants to imbibe their spirits if they really want to. What self-destructive behavior they engage in on their own time is up to them. As long as no one’s forcing me or anyone else to participate and nobody’s operating motorized vehicles, they are free to destroy their own livers to their hearts content. But what’s really annoying is that once TWiT starts taping, everyone in the studio is already tipsy, if not totally soused. The wine continues to flow as the show progresses, and what follows is a train wreck of drunken giddiness and squabbling that’s only really entertaining to those who are equally inebriated. To top everything off, from what I’ve read the final podcast (what I’m actually hearing and complaining about) is heavily edited before it’s released; the live feed is even worse.

  The latest episode is a perfect example. Subtitled “Corked” (which is appropriate; I originally intended to say “ironically” but I’m pretty sure the choice of subtitle was intentional), the show is a disaster of panelists talking on top of each other about nothing worth talking about. Leo, who is usually an excellent host and often does a great job of keeping everyone else in line, is interrupting his guests and spinning things even further out of control. John C. Dvorak, whose input I always find amusing and often enlightening, is equally rude and—from what I’ve read from those who saw the live feed—apparently egged on the other guests to get them even further inebriated. I was originally going to complain that neither of the female guests, Lisa Bettany or Shira Lazar, could manage to finish a sentence before being trampled upon by Leo or Dvorak, but Lazar was just drunk enough to be an unstoppable stampede of rambling who couldn’t let a topic go. As previously stated, one of the appeals of TWiT is its unpredictable nature, but this show was so far off the beaten path that there was no path left to beat. Somewhere, deep inside the tangled mess of four people talking at once about Twitter drinking games, is only the vaguest hint of tech news, a thin whiff of the scent of information that rapidly gets swept away by the torrent of uselessness that follows. And for the cherry on top, several times during the show Leo pauses to read complaints from the live chat room about how terrible the show has become… and makes fun of them. This following a single glimmer of insightfulness in a discussion about how important the community has become in modern online media.

  Now, I’ve been a webcartoonist for a decade, so I’m no stranger to the vast swing between amateurism and professionalism when it comes to online media. Before there were basement-dwelling podcasters, there were basement-dwelling webcartoonists, and you can tell in both cases which ones take their craft seriously and which just throw things out without any care for quality. I consider Laporte an accomplished pro, and virtually every other show on his network stands as shining proof of that. “Security Now!” is brilliantly informative (and my personal favorite), “FLOSS Weekly” (when it updates) shines the spotlight on some great open source projects, and “Jumping Monkeys” (before it went on indefinite hiatus) was a great parenting podcast for tech-savvy parental units. In all three of these examples, Leo is an excellent cohost to the show’s main star, showing his versatility with rare skill. He asks the questions many of us are thinking, assuming the role of the everyman so the expert can answer to the fullest. The TWiT Network as a whole is an example that many podcasters should look up to, a yardstick of professionalism by which all others should be compared.

  All except for TWiT itself. Leo, what the heck happened?

  I won’t stop listening to “Security Now!” or “FLOSS Weekly”, both of which I enjoy immensely. If “Jumping Monkeys” ever comes back, I’ll resubscribe in a heartbeat. My wife loves “net@nite”, “The Daily Giz Whiz”, and “Munchcast” and keeps bugging me to listen to them. But TWiT… oh, TWiT, how the mighty have fallen. What was arguably the best show on the network is now the worst.

  What’s incredibly ironic is that in a recent episode of “net@nite” (unfortunately, I don’t know which, but my wife thinks it’s either #85 or #86), Leo chastized Kevin Rose for a drunken comment he made on-air that caused a bit of an Internet stir. He commented that in today’s world of streaming media, celebrities have to assume that they’re always on the air and that anything and everything they do will be rebroadcast repeatedly, even stating that it’s a big mistake to be drunk while recording. Maybe it’s time Leo listened to his own advice.

  I’m still not sure whether or not I’m dropping TWiT now or if I’ll give it one last chance. Leo posted on FriendFeed that the “message [was] received” and, based on overwhelmingly negative feedback, there will be “a little less wine and a little more tech in future TWiTs”. We’ll see. What’s ironic is that it was Audible.com’s sponsorship of TWiT that turned me on to audio books, and now there’s a good chance that audio books will completely replace TWiT during my long, boring commute each morning. It’s Leo’s loss, not mine.

  

• Internet, Technology

  set_bugs = 0;

  February 10th, 2009 (4 months, 3 weeks ago) by Jeff | Permalink | Dump Core

  This week an couple errors were reported in the custom CMS application I built at work a couple years ago. I haven’t touched this code in at least a year, so it took me bit to swap some mental virtual memory and recall how everything worked. I’m not sure if these “bugs” were something new that had manifested themselves after a recent platform upgrade or design flaws that had been there since the beginning only to be recently noticed. None of that really matters for the sake of this post, however. Suffice it to say there were two problems, one of which was likely to be entirely my fault but relatively easy to fix with a little bit of C# hacking.

  The other problem was a bit obscure. The application is built in ASP.NET 2.0 and written entirely in C#. It also makes use of Microsoft’s AJAX Toolkit for ASP.NET to “pretty up” some of the interface interactions. Unfortunately, one particular user began to experience problems with the system recently. Since she’s the project manager, needless to say the problem was escalated to top priority with little to no delay. To make things more difficult, the problem was especially cryptic. In true Microsoft fashion, the pop-up JavaScript error dialog offered little to no useful information:

  Sys.WebForms.PageRequestManagerServerErrorException: An unknown error occurred while processing the request on the server. The status code returned from the server was: 500

  Google, of course, is my friend and found no shortage of pages where this turned up. The odd thing was that none of the purported causes for the error were anything that I was using.

  After much searching, I finally happened upon this site. It seems Ted Jardine hit the same problem I did. He had narrowed it down to something to do with the .NET session, which he wasn’t really using but I was using extensively. What I found most interesting was his solution:

  So, based on one of the comments in one of the above posts, even though I’m not touching session on one of the problem pages, I tried a hack in one of the problem page’s Page_Load:

  Session["FixAJAXSysBug"] = true;

  And lo and behold, we’re good to go!

  I followed the various links he provided—as well as Googling for “FixAJAXSysBug” itself—and found lots more anecdotal evidence to support its usefulness. I applied this “fix” to the common header of the application to make sure it took affect everywhere and, so far, all reports seem to indicate its success.

  Needless to say, I was instantly reminded of this GPF strip from the crossover with Help Desk. I can’t remember now if that joke was my idea or Chris Wright’s. It doesn’t matter now, really… it audacity is as brilliant now as it was eight years ago. The idea of setting a simple Boolean flag to “turn off bugs” is something I will always find hilarious.

  Now if only all Microsoft bugs were so easy to fix….

  

• GPF, Hardware, Internet, Personal, Technology

  When it rains, it pours…

  January 20th, 2009 (5 months, 1 week ago) by Jeff | Permalink | Dump Core

  Here’s a clarification of my recent Tweet about Diana. Sometime over the weekend Diana, our primary Linux box that serves as the backbone of our home network (DNS, file server, internal Web server, SSH gateway, SVN repository server, etc.), gave up the ghost. I only discovered this yesterday evening, so I haven’t had much time to diagnose the problem. It’s almost certainly a hardware issue. I’m thinking it’s the power supply or the motherboard, as when I try to power her up, nothing happens. The power light comes on, I can watch the CPU fan twitch like it wants to start spinning, but otherwise nothing else visible occurs. No output makes its way to the monitor so there are no error messages to follow.

  At this point, I’m not sure of the status of the hard drives. My hope is that they’re fine; the obvious problem appears to be occurring before they even start to spin, as if they’re not getting any power (and that’s why I suspect it’s a power supply issue). The good news is that Demeter, her predecessor, has been sitting idle and collecting dust and has since been rapidly pressed back into service. I should be able to slip Diana’s disks into Demeter, check their integrity, and hopefully recover the data. That’s the core thing right now, getting the data off; hardware is replaceable, data is not. The only hitch is that Demeter is old enough that I’m not sure her BIOS will read Diana’s larger disks. Demeter’s current HD is already larger than her BIOS supports, though, and Linux seems to work fine in this situation, so I’m hoping that won’t be a problem. A worst-case scenario might be to throw a live Linux distro into Athena, our current “alpha” Windows XP desktop, and try to grab the data that way. (Diana’s disks are in ext3, which obviously Windows can’t read.) Both Demeter and Diana have EIDE drives while Athena uses SATA, but I’m almost certain Athena also has legacy EIDE on the motherboard somewhere; if not, I’m hosed there.

  Why might this be a concern to you? Well, for one thing, Diana was one of several redundant backup locations for storing my my high-resolution original strips. Fortunately, everything from Year Nine and back has already been backed up to multiple DVDs stored in multiple physical locations, while Year Ten’s files are stored across three redundant drives (two in separate physical machines and one external USB drive). More importantly, Diana was my SVN repository server, housing all the source code for the GPF site. I have working copies of that repository in multiple locations so I’m not hurting there, but with the repository down I’m stuck manually keeping those working copies in sync. The biggest problem that may affect you guys is the humongous time sink this will be for me to repair/replace Diana and get all our internal mechanisms working again. With my day job, two hours of commute, and toddler patrol vying for my time, my comic production schedule is severely squeezed as it is. This is probably going to impact that buffer I was forced to take a hiatus in December to reclaim as I wasn’t able to increase my production, just maintain the status quo.

  For those of you who might care, I’ll post updates here when I can. More frequent cries of frustration will likely come through the Twitter feed. If the comic will be severely impacted, you’ll get something in the GPF News. So keep watching those RSS feeds.

  

• Gadgets, Personal, Technology

  Geeky Christmas Loot, Part Two

  December 30th, 2008 (6 months ago) by Jeff | Permalink | 1 Core Dump

  Sorry again for the long dry spell. As hinted at in the latest GPF News post, things have been hectic in the Darlington household these past few months, with tons of minute issues slowly chipping away at the overall allotment of free time. The good news for GPF fans, though, is that I should have a good month’s worth of comics in the buffer when the comic restarts on January 5th, and with the holidays behind us I should be able to concentrate more on getting things done and on time.

  In the tradition of last year’s “Christmas loot” post, I thought I’d post some of the awesome things I received as gifts this year. I know some people might look at this as a bit of bragging—and I can see how it can be read that way—but it’s really not. It’s an honest, geeky desire to share some of the exciting things my friends and family blessed me with out of love and happiness. If you want to read bragging into this, well, that’s your choice and you’re free to ignore this post. Otherwise, let me squeal with geeky glee as I delineate some of the cool things I was blessed to receive from people I love.

  I’ll start off with a note to the folks: I know some of my family reads this blog, so don’t be offended if I didn’t mention something in particular that you got me. It’s not that it wasn’t memorable or that I didn’t like it; it’s because you know I have the memory of a sieve and I didn’t take copious notes after each present was opened. Since I’m composing this away from where the presents are stashed, I’m doing everything from memory. I also spent most of my time during the present opening ceremonies assembling and subsequently helping Ben play with his new toys, so there were lots of interruptions. So here’s my apologies in advance and don’t forget that blog posts can thankfully be edited.

  My favorite gift, by far, is the one given to me by my wife. (Well, she signed Ben’s name on the tag, but I know he has neither the budget nor expertise to have picked it out himself. Just remember that if you read this years later, my son.) She got me a Nikon D60 digital SLR camera. As I previously Tweeted, “It’s like giving a 16-year-old with a beat-up ‘85 Civic the keys to a sports car.” 10.2 megapixels, “real” lenses, tons of preset and manual options… it may technically be a “prosumer” or low-end professional camera, but it’s definitely the best I’ve ever had.

  I’ve always wanted to learn more about photography, but have had neither the time nor capital to really invest in more than casual picture taking. We’ve had a succession of digital cameras over the years, all of which have served us very well (the Shows & Cons subsite is loaded with the results). However, they’ve all been relatively cheap, low-end models geared for amateur consumers. Our previous family camera was a nice little Olympus that only topped out at three megapixels and still used SmartMedia cards. Do you have any idea how hard those things are to find these days? While still functional, it was definitely showing its age. However, like many consumer cameras, it did all the automagic focus and lighting settings, making it a simple point-and-shoot device. This new Nikon can do point-and-shoot well, but it has enough manual options to make it a good learning platform for a curious amateur to graduate to a serious hobbyist. Now my biggest problem is finding time to actually play with it….

  As an ironic side note, as I mentioned in the previous “Christmas loot” post, my wife’s birthday is also in December, and guess what I got her? That’s right, a new camera. Her’s is admittedly not as nice, but it is exactly what she wanted: a small little point-and-shooter that she can tuck away in her purse for those spur-of-the-moment photo ops where lugging the old Olympus around (and, for that matter, my new Nikon) would be inconvenient. As she so succinctly put it, “Who knew we were going to have such a photogenic holiday?”

  Other items of note:

  • My sister made me a wonderful GPF quilt/wall-hanging with members of the cast. It’s technically incomplete because I’m supposed to sign my name to the old GPF logo in the center with a white paint pen, and I haven’t gotten around to doing that yet. Here’s a picture:

  

  My sister's GPF quilt/wall-hanging

  • A nice commemorative Star Trek watch from my parents.
  • Several classic Tom Baker Doctor Who episodes on DVD. Surprisingly, nobody got me the fourth series of the Russell T. Davies/David Tennant series. That’s nothing that a quick trip to Amazon can’t fix, of course.
  • Several other movies on DVD. (I knew I should have kept notes.)
  • A pair of new Wii remotes and Wii Wheels from my parents and in-laws, respectively. Now we no longer have to borrow my nephew’s “Wiimotes” whenever friends come over to visit. (Not to self: Make new friends. Appendium to previous note: That means “befriend more geographically convenient humans” rather than “construct new ‘friends’ from random inanimate objects”.)
  • Several new Wii games. (Again… must… take… notes….)
  • The DC Vault: A Museum in a Box and a hardcover copy of The Watchmen from my sister-in-law and her husband.
  • The prerequisite jeans, sweaters, after shave, etc. They may not be as exciting, of course, but they’re always appreciated.

  So, what did Santa leave in your stocking this year?

  

• Personal, Software, Technology

  Bill Gates now inhabits my dreams…

  September 9th, 2008 (9 months, 3 weeks ago) by Jeff | Permalink | Dump Core

  So I was listening to this week’s edition of TWiT, during which Leo Laporte and the usual band of miscreants psychoanalyze Microsoft’s new ad campaign featuring Bill Gates and Jerry Seinfeld. I had not seen the ad yet myself—apparently it debuted during an NFL opening game, and considering that I don’t watch professional sports and the overwhelming majority of my television watching now consists of shows containing magic backpacks and talking monkeys that wear red boots, it hadn’t come to my attention yet—so the discussion naturally raised my morbid curiosity. So I dug around a little on YouTube and found this. I must admit, it’s as surreal as I was led to believe. I won’t attempt to try and mine this thing for hidden meaning like Ryan Block did; the only comment I think I can really make about it is that it tells me absolutely nothing about Microsoft, Windows, or any other product they may have in the pipeline, and after watching it I am no more inclined to pick Microsoft options over the competition than I was before. I thought that was the point of advertising….

  But that’s not the weirdest part. Last night, I dreamed about Bill Gates. Maybe it was exhaustion, maybe it was a prescription-drug fueled haze (I’m currently in the middle of my quarterly bout with bronchitis), but it was not something I was particularly expecting. There’s nothing really interesting to say about the dream, though. In what little I remember, Mr. Gates was there, tying his shoes. He wasn’t necessarily trying on new ones, nor was there any indication that the shoes were noticeably old. They were shiny, brown leather dress shoes, so they could have been either new or well maintained. Mr. Seinfeld was nowhere in sight. The setting was unclear; I can’t say that it was a shoe store, a men’s locker room, or any other recognizable setting. I know only that I was seated on a wooden bench which I believe was painted a dark green and that Bill Gates stood next to me, lifted one leg, and set the foot on the bench, then proceeded to tie his shoe laces. Then he left without saying a word and the dream moved on to wherever it went after that. I remember nothing else about the dream, and to my knowledge Mr. Gates appeared nowhere else within it.

  I have no desire to do any research on what kind of Fruedian analysis can be drawn from watching a billionare-CEO-turned-philanthropist from one of the world’s largest and most reviled software companies tying his shoes next to me. I’d be afraid of what I’d find. So I’ll just say it was the prescription cough syrup working its magic and go back to talking to the pink elephant and the green roast beef sandwich on either side of me. It’s a conversation about world politics and an economy built entirely around edible golf balls will solve the world’s energy crisis. It’s very enlightening. Maybe, somehow, some way, we’ll figure out exactly what makes Windows “delicious” while we’re at it. Drug-enduced hysteria is about the only way I can think of in my current semi-lucid state to make an operating system taste delicious. It makes me begin to wonder, though… what would other OSes taste like? Would Mac OS be crunchy? Would Linux be spicy? Would my Treo’s PalmOS be light in calories? I certainly hope so… I am trying to lose weight….

  

• GPF, Internet, Software, Technology

  Generating XML Sitemaps for MediaWiki

  August 22nd, 2008 (10 months, 1 week ago) by Jeff | Permalink | 3 Core Dumps

  Not long ago, I took advantage of a nifty WordPress plugin to enable XML sitemaps for the blog. For those who’ve never heard of XML sitemaps (I hadn’t for quite a while), they are little XML files in a specific format that give search engines like Google hints on how to index your site. They don’t necessarily improve your search rankings per se, but they help the search engine better decide what to index, when it was last updated, relative priorities of different pages, etc. You then throw a special line into your robots.txt file or directly submit the file to the search engine to let it know the file is available. Once the engine knows about it, it will check it periodically to optimize how the site is indexed.

  The plugin, of course, makes this ridiculously easy for WordPress. However, GPF gets orders of magnitude higher traffic than the blog does, so finding a way to generate sitemaps there would be ideal. I toyed with the idea for a while until I finally sat down, examined the sitemap specification, and figured out how to roll my own code. It now successfully runs via cron each morning and gives a pretty thorough census of what’s available on the GPF server. The problem is that the GPF site is divided into several parts that are largely autonomous and self-contained:

  • The archive, of course, is the main bread and butter.  This is what people come to see, so it is vitally important to get everything represented, especially since the archive is entirely dynamic PHP. I count the main index page as part of the archive, as it displays the latest strip.
  • The forum is self-contained because it uses a third-party application: phpBB. I decided long ago to discourage spamming by blocking search engines from indexing the forum, relying on the forum’s internal search capabilities for users who want to find things. Since search engines were being blocked anyway, I decided the forum didn’t need a sitemap; that would just be a waste of processing time.
  • The wiki, however, is slowly becoming a vital part of the site. It replaces the old cast pages and adds tons more GPF metadata in a convenient, easily searchable form. I wanted to make sure that got included too.  The GPF Wiki runs MediaWiki, the same software that powers Wikipedia.  As far as I know, MediaWiki does not include any internal mechanism for generating XML sitemaps nor are there any extensions to do so.  (I could easily be wrong, however; I’ll admit my research on this was extremely limited.)
  • Then there’s everything else. The GPF site beyond the two pre-packaged items above is completely custom-built PHP, so there’s no one to blame for that mess but myself.

  Ignoring the forum, that left me three major sub-projects for creating sitemaps. It’s easy enough to segregate these into separate files and tie them together using a “sitemap index” file, so that wasn’t a problem.  The archive would just be a formatted dump of the archive database, deriving approximate update times from the posting date. The bulk of the rest of the site could be done by stepping through the file structure of the site and taking note of every HTML or PHP file and its last modification time (conveniently ignoring certain files and directories that don’t need to be counted, like access-restricted Premium pages). And that leaves the wiki.

  I managed to come up with a decent wiki sitemap routine that I thought I’d share, just in case someone else might be interested. Of course, it’s not likely to be useful for massive wikis like Wikipedia—sitemaps are restricted to 10MB in size and 50,000 URLs—but something small like the GPF Wiki would be easy to submit and index. It was built using MediaWiki 1.12.0; I am uncertain what database changes may be needed for older or newer versions. Here’s my current process:

  I only want to index relevant pages, including category pages. The relevant database table for this is “page”. (How… convenient). Unfortunately, this table also contains things like redirects and images. Each image has its own “page” assigned to it; try clicking on an image in Wikipedia or in the GPF Wiki to see what I mean. The time stamp of the latest revision, however, is stored in the “revision” table, joined to the page table by the latest revision ID number. So a good starting bit of SQL would be:

  select p.page_title, r.rev_timestamp from page p, revision r where p.page_latest = r.rev_id and p.page_is_redirect = 0 and p.page_title not like '%.gif' and p.page_title not like '%.png' and p.page_title not like '%.jpg';

  Unfortunately, this also returns a few meta pages like the sidebar and editing pages. Before selecting, I define a look-up hash of titles I want to avoid and as I loop through the results I just skip those.

  The title, of course, is both the displayed title and the input portion of the URL that uniquely identifies the page. Thus, knowing the base URL (http://www.gpf-comics.com/wiki/) I can easily reconstruct the public URL of any article from the title. As with Wikipedia links, spaces have already been converted to underscores, but the rest of the string needs to be be URL encoded. This is easy enough, so we can quickly build the full URL as required by the XML schema.

  The time stamp is a little bit tougher. MediaWiki stores time stamps as a 14-digit number in YYYYMMDDHHMMSS format, always in UTC time. In Perl (in which almost all my crons are coded) this is easy enough to break apart and turn into a UNIX time stamp. I then output the date in W3C ISO 8601 format as required by the schema. A sample of a resulting entry would be:

  <url>
     <loc>http://www.gpf-comics.com/wiki/Nick</loc>
     <lastmod>2008-08-22T06:00:07Z</lastmod>
     <changefreq>monthly</changefreq>
     <priority>0.3</priority>
  </url>

  Change frequency and priority are purely guesses and fudges for mine. According to the sitemap specification, priorities are purely relative to other parts of the site. I rated the wiki pages as relatively low since the wiki at GPF is considered a “supporting” page and subordinate to things like the archive. As for change frequency, the sitemap specification includes a number of predefined choices (hourly, daily, weekly, monthly, etc.). Monthly was a purely off-the-cuff guess; some pages may update more or less frequently, but monthly would be a good average. It is entirely possible to rate select pages as higher priority or frequency than others, but I decided to take the easy route and rate everything the same. To apply different values, you just need to pay special attention to the title and assign a non-default value when that title crops up.

  Well, I hope someone out there might find this helpful. I’m not sure if it really helps anyone find anything at GPF, but it was a fun little exercise nonetheless.

  

• Internet, Security, Technology

  Look, Ma! I’m on Security Now!

  July 14th, 2008 (11 months, 3 weeks ago) by Jeff | Permalink | 2 Core Dumps

  I hope to post more on this when there’s more data to post, but I thought I’d throw up a quick note stating that the latest episode of the Security Now! “netcast” features a question posed by yours truly. (The best part was listening to Leo Laporte stumble over my long-winded rambling. ) The high-quality version of the show can be found at the previous link; a low-bandwidth version as well as a text-only transcript can be found at the corresponding page at GRC.com. A search in the transcript for “Darlington” will take you to the beginning of my question; in the netcast, it starts around 38 minutes, 22 seconds in. (Of course, I encourage everyone to read/listen to the entire thing.)

  For the full effect, though, you’ll also need to listen to/read the previous two non-Q&A episodes of the show, #149 and #151. (Low-bandwidth and trascriptions can be found here and here.) The entire dialog concerns the recent trend of ISPs selling out their customers to allow third-party advertisers to come in and install hardware at the ISP to facilitate tracking the ISPs’ customers’ surfing habits across sites. While the ad companies in question claim to not be recording personally identifyable information about the ISPs’ customers, the capability is there and the possibilities for abuse are enormous. It brings back many shades of the DoubleClick controversies of the late 1990s-early 2000s, only much more ominous. I provided a unqiue standpoint to the discussion: that of a Web developer hosting a site and encountering similiar mysterious “first party” cookies set for my domain but not set by me.

  The full body my question is present, but I’m not completely satisfied with the answer. Let’s just say I think Steve Gibson made an assumption about the GPF site that’s not 100% true. I’ve replied to his response with additional information. I don’t necessarily expect another response (he does, after all, have his own agenda to follow on his show), and even if he does it will likely be in episode #154, the next scheduled Q&A episode. If anyone is interested, I’ll post updates if and when this occurs. If I don’t get a response, I’ll post my response here, especially since it contains some disturbing observations about “first party” cookies that have mildly paranoid folks like me nervous. (I’d hate to see what it does to really paranoid people.)

  

• Internet, Technology, Webcomics

  ICANN get behind “gpf.comics”…

  July 1st, 2008 (1 year ago) by Jeff | Permalink | Dump Core

  So ICANN, the organization that oversees the doling out of domain names on the Internet, has approved the relaxation of the rules for top-level domains (TLDs) to allow for arbitrary TLDs for whoever has the money and technical capability to grab it. If things go according to plan, by the middle of next year you may be able to just type into your browser something like http://search.google/ rather than http://www.google.com/, or perhaps you’d rather http://drink.coke/ or http://drive.ford/ or even http://have.crazy.monkey.sex/.

  To quote virtually ever character in the Star Wars universe, I have a bad feeling about this.

  I am so sitting on the fence on this one. My initial gut reaction is this can’t be a good thing. I know far too many non-techies who are confused by Internet addressing as it is, so let’s confuse them some more by adding even more things for them to figure out. JD Fraizer over at User Friendly hit the nail on the head; anyone who has ever used Usenet is probably rolling their eyes a lot more lately. The potential for cybersquatting and trademark dilution is enormous. ICANN insists that an “objection-based mechanism” will be in place to prevent such things, but how much red tape (and legal dollars) will someone have to go through to protect their brand? Every day that a squatter sits on a domain equates to valuable time, money, and reputation that can be lost, something big corporations may be able to wait out but little guys like me can’t afford. It’s been hard enough right now for me to keep up with all the variants of gpf-comics.something out there. And let’s not get into the discussion of what “offensive” TLDs creative individuals might come up with….

  Of course, it’s not like I’m going to be registering .gpf anytime soon anyway. I suppose that’s one thing ICANN did right: to create your own TLD, you’ll need a truck load of money first. The CBC is reporting an estimated $100,000 per TLD—I have no idea if that’s Canadian dollars or not—but ICANN only says for now that “fee information is not yet available”. Ordinary domain names are dirt cheap nowadays, which is a blessing to small-time operators like me but a curse in that squatters with cash to burn can snap up thousands at a time and hold them for ransom. At least starting a new TLD will take capital, making it a serious investment. It will also be quite a technical undertaking; owning a TLD also means you have to build the infrastructure support it. So if Google were to grab .google with their pocket change, they’ll also need to pony up the hardware and bandwidth to maintain the root server. Google may be a bad example (they’ve got servers to spare, I’m sure), but for organizations not used to maintaining that kind of “big iron” it will be a significant learning curve.

  But then it occurred to me… how awesome would it be if all your favorite comics or comic-related sites could found at “something dot comics”?

  Imagine if you will that some philanthropic comics creator/reader with a hundred grand in “mad money” under his bed were to snatch up .comics and register that with ICANN. Being philanthropic, this individual would charge a minimal fee to register a domain there, just enough to cover operational costs and maybe make a modest living in the process, aggregated out to anticipated demand (of which I’m sure there’d be plenty). There would be only one additional requirement for application beyond the current standard (ethical) process: the domain must be used for a site publishing, promoting, or discussing comics in some way, shape, or form. Consideration for approval would require proof of content, such as a preview development site, previously published work, portfolios, etc.—just enough to prove the site really will be used for something comic-related. Individual titles would be encouraged to register at the root level (dilbert.comics, gpf.comics, x-men.comics) while companies would register their names (dc.comics, marvel.comics, keenspot.comics) and potentially use sub-domains for their own titles (x-men.marvel.comics). Our hypothetical philanthropic registrar would also be fair and balanced as to not let big conglomerates dominate the little guys. Disputes over domains would come down to traditional copyright and trademark resolutions, requiring proof of prior art, etc.

  Wouldn’t that be just grand?

  Of course, what will really happen will be that some big company will come along and buy up .comics with far more misanthropic intentions (and we know such an obvious TLD wouldn’t sit dormant for long). They’d either squirrel it away selfishly for promoting their own works and no one else’s, or they’ll charge such an exorbitant “premium” price for registrations that only big publishing houses like DC, Marvel, etc. will be able to afford it, shutting out the little independents and webcomics. Even if they price it fairly and keep it open, I’d bet it would get so swamped with squatters that the novelty of the whole TLD would become as diluted .info is today. Maybe it’s just that I’m pessimistic… or that I’ve been annoyed for so long that some jerk had been holding gpf-comics.org hostage for years… but I just don’t see this turning into as promising a possibility as I think it could be.

  Oh, well. I’ve been waiting for gpf.com for nearly a decade now. I guess I can just add gpf.comics to the list. Wishful thinking….

  

• Software, Technology

  WinHasher 1.3

  June 30th, 2008 (1 year ago) by Jeff | Permalink | Dump Core

  For both of you out there who care, WinHasher has now been bumped to version 1.3. The changes are very minor, so there’s no need to upgrade unless you find the following two new features useful:

  • There’s now a drop-down box to choose between hexadecimal output and Base64 (RFC 2045, although without line wrapping). I personally like using Base64 because it’s more compact than hex and more “obscure-looking”; even non-coders are familiar with hex, seeing it in error messages all the time, but are less familiar with Base64, which looks more like “random noise”. The default output is still hex, so you only need to switch modes if you really find Base64 more useful.
  • There’s now a tab in the GUI to hash arbitrary text. I added this feature because there was an extension to Firefox that I used all the time to do this—which I used frequently to generate “random-looking” passwords by hashing simpler plain text and using the hash as the “real” password—but the extension hasn’t been updated in forever and is no longer working in Firefox 3. So to keep myself from getting locked out of the accounts where I used hashed passwords, I threw this feature in WinHasher. The backbone was already there, so all that needed to be added was a GUI.  There’s also an encoding drop-down box that lets you change the text encoding if you so desire/need. To be honest, I don’t think it’s really necessary because I think .NET uses Unicode internally all the time, but it does have a nice side-effect: if you enter text in one encoding and change the encoding setting to something radically different (say you enter Western European Windows text but change the encoding to IBM EBCDIC Japanese), you’ll end up with a very different hash than you would have had if you used the “right” encoding. This isn’t encryption by any means as it could be easily reverse engineered if you knew what encodings were used, but it does significantly scramble things to the point that it makes it much harder to figure out exactly what you did.

  I had originally started adding support for HMAC signed hashes but have abandoned that for now. If there’s anyone out there who might actually find that useful, drop me a line and I’ll revisit the code to see what I might be able to add. Downloads can be found at the first link above.

  

• Baby Stuff, Technology

  Tiny Tots Pseudo-Random Character Generator

  April 3rd, 2008 (1 year, 3 months ago) by Jeff | Permalink | 1 Core Dump

  The following is a specification proposal for a new pseudo-random character generator (PRCG), tentatively called the “Tiny Tots PRCG”. This specification is to be considered open and royalty free; everyone is free to implement and extend this specification, although attribution is appreciated. It usefulness, however, may be limited and may only be of interest to cryptographic and mathematical academics or really bored parents.

  System Requirements:

  • An organic, biological processing core based on an early revision of the Homo sapien architecture, commonly referred to as a “toddler”. The processor must be upgraded from the base “infant” model, but must not have been upgraded to the “grade schooler” patch.
  • A significant amount of liquid. Water (dihydrogen oxide or hydrogen hydroxide) is highly recommended, although any fluid that will not cause damage to the processor core or the other physical components of the system may be a possible substitute. Excess liquid is not recommended as it increases the risk of permanent damage to the processor. Be aware that the original and final volumes of liquid may vary during the process due to evaporation, splashing, ingestion, and liquid waste excretion.
  • A collection of foam characters and/or digits comprising the alphabet from which random characters will be selected.
  • A entropy pool capable of containing the processor, the liquid, and the character set. Material composition is not significant so long that characters from the character set immersed in the liquid will be able to adhere to the side of the pool if placed there.

  Implementation:

  1. Fill entropy pool with liquid. Adjust temperature for optimal operating environment for processor core. (Over- or under-heating may result in processor malfunction.)
  2. Introduce character set to entropy pool. Stir vigorously.
  3. Introduce processor to entropy pool. Note that some processors function well in the entropy pool environment while others produce various errors. Performance may vary based on processor model.
  4. Optional: introduce processor-safe detergent and remove dirt and debris for the outer casing. Periodic cleaning will improve overall processor performance over time.
  5. Initiate the pseudo-random character generation process by removing one character from the entropy pool and placing it on the casing of the pool. This casing will act both as a display device and as a character array to hold the final generated value. The initial character in the array will serve as the seed value.
  6. Encourage the processor to repeat the process. Additional seed characters may be required to initiate independent processing, although be aware that a larger seed will result in less overall entropy in the final result.
  7. Allow processor to operate on the task. The removal of characters from the result array and reintroduction to the entropy pool is expected, encouraged, and pretty much unavoidable. This should improve the entropy of the final value.
  8. Continue process until the processor swaps threads for another program, begins to malfunction, or it is time for the processor’s sleep cycle. Be aware that if process swapping occurs, the processor may swap back to the PRCG task unaided. Once execution is deemed complete, extract the processor from the entropy pool and remove excess liquid. If characters remain in the pool, leave them; do not introduce them to the result array or you may taint the entropy.
  9. Secure the processor to ensure proper ongoing function. Never leave the processor unattended without placing it in hibernation mode.
  10. Once the processor is secure and you have an opportunity to return to the entropy pool, read and record the result from the character array. Be aware that characters will likely be oriented in unconventional and non-standard notation. Pick one corner of the display device and read the values in an organized fashion. For example, pick the upper left corner and read the characters left to right, returning to the left at the end of a row and repeating with the next row. Continue until all characters are read from the array. Ignore any characters that remain in the pool.
  11. Store the result for later use.

  Caveats, Limitations, and Additional Notes:

  • The processor has a limited lifespan during which the pseudo-random functionality is optimal. It must have been upgraded sufficiently to execute crude motor skills, but not so far as to initiate higher pattern recognition skills such as character recognition, color matching, etc. that may taint the randomness of the result (i.e. an upgraded processor may inherently group characters of the same color).
  • Most foam character sets have limited unique character values, such as the standard English alphabet or Arabic digits (0-9). Many times these characters sets only contain a single entry per character, eliminating the possibility of repeat characters in the final sequence and reducing the overall entropy of the result. Introducing additional character sets may increase entropy but may overwhelm the processor.
  • Some foam character sets come with additional non-standard glyphs, often in the shape of iconic characters from animated television series. Before initiating the pseudo-random generation process, map standard characters, digits, symbols for the non-standard glyphs (Spongebob = asterisk, Patrick = pound hash, etc.).
  • Sequence generation by this process is inherently slow and is likely not practical for everyday use. However, it does make for an entertaining thought exercise and will likely prove entertaining to owner/operators of the processor.

  

« Previous Entries

About

Jeffrey T. Darlington is the creator of the popular online comic strip General Protection Fault. He is also the creator of a number of other inconsequential things, but seeing as they are inconsequential, he didn't think you should be bothered by mentioning them. More...

Search

Capitalism

Recent

• Introducing Writing & the Recycle Bin
• Weekly Twitter Updates for 2009-06-27
• Weekly Twitter Updates for 2009-06-20
• Blog Server Upgraded
• Weekly Twitter Updates for 2009-06-13

Tag Cloud

GPF Twitter humor Security TWiT podcast .NET server Linux WordPress meta WinHasher Software schedule Microsoft Apache Technology virtual machine mod_rewrite Security Now Steve Gibson cookie Wii Webcomics Fedora PHP hard drive Doctor Who advertising Help Desk Star Trek blog anniversary DoubleClick gifts comments To Thine Own Self Christmas Windows maquettes sculptures PayPal fans VMware virtualization