Wednesday, February 02, 2000
A load of Microsoft
Some random Microsoft links from Mark. Read and enjoy.
Not a load of Microsoft
And some more random (non-Microsoft) links from Mark.
Spam spam spam spam!
I'm checking my email when I come across this:
From: <promotion_ideas@email.com>
To: Sean Conner
Date: Wed, 2 Feb 2000 13:45:01
Subject: Sean, your website…This message is for Sean Conner
Ft. Lauderdale Sun-SentinelHi Sean,
My first thought is Holy Cow! The Sun Sentinel wants to do a story on my site! And they even spelled my name right!
In my excitement I skip a crucial paragraph and pick up here:
While visiting your site I noticed your web pages could use a few simple adjustments to make them easier to find on the search engines. I also noticed your page layout and customer navigation could be optimized to increase customer responsiveness.
Okay, now I know something is wrong. My pages are already easy to find on the search engines. Heck, they're the only agents coming to my website with any regularity and any searches on “Sean Conner” or “Captain Napalm” usually bring back links to my website on the first or second page (at worse). Now, what was that paragraph I missed?
I am writing to you because you are listed as the site administrator at www.sunsent.com and I have some information that should be of interest to you.
What the … ? News to me. Quick check at Network Solutions:
Registrant:
Ft. Lauderdale Sun-Sentinel (SUNSENT-DOM)
200 East Las Olas Blvd
Fort Lauderdale, FL 33301
Domain Name: SUNSENT.COM
Administrative Contact:
Meiners, Michael (MM130) meiners@SUNSENT.COM
(305) 356-4744
Technical Contact, Zone Contact:
Conner, Sean (SC47) spc@armigeron.com
(407) 395-6655
Record last updated on 16-Dec-1996.
Record created on 16-Mar-1994.
Database last updated on 2-Feb-2000 03:18:36 EST.
Domain servers in listed order:
NS.GATE.NET 199.227.0.9
NWFOCUS.WA.COM 192.135.191.3
Ah, now it's clear. Spam.
I was most likely still working at CyberGate when this was registered. At the time, I was Head Sysadmin, Head Programmer, Head Technical Support and Chief Bottle Washer (I left shortly thereafter, that being my first real experience with the whole net.slave thang). The records never got updated.
And I know the email was spam because the site doesn't exist anymore.
Friday, February 02, 2001
Outage, Part III
I put the program I wrote on Mark's network to monitor it for a few days. From the log file it looks like he has a nice reliable connection.
More on this as it develops …
Saturday, February 02, 2002
Groundhog day
Yup, it's that time of year again, when Ashcroft pops out of his hole and if he sees his shadow we'll have six more weeks of terrorism.
More cheese than ham
We should have gone to the International Map Fair instead. If anything, this year's Miami HAMFest was smaller and less thrilling than last year and that's saying something!
Outside the world of PCs, there were very few Macs for sale (one, a Mac laptop, didn't work) and a Sun SPARCStation 2 (but for $100, no thank you). Even worse, we only saw two (2!) PS/2 keyboards, and only one for sale seperately from a computer and even then, it had key caps missing (Mark picked that one up).
The only interesting things I picked up this year were a slide ruler and a 24-hour analog clock for the Computer Room.
Overall, a very disappointing year
Sunday, February 02, 2003
Not quite war driving
On Friday, through the generousity of a friend I was able to obtain an IBM ThinkPad laptop
that is, sadly, more powerful than my main desktop system (more
RAM, better CPU). I've spent the past two
days compiling and installing software (of course it's a Linux box) which
includes software to monitor wireless network activity.
Using Kismet to scan for WAPs (which seems to be very good software as it can also monitor a GPS to record the location of each WAP) I then took the laptop for a test by walking through the parking lot.
From previous experience I knew there were at least two other WAPs (excluding ours) in the imediate area but little did I expect five other WAPs just in the area around the parking lot here in the Facility in the Middle of Nowhere (near the number of access points we found by driving). I'm also amazed at the distance the signal can travel—I picked up our WAP halfway across the parking lot (a couple of buildings down), along with our neighbors (one of the two I originally picked up).
Wednesday, February 02, 2005
Whirr.
Over the past few days there's been this almost near constant whirring noise in the office. It sounds like it's just on the other side of my cubicle with that neat Zen-like emptiness to it (and yes, it still has that neat Zen-like emptiness to it, dispite sharing it with a new tech support person).
Whirr. Whirr.
Finally, curiousity got the better of me, and I decided to track down the source of the whirring.
Whirr. Whirr.
The person on the other side of my cubicle with that neat Zen-like emptiness to it has what looks like a very short cattle prod but is instead a massage unit that is currently in use.
Whirr. Whirr.
Okay.
Whirr. Whirr.
Back to work.
Whirr. Whirr.
At least it has a beat you can dance to.
Oh, it stopped.
URLs, Identity, Authentication and Trust
The other day I mentioned LID and the problems I saw with the URLs they were using as part of the processing. I wrote to Johannes Ernst, who is the principle architect of LID about the problem and after an exchange, I wrote the following, which explains part of the problem:
To: Johannes Ernst < XXXXXXXXXXXXXXXXX>
From: <sean@conman.org>
Subject: Re: Question about the code for LID
Date: Wed, 2 Feb 2005 21:56:15 -0500 (EST)
It was thus said that the Great Johannes Ernst once stated:
Good catch. I recall we had a discussion on that and couldn't quite figure out which way was the right way …
If you are trying to send parameters both as part of the URL and with a
POST, the URL should be of the form:
http://lid.netmesh.org/liddemouser/;xpath=...;action=...You seem to be the person to ask: where is it defined that URL parameters and POST parameters in combination should be used that way? I recall we looked and couldn't find anything, but maybe you would know?
Well, I've checked RFC-1808, RFC-2396 and RFC-3986, and as I interpret these, the general scheme of a URL is (and skipping the definitions of parts not germain to this—stuff in [] is optional, “*” means 0 or more, “+” is 1 or more, parenthesis denote groupings, etc):
<url> ::= <scheme> ':' [<net>] [<path>] ['?' <query>] ['#' <fragment>] <net> ::= '//' [<userinfo> '@'] <host> [ ':' <port> ] <path> ::= <segment> *( '/' <segment> ) <segment> ::= *<character> *( ';' *<param> ) <param> ::= *<character> <query> ::= *<character>No structure is defined for <param> or <query> in the RFCs. By convention, the <query> portion is defined as:
<query> ::= <namevalue> *( '&' <namevalue> ) <namevalue> ::= +<qchar> '=' *<qchar> <qchar> ::= <unreserved> | <escape> <unreserved> ::= <alpha> | <digit> | "$" | "-" | "_" | "." | "+" | "!" | "*" | "'" | "(" | ")" | "," <escape> ::= '%' <hexdigit> <hexdigit>(there are also some restrictions on what can appear in a <segment> and <param>, but those are covered in the various RFCs, but note that the semicolon needs to be escaped in the query string, fancy that!)
The upshot is that you can have a URL of the form:
http://www.example.net/path;1/to;type=b/file.ext;v4.4?foo=a&bar=b(note)(note—when giving a URL in an HTML document, the '&' needs to be escaped to pass HTML validation)
where the parameters “;1”, “type=b” and “v4.4” apply to “path”, “to” and “file.ext” respectively (according to RFCs 2396 and 3986—as I read RFC-1808 it says that the <param> can only appear once, and that at the end of the <path> portion—but given that RFCs 2396 and 3986 are newer, I'll take those as correct).
Now, how this all relates to LID?
It's not pretty I'm afraid.
Apache doesn't parse the path params correctly [as I found out today in playing around with this stuff –Sean]—or to be more precise, it doesn't parse them at all and passes them directly through to the filesystem. So while what you have is a decent workaround, it will probably only work for the perl
CGI::module; I can't say for any CGI modules in other languages (and I know the one I wrote would have to be modified to support LID URLs).I haven't had time to really look through the LID code to see all what it does, but as I have time, I'll do that. But feel free to keep asking questions—I'd like to help.
Basically, what they're trying to do is pass parameters as part of the
URL, as well as pass
parameters as part of a form (primarily using the POST method
for certain actions). And what they're trying to do isn't so much illegal
(in the “this type of stuff is not allowed in the protocol” sense) as it
is unspecified. I created a simple test page of forms with various
combinations of path parameters and query parameters using both
GET and POST methods to see what information is
passed through Apache to the simple script I was referencing. The results
are mixed:
| Method | Script URL | Paramters obtained from URL | Paramters obtained from <FORM> |
|---|---|---|---|
| Method | Script URL | Paramters obtained from URL | Paramters obtained from <FORM> |
GET |
script.cgi;n1=v1;n2=v2 | Requested URL script.cgi;n1=v1;n2=v2 was not found on this server |
|
GET |
script.cgi/;n1=v1;n2=v2 | YES, in $PATH_INFO as “/;n1=v1;n2=v2” |
YES |
GET |
script.cgi?n1=v1;n2=v2 | NO | YES |
GET |
script.cgi/?n1=v1;n2=v2 | NO | YES |
GET |
script?n1=v1&n2=v2 | NO | YES |
POST |
script.cgi;n1=v2;n2=v2 | Requested URL script.cgi;n1=v1;n2=v2 was not found on this server | |
POST |
script.cgi/;n1=v1;n2=v2 | YES, in $PATH_INFO as “/;n1=v1;n2=v2” |
YES |
POST |
script.cgi?n1=v1;n2=v2 | YES, in $QUERY_STRING as “n1=v1;n2=v2” |
YES |
POST |
script.cgi/?n1=v1;n2=v2 | YES, in $REQUEST_URI as “script.cgi/?n1=v1;n2=v2” |
YES |
POST |
script.cgi?n1=v1&n2=v2 | YES | YES |
I'm beginning to think that the way LID works is about the only way for it to realistically work across webservers, seeing how path parameters are rarely used and that mixing parameters from the URL and <FORM> is unspecified for the most part.
Lovely.
Thursday, February 02, 2006
Brick walls
Well, I was going to enable the new feature but three things got in the way:
Last month there was a security audit run against a server belonging to one of our customers. Over the past month I harded up the DNS servers and the router and the only thing left was to harden the server itself. And at this point, it was easier to just set up a new server.
So this past week that's what we've been doing. Tuesday the machine was put together. Yesterday the base operating system was installed. And since I just know we'll be doing the “Update Dance” once this thing gets certified (despite of what Smirk thinks—any bug in any of the services will require an automatic update immediately) I decided to install the critical services (Apache, PHP, OpenSSH) from source just to avoid having to rely upon the vendor. That way, I can just download the latest tarball,
./configure ; make ; make install(which I find easier) than the whole “package manager” crap (“Oooh, sorry. You forgot to upgrade your package manager for a whole week and we've moved the repository—sorry! Oh, and we're no longer supporting that version of the distribution anyway so you're doubly screwed! Sorry.”)It was going along fine until PHP and Ravencore (yes, a control panel). PHP because the braindead
make installinstalled the PHP modules in the oh-so-intuitive location of/usr/lib/20020429/instead of something semi-sane like/usr/local/lib/php-thisweeksversion/modules/, and Ravencore because they only release code in RPM and because it breaks if you change the PHP configuration file after Ravencore itself been installed (because you just realized that PHP installed the PHP modules in/usr/lib/20020429/but it never complained about them being missing and the default PHP configuration file doesn't bother to even include the PHP modules).That's all I'm going to say about that!
I wanted to write to Google explaining my concerns over thier AdSense program and how their ad selection can't deal with my general purpose (read: “horribly unfocused”) blog and how I'm thinking of no longer displaying ads.
I don't want to drop out of the program entirely, in the hopes they change how it works just slightly. The feature I added (and more on that in a bit) won't be of use with AdSense, but it will be with some other advertising programs (and frankly, I'm surprised this feature hasn't been implemented before—perhaps it has and I haven't come across it, but I suspect that isn't the case).
I wanted to write to Google first, before revealing the feature, and in the process of writing the email, I came across—
A show stopping bug!
Sigh.
And I haven't figured out what triggers it. Oh, it's defintely related to the new feature, and it causes core dumps (a seriously hard crash) and/or infinite loops which causes the server load to increase. Good news is I found a rash of entries that trigger the bug; I just haven't had a chance to figure out what exactly is going on.
So it may be another day or so before I can go ahead and use this feature.
Friday, February 02, 2007
Pardon the dust
The former hosting company, the one where I'm employed as a consultant (you know, the company whose servers kept getting hacked) is currently in flux.
On top of that, a few months ago one of the servers died a horrible death, and that meant having to use the backup server (which does the backups) as a production server. I disabled all logins to that server, since it has unrestricted access to the other servers (well, server, and it's the other server that hosted my websites) but R said that the gambling company wanted login access to begin the process of site migration.
Not wanting my sites at the mercy of such unrestricted access, I felt it prudent to find alternative hosting pretty darn quick.
Like, oh … today.
Smirk was kind enough to give me hosting space, and in less than five minutes I had my own virtual server to play with.
Neat.
It's been many hours, but all but one of my sites has been moved (The Electric King James Bible is proving to be a bit difficult to move, owing to the custom Apache 1.3 module that drives it, whereas the new server is running Apache 2.0—some porting is now required).
Now it's Miller DiceWars time.
Saturday, February 02, 2008
I guess 36,500,000 days in Punxsutawney could drive one a bit batty
Odd Trivia Fact of the Day: Bill Murray experienced Groundhog Day continuously for at least four years, quite possibly ten years, and maybe even longer.
Visual notes from a South Florida Fair
We spent the day celebrating six more weeks of this sweltering winter weather at the 2008 South Florida Fair.
![[Lots of food, rides and people]](/2008/02/02/south.florida.fair.jpg "Lots of food, rides and people")
![[Coming around the bend it's Making Bacon in the lead …]](/2008/02/02/pig.race.jpg "Coming around the bend it's Making Bacon in the lead …")
One note about the pig race—in the minutes before First Call, they were playing what I would swear is country-industrial music. Very weird.
![[Do de do de do]](/2008/02/02/mosey.jpg "Do de do de do")
![[Figures]](/2008/02/02/poultry.jpg "Figures")
![[These guys had their own portable A/C unit nearby]](/2008/02/02/moo.jpg "These guys had their own portable A/C unit nearby")
![[Drats! There goes my plans on getting rich!]](/2008/02/02/do.not.ride.jpg "Drats! There goes my plans on getting rich!")
![[But it was sure a pretty ride!]](/2008/02/02/ride.jpg "But it was sure a pretty ride!")
Notes on a conversation with The Monopolistic Phone Company Technical Support Help Line
“The Monopolistic Telephone Company Technical Support. How may I help you?”
“I need to configure my DSL modem.”
“Okay, what type of modem do you have? Is it a Linksys? A Westell?”
“Zoom.”
“Okay, just read it off the unit.”
“Zoom.”
“What?”
“Zoom. It's a Zoom.”
“We sent you one of those?”
“No, it's one I already own.”
“Why did you get one of those?”
“Because my two previous DSL providers used it.”
“Oh.”
“Yes.”
“Okay then. What type of Windows do you have?”
“Linux.”
“Um … ”
“Linux.”
“Linux?”
“Linux.”
“Sigh.”
Thursday, February 02, 2012
99 ways to program a hex, Part 25: C♯
Jeff Cuscutis sent in a version written in C♯ (C-sharp, in case you don't have a font with the sharp symbol). He assured me the code works, but I can't test it as I don't use Microsoft Windows; nor have I installed Mono, as I don't really have a need to interoperate with the Microsoft Windows environment (at home, or at The Corporation).
// *************************************************************************
//
// Copyright 2012 by Jeff Cuscutis. All Rights Reserved.
//
// This program is free software; you can redistribute it and/or
// modify it under the terms of the GNU General Public License
// as published by the Free Software Foundation; either version 2
// of the License, or (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with this program; if not, write to the Free Software
// Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
//
// Comments, questions and criticisms can be sent to: sean@conman.org
//
// ***********************************************************************
// C#
using System;
using System.IO;
using System.Text;
namespace Hex
{
class Program
{
static void Main(string[] args)
{
if (args.Length == 0)
{
DoDump(Console.In, Console.Out);
}
else
{
foreach (var fileName in args)
{
try
{
using (var file = new FileStream(fileName, FileMode.Open, FileAccess.Read))
{
TextReader tr = new StreamReader(file, Encoding.ASCII);
Console.Out.WriteLine("-----{0}-----",fileName);
DoDump(tr, Console.Out);
file.Close();
}
}
catch (Exception e)
{
Console.Error.WriteLine(e.Message);
}
}
}
}
static void DoDump(TextReader inFile, TextWriter outFile)
{
const int blockLength = 16;
int actuallyRead;
var buf = new char[blockLength];
var offset = 0;
while ((actuallyRead = inFile.Read(buf, 0, blockLength)) > 0)
{
var display = new char[blockLength+1];
outFile.Write("{0:X8} ",offset);
var j = 0;
do
{
outFile.Write("{0:X2} ", (byte)buf[j]);
if (!char.IsControl(buf[j]))
display[j] = buf[j];
else
display[j] = '.';
offset++;
j++;
actuallyRead--;
} while ((j < blockLength) && (actuallyRead > 0));
display[blockLength] = '\0';
if (j < blockLength)
for (var i = j; i < blockLength; i++) outFile.Write(" ");
outFile.WriteLine(display);
outFile.Flush();
}
}
}
}
About the only question I have about this version is that it appears to open the input file in text mode, and the hex dump program should work on any type of file, text or binary.
Saturday, February 02, 2013
Groundhog Day
Ah, Groundhog Day, the day when a large squirrel pops up and if it sees its shadow, we'll have six more weeks of winter, or, if you are Phil Connors, 34 years of purgatory.
Monday, February 02, 2015
The smallest chess program ever written
Thirty-two years ago, David Horne wrote a chess program for the ZX-81. It didn't play a great game of chess, and you can't castle, capture en passant nor promote a pawn, but it did have one redeeming feature that set it above every other chess program—it took less than 1K of space! The program, in its entirety, is only 672 bytes in size.
But there's a new contender for the smallest chess game (and the same limitations—no castling, no en passant, no promotion) with BootChess, which is an incredible 487 bytes in size!
Even a program of a single instruction can have bugs
The previous entry reminded of the following computer joke:
Every program has at least one bug and can be shortened by at least one instruction—from which, by induction, one can deduce that every program can be reduced to one instruction which doesn't work.
Only it's not a joke—it really happened!
Tuesday, February 02, 2016
Shatner's World
I must say, William Shatner certainly put on a show. Over the span of two hours (which didn't feel at all like two hours) he regaled the audience with stories of his life (and make no mistake—this is his show, all about things Shatner), how he started in theater (and why … he does … those … dramatic pauses in … his speech!) moved into film and television, his dealing with death (his father, a beloved horse, his third wife) and of course, his “singing” career. He did “sing” “Real,” but did not “sing” “Space Oddity,” “Major Tom (Coming Home)” or most regrettably—perhaps mercifully depending upon your view, “Rocket Man.”
Other than not “singing” some of his more notorious “songs” it was fun. And you never got the idea he's 84. Eighty-four! And surprisingly, the auditorium wasn't even all that full. I mean, Shatner! How can you not like him? Unless you're George Takei that is.
Thursday, February 02, 2017
It only takes 33 bits of information to identify a single person in the world
Speaking of FaceGoogleMyBookPlusSpace, this was quoted in one of the comments on Flutterby:
The surest way to discourage conversations is to enable likes/favorites and retweets/reblogs. These inarticulate gestures barely qualify as social. They are literally the least amount of social interaction you can have with someone. Press a button, done. Much social, wow. They are the form letters of social networks. No personal response is required. To whom it may concern: click. I would've traded one hundred likes for one person taking the small amount of time and effort to personally reply with "I like your tweet." When my tweets got likes but no replies, it was still a very empty experience for me. It still felt like I was tweeting into the void.
While “likes” might be socially meaningless, they might also be quite dangerous as highlighted here:
Kosinski and his team tirelessly refined their models. In 2012, Kosinski proved that on the basis of an average of 68 Facebook "likes" by a user, it was possible to predict their skin color (with 95 percent accuracy), their sexual orientation (88 percent accuracy), and their affiliation to the Democratic or Republican party (85 percent). But it didn't stop there. Intelligence, religious affiliation, as well as alcohol, cigarette and drug use, could all be determined. From the data it was even possible to deduce whether someone's parents were divorced.
The strength of their modeling was illustrated by how well it could predict a subject's answers. Kosinski continued to work on the models incessantly: before long, he was able to evaluate a person better than the average work colleague, merely on the basis of ten Facebook "likes." Seventy "likes" were enough to outdo what a person's friends knew, 150 what their parents knew, and 300 "likes" what their partner knew. More "likes" could even surpass what a person thought they knew about themselves.
Oh, and those online quizes that often show up on FaceGoogleMyBookPlusSpace? Yeah, they work just like “likes” in pinning you down (as described in the “World Upside Down” article).
I'm just saying …
![[It's the most wonderful time of the year!]](https://www.conman.org/people/spc/about/2018/1212.t.jpg "It's the most wonderful time of the year!")