Miscellaneous Links

Here are a few miscellaneous interesting links. I don't agree with everything in every link, but I often learn about interesting pages, and this page links to those other interesting pages.

Far too many programs have a horrendous user interface; I'd like to see more programs pay more attention to usability. This is a problem for both proprietary and OSS/FS programs. User Interface Design for Programmers by Joel Spolsky is a very good description about user interface design. Improving Usability: Principles and Steps for Better Software by Seth Nickell is interesting too. The Nielsen Norman Group has an extensive list of usability reports, user research, and design guidelines. Interestingly enough, useability guidelines are actually very stable (probably because humans don't change much, even though the technology does); about 90% of usability guidelines from a 1986 Air Force report are still valid; several guidelines (about 20%) are less important because they relate to design elements that are rarely used today, but that still leaves about 70% that are valid and relevant around 20 years later. In the OSS/FS world, The Luxury of Ignorance: An Open-Source Horror Story (Eric S. Raymond) is an example of what can go wrong; here's the follow-up, and here's an interesting article on usability by Havoc Pennington. OpenUsability.org is a site on OSS/FS usability. I'm told that "The Inmates are Running the Asylum" is good too. Here are some specific user interface guidelines:

  1. GNOME's Human Interface Guidelines (HIG) (version 2.0 is here)
  2. KDE User Interface Guidelines
  3. The Apple Human Interface Guidelines
  4. Microsoft Windows Official Guidelines for User Interface Developers and Designers

Cluetrain Manefesto.

Free Web Pages.

OpenPKG (packaging system, extends RPM). Interview with Con Kolivas, a practicing doctor who managed to develop a useful kernel benchmarking system (showing that non-programmers can seriously contribute).

Al Viro's description of recovering a seriously hosed Linux system

Unix Code Migration Guide by Larry Twork et al was developed by Microsoft Corporation, and is intended to help developers move from Unix-like systems to Windows systems. However, Wine developers have found that it's also helpful when converting Windows programs into Unix-like programs.

MacOS X tips for Unix geeks

Slashdot discussion of U.S. government development of GPL vs. BSD software

Sweetcode reports on innovative programs; many are interesting, a few are goofy. For example of the latter, see Evil Finder - it creates (silly) numerological proofs of evil.

There are lots of ways to vote (say, for public office or a group decision) where there must be a single winner. The traditional, most widely used, and simplistic approach is when each person votes once for a single choice, and the choice with the largest count wins. This is called plurality voting. The problem is that if there are more than 2 choices, this can product undesirable results (Duverger's law asserts there can only be two parties with plurality voting). For example, a party split can mean that the choice least liked is the one selected! For many circumstances, more sophisticated voting methods can represent far more accurately the will of a group. It can't be perfect; around 1950, Stanford economist Kenneth J. Arrow proved that a completely ideal election method can't exist. The proof is called Arrow's Theorem, and he won the Bank of Sweden Prize (the "Nobel prize in Economics") for the proof. However, although the Arrow theorem is an important theoretical result, Arrow's definition of an ideal voting mechanism is extremely restrictive; less restrictive criteria that are very desirable can be satisfied. Thus, various voting schemes are far better than simplistic alternatives when there are 3 or more options, even though they can't achieve a theoretical perfection. There's lots of information on various voting mechanisms; Electorama links to voting methods. After reading the literature, I think there are basically two especially useful methods: approval voting and Condorcet-based voting schemes.

There are other systems, but they're really not as good. instant runoff voting is relatively simple to explain, but instant runoff has many of the same flaws as the traditional approach. There's another system called Borda counting, but Borda has significant problems with "tactical voting" -- it can encourage insincere voting -- and in some cases Borda counting can fail to elect a candidate selected by a majority as their favorite. Basically, I don't think Borda is a good choice at all. Basically, you shouldn't use instant runoff or Borda; use approval voting or Condorcet systems instead. This technical evaluation of voting methods is very enlightening. I'm looking forward to seeing more Condorcet-based systems; they're currently rare, but they have a lot of advantages in accurately capturing the will of a people.

To Build a Better Ballot shows various voting system options - with interactivity!

News about geeks getting political

"Rock, Paper, Scissors" describes how we used to vote - and why secret ballots (by the public) eventually gained hold.

The law of copyright is valuable, but it currently lacks balance. Phyllis Schlafly's article "Copyright extremists shouldn't control information" One study of copyright found that the mathematically optimum length of copyright is 14 years. And there's an epidemic of copyfraud - fraudulently claiming copyright (there are even people fraudulently claiming copyright over Shakespere's work!). The Center for the Study of the Public Domain has put out Tales from the Public Domain: BOUND BY LAW? -- a comic book that manages explain copyright, and its issues, in a far clearer manner than many dry textbooks. A Fair(y) Use Tale is a video made entirely out of clips of Disney movies, as a way of exposing the nonsense of some of Disney's claims. The Computer and Communications Industry Association (CCIA), a trade group representing Google, Microsoft, Yahoo, etc., has issued a report on fair use; it found that fair use exceptions add more than $4.5 trillion in revenue to the U.S. economy and add more value to the U.S. economy than copyright industries contribute. Cory Doctorow comments about copyright. 750,000 lost jobs? The dodgy digits behind the war on piracy "Were we smarter 100 years ago..?" from PublicDomain.org argues that "100 years ago we were smarter about copyright, about disruptive technologies, about intellectual property, monopolies and network effects than we are today". One small ray of hope is the Righthaven vs. Democratic Underground — companies had been trying to get separate attack dogs to sue those who used material under fair use, while keeping themselves out of the justice system. The Righthaven ruling shows that if you have a problem, you have to show up in court and justify your claims yourself. But that doesn't deal with the fundamental problems.

A matter of trust - a very nasty flaw in Microsoft Windows has Microsoft suggesting not to trust Microsoft. Also, it notes that "Microsoft revealed for the first time that desktop Windows makes a profit margin of more than 85 percent. To put this in personal terms, for every dollar you spent licensing the OS last year, Microsoft spent less than 15 cents on all Windows packaging, marketing, and, oh yeah, improving the product."

There are some interesting pages available on cross-platform GUI toolkits, including this list at atai.org This Slashdot comment, One thing that everyone agreed on was that you should look at wxWindows if you're doing it. Mozilla XUL should be examined too.

If your GUI needs are very simple (e.g., you don't need full event-driven development), there are some nice toolkits that can make it easy. Zenity (for bash) and easygui (for Python, see this article) are two approaches. For more sophisticated needs, glade (possibly combined with autoglade) can help.

Programming cross-platform GUI applications, and the simple "dialog" options don't work? There are many options, which can be grouped on the basic toolkit or language. Many people are moving away from using GUI builders that generate code; instead, people use GUI builders to build data structures and call-outs, and then create a very small program that loads the GUI builder's data structures (this simplifies changing things). Here's some info I found:

  1. wxWidgets: This is the cross-platform GUI library I hear the most about. It's implemented in C++, but the wxPython interface lets you use Python (which is much simpler). For wxWidgets form-building, there's wxFormBuilder and wxGlade. This page provides "HelloWorld" for Python + wxFormBuilder + wxWidgets. Here's more about wxPython + XRC (XML Resource). If you want a full IDE that supports wxPython, PythonCard and spe do that (and there are yummable Fedora packages). PythonCard says that it is "for you if you want to develop graphical applications quickly and easily with a minimum of effort and coding." There's also Boa Constructor, which supports wxPython, but no Fedora package.
  2. GTK+: In the GTK+ world, Libglade to GtkBuilder F.A.Q. explains that libglade is getting replaced by gtkbuilder. Basically, libglade's dynamic loading capability is getting moved into GTK+ itself as GtkBuilder, and some cleanup was done for the transition. Glade will generate gtkbuilder XML directly, but in the meantime, you need to run a converter program (not a big deal). Here's a GTK+ and Glade tutorial.
  3. Java: Java has some extra decisions. For Java-native interfaces you can choose Swing (reference GUI for J2SE) or Standard Widget Toolkit (SWT), developed by IBM as part of Eclipse. There's also the older AWT. Here is developer.com's comparison of SWT and Swing, and IBM developerWorks' article on SWT, Swing, and AWT. SWT tries to be close to the native platform; Swing tries to abstract away from it. AWT is much older; it's a simple toolkit with limited capabilities, but it does have the advantage of stability.
  4. Qt: "Qt Jambi" is an interface to Qt for Java. Qt has had licensing issues in the far past, but it's now released under the LGPL which I think should be great for everyone. Qt is implemented in C++ with several non-standard extensions, an implementation approach I don't like, but there are certainly many happy developers.

The Wikipedia is developing an entire open content Encyclopedia (and a related dictionary, too) by intentionally working to form a community to build it. This is a very intriguing project. Critical decisions that have enabled them to form this community are the Wiki approach (where anyone can edit anything), a neutral point of view, and the GNU Free Documentation License (GFDL) which ensures that the resulting text is available for any purpose in perpetuity. The entire encyclopedia database can be downloaded, too. Some interesting Wikipedia statistics are available. There are problems when you start using Wikipedia, though....

A Group Is Its Own Worst Enemy is an excellent piece about how groups are different than individuals, and what software that supports groups needs to consider. The OpenSuSE code of conduct references it.

Interesting paper: Creation Myths: Does innovation require intellectual property rights? By Douglas Clement

IPv4 is running out of address space - here's a map of the used IPv4 space.

Here's a great review of the Konami Combat DigiQ remote controlled tanks - I want a pair!

For an up-to-date high-level view of attacks and vulnerabilities, you might want to look at Qualsys Vulnerability RV10 (Real-Time Top Ten Vulnerabilities). RV10 is a dynamic list of the ten most critical and prevalent security vulnerabilities, updated automatically and continuously from a sample of a few thousand networks. The Internet Storm Center tracks which ports are most attacked, and divides attacks by geographic regions.

A history of Murphy's law.

Some projects appear to be impossible, such as solving "NP-complete" problems for a large number of items ("large n"). In contrast, some projects are possible - but unaffordable. Since the late 1980s, I and some co-workers have had a phrase for unaffordable projects: "GNP-complete" problems. They're solvable, but they require a country's entire Gross National Product to solve. Thankfully, many GNP-complete problems can be reduced or simplified so they become affordable, and there's always hope for a breakthrough.

An excellent way to take over a democracy is take control of its voting system. Stuffing ballot boxes isn't new, but now we have a high-tech way to control every ballot box in a country: electronic voting machines. Stuffing physical ballot boxes requires a lot of dangerous work and is hard to to do undetected; changing an electronic value to a "desirable" value can be done by one person in microseconds. And given some of today's unverifiable electronic voting systems, it's impossible to detect that someone has stolen the elections. I'm very concerned about unverifiable electronic voting systems, especially since the manufacturer's leaders appear quite partisan. On November 9, 2003, Boone County received 144,000 votes cast from a pool less than 19,000 from a MicroVote system. They say they found the new numbers - but why are those trustworthy? Independent analysis of Diebold found numerous problems, and internal memos had a number of scary statements. Scott Granneman's "Electronic Voting Debacle" documents many of the concerns. These unverifiable systems are also called "Direct-Recording Electronic (DRE) systems", because they record vote results directly into an electronic system (with no possibility of independent verification or real trustworthiness). Security Analysis of the Diebold AccuVote-TS Voting Machine by Ariel J. Feldman, J. Alex Halderman, and Edward W. Felten did a fully independent security study of a Diebold AccuVote-TS voting machine, and proved that it is very vulnerable to extremely serious attacks. Computer security expert Harri Hursti revealed serious security vulnerabilities in Diebold's software, ones that Michael Shamos (a computer scientist and voting system examiner in Pennsylvania) described as "the most severe security flaw ever discovered in a voting system." Diebold included a "back door" in its software, allowing anyone to change or modify the software, and there are no technical safeguards in place to ensure that only authorized people can make changes. A malicious individual with access to a voting machine could rig the software without being detected. A report on the Nedap/Groenendaal ES3B voting computer found that anyone given brief access to the machine can gain complete and virtually undetectable control over election results - and how radio emanations from an unmodified ES3B can tell who voted what from several meters away. Diebold / Premier Election Systems got mocked in xkcd, and Bruce Schneier had a simple comment on xkcd's analysis: "Absolutely correct".

HBO's "Hacking Democracy" ( "Hacking Democracy" summary here) is a documentary that helps explain the issue to the non-technical. For a silly view, "The Onion" has spoof story about a voting machine winning the 2008 presidential election. The Ink Tank also makes fun of electronic voting machines.

There's a solution, and that's verified voting - see the verified voting site. The Verified Voting Foundation advocates the use of voter-verified paper ballots (VVPBs) for all elections (so voters can inspect individual permanent records of their ballots before they are cast and so meaningful recounts may be conducted), insists that electronic voting equipment and software be open to public scrutiny, and that random, surprise recounts be conducted on a regular basis to audit election equipment. I would add three things: (1) there must be separate voting stations and ballot readers, where the ballot reader totals are the only official votes (this prevents a collusion by the voting station), and (2) there should a standard paper ballot format; this makes it possible to have independent recounts using equipment from different manufacturers, as well as making it possible to mix-and-match vendor equipment (lowering costs for everyone); (3) there should a standard electronic formats for defining elections and producing results, again to make it possible to dramatically reduce costs by enabling mixing and matching of equipment. The Open Voting Consortium (OVC) is a non-profit organization dedicated to the development, maintenance, and delivery of open voting systems for use in public elections. OVC is developing a reference version of free voting software to run on very inexpensive PC hardware, which produces voter-verifiable paper ballots. Another relevant system is the Open-Vote Foundation; they maintain an OSS/FS program that's already been used for national elections in Australia (under the name eVACS), and they plan to add a voter verified receipt (a critical need). Another interesting article is Bruce Schneier's "The Problem with Electronic Voting Machines" Building a Better Voting Machine (Wired, Oct 18, 2006) has some great suggestions. This article (among many) recommends open source software for voting systems. Indeed, in 2008 California Secretary of State Debra Bowen argued that open source software can help fix some of the flaws in electronic voting systems. A 2008 e-Voting Wrapup with Dr. Barbara Simons notes that OSS voting systems is no panacea - which is absolutely true, but that doesn't mean it's not worth considering. The current shameful system - where counting is done by unaccountable, unreviewable machines - is the kind of system that Stalin would have created.

It's pretty scary that the U.S. protects voting for academy award winners more than voting for U.S. president. David Carr's January 8, 2008 "The Carpetbagger" article "Nice to Know, Not Need to Know" explains how the academy awards counts votes. Their system is "designed to make sure each Academy member’s vote is accurately represented". In particular, "It is totally analog, and will remain so, in part because the Academy believes that anything that is in a computer will eventually be hacked." What, exactly, does that say about the country? Why do we protect the selection of Oscar winners more than presidential winners?

In a Slashdot discussion about electronic voting machines, an anonymous reader observed that, even though Diebold had horrifically bad security, there are financial and political incentives for it. "Unfortunately, you're not Diebold's customer. The elected officials who in turn buy the machines responsible for reelecting themselves are Diebold's customers." (Anonymous Coward, "Re:My Perception Has Changed Again", September 5, 2006, 12:51PM). One reply was "It's kind of like television. You are not the networks' customer. The ad companies are the customer; you are the product that is sold to them. Everything else is just flim-flam designed to keep you in front of the tube." (Grendel Drago, "It's like television.", September 5, 2006, 01:24PM).

"Paper Ballot Has Md.'s, Va.'s Vote: 2 States Plan to Ditch Electronic Machines, Part of a Rapid National Reversal" By Christian Davenport Washington Post Staff Writer (Thursday, October 30, 2008; Page B01) reports that Virginia and Maryland are switching back to paper. The counts will still be done electronically, but the voters will get to use paper directly.... which eliminates many (though not all) of the risks of computerized voting. This is good news, especially if they standardize the paper so that you can recount with independently-developed systems. The shame is that these states were fooled into buying voting machines that weren't adequately secure in the first place; in my mind, the states should get their money back.

Matt Blaze's testimony to the US House of Representatives Committee on oversight and government reform, subcommittee on information technology and subcommittee on intergovernmental affairs, Hearing on Cybersecurity of Voting Machines November 29, 2017 is an excellent summary on cybersecurity of voting machines. He made three key points (and in the details he noted that they have to be secure against nation-states, not just criminals):

There are lots of good search engines available, including Google, Teoma, Alltheweb, and AltaVista. See See the Search Tools Chart provided by the Infopeople project (supported by the U.S. Institute of Museum and Library Services under the provisions of the Library Services and Technology Act, administered in California by the State Librarian). MSN.com is really terrible; MSN appears to bias its results to paid sponsors and Microsoft's products, making it a poor choice for most searches. The Nutch project is interesting but not useful as of November 2003.

Paper prototyping is an interesting way to get user feedback.

A very nice summary of how the law works was posted on Groklaw on February 8, 2004: "The trial tries the facts. The appeal tries the trial. The Supreme Court tries the law."

Agenda detection is an interesting article about meetings.

"Toss Out the Toss-Up: Bias in heads-or-tails" by Erica Klarreich reports that coin-tossing is slightly biased to whatever the coin started at, based on a study by by Persi Diaconis, Susan Holmes (statisticians at Stanford University), and Richard Montgomery of the University of California, Santa Cruz.

There's some evidence that U.S. dollar bills (at least $20s) have RFID tags on them.

If you're creating a program and it needs to install on Microsoft Windows, you need an installer. NullSoft Scriptable Install System and Inno Setup are OSS/FS installers for Windows. Also, Microsoft's Windows Installer XML (WiX) is available on SourceForge (though it may not support as many Windows versions). (There's also the proprietary InstallShield, but it appears to me that most users don't care which installer is used - they just want things installed).

I've often looked for statistics on computer security (what vulnerabilities are common, etc.):

A very interesting and innovative approach to user interfaces is segusoland (GPL). Users pick keywords, files, programs, etc. to quickly narrow down the options to tell the computer what to do. Very different, yet compatible with current technology. Neat.

Interested in Koine Greek? Some interesting information can be found in "Learning Biblical Koine Greek" by Lorin L. Cranford. See also Learning New Testament Greek, part of the Little Greek site.

Make sure you're aware of the dangers of dihydrogen monoxide. Laugh, it's funny.

Unisys had been threatening many people if they used GIF (although as far as I can tell, their patents only applied to writing, not reading, the compressed format often used in GIF). According to http://www.gnu.org/philosophy/gif.html, who searched the patent databases of the USA, Canada, Japan, and the European Union, here are the relevant dates. The Unisys patent expired on 20 June 2003 in the USA, but it does not expire in most of Europe until 18 June 2004, in Japan until 20 June 2004 and in Canada until 7 July 2004. The U.S. IBM patent expired 11 August 2006. The fact that two companies (IBM and Unisys) have been allowed to have two separate patents on the same algorithm clearly demonstrates how poorly patents are examined - the patent office couldn't even be bothered to search their own patent database for previously-granted patents. The IBM patent should have been tossed out immediately, since a previous patent already covered it.

The patent system desparately needs an overhaul, and the best start would be to eliminate software patents and business method patents; the problems this governmental interference is causing far exceeds its supposed benefits. The Problem of Software Patents in Standards by Bruce Perens describes many of the serious problems patents cause in standards, and standards are absolutely critical to working IT infrastructures. "What's wrong with software patents?" by Pieter Hintjens does a nice job explaining why software patents are economically a bad idea. Ed Burnette's essay on software patents notes that software patents are one of the worst things to happen to the software industry. Burnette concludes that "The only solution is to ban software patents altogether, worldwide. Copyright law provides plenty of protection for software, just as it does for paintings, poetry, and books." The patent office doesn't do a credible job evaluating for novelty and prior art, but even if they did, the problems caused by software patents far exceed the (supposed) benefits of the system. "A Patent Lie" by Timothy B. Lee, published in the New York Times on June 9, 2007, briefly explains why software patents should be prohibited. Software is already protected by copyright law, which is a system much more appropriate to software. The NY Times article "A Patent Is Worth Having, Right? Well, Maybe Not" By MICHAEL FITZGERALD (July 15, 2007) summarizes research by James Bessen and Michael J. Meurer, who after analyzing a massive amount of data found that patents don't work except in biotech... and that they especially don't work in the information technology industry. The book "Patent Failure: How Judges, Bureaucrats, and Lawyers Put Innovators at Risk" by James Bessen and Michael J. Meurer (Princeton University Press, March 2008) has more. There's no need to have both copyright and patent law control software, especially since there's lots of evidence that patents are impeding instead of aiding software innovation.

"Against Intellectual Monopoly" by Michele Boldrin and David K. Levine goes futher, makes a strong case for abolishing patents and copyrights entirely (their against monopoly blog is interesting). They have lots of useful evidence about the failures of software patents.

"The Rise of the Information Processing Patent" by Ben Klemens (published in the Journal of Science & Technology Law) argues against software patents; it "recommends a return to the distinction that inventions consisting of information processing plus a trivial physical step be barred from patentability." Section I provides a legal perspective; in it, he explains that "it is impossible to write a section of the Manual of Patent Examination Procedure (MPEP) that allows the patenting of software but excludes from patentability the evaluation of purely mathematical algorithms. The proof of this is in the formal Church-Turing thesis (that software and mathematical algorithms are in the same equivalence class) and Knuth’s comment that all information is data; demonstrations of this weaker Church-Turing thesis will appear repeatedly below. In short, once one type of information processing is patentable, all types are patentable. Because there are various types of information processing that many think should not be patentable, the patentability of any one type of pure information processing creates myriad problems." Section II provides an economic perspective; and shows "why allowing software and business methods to be patentable creates transaction costs that easily dwarf the benefits that such patent protection may provide. The key concept behind the discussion is that these pseudo-industries are massively decentralized, and patents do not efficiently promote progress in a decentralized industry. Unlike copyright, independent invention is not a valid defense against claims of patent infringement. If there are millions of potential independent inventors, then the waste and economic loss associated with restrictions on independent inventors becomes inevitable." Indeed, "adding up the settlements we find a variety of companies, some in traditional software and many elsewhere, paying billions of dollars for the right to use software they conceived and wrote without outside assistance—and those are just the headlines." Although many software patents are also obvious, "Fixing the obviousness problem would do nothing, however, to alleviate the problems with applying patents to a massive industry." Instead, "A great many of the problems with patents that fill the newspapers and vex businessmen can be solved by reinstating the distinction from Diehr and its predecessors that indicate a device is patentable only if it is based on steps that are simultaneously novel and non-trivially physical... There is a history of court rulings stating that pure information processing is not patentable, even when a patent draftsman adds 'insignificant postsolution activity' to apply the information to real-world affairs. Thus, this judicial line distinguishing the patentable from the unpatentable exactly matches the ideal economic line that divides traditional industries that prospered with patents from the massively decentralized information-based industries that have prospered without patents."

The article Patent examiners battle stress: USPTO struggles with hiring, retention issues amid morale problems by Florence Olsen (FCW.com, Jul. 25, 2005) notes that there's an exodus of patent examiners; reasons cited include having adequate time to review patents and no training to perform the task, coupled with a crushing burden of patent applications that are increasing in both size and number. The article based much of its information on a GAO study reporting these many problems, and it also quoted Jason Schultz, a staff attorney at the Electronic Frontier Foundation, who says that under the current rules, "where anything under the sun is patentable, it puts an unbelievable amount of pressure on the patent office." Here's a brief discussion about patents and wireless email; what a broken system!

End Software Patents is an organization that is trying to eliminate the nonsense of software patents. Stop Software Patents.org is trying to "overcome the software patent crisis... We raise awareness about their devastating effects on the emerging information and knowlege society where software predominates and we make our constructive reform proposals heard." Foundation for a Free Information Infrastructure (FFII) works to counter software patents; FFII is a "non-profit organisation dedicated to establishing a free market in information technology, by the removal of barriers to competition. The FFII was largely responsible for the rejection of the EU software patent directive in July 2005." Research on Innovation has a number of research papers, several of which quantitatively show the problems of software patents.

In 2008, several organizations filed briefs in the Bilski case, opposing the U.S.'s approach to software patents. The ACLU objected that patents must not trump the first amendment. The EFF briefing for Bilski proposed a method to determining patentability. End Software Patents' Bilski brief made it clear that, although drug patents only affect drug companies, every organization is an information processing company (and thus vulnerable to software patents). Here's the Bilski ruling, along with discussion. Here's Red Hat's take on Bilski.

As of the end of 2009, the Bilski ruling was starting to have a beneficial effect: Slaying useless software patents.

Groklaw reported that Microsoft's Bill Gates threatened Denmark's Prime Minister Anders Fogh Rasmussen, Economic and Business Minister Bendt Bendtsen, and Science Minister Helge Sander in November 2004, saying that he would move Navision and its 800 developers (Denmark's biggest software success) to the US unless they passed software patent legislation. The Inquirer reported this. Danish Social Democrats responded; here is the FFII response on the Gates / Navision story. Microsoft has since claimed that this isn't so, but it's hard to confirm or deny this; it is clear that some other large companies have made similar threats, so it's not an impossible idea.

The article Reports from the USPTO Meeting - Updated had interesting quotes from the U.S. patent office, as well as interesting commentary about them. For example, Mr. Tariq Hafiz, a patent examiner, explained an examiner's day-to-day life, and an attendee noted that, "One aspect of the life of a patent examiner that came into sharp relief through all of this was the extreme premium placed on time. The USPTO has a huge backlog of pending applications and limited resources, so the amount of time an examiner spends on each application is carefully tracked, and measures (described by one participant as possibly .punitive.) taken against those examiners who don't live up to the norm." One commentor candidately summarized the situation this way: "The clear implication of the statement above is that John Doll is grossly wrong when he states that patent quality is the number one focus of the USPTO: the number one and only focus of the USPTO is the amount of time that each patent examiner spends on a patent. What the USPTO says and what it does are two different things: in everyday English, it's called lying. The USPTO is nothing but a corrupt rubber stamp operation...."

Fortune's "The Law of Unintended Consequences" (Sep. 19, 2005) notes that patents in the medical field are making a few rich, but inhibiting innovation in the process: "The problem is, once it became clear that individuals could own little parcels of biology or chemistry, the common domain of scientific exchange--that dynamic place where theories are introduced, then challenged, and ultimately improved--begins to shrink. What's more, as the number of claims grows, so do the overlapping claims and legal challenges. This isn't merely a hypothetical situation, a 'worst-case scenario' painted by academic hand-wringers. It has already happened, as two professors at the University of Michigan Law School, Michael Heller and Rebecca Eisenberg, observed in a seminal 1998 article in Science magazine... Heller and Eisenberg dubbed this new dismal state of affairs the 'Tragedy of the Anticommons.' And that's what it is--a tragedy that's still in the making." They then note, "it's clear who pays for it. You do. You pay in the form of vastly higher drug prices and health-care insurance. Americans spent $179 billion on prescription drugs in 2003. That's up from ... wait for it ... $12 billion in 1980."

Software patents need to be scrapped; they do far more harm than good to the software industry. But it may be a very long time before they go away - patent lawyers in particular make a pile of money from them, and they make the rules. In the meantime, some people are working within the (broken) legal framework to reduce the unnecessary and serious damage that software patents cause.

Microsoft is making lots of patent threats... yet won't actually say what the patents are, and seems to be conceding that it won't actually sue anyone (what's a threat when you admit you won't actually do anything?). Microsoft is playing with fire here; organizations like the The Open Invention Network aids open source software against software patent attacks. Their mission is to "further software innovation by acquiring patents to be used for cross-licensing purposes to defend the Linux environment - making them available on a royalty-free basis [to those programs]." In short, if Microsoft strikes, they risk a massive patent counterattack, in which their key products (Windows and Office) will suddenly have a wave of patent lawsuits. Lots of individual companies (esp. IBM) have relevant patents too. The Patent Commons documents commitments by various patent-holders to not sue under certain conditions (typically not attacking open source software), which makes it easy for FLOSS developers but dangerous for others. In the U.S., a 2007 Supreme Court ruling that patents cannot be granted to obvious ideas implies that many more software patents are invalid anyway. The "Sue Me First, Microsoft" campaign has a massive number of enrollees. FSF legal counsel Eben Moglen also believes that the Microsoft/Novell deal, combined with a failure to have expiration dates on their vouchers, will mean that FLOSS developers will gain the legal rights to Microsoft's patents anyway (here's part 2 of Moglen's explanation). Also, Eben Moglen explains very clearly the "Be Very Afraid" tour (Here's a video of Eben Moglen's explanation of the "be very afraid" tour, which was one of the reasons the GPL changed in GPLv3). (There are many other comments about Microsoft's threats as well.) Andy Updegrove has interesting comments on patents. In short, open source developers appear willing to fight Microsoft's fire with fire - and with that sort of threatened pyrotecnic, it's unlikely Microsoft will persue this seriously.

This Laura Creighton interview has an interesting quote: "The tools you rely on to run your business -- being able to fix them when they break -- good idea." (Suggesting that Open Source software is critical for the security of one's company.)

Jim Stogdill's blog is interesting for its discussion about Free-Libre / open source software and government. Culture Virus and Building open source software in the DoD are especially noteworthy.

How To Successfully Compete With Open Source Software is an interesting viewpoint from a proprietary software vendor's. To oversimplify, it comes down to "do it better", which is not a bad idea for any software developer. Indeed, all of the actions suggested can also be performed by OSS developers.

For a sobering perpective, look at Earth impact effects (described in Universe Today), which calculates what will happen for a given asteroid impact.

If you're looking for security tools, Local Area Security (LAS) is a bootable Linux CD with a pile of security tools pre-installed. No need to touch the hard drive at all -- just boot and run off the CD. And it even includes flawfinder! Another bootable Linux distribution with security tools is Knoppix STD. LAS fits on a mini-CD; Knoppix STD has more stuff but requires a regular CD. Even if you don't want that sort of tool, they're interesting because they provide an easy way to find a list of OSS/FS security tools.

Securitydocs.com maintains a list of papers on security, grouped by category.

Open standards are critical, but years ago NIST decided that they wouldn't support standards testing any more, and customers typically can't afford to do it themselves. As a result, standards languish untested, and vendor products are often gross in their failure to interoperate. Interesting essays on this (specific to SQL) are available by Peter Gulutzan and Michael M. Gorman.

Thankfully, there are some test tools for standards. In particular, there's just no excuse for invalid HTML or CSS, since there are tools that check them that don't even require installing anything. In particular, sticking with valid HTML is essentially required for accessibility; many in the world have handicaps, and it's unfair to prevent their access by failing to follow standards. I use the W3C validation service, in particular to validate the HTML of my paper Why OSS/FS?, though other services like Bobby exist. The W3C also has a nice link checker and CSS validator.

What's the Matter With Standards in China? notes that "When the question of standards is raised in China, officials and companies are quick to focus on one issue: intellectualy property rights... China's drive to develop its own technology standards (open and closed) is directly linked to its intent to avoid IPR owned by foreign companies... China does not want its innovation, its industrial development beholden to others. And does not want to spend the next 20 years watching royalties and license fees flow overseas. Even pledges not to sue are unacceptable... Hence, its move to open standards, and in particular standards without any IPR... at least one official... maintained that a standard is not "open" if it has any IPR in its specification."

MIT studied the development processes around the world.

Christians are sometimes blamed for destroying much of the literature of the ancient world. However, indiscriminate destruction of ancient literature by institutional Christianity never occurred (and indeed, many worked hard to retain ancient literature). In particular, though Carl Sagan and Gibbon want to blame Christians for the destruction of the ancient Alexandria library, this is a myth; available evidence points to Julius Caesar as the destroyer of the Great Library of Alexandria.

If computing disappeared tomorrow, I'd probably get involved in biogenetics or law, two fields that in many ways similar to software development. Several folks have noticed how similar law is to software development, and frankly I find that a little fascinating. James Grimmelmann has a very good series of articles, "Law School in a Nutshell"; see Part I, Part II, and Part III; this suite uses "Eldred v. Ashcroft" as a way to explain some legal writing. Groklaw.net is always interesting, and Groklaw's legal links has references to more about the law. An interesting summary of what copyright does not cover in software, as determined in various court cases, is given in "Selected Copyright Principles" (appendix A of IBM's "Sur-Reply Memorandum in Further Opposition to SCO's Objections to the Magistrate Judge's Order on IBM's Motion to Confine and SCO's Motion to Amend its December 2005 Submission.") For more on copyright, see the Copyright Navigator: A Digital Annotated Concept Map of the Fundamentals of U.S. Copyright Law by Lionel S. Sobel

It makes no sense when people volunteer their work to others, but those others get exclusive rights to exploit the work. Standards have had this problem for some time - ISO shamelessly exploits the volunteers who write the standards, then turns around and charges exorbitant fees for the stuff it didn't write. ISO actually manages to discourage the use of standards with its foolish policies, which is why the IETF, W3C, and other organizations which freely distribute standards have become increasingly relevant (and ISO increasingly less relevant). The same issue is happening in science. Open Access approaches allow a scientist to publish in a way that's viewable to all, instead of enriching a single company who doesn't even pay the authors. Nature has an article about open access available as open access. The famous mathematical problem the Poincaré Conjecture has been proved by Grigori Perelman, but he decided to only publish it as open access.

The Pig and the Box is an interesting anti-DRM tale for children (!).

Here are some interesting articles on Digital Restrictions Management (DRM), misleadingly called Digital Rights Management (you give up your legal rights when you buy DRM'ed products). The EFF's Cory Doctorow has a very good critique of DRM (the PDF version of Cory Doctorow's critique of DRM is very nicely formatted). Another interesting DRM critique is "DRM is a complete lie" by Charlie Demerjian (23 January 2006, The Inquirer). Simon Phipps' article "DRM and the Death of Culture" is also interesting. "Why DRM won't ever work" by Jeremy Allison is a short, accessible article. A Cost Analysis of Windows Vista Content Protection shows the rediculous costs and impositions created by attempting to make DRM work, There Ain't No Such Thing as a Free Lunch (Eric Flint's description on why DRM makes things worse) is an interesting non-technical discussion, and Translation From PR-Speak to English of Selected Portions of Macrovision CEO Fred Amoroso’s Response to Steve Jobs’s ‘Thoughts on Music’ is a fun explanation of what Macrovision really said. The history of the HD-DVD processing code is a great example; attempts to hide the keys for DRM quickly collapsed, and attempts to censor it failed as well. After all, there are many legitimate reasons to have the key (all users need the key so they can play the movies on most equipment, or to legally back up the fragile HD DVDs; Linux users need the key simply to play the HD DVDs that they legally bought). Here are 25 Arguments for the Elimination of Copy Protection (aka Digital Rights Management/Digital Restrictions Management). XKCD pithily shows why DRM is lunacy.

DRM hit a milestone on January 9, 2007, when the last publisher to produce DRM'ed audio CDs (EMI) stopped doing so. This means that no more DRM audio CD's will be released. For years, manufacturers tried to impose DRM on customers, but with little success. DVDs are already going the same direction - they had built-in DRM, with codes that were supposed to prevent people from seeing DVDs bought in other countries... but now DVD copies are available everywhere, and DVD players that ignore the codes are commonplace. Companies are finally starting to sell DRM-free downloadable files -- so that customers will finally be able to legally buy music with all the rights they are entitled to under the law. By one source, 75% of music problems are because of DRM. Note that Emusic trumpets as one of their advantages that they sell DRM-free music. Customers want products that serve them and their needs. When EMI released what the customers actually wanted - DRM-free music - their sales jumped up.

The DRM graveyard: A brief history of digital rights management in music answers the simple question, "What happens to the music you paid for if that company changes its mind?" It's not pretty. And it's why customers should reject DRM'ed material.

It's time for vendors to listen to their customers. "How I became I music pirate is one customer's story explaining why DRM is a failure - DRM simply prevents legal uses, ones that customers need, and forces customers to pirate their music. All because the industry refuses to sell what customers actually want.

The Insanity Defense is an interesting page. It notes that "According to a 1991 eight-state study funded by the National Institute of Mental Health, the insanity defense was used in less than one percent of the cases in a representative sampling of cases before those states' county courts. The study showed that only 26 percent of those insanity pleas were argued successfully. Most studies show that in approximately 80 percent of the cases where a defendant is acquitted on a "not guilty by reason of insanity" finding, it is because the prosecution and defense have agreed on the appropriateness of the plea before trial. That agreement occurred because both the defense and prosecution agreed that the defendant was mentally ill and met the jurisdiction's test for insanity. Clearly, the implication is that the insanity defense is rarely used successfully by malingerers. Other studies over the past two decades report similar findings. According to Myths and Realities: A Report of the National Commission on the Insanity Defense, in 1982 only 52 of 32,000 adult defendants represented by the Public Defender's office in New Jersey--less than two tenths of one percent--entered the insanity plea, and only 15 were successful. A similar number of insanity defense pleadings--"far less than one percent"--were entered in Virginia during the same period. A 2001 study in Manhattan (Kirschner and Galperin) noted that over a ten year period, psychiatric defenses were offered by only 16 out of every 10,000 indicted defendants. More than 75% of the time that a psychiatric defense was successful, it was the result of the prosecutors' consent. Out of nearly 100,000 felony indictments during that period, only 17 juries heard arguments concerning the insanity defense and their deliberations resulted in only 4 insanity acquittals. These authors concluded, "if the prosecutor does not accept the defense, the judge or the jury is not very likely to accept it either."

There's a lot of stuff related to the old Apple ][ line. KEGS is an amazingly good emulator of an Apple //gs, and there are many other emulators. Good sources of info include A2-Web A2Central. Free (no-cost) software for the Apple // and Apple //gs lines is available (the list is long). Heck, there's even an Eamon Adventurer's Guild. Unfortunately, for the emulators to run real Apple ][ programs, you need the Apple [] ROMs and operating systems. At least some operating systems may not be as hard; Diversi-DOS is now freely available as a better replacement for DOS 3.3, and an old ProDOS can be downloaded from Apple. ROMs are easy if have an old Apple (millions do), but others have a harder time. Franklin Computer once sold Apple clones with ROMs, but it turns out that Franklin directly copied the ROM code from Apple (which was, not suprisingly, found to be illegal). Perhaps someday someone will create an OSS project to recreate a functional equivalent of the Apple ][ ROMs; even just the ROMs to boot a disk and a computer would be enough for many binary programs. Note: Applesoft BASIC was copyrighted by Microsoft.

Forth is an interesting old language, though not practical for most of today's applications. Implementations could be interactive, take very little memory (a few K for good ones), could be fully understood, and be reasonably fast. But the trade-offs are that programmers have to manage their own stack (instead of letting the computer track it for them), and no typesafety; this is a trade-off that's hard to justify in most real applications today. Still, it's fun to learn, and definitely expands the mind. "Forth: An underview" by Peter Knaggs has a nice summary of it (the books "Starting Forth" and "Thinking Forth" are good too). There are many OO expansions available for Forth; an amazingly short and complete OO extension that works using just standard ANS Forth is called Hype; you can learn more at C2 or netsurf.

There's a lesson here for future standards writeres. Forth has changed a lot over the years. Much of this was to try to generalize assumptions, which is fine. However, many years ago there was a Forth-79, followed a few years later by a FORTH-83 that had many improvements but "grave incompatibilities". For example, in Forth-79, TRUE returned 1 and NOT inverted a boolean flag. In Forth-83, "true" became all ones (-1 since two's complement is assumed) and NOT became bitwise complement. As in all languages, what matters is what the IF statement considers true; in Forth-83, 0 is false, all else is true. This was a serious screw-up in my opinion; while the representation of TRUE can be covered up remarkably often, NOT is extremely common, so having a specification change the semantics of a common operation created a big problem. Later specs solved much of this by defining new names with rigorous unique semantics.. then people could redefine the words to what they needed. A more recent spec shows INVERT inverts all bits, 0= reports if a value is equal to 0 (returning TRUE if it's 0, FALSE if not), NEGATE flips an integer's sign (so 3 becomes -3)... and NOT isn't defined at all. That was actually a good move, since while NOT was widely used, these two conflicting and incompatible standards meant that there was no actual agreement on the semantics of NOT. You could define NOT the way you needed, or search-and-replace all instances of NOT with the word you meant. The newer spec it still keeps the (arguably better) Forth-83 semantics of booleans values, but in a way that made it much easier to port software to (as well as making the intention clearer). Similar things happened with the way they handled division; they allowed some flexibility for the usual operation, and if you needed a specific semantic, they provided those as separately-named words. The original spec authors were too short-sighted and overspecified things like word length (16 bits). Later spec writers fixed this, but at least in this case they did it by removing constraints (you don't have to use 16 bits) and by adding new operations (e.g., CELL and CELLS) whose names would not conflict with existing names (and thus didn't cause portability problems). Spec writers would be wise to think about how hard it is for language implementers and application writers to transition to the newer spec... "small" things can be big. (Python 3, I'm looking at you.)

Users of Unix-like systems usually need to type in their passwords to log in, and most systems use PAM. It'd be nice to protect data if it's on a laptop that could get stolen, or a system that could be broken into while the user isn't logged in. A nice solution would be to create a PAM module that used the password entered as a key for confidential data (e.g., to decrypt a password or other keyring, or to access an encrypted filesystem). If the decrypted information and derived key were removed on log out, someone who later stole the laptop would have to break the decryption. This might be useful to add to the GNOME Keyring Manager for example.

It's hard keeping track of all the technology news sites. Some show a set (merging using RSS or other techniques), such as Freshnews Daily Rotation.

SCO has made a lot of claims without evidence, but one good thing has come of it: Groklaw. Groklaw has demonstrated the extraordinary power of a place where people knowledgeable in a wide range of areas like information technology, law, and journalism can come together to counter nonsense. Groklaw finds interesting things posted by others, such as Neil Wehneman's Logical Critique of Rob Enderle's "Free Software and the Idiots Who Buy It".

SCO's claims have fallen flat. Earlier on Darl claimed that MIT "deep divers" had found lots of examples where Linux had copyrighted code illegally copied from elsewhere - but when asked to provide evidence to the court, he didn't. Instead, we now have found out that SCO funded a 4-6 month investigation, and their investigation exonerated Linux and other open source software components. On July 14, 2005, an email was unsealed that had been sent from Michael Davidson to Reg Broughton (both Caldera employees) in 2002, summarizing a 4-6 month investigation by Bob Swartz. In it, Davidson reported how the company had hired an outside consultant because "of SCO's executive management refusing to believe that it was possible for Linux and much of the GNU software to have come into existance [sic] without *someone* *somewhere* having copied pieces of proprietary UNIX source code to which SCO owned the copyright. The hope was that we would find a "smoking gun" somwhere [sic] in code that was being used by Red Hat and/or the other Linux companies that would give us some leverage. (There was, at one stage, the idea that we would sell licences to corporate customers who were using Linux as a kind of "insurance policy" in case it turned out that they were using code which infringed on our copyright)." The consultant was to review the Linux code and compare it to Unix source code, to find possible copyright infringement. Davidson himself said that he had not expected to find anything significant based on his own knowledge of the code and had voiced his opinion that it was "a waste of time". After 4 to 6 months of consultant's work, Davidson says, "we had found absolutely *nothing*. ie no evidence of any copyright infringement whatsoever." They had found some places where they were identical, but in all cases that was because they had legally come from a common source (such as X Windows).

The count of the electoral votes for U.S. president is tracked at the Electoral Vote Predictor (run by Andrew Tanenbaum); another one is the election projection.

It would be great to have cheap energy, especially for transportation, so that the U.S. (and other countries) would be energy-independent. Independence Way (by Sam Jaffe) has a very interesting article on cellulosic ethanol and ethanol reconstituters, two very promising technologies. I'd love to see real research dollars spent specifically on promising technologies, to get real solutions (soon!) to the current world dependence on oil.

Looking for great screenshots (for backgrounds, etc.) that also encourage interest in space? A fun site is the Astronomy Picture of the Day; you can go there to see their archives. Examples include Earth at Night (August 22, 2004), Looking Out Over Mars, In the Center of NGC 6559, Northern Lights Moon Between the Stones (of Stonehenge). It's hard to point out highlights because there are so many interesting pictures.

If you're interested in trying out GNU/Linux, it's best to start with one of the better-known distributions, such as Red Hat's, Novell/SuSE's, Mandriva (formerly MandrakeSoft), Ubuntu, and/or Debian. I use Red Hat Fedora Core myself, which works well. But here are a few pointers:

  1. If you choose to install Red Hat Fedora, you might find that you want to install extras, proprietary add-ons, or change its configuration. Sources include The Unofficial Fedora FAQ, mjm's "Fedora..." articles, Fedora Multimedia Installation HOWTO and the Linux magazine article "Keeping Fedora Ship-Shape". This article about yum is nifty; yum is Fedora's package manager, so improvements in yum help system updates. Here's how to speed up yum (the package manager); at the least, do:
     yum install yum-fastestmirror yum-presto
    (yum-presto is automatically installed in Fedora 12).
  2. You can upgrade Fedora systems in various ways. As of Fedora 9, the new easy way is a network upgrade using preupgrade, as discussed in this interview. You can invoke this through your updater. Before using preupgrade, you should update all packages to the latest version. Here's the old way, which is now obsolete: You can do a network upgrade by creating a "Rescue disk" (which is small), boot it, and update it that way (this way you don't need to create big CDs with all the packages). Here's one of the places to get a rescue disk. You need to tell it where to get the packages, and how; Fedora maintains a list of mirrors. (Here's some more info). E.G., you might say "use HTTP", then "mirrors.kernel.org" for the site, and then /fedora/releases/7/Fedora/i386/os for the name of download point. Those with dynamic IP addresses can just use them. I have statically-assigned IP addresses, so I had to specify them. No big deal if you have a static IP address, but be sure to know your IP address, gateway address, and DNS address; you'll need to give your address in form A.B.C.D/X, where X is the number of bits that are in the network address; 24 is a common value for X. From then on, you can use "yum update -y" as needed to get the latest updates. Fedora 12 looks nice once installed, but I will say I've had more problems installing it than most. On a Dell Optiplex 620, I had to add a kernel boot-line entry "iommu=soft" when running and rebooting else the disk would fail with "kernel: mpage_da_map_blocks block allocation failed..." messages; I can do that, but that is a disaster for non-technical people. I had to fix yum to work, too. Fedora 12's installer also causes trouble with dual-boot systems because it switches the "active" flag (this will be fixed in Fedora 13).
  3. Similarly, if you choose Ubuntu, you should grab the Unofficial Ubuntu Starter Guide, which has lots of great information.
  4. GNOME uses a new "spatial mode" in its file viewer, which some people hate. This is easily changed; while viewing files, select Edit/Preferences, view the "Behavior" tab, and select "Always open in browser windows". If you have an ancient version of GNOME, or what to automate this selection, you can use "gconf-editor" to do this. In that case, you may need to install it (in Fedora, install package "gconf-editor"). You can then run gconf-editor from the GUI by selecting the "Main Menu" (foot or distribution symbol), then select System Tools/ Configuration Editor; then turn on the checkbox for /apps/nautilus/preferences/always_use_browser. You can do this from the command line in one step by typing this command as one line into a terminal:
    gconftool-2 --type bool --set
      /apps/nautilus/preferences/always_use_browser true
  5. If you plan to install a dual-boot system with Linux and Windows XP on the same system, and install a 2004-era Linux distribution, there's really important information you need about a bug you may encounter. Some mid-2004 Linux releases based on Linux 2.6 (including Fedora Core Core 2 (bug 115980), SUSE 9.1, and Mandrake 10) have a bug that in rare cases causes Windows XP to not boot after a Linux installation. If this happens to you, don't panic; instead, read this article on dual booting that describes a workaround, and how to fix this if it happens (the bottom line is a single command, "sfdisk -d /dev/hda | sfdisk --no-reread -H255 /dev/hda", change hda to whatever your boot drive is in the rare case where it's different). For the few for whom that doesn't work, change the BIOS setting for the drive from CHS or AUTO into LBA (and if that doesn't work, HUGE) (this is per reports from Fedora; don't switch from HUGE to LBA though). The GRUB W2K HOWTO have more technical information. This is a nasty problem, but it's easily fixed, so don't panic. I expect the next releases will fix this problem so you don't have to do this, but it's worth noting for the mid-2004 users. More info on dual booting is available. Or just erase MS Windows; that works too :-).

Red Hat's "Despite Everything, Truth Happens" video is an interesting video pressing GNU/Linux; it starts slow, but it's worth watching through. Here's Red Hat's site for its "Despite Everything, Truth Happens" video. Some of Novell's marketing videos are amusing too.

On Linux, if you can't get eject to work (e.g., "eject /dev/sr0" or "eject cdrom" fails), try using SCSI directly (e.g., "eject -s /dev/sr0"). May work.

The phrase "Behold! For now I wear [the] human pants" and variants seems to have caught the web by storm by September 15, 2004. As far as I can tell, this phrase comes from the comic strip The Other Side dated 2004-08-11 (warning: language). (It makes fun of those with delusions of grandeur about something that is actually trivial.) This is an amusing example of a meme spreading. Of course, this is nowhere near as widespread as the silly phrase "All your base are belong to us" which has its own website and and encyclopedia entry. Studying the spread of silly memes might actually help us understand the spread of important memes.

See the Unofficial 802.11 Security Web Page for useful information on wireless security, especially 802.11. NIST's Wireless LAN workshop gives some useful historical information. Jean Tourrilhes has lots of useful information about Linux drivers and hardware for wireless cards (802.11 series, including 802.11b and 802.11g)

The Linux kernel developers have a controversial policy: All kernel drivers are part of the kernel, and the interface between drivers and the rest of the kernel can be changed at any time (see the stable API nonsense document for more information). Well, it's actually not controversial to the Linux kernel developers; it's controversial to proprietary driver developers and the microkernel community. The Linux kernel developers don't want to be stuck with an unchangeable interface; it often needs to be changed. The main reason to do otherwise would be to support proprietary drivers, but proprietary drivers can't be fixed by the kernel developers, so for reliability's sake it's better to inhibit their use. Those who do the work should have the right to decide their rules, but there's some evidence that this is actually sensible. First of all, there's the evidence that a vast number of Windows crashes are actually because of buggy drivers; Linux reliability numbers are far greater, suggesting that their approach is producing less buggy drivers. (Microsoft has developed many tools that try to compensate.) But here's another source suggesting this isn't insane... X Windows. Keith Packard's comments about X Windows noted that the "policy of splitting the X drivers from the core server has not worked as well as they would have liked. It adds a whole set of API compatibility issues between the two, making it hard to develop and release improved versions of the server. Keith now thinks that the Linux kernel developers got it right by keeping drivers inside the kernel." Now I do think that the microkernel folks do have a point - there's no need for drivers to have unregulated control over everything. But that doesn't require fixed interfaces; a simple language that specified "what access rights are needed", that was enforced when running a driver, would suffice.

There are all sorts of interesting articles on lessons learned from developing OSS/FS programs. Linus Torvalds has posted his recommended Linux kernel management style. In 2004 Alan Cox described how to develop better software.

Under the "life is strange" category, there's a silly cartoon about Richard Stallman weilding a katana... and soon afterwards, people actually bought Stallman a katana to go with the joke.

In October 2004, Michal Zalewski posted a pair of postings to Bugtraq about web browsers: Web browsers - a mini-farce and Update: Web browsers - a mini-farce (MSIE gives in). He wrote a program (mangleme) to generate random output, and found that web browsers crashed quickly when given this random data. Internet Explorer (IE) lasted a little longer, but not really very long, and his test seems to have been unusually gentle to IE (it intentionally avoided CSS, which happens to be one of the main problems in IE). Thankfully, it appears that the Mozilla folks worked quickly to fix the problem. Mozilla bug report 264944 shows that the Mozilla developers quickly found and fixed the problems, and one person said: "I used the last three days and now tested several thousand garbled pages. Since the fix of bug 265404 the tool didn't find any new crashers. I guess Michal has to come up with a new version. :-)" Hopefully the IE developers will quickly fix their problems too!

The Gadget Gap: Why does all the cool stuff come out in Asia first? by Jeff Yang (special to San Francisco Gate, Thursday, December 9, 2004) should worry the U.S. -- the increasing gap between the innovations only available in Japan, none of which are made or even available in the U.S., is concerning.

I did a little searching on how to filter out porn images and other nasties, if you don't want them. I found a OSS/FS implementation of an algorithm to detect porn images, based on a larger project to detect 'bad' things called POESIA. You can see an academic paper on POESIA as a whole Also, SourceForge has POESIA software; see the "ImageFilter" and "Java" subdirectories for code, and "Documentation" for - well, you can guess. POESIA can also detect certain symbols, like swaztikas, if you want it to. There may be other such tools; this is just one I found. On a related topic, you might find the article A parent's guide to Linux Web filtering by Joe Bolin (July 1, 2004) interesting as well.

The Programming Language Popularity: The TCP Index for December, 2004 is an interesting survey of Programming language popularity; it's teh TIOBE Programming Community Index. There are lots of others, if you like that sort of thing.

A wonderful page for computer people is Abbott & Costello Routine (for computer-buying).

The English index for the Wiktionary gives a nice quick way to access the Wiktionary for definitions.

Bill Boswell's Linux-Windows Single Sign-On describes how to configure Linux-based operating systems so they'll use Windows' proprietary Active Directory service (so you can centrally manage accounts to do single sign-on).

"The Lord of the Rings Symphony" Choral Text Translation

Lessig, Creative Commons, and My Life Changed is an interesting tale about experience with the Creative Commons license. Joe Gratz does a good job explaining the Creative Commons licenses. Lessig's "Copyright isn't just hurting creativity: it's killing science" (video) is important to think about. Basically, copyright is creating a massive digital divide. He aruges that copyright is now often used to support societies, which means instead of supporting enlightment, it supports "elite-nment"; only a few have access to a lot of the scientific data now being developed, and that money is not used to enrich their authors; it is used to enrich those who did not do the research.

Optimization is sometimes necessary, but too many people forget to measure before optimizing. A far better example is the experience of people who use bootchart -- a tool to help visualize what happens when a Linux/Unix system boots. Various distribution implementors have used this tool to speed up booting, and its output is also interesting for showing what happens when a Linux/Unix system starts up.

Let's use the term "hirabah", not "jihad", for the terrorist acts being done in the name of Islam, and call a spade a spade. In "All Things Considered", January 7, 2005, commentator Anisa Mehdi says that "Jihad" means "spiritual struggle," not terrorist attack. Instead, she suggests using the word Arabic "hirabah" ("war against society") instead. Indeed, six Islamic scholars in the Middle East and North America on September 27, 2001, issued an Islamic legal opinion (fatwa) stating that "the terrorist acts [of September 11, 2001] ...considered by Islamic law...[constitute] the crime of 'hirabah' (waging war against society)."

"Trusted Computing" Frequently Asked Questions (FAQ) by Ross Anderson has lots of very interesting information on trusted computing (or as the FSF calls it, treacherous computing). This is a controversial approach to transfer control of your computer from owners to vendors.

The Open Graphics Project is an interesting project to create a video card especially for OSS/FS systems. This interview with Timothy Miller has more information. You can also see the project Open Graphics Project mailing list. More information can be found on the mailing list front page and the bottom of the interview. More recently, it's been spun off to be its own independent project.

The Free Lunch Is Over: A Fundamental Turn Toward Concurrency in Software is an interesting (and I think fundamentally correct) analysis of a major trend in computing: software will have to increasingly be designed to be concurrent, because that will be the only way to best use the power of the next generation's computers. The Open Clip Art Library has lots of public domain clip art in PNG and SVG format.

Here is the programming documentation for the GNOME Developer Platform Libraries; including glib.

There are various info sources for getting a laptop to run Linux. If you don't want to do the fiddling yourself, several organizations will sell you a laptop with Linux pre-installed, such as Emperor Linux, Xtops, and Linux certified. Wal-mart sells such things too. Tuxmobil is a good place for general news, information, tips, and so on, including the Linux Mobile Guide and general info about laptop manufacturers and Linux. The website Linux on laptops links to lots of information and tips on getting Linux systems to run well on various specific laptops (useful if there's some trick to installation, or a caveat on something that doesn't work well); before you buy a laptop, look there for information about that particular model. One blogger lists a few places for information. And here's a list of resellers.

An extremely important development is the OpenDocument standard, which is now an approved OASIS committee draft. Wouldn't it be wonderful if you could actually access the office documents that you've created, without its formats being controlled by any single vendor, so that you could pick the best product for your needs? The Future Is Open: What OpenDocument Is And Why You Should Care by Daniel Carrera (January 30, 2005) is a good Groklaw article that explains why OpenDocument is important. Here's a little information on what's been going on behind the scenes. And here's a list of word processing products supporting OpenDocument: StarOffice and OpenOffice.org, KOffice, Software GmbH's TextMaker (who asked "is anyone using Microsoft Office XML for anything?"), AbiWord, and IBM's Workplace Client Technology. OpenOffice.org and StarOffice include import/export filters for Microsoft's .doc and Corel's Word Perfect formats, so they can be used to transition between them. Ross Gardler (of the Apache Forrest project) has other notes about the OpenDocument project, including that it's a terrible format - he notes that the Apache Forrest project has plugins for using OpenOffice documents as input to the Forrest processing pipelines, He also reports that OpenDocument's main competitor, Microsoft's "Office XML", it a terrible format: "the Burrokeet project [found that it's] easier to use OOo as a headless server that can convert MS Office to OOo format and then work with the OOo XML files...". In contrast, Ferdinand Soethe said, "I'm impressed how easy it is to work with oo-xml". Although they started to work with MS XML, it appears they plan to deprecate that work, and switch entirely to using just OpenDocument. Simon St. Laurent says Office XML is an alpha release; "the structure of what you get is amazingly twisted, and it's painfully obvious that WordprocessingML (formerly the catchier WordML) is a serialization of internal structures in Word, not an XML vocabulary designed by people who actually care about working with XML." Gardler agreed wholeheartedly. Groklaw's "The Great Massachusetts Legal Donnybrook" (subject line "Evaluating Massachusetts' Open Formats Proposal") reports on government should not standardize on Microsoft's XML format. And Gary Edwards has explained that OpenDocument is able to handle everything in Microsoft Office's binary formats; the problem is that OpenDocument is so capable that Microsoft Office can't handle everything in OpenDocument. Four legs good, two legs bad! has an interesting way of putting it.

Here's how to get some information about how OpenOffice.org's spreadsheet and Excel store their data. OpenOffice.org has specifications for how Excel stores its data. In addition, OASIS' committee on OpenDocument has lots of good info on the OpenDocument format. Note that Ximian has a nice LXR setup that lets you easily surf the OpenOffice.org spreadsheet source code. Of particular interest is OO.o's compiler.cxx.

OpenOffice.org is already much better than Microsoft Word for large academic works, for at least two reasons. First, it has a working master document capability. Second, it has much better support for complicated bibliographies and references (it uses a database for the references, so you can auto-generate the bibliography with the right format). This work has been the result of the the Bibliographic Project, which is working on still further improvements.

The ISO process that accepted the Microsoft XML (aka OOXML or EMCA 376) was a nasty sham. ISO seems to think it now has some control over the specification in order to fix the massive number of errors in Microsoft XML aka OOXML aka Ecma-376 aka ISO/IEC 29500. Nonsense; Tim Bray exposes that idea as an ISO fantasy.

For more technical information on file formats, Wotsit's Format has a collection of technical information.

Phishing browser defences is a nice overview of that topic. I still think letter coloring is helpful for the LARGE number of people who NEVER use non-Latin DNS names, but it's a good summary of the alternatives.

If you own an Internet domain, DNS Report does a nice job of some automated checks for common DNS problems.

Here are OSDL Enterprise Linux Summit papers (I haven't had a chance to see them yet).

Here is an interesting URL: how to become a Sony Playstation 2 developer.

unionfs is a nifty Linux filesystem. It's a stackable unification file system, which can appear to merge the contents of several directories (branches), while keeping their physical content separate. Unionfs is useful for unified source tree management, merged contents of split CD-ROM, merged separate software package directories, data grids, and more. Unionfs allows any mix of read-only and read-write branches, as well as insertion and deletion of branches anywhere in the fan-out. To maintain unix semantics, Unionfs handles elimination of duplicates, partial-error conditions, and more." Knoppix 3.8 uses Unionfs. Besides papers on their website, there's a Linux Journal article about unionfs.

High-Pressure Steam Engines and Computer Software by Nancy G. Leveson compares the state of computer software with steam engines long ago.

People will write about anything; here's an essay on how to destroy the Earth, which thankfully is hard to do. A related essay describes how to move it.

The Free Standards Group has been quietly working on making sure that people can create a single binary and have it run on all Linux distributions, through the Linux Standard Base standard. On March 21, 2005, they announced even more support for the Linux Standard Base (LSB) standard.

de.lirio.us is an OSS/FS version of de.licio.us, but it's OSS/FS (they share both the data people give them, as well as the implementation software itself). Here's a description of how it works:

What do you do with it? Post website addresses you find interesting, tag then with keywords like "spain", "dog", "ipod", "posters", etc as appropriate. You can also includes a brief description, and longer detailed notes (these can also be blog posts.. more later).
How to get started? Register, login, go here drag those links to your browser's bookmark bar, find a site you want to bookmark, or show others, hit those links you just dragged & it will give you a form. Fill it out, hit save & off you go.

The latest idea for e-Passports is to have them transmit (in the clear!) all their incredibly private data, and then pretend that a few strands of fiber will prevent the problem. Of, say, getting killed or kidnapped. I commented about the grave risks of RFID e-passports earlier, saying that this Department of State plan is going to kill people. There's now a site dedicated to revealing these issues: RFIDkills.com. Wired noted these concerns, as has Slashdot.

How to deconstruct almost anything is a wonderful expose about deconstructionism and postmodernism. Alan Sokal's articles on the "Social Text" affair is enlightening; while I doubt I'd agree with some of his politics, I completely agree with him that there are truths (and non-truths) that are not merely "social constructs"; this rejection of the existence of (and search for) truth is a repugnant, debilitating blindness that causes much misery.

Linux-Tiny is a project (a series of patches) against the mainline Linux kernel to reduce its memory and disk footprint, as well as to add features to aid working on small systems. In some sense, it appears to be a staging ground for ideas for small systems.

Understanding memory usage on Linux explains the often-misunderstood issues of memory usage. The "ps" command is often misunderstood; much of the memory "used" by a process is actually in shared libraries that are shared among multiple processes.

Here's an article about setting up a tax-exempt non-profit.

If you want to follow kernel development in great technical detail, you can take a peek at the kernel.org git repository.

Branching and merging with git gives a nice overview of the topic.

Learn git branching is a delightful interactive visual tutorial on git.

Here are some useful guidelines when using git, particularly about rebasing (which should be used in some cases, and should not be used in others):

  1. Create branches ONLY from a stable, well-known point! Don't just download the latest version and start patching.
  2. Never rewrite published branches.
  3. Many experienced git users... keep the history linear by rebasing against the latest upstream version before publishing (because it makes bisecting easier). But once your branch has been published to others, the rules change: Do not rebase commits that you have pushed to a public repository. As Pro Git explains, "If you treat rebasing as a way to clean up and work with commits before you push them, and if you only rebase commits that have never been available publicly, then you’ll be fine. If you rebase commits that have already been pushed publicly, and people may have based work on those commits, then you may be in for some frustrating trouble."
  4. Linus Torvalds discussed rebasing topic branches in 2008. He stated that "Rebasing branches is absolutely not a bad thing for individual developers.... if you're a 'random developer' and you're never going to have anybody really pull from you and you *definitely* don't want to pull from other peoples (except the ones that you consider to be "strictly upstream" from you!), then you should often plan on keeping your own set of patches as a nice linear regression. And the best way to do that is very much by rebasing them... for that end-point-developer situation "git rebase" is absolutely the right thing to do." But in contrast, rebasing "*is* a bad thing for a subsystem maintainer." Several lwn articles also discuss this: 1, 2, 3. Here are some Mercurial comments: 1 2. Here'sa an article on rebase considered harmful. Clinton R. Nixon shows how to automatically rebase when you merge from a master (good when you're working on a local topic branch that's not shared with others, and you don't expect many problems rebasing).
  5. For more, see git's Documentation/SubmittingPatches.

"Git For Ages 4 And Up" explains git using tinker toys.

OpenOffice.org (OOo) is amazingly compatible with Microsoft Office. When there's a Windows/Linux problem, I've found that often the real problem are missing fonts, not the program itself. Both programs will substitute other fonts for missing fonts, but the other fonts have different sizes and the results are often disappointing. Fonts are unfortunately a complicated subject. Optimal Use of Fonts on Linux explains much for Linux users. If you're using OpenOffice.org, and want to avoid proprietary fonts, the Bitstream Vera package seems to be the way to go; all OpenOffice.org installations have this font, and the Bitstream Vera fonts can be freely shared, modified, and redistributed. If you want maximum portability with Windows users who use Microsoft Office, use a Microsoft font, since those are the only fonts that you can be sure they'll have. You can arbitrarily install the Microsoft fonts package on other systems and then use Arial, Times New Roman, Verdana, Tahoma, and LucidaTypewriter; however, their license apparantly makes it not possible for for-pay distributions to include them directly (you have to install them separately, which thankfully is easy to do). Here's a source for Microsoft's True Type core fonts on Linux, and here they are prepackaged in RPM format for Fedora Core. Scribus has a list of fonts, and the Unicode Font Guide For Free/Libre Open Source Operating Systems has useful info too. The STIX fonts project may produce useful results in this area; we'll see.

You can get online the standard for the C programming language as of 1999, e.g., "C99".

The EFF legal guides for bloggers is helpful if you need it.

The Underhanded C Contest is interesting -- Slashdot has more.

It sure would be nice if we could speak in one language and have everyone understand it. Blueprints for Babel discusses various constructed languages and their problems. Here are some interesting essays. Personally, it looks like English is winning that race. Simplified versions of English are more likely to win than fully constructed languages, I think, if it's important to modify/simplify a language so that people can learn it more easily. For example, Special English is used by the Voice of America. Basic English is a more tightly-controlled version.

The major label music cartel complains that everyone should pay extreme amounts of money because the artists need to get paid. Well yes, it's a good idea to pay the artists. But many of the cartel's statements appear to be lies as well, in particular, they often keep all the money instead of actually paying artists. Steve Albini's essay "Major Labels: The problem with music" (alternate site) has way too much swearing, but it has a valid point. RIAA Accounting: How To Sell 1 Million Albums And Still Owe $500,000 makes the same point. And the point is... the major labels make sure that music artists never get (really) paid, through a long list of unethical practices. It's often a modern (and legal) form of slavery. No wonder so many artists are willing to give their music away, or don't care if their music is copied ... they make about as much either way, and more people hear hear their work if it's copied at no fee. What's more, freely-available music is getting increasingly better way as a way to noticed, and unlike label deals, the artists are free from slavery to the label. The Indie Band Survival Guide discusses an alternative. The fights between RIAA/MPAA and file sharing networks that encourage piracy, (like Grokster) make me feel really uncomfortable; it's more like watching two thieves in battle. I do not like systems like Grokster's, but I'm unable to side with RIAA/MPAA (who may act legally, since they've purchased the law, but they don't act ethically). What's really needed is for the cartels to actually provide what consumers want -- music they can easily download and own. By own, I mean it's not just rent (if you stop paying you keep your music), and you can use it with all the devices you own (so you can listen to it on your various devices, including a patent-free Linux system). If you buy a player from vendor V, you should be able to place the songs you own onto that player... even if it's a different vendor. Formats that require you to pay a monthly fee to keep using your music are not okay, because that fee will keep escalating once everyone's locked into it. Formats that lock music to a particular device, and try to make sure that you can't share your music among all the devices you own, are unacceptable; people buy new devices all the time. Apple's iTunes has historically locked you into their products; many people avoid them for that reason, and there will be a lot of unhappy people in the future when they find out that they have to keep re-buying their music. (That's changing recently, thankfully.) They won't do it -- they'll "pirate" the songs they already paid for instead. It's time for the music industry to provide what customers actually want; the fact that piracy networks keep springing up is a wake-up call that they are failing to provide what customers actually want. Sure, you can use prohibition-era tactics, but wouldn't it be better to sell the music instead, in the forms the customers actually want?

Their outragious intimidation tactics, in an effort to prop up their failed business models, has meant that the RIAA (Recording Industry Association of America) and MPAA (Motion Picture Association of America) are together often called the MAFIAA (either the Music And Film Industry Association of America or the Movie, Art and Fiction - Intimidation Associations of America). MAFIAA is obviously a derogatory term, but here's an example of the sentiment posted by Esion Modnar: "More and more, I associate the *AA with the Mafia. Their real source of power is intimidation, usually through carefully chosen lawsuits against financially unprepared defendants. (First Amendment? Not if it goes against *AA interests! *AA uber alles!! Sieg heil!) Oh, and strategically placed 'campaign contributions'". Here's another example.

Brian McConnell's article "Back to the Future - Morse Code and Cellular Phones" makes the interesting argument that the way to improve mobile phone text messaging is to allow users to use Morse code to send messages. (Others have since noted that the "buzz" of a phone would let you receive messages in Morse code without looking at the handset). In a text messaging speed contest, 93-year-old telegraph operator Gordon Hill used Morse Code to resoundingly defeat his opponent (13-year-old Brittany Devlin).

Bruce Schneier explains lock-in clearly.

"Public discourse under way over definition of "open"

Paul E. McKenney's 'attempted summary of "RT patch acceptance" thread' summarizes different approaches for implementing real-time scheduling in the Linux kernel; it's a very nice summary of the different approaches.

Need a MUD client? Telnet obviously works, but why stay there? If you want a basic console-type MUD client with a few extras (triggers and such), there are lots of nice clients. Indeed, for tty-style MUD client, there is an embarrassment of riches. TinyFugue is an old tried-and-true favorite for the console crowd; you need to compile it on some systems, which is no problem for me but others will want a nicely prepackaged program. There are many GUI-based MUD clients with lots of features (and users). Highly-rated ones (according to Freshmeat) include gMUDix, Kildclient (version 2.0 was July 27, 2005), KMuddy, and kmc. Some clients have problems; KMud has some nice features, but depends on an archaic version of Qt (a problem for modern systems), and development halted long ago; Papaya might be nice, but at least as of July 2005 it won't install from source on Fedora Core 3.

But I wanted a MUD client with automapping, and that seems to be trickier. The well-rated ones I listed earlier have lots of features, but they do not have automapping. I use Fedora Core usually, so I went hunting and here's what I found. One worth trying is MUD Magic; it's easy to install on the Fedora Core distribution for Linux, as long as you first install sqlite (SQL lite library) for Fedora Core; sqlite is part of the "extras" in Fedora Core 3. Its user interface frankly isn't all that intuitive; you really have to hunt to change font size, the opening commands aren't obvious, etc. Still, it has some nice functions... and it does have an automapper. MUD Magic's automapper plug-in is terrible, though. The automapper gets trivially confused (if you give a direction it "maps" even if the MUD responds you can't move that way), editing maps essentially doesn't work, and it often hangs or loses its mapping work. Note that if you're invoking MUD Magic through a GUI, it's placed in the "Network" (Internet) group, not in the games group. There seems to be some convergence going on; Tomas Mecir (author of KMuddy) and Mart Raudsepp (current lead for wxMUD) have contributed to MUD Magic.

But I've had even less joy with alternatives. Gnome-MUD (aka amcl) looks like it might be useful, but I had trouble getting it to run on Fedora Core 3 (it compiles, but doesn't run for some reason); it appears development has stopped, too. I've compiled it with:

./configure --prefix=/usr
, as is usual on Fedora Core boxes. Then make, as usual. The "make install" takes forever to update the documentation (for scrollkeeper). Running the program (it's at /usr/games/gnome-mud) just fails with the message: "The default configuration values could not be retrieved correctly. Please check your GConf configuration, specifically that the schemas have been installed correctly."

SMM++ Mud Client is older, but has reasonable ratings and has an automapper (see Freshmeat's entry for SMM++ MUD client). But this is an absolute monster to install -- I haven't succeeded, and others have had trouble too. The problem is that it depends on really old stuff that has radically changed, and SMM++ hasn't been changed to follow suit. It depends on itcl, which on Fedora Core is a real pain to install (why it's not included, I don't know; it used to be). Even worse, it particularly depends on "itkwish", which is no longer part of itcl. (so you have to install a version of itcl that has itkwish; many do not.) You work to install itcl, but it's a pain. You have to first install tcl-devel and tk-devel, but that's easy: "yum install tcl-devel tk-devel". Then itcl's installation on Fedora Core requires that you do this:

"./configure --prefix=/usr --with-tcl=/usr/lib --with-tk=/usr/lib"
but even that's not enough. I abandoned this after a while -- not worth it.

It appears that you can get fired for choosing Microsoft. Jesse Burst reported on July 25, 1998 about one person who was fired for choosing Microsoft. about one person (Scott Barker, of Proctor and Gamble), who went to a Microsoft-sponsored workshop and because of that decided to replace the company mainframe with Microsoft Windows systems. That cost $1.5 million just for the initial software purchase. His boss, Matt Kiyuck, then found about Linux, and "realized that we could have saved millions of dollars in new software and hardware if we had gone with Linux instead of NT. Needless to say, Scott Barker received a pink slip the next day." The moral seems to be: If you're making decisions with big ramifications, make sure you consider all your options. Don't just buy a product because many other people use it, or because they seem very nice in their workshop. Frankly, as described it makes sense; if someone's job is to carefully make a major multi-million dollar decision, and they don't consider their options, they do deserve to be fired. The source here is a little suspect; they often run humor articles. Yet it's not clear they're kidding in this case; the identification of particular people and organizations (by name) is usually not done with made-up articles. I'd love to confirm or deny this story.

Drunkenblog has a lengthy discussion justifying the claim that Maui X-Stream has illegally copied code into its products. The author claims that since GPL'ed code is often given away, then there must only a civil case. I doubt that; many people use the LGPL and GPL licenses because they expect to be able to see and use the source code of any publicly-released improvements. Since a proprietary program doesn't release its source, I suspect an author of a GPL program could sue for the value of all improvments made to the program, but illegally witheld, as well as the money acquired from sales and the legal costs of the suit. You can use programs like SLOCCount to estimate costs. When a small GPL program is inadvertently included in a big program, it's usually worked out amicably, but when a vendor intentionally tries to defraud the world, the vendor should expect to get in trouble.

The audio format Ogg Vorbis appears to be gaining ground. A CacheLogic survey found that 61.44% of current peer-to-peer traffic is video, 11.34% is audio, and 27.22% belongs to other category. Of the audio, 65% (by traffic volume) are traded in the MP3 format, and 12.3% are in the open-source OGG file format. I don't know how much of that is illegal, and I don't condone any that's illegal. But clearly Ogg Vorbis (Ogg'd primary audio format) use is increasing from the near-0% of years past.

In August 2005, Department 1127 (where Unix was developed) finally disbanded. It's unfortunate; basic research in IT is basically unfunded at this point. Commercial organizations (like DEC labs, XEROX PARC, and now Dept. 1127) are gone, and other organizations like DARPA don't do much either now.

Is Your Boss a Psychopath? is an interesting read; here's the quiz.

Online or Invisible? by Steve Lawrence make a critical point: "Articles freely available online are more highly cited. For greater impact and faster scientific progress, authors and publishers should aim to make research easy to access." Unfortunately, many academic organizations are still stuck in the stone age, trying to charge for articles and thus make money on stuff they didn't write and don't pay the authors for. It's time to stop. If the problem is that you need money to pay for printing the documents on paper, then the solution is obvious: stop printing them on paper. Almost no one wants them on paper any more; they want the electrons. If your goal is to make free money by exploiting other people's work, while not paying them and not providing a critically valuable service that you pay for, that's frankly unethical. Stop. (Having unpaid people peer review the article obviously doesn't count as a service -- you're not paying them either!) That doesn't mean all written works should be free; I very much believe in authors getting paid for their work. But then make sure the authors get paid for their work; generally authors of academic papers don't get royalties or other real payment from their article. If the authors aren't getting paid for their work, then it makes no sense for there to be a charge. There's simply no need for the paper mill infrastructure anymore in academic works. If someone wants a paper version, let them download and print it in the way that's best for them. It's time to get almost all academic works freely available on the Internet.

Feedvalidator.org validates RSS feeds.

The Six Dumbest Ideas in Computer Security is a funny, yet serious, look at security antipatterns... the things we shouldn't do, but too many people do.

OpenOffice.org is really great. Nosy people like me like to know when the "next versions" are going to be released, and searching doesn't often reveal the answer. The best way to learn about release work is to see the OpenOffice.org release mailing list, where people discuss if or when to release new versions. Here are some tutorials about OOo's database capabilities.

I think OpenOffice.org and other OpenDocument-implementing systems should add collaborative editing capabilities like a Wiki. See OOo issue #54987 for more information. Also related is Towards XML Version Control of Office Documents. There are various other kinds of collaborative editing. You could share a mouse and keyboard in real time (like SynchroEdit), but that's probably better handled by a more general tool. You could also have a lock-based system, where only person can edit at a time... that's obviously simple, but limiting in many cases. The KOffice page on Collaboration is relevant too.

Here's how PR firms really work; very interesting, and a little scary too.

Here's an article on how to eliminate red eye using the GIMP.

The Thunderbird email client (a companion to Firebird) is nice, but you can reconfigure it depending on your needs. Thunderbird likes to do HTML mail, which I don't like receiving; Here's info on how to make Thunderbird send plain text in a nicer way. Here's Linux kernel info on how to reconfigure email clients to send patches. If you display headers and there are too many to display, the scrollbar for expanded message headers extension helps in this case.

Here's the cartoon "Both Sides" which captures a simple truth in a funny way... if you believe that "both sides" are always equal, then you have given up the ability to think.

"'Moderate' mobs and the newspapers that abet them" by Charles Krauthammer discusses the Muhammed cartoons and free speech (Feb. 9, 2006) and shows the nonsense that comes from a lack of courage about free speech.

The term "to betamax" is interesting. It seems to have been making the verbal rounds for a while, but tracking it down in written records is tricky. AlistairMcMillan re-added this snippet to the Wikipedia article on Betamax on October 7, 2005: "The VHS format's defeat of the Betamax format became a classic marketing case study, now identified with the verbal phrase 'to Betamax' , wherein a [[proprietary]] technology format is overwhelmed in the market by a format allowing multiple, competing, licensed manufacturers, as in: 'Apple Betamaxed themselves out of the PC (Personal computer) market.' Sony's confidence in its ability to dictate the industry standard backfired when JVC made the tactical decision to engage in open sharing of its VHS technology. JVC sacrificed substantial potential earnings by going the open sharing route, but that decision ultimately won the standards war. By 1984, forty companies utilized the VHS format in comparison with Betamax's twelve. Sony finally conceded defeat in 1988 when it too began producing VHS recorders." But it doesn't seem to have originated then; copies of the article from April 2004 had this text snippet.

Here's some musical silliness. First, see The Llama song. Then, for a parody of a silly song, see The Sawyer Song (here's an article about the Sawyer song, and here are the Sawyer song lyrics).

Interesting research - OpenAnalysis is a tool to capture information about programs; the OpenAnalysis wiki has more about it. We'll see if much comes of it!

Here's an article on how to create a software development environment by integrating Bugzilla, Subversion (SVN), MediaWiki, and mailing list software.

ACL2 is pretty neat, but when Red Hat Fedora Core 3 added some features to improve security, they unfortunately interfered with GNU Common LISP's (gcl's) ability to run ACL2. Here's A patch to gcl is known to fix ACL2 / GNU Common LISP on Fedora Core, along with a positive testimonial.

Advanced Programming Languages links to all sorts of things, if you're interested in programming languages (in general).

My blog is listed in various places. One place that's interesting in its own right is Planet FLOSS Research, a "meeting point for Free/Libre/Open Source Software researchers."

John's guide to earning an income from a Free and Open Source project (intended for the independent developer) gives all sorts of info from one developer on how to make money from an open source software project.

This site has all sorts of stuff about Yuna (the Final Fantasy character)

Today, 1 in 68 families in the U.S. has an autistic child... only a few decades ago, autism was nearly unknown. At the time of this writing, no one knows why. Many suspect vaccines, for a variety of reasons; vaccines are not safety-tested for long-range effects the way people think they are. Conflict-of-interest is a serious problem; the few studies that "prove" vaccines aren't a problem have serious concerns, as far as I can tell. "A User-Friendly Vaccination Schedule" by Donald W. Miller, Jr., MD has some suggestions, given the lack of conflict-free information and decision-makers. He suggests this schedule: "No vaccinations until a child is two years old (except hepatitis B vaccine for infants whose mothers test positive for this disease); No vaccines that contain thimerosal (mercury) (including flu); No live virus vaccines (except for smallpox, should it recur); and these vaccines, to be given one at a time, every six months, beginning at age 2: Pertussis (acellular, not whole cell), Diphtheria, Tetanus, d. Polio (the Salk vaccine, cultured in human cells)."

A weird thing - CLASH: CLisp As SHell by Peter Wood

Death by DMCA shows how the DMCA is stifling technology, because instead of assailing bad actors, it makes perfectly valid uses (like transferring a DVD to portable for personal use) illegal. Here's an anti-DMCA video.

A documentary of the Amen break - a 6-second drum sequence - it's interesting!

Why Linux isn't working on business desktops and how we fix it by Kelv (November 16th 2005) has a useful list of gripes. Obviously, Linux can be used on business (and home) desktops, but it's a useful place to start for improvements if you want to code an improvement. It notes things like being able to open Microsoft TNEF format in Thunderbird (and where to get the Sourceforge project that gets you most of the way there!).

10 Reasons Why High Definition DVD Formats Have Already Failed discusses "the reasons HD DVD and Blu-ray Disc will never turn into the dominant formats for digital media viewing".

SourceForge.net supports the subversion SCM system, but don't clearly explain how to get a new project started. First, you need to enable the use of subversion at all for your project. Then, for each developer, you need to give them write access. Finally, you need to import some initial files; they explain how to export from CVS, but not how to initialize a new project. You need to use "import", and you need to specify that you're importing to the trunk. For example, to create a subdirectory with your initial files (let's call it "readable") and put it in the trunk of the "readable" project, do this:

 svn import -m "Initial import" readable https://svn.sourceforge.net/svnroot/readable/trunk

Firefox is a great browser. You can speed up Firefox viewing by opening "about:config" and turning on network.http.pipelining. That's not the default because some proxies and some versions of Microsoft's (inferior) IIS program choke on pipelined requests, but that's becoming less common. ComputerWorld has an article about using advanced Firefox options in its about:config view.

I'd love to live longer, or at least be more healthy while I'm living. With all the additional information now available to medical science, I'd like to hope that medicine will figure out some new approaches on that front. For example, the drug resveratrol seems to have some promise (well, in lab rats) - NewsWeek (December 11, 2006, pp. 80-84) even noted it. Whether or not that particular one works, I'm hopeful that we can find ways to make things better.

How can you control the amount of time someone spends on a Linux system? This post shows how to limit the time of day someone logs in, and how to forceably log them off outside that time, in Fedora Core (using PAM). Time quotas are trickier; here's a discussion of the needs on a Ubuntu forum. I actually think it wouldn't be THAT hard, but I'll have to look into it. One alternative (instead of full quotas which require tracking time) is to simply force a session to log off after a certain amount of time; for some that might be better. This discussion suggests Debian's "timeoutd" - I need to learn more about that! timeoutd's implementation is pretty simple. An alternative is porttime. Pyttymon may also be an alternative, though it's not clear it works for X.

Here's something very cool - RepRap (Replicating Rapid-prototyper), a practical self-copying 3D printer (well, mostly self-copying). There's a short RepRap handout explaining it. MIT professor Neil Gershenfeld's talk "The beckoning promise of personal fabrication" discusses his "Fab Lab", a "low-cost lab that lets people build things they need using digital and analog tools. It's a simple idea with powerful results: His Fab Labs, set up in communities around the world, let people build eyeglass frames, toys, computer parts – anything they need and can imagine. As Gershenfeld explains, this kind of empowerment leads to education, to problem-solving, to job creation and then to invention, in a truly creative process." Wikipedia has more about RepRap. The LegoMakerBot is a similar idea (a 3D printer), but one that prints with Legos and is entirely built from Legos.

The Cyberiad has some funny cautionary tales; reminds me a little of the Hitchhiker's Guide to the Galaxy series by Douglas Adams.

Magic-1 is a homebuilt minicomputer. It doesn't use an off-the-shelf microprocessor, but rather has a custom CPU made out of 74 Series TTL chips. Altogether there are more than 200 chips in Magic-1 connected together with thousands of individually wrapped wires. And, it works. You can connect to Magic-1 and run the original Adventure.

You can learn more about electronics if you're interested. Lessons In Electric Circuits: A free series of textbooks on the subjects of electricity and electronics is a freely-available series with information. Other books are "Art of Electronics" by Horowitz and Hill, and "There are No Electrons" by Amdahl (who also wrote the greatly-titled "Calculus for Cats"). Playing with stuff is important to learning; Electronic Playground is one of many X-in-one packages so you can quickly play with stuff; this one reportedly has a good manual that explains things (using the usual analogy with water pipes). You want a book (explanation) and kit (try things out!) together. You'll probably want a circuit simulator like Spice, too.

Inform 7 is a tool for creating interactive fiction (text adventure games); one interesting aspect is that he's chosen to use an English-like syntax. (I really wish he'd released this as open source software; it's incredibly dangerous to depend on sole-source proprietary language implementations, as the Visual Basic developers learned to their sorrow.) If you're interested in the general issue of natural language as a programming/rule-specification language, there's a lot of material on the topic. Interesting sources include The Natural Language Processing Dictionary (a This bagger example is helpful too). English Phrases for Information Retrieval (EP4IR) grammar is GPL'ed work with a big grammar and lexicon for parsing English, which could be a basis for many projects. GATE (General Architecture for Text Engineering) is a heavily-supported project. GMU has some useful material, but beware of license traps.

For more on Inform 7, you might check out this intro to Inform 7, Inform 7 for programmers (based on this one-HTML-page version), Emily Short's list of links about Inform 7, and a large chart of rules, showing how Inform 7 works.

Currently neither Inform 7 nor TADS3 are open source software (they are available at no cost, but cannot be independently modified among other things). If you want an OSS tool for developing interactive fiction, Inform 6 is quite useful (in spite of its name, it's actively maintained).

An interesting tool for telling interactive stories is Twine - this one is fully OSS, and is supposed to be especially easy to get started. That said, Twine is really for "choose your own adventure" and hypercard-like structures, not for interactive fiction.

There are some interesting "kids developing software" things. The Te Tuhi Video Game System (FLOSS under GPL) is a clever program that takes a picture and creates a videogame from it. ( Here are some compilation hints.) MIT's Scratch is one approach; The Scratch software is FLOSS (MIT license); the projects and support materials are also FLOSS, available under the Creative Commons "Attribution - Share Alike" 3.0 license. Inform 7 is an interesting way to teach (no-cost, not FLOSS). Kids domain has a list of programs for programming. University of Kent is teaching Java to kids, involving Greenfoot and BlueJ (here's BlueJ news) (BlueJ and Greenfoot are no-cost for noncommercial use, but are not FLOSS). Here's an article about involving kids in Free software development through play.

Here's a really cool video by Prof. Michael Wesch explaining where the Web is going (and what's XML anyway) It's not a technology analysis, but a big-picture view. Very cool.

The Rise and Fall of CORBA has some good lesssons learned.

Paul Graham has lots of interesting things to say, such as Why Startups Condense in America, The Power of the Marginal (some fun quotes: "you're probably better off studying something moderately interesting with someone who's good at it than something very interesting with someone who isn't.... don't learn things from teachers who are bad at them" and "Jobs and Wozniak were marginal people... their previous business experience consisted of making "blue boxes" to hack into the phone system, a business with the rare distinction of being both illegal and unprofitable"), Hiring is Obsolete, Why Nerds are Unpopular (about high school and the nonsense that goes on there), and Beating the Averages (about LISP). I definitely don't agree with all he says, but he makes me think, and that's a great thing.

Of course, if you're interested in start-ups, there's lots of advice out there. Mark Fletcher's "15 Startup Commandments" is a good list for IT start-ups. My favorite is his first one: "Your idea isn't new. Pick an idea; at least 50 other people have thought of it. Get over your stunning brilliance and realize that execution matters more."

Interesting paper: "An Empirical Study into the Security Exposure to Hosts of Hostile Virtualized Environments" by Tavis Ormandy (Google) The results should surprise no one; they "demonstrate the need for further research into virtualisation security and prove that virtualisation is no security panacea", because "No virtual machine tested was robust enough to withstand the testing procedure used, and multiple exploitable flaws were presented that could allow an attacker restricted to a vir- tualised environment to reliably escape onto the host system." Here's a Linux virtualization summary.

C/C++ Calling conventions documentation.

The "Vista" version of Microsoft Windows has some really serious compatibility problems, and frankly there seems to be no real business case for upgrading. Essentially nobody buys Windows because it's a great operating system - frankly, it isn't. The only reason anyone uses Windows is because they want to use applications that require it. And way too many programs fail to run in Vista... whole categories of applications don't work correctly. A bug in Windows Vista restricts all applications compiled by GNU GCC (one of the most popular development environments) to 32 MB. Programs developed using FoxPro (another common development system), such as SBT Database Accounting, won't work at all under Vista. Burning DVDs and CD-ROMs is hard to do, often fails, and it's difficult to make it generate standards-compliant disks that anyone can read - and Vista's lousy UI is concerning. Many existing programs can't run, or require an expensive upgrade to run on Vista, such as Quickbooks. Many U.S. government agencies are temporarily forbidding use of Vista because of these problems. Vista hopefully has better security than XP, but frankly, that's a dismally low bar... and since everyone (including Microsoft) expects to see a number of vulnerabilities in Vista, it's more a count than a full release from security problems. The May 8, 2007 patch Tuesday release alone had 6 critical vulnerabilities. And Vista raises its own security problems; it's incompatible with many security products, and has far more DRM mechanisms. By design, DRM mechanisms prevent users from controlling their own equipment, and thus DRM mechanisms always reduce user security (Microsoft sidesteps this by talking about "security" without answering the question of "security for who?"). The large number of incompatibilities are especially concerning; hopefully things will get better quickly. But it looks like waiting a while before getting or using Vista would be a good idea; it's what many government agencies are doing.

XKCD has some funny cartoons if you're into technology. Examples include Highway Engineer pranks, No recursing, Labyrinth puzzle, and Chess Photo. If you want to know the difference between scientifically-minded people and everyone else, The Difference about sums it up. Alice and Bob is only funny if you know about the usual crypto conventions. Angular Momentum and Grown-ups are rather sweet. Centrifugal Force and Electromagnetic Spectrum are for those who've taken physics classes. Lisp cycles is fun for those who know LISP. Online community map Map of the Internet (IPv4) are interesting in their own right. Open Source not only got a laugh, but Stallman ended up with a katana (as life imitated art). The problem with Wikipedia has it about right. There are also these wonderful "quotes" from Knuth (if you want really weird, look at the Knuth is my homeboy T-shirts). Also fun: Escher bracelet, National language, Katamari, Binary Sudoku, Donner party (You'd have to know about the real Donner party), Nighttime stories (you'll need to know about Xenocide and Ender's Game). See Nerd sniping and Nightmares. Unscientific is actually a compliment to MythBusters. I think of Zealous autoconfig whenever I'm looking for a WiFi connection. Security holes pokes fun at Debian's OpenSSL vulnerability. Fields arranged by purity great for the mathematician in your family. Road rage is twisted. Height and Depth put things in perspective. Google maps is great for those who remember text adventures. Flash games shows a crucial point that's lost by the Wii-hater crowd - being fun is more important to a game than fancy graphics. "Suspicion" shows the modern evolution of the Turing Test. The New Yorker has an interview with XKCD's creator, Randall Munroe.

PHD comics is also funny. See for example, The Grant Cycle.

Ubersoft.net has lots of funny comics if you're in the IT world. Fun ones include Skewed perspective, Hidden Dangers of Data Collection, and Desensitization.

PHD comics has comics focusing on grad students, for example, PHD widows, We're all doomed, Academic salaries.

Microsoft claims that it has a trademark on the term "windows". Yet that term was used for windows on graphical user interfaces long, long before. Douglas C. Engelbart demonstrated mice and GUIs back in 1964! Here's a 1982 video (pre-Mac or Microsoft Windows) showing a graphical user interface, including a mouse and windows, for Unix system (Blit, by Rob Pike and others).

Joel Spolsky has some nice essays, including The Law of Leaky Abstractions and Back to Basics.

Mark Osborne's MORE is an eerily good short film.

Penn & Teller's video on Gun Control explains why it's important for people to be able to get guns. It's about freedom.

Graham Chapman's Memorial Speech (Delivered by John Cleese at his memorial service, Jan 1990) is touching. It does an amazing job of describing the character of, well, a character.

My Accuse program got mentioned here.

Laws of Software Development summarizes quips from others.

Getting things done is an interesting summary.

The Evil Overlord List (by Peter Anspach, at eviloverlord.com) is fun to read; Evil Rulers has their own list, focused on James Bond.

Computer language junkies will probably find Syntax across languages interesting, and maybe useful. It tries to capture important aspects about many computer languages, similar to the way a linguist might capture selected aspects of human languages for study.

FOSS Codecs For Online Video: Usability Uptake and Development 1.2

The Enhanced Machine Controller project (EMC) is for controlling systems. It'd be great if this (or something like it) were high assurance.

Here's a video of how to remove a desktop computer, plugged into a wall, without turning it off.

"Free! Why $0.00 Is the Future of Business" by Chris Anderson is an intriguing commentary.

The article Artificial Stupidity makes a great point. We don't need full "artificial intelligence" - humans are already quite intelligent. What we need most from computers right now is just enough capability to handle many stupid, mundane tasks... leaving the humans free to do what they are good at.

Here's an essay arguing for taxing of "intellectual property".

Trolltracker tracks companies with patent portfolios but produce no goods or services. In other words, the only thing they produce is litigation to prevent or tax the development of goods and services.

TED (Technology, Entertainment, Design) is a conference that "brings together the world's most fascinating thinkers and doers, who are challenged to give the talk of their lives (in 18 minutes)". They then make the best talks and performances available to the public, for free, under a Creative Commons license. I don't agree with all the speakers - but listening to their ideas helps me expand my own.

Economics can be extremely interesting. I found the book "The Undercover Economist" to be very enlightening. Dan Bricklin's interview with author Dan Ariely of "Predictably Irrational" about applying behavioral economics to Open Source Software is very interesting.

The Linux kernel is interesting. Linux kernel development describes its development process in a relatively non-technical way (reporters use it as their starting point). The Linux Weather Forecast keeps track of the latest situation.

It's easy to incorrectly redact information from PDFs. Here's how to correctly redact PDFs.

I recommend reading Shelley's "Ozymandias" as a cure for hubris. It ends by comparing the statue's inscription with harsh reality:

 "My name is Ozymandias, king of kings:
 Look on my works, ye mighty, and despair!"
 Nothing beside remains: round the decay
 Of that colossal wreck, boundless and bare,
 The lone and level sands stretch far away.

Peter Bright's "From Win32 to Cocoa: a Windows user's conversion to Mac OS X—Part II" gives a brief description of the complete brain-damage of MS Windows' development interfaces, including the problems of .NET. Java and C# aren't that radically different as languages, but as he notes, "The .NET library is simple to the point of being totally dumbed down; it's probably okay for the first and second groups [who don't need much capability], not least because they don't know any better, but for the rest it's an exercise in frustration. This frustration is exacerbated when it's compared to .NET's big competitor, Java. Java is no panacea; it too is aiming roughly at the middle kind of developer, which is understandable, as they're the most numerous. But Java's much more high-minded. It's much stronger on concepts, making it easier to learn. Sun doesn't get it right the whole time, but the people behind Java have clearly made something of an effort." He concludes with: "I enjoy writing programs, but I don't enjoy writing for Windows. And while once it made sense to stick with Windows, it just doesn't any more."

A fun silly game is Boomshine (requires Flash). Takes little time, has a catchy Glass-like music.

See "Techniques for Cyber Attack Attribution" by David A. Wheeler (Oct 2003) summarizes various techniques to perform attribution (aka traceback or source tracking) on networks, esp. TCP/IP networks. Here's the abstract: "This paper summarizes various techniques to perform attribution of computer attackers who are exploiting data networks. Attribution can be defined as determining the identity or location of an attacker or an attacker's intermediary. In the public literature "traceback" or "source tracking" are often used as terms instead of "attribution." This paper is intended for use by the U.S. Department of Defense (DoD) as it considers if it should improve its attribution capability, and if so, how to do so. However, since the focus of this paper is on technology, it may also be of use to many others such as law enforcement personnel. This is a technical report, and assumes that the reader understands the basics of network technology, especially the Transmission Control Protocol/Internet Protocol (TCP/IP) suite of protocols."

Here is how to create RPM packages for Fedora.

Here's a report from an Ada user who cracked an old code.

Simon Willison has a nice presentation on the "The implications of OpenID". His bottom line is that OpenID is the "Best available option" (for many authentication needs), but that "there are important implications".

Remote logins: Setting up a secure remote X session with gdm describes a way to do secure remote login on Linux. The basic idea is to use (if remote system runs GNOME):

/usr/bin/ssh -A -X -T -n “$TARGETHOST” /usr/bin/gnome-session
Ubuntu has some ssh help. Another approach is to do this (which starts it on virtual terminal 1):
xinit ssh -A -X -T -n "$TARGETHOST" "gnome-session" -- :1
# or:
xinit ssh -X "$TARGETHOST" "gnome-session" -- :1
Vahemry also has some information. HOWTO Xnest has info. One way is:
Xnest :1 &
export DISPLAY=:1

Towards a normative quality standard (31 March 2007) gives a pitch for using the same measures that have been applied to proprietary software. It notes ISO 9126, which breaks measures into functionality (inc. security), reliability, usability, efficiency, maintainability, and portability. It also suggests using "Simple, language independent metrics that influence maintainability". Of course, they can't fix the main problem with measures in software: You can typically either identify high-level measures that you want (but can't actually measure), or identify low-level measures that can actually measure (but have tenuous relationships to what you want). International Workshop on Foundations and Techniques for Open Source Software Certification

Some interesting malicious code and/or voting software items include the Obfuscated V contest, and the "Report on the Pvote security review" by Ka-Ping Yee ( their review document). For the latter one, I think the fundamental problem was the use of a language (Python) that is hard to statically analyze. In Python, you can't know what "f(x)" means in module A, because in module B you might do "a.f = ..." and change its meaning. Python has no static type system, either. The author even noted that at least one of the 3 inserted bugs was probably easy to find using static analysis, and I think all of them are detectable. Arkansas Election Officials Baffled by Machines that Flipped Race: "The problem resulted in the wrong candidate being declared victor in a state House nomination race", but thankfully, in this case, "the touch-screen machines produce a voter-verifiable paper audit trail."

Fedora has lots of security goodies, but they can sometimes prevent the execution of programs not already part of its repository. "setarch -R" is supposed to disable randomization per-process (though there are claims that it sometimes doesn't work), and "setarch i386" has a side-effect of disabling the parts of exec-shield that may cause trouble. Fedora 9's security policy forbids changing memory permissions in some cases, which can wreak havoc. The only easy solution is to disable that globally; the clean solution would presumably be to create a new security policy. See these Fedora compatibility hints.

If you have to package RPM files with TeX components, it can be hard to track down material. TeX file installation follows the "info tds" rules of texlive-texmf. I.E., (un)install under /usr/share/texmf/TYPE/PACKAGENAME, where for styles the type is "tex/latex". Then, run mktexlsr (which replaces texhash) as follows:

 mktexlsr >/dev/null 2>&1 || :

Here are Fedora Bugzilla entries for some packages - here's my work with Z "fuzz", Zenon, miniSAT2, and E (equational theorem prover). Here is Alan Dunn's Coq ("coke") packaging for Fedora, Why packaging for Fedora, and Alt-Ergo (which requires ocaml-ocamlgraph). E should be upgraded to 1.0 - but only if that doesn't cause other problems.

When you're creating packages, an annoying step is handling "make install" if the developer doesn't support DESTDIR and it's a nontrivial install process. See Automating DESTDIR for Packaging.

The "rlwrap" tool is handy at the command line if you're using a command-line tool that lacks readline support.

Speedtest.net will tell you how fast your upload and download connection is (in kilobits per second). Flash required.

Former Debian Project Leader Martin Michlmayr's doctoral thesis, "Quality Improvement in Volunteer Free, and Open Source Projects: Exploring the Impact of Release Management" (Centre for Technology Management, University of Cambridge), is very interesting. It is based on case studies of major free and open source software (FOSS) project, including Debian, GNOME, the Linux kernel, OpenOffice.org, Plone, and X.org. It particularly focused on the time-based release strategy. Linux.com did a quick summary.

Unfortunately, many viewers find that when they switch to an HDTV they are unable to view closed caption (CC) information, even though the broadcaster is sending it and the TV is able to display it. That's rediculous - there are millions of deaf and hard-of-hearing people, and we have laws that were supposed to enable CC. Originally, CC information was included in the picture ("line 21"), but there is no equivalent capability in the HDTV 720p/1080i interconnects between the display and a "source". A "source", in this case, can be a DVD player or an HD tuner (a cable box is an HD tuner). When CC information is encoded in the MPEG-2 data stream, only the device that decodes the MPEG-2 data (a source) has access to the closed caption information; there is no standard for transmitting the CC information to an HD display separately. Thus, if there is CC information, the source device needs to overlay the CC information on the picture prior to transmitting to the display over the interconnect. Unfortunately, many source devices do not have the ability to overlay CC information, or controlling the CC overlay is extremely complicated. For example, the Motorola DCT-5100 cable Set Top Box has the ability to decode CC information located on the mpg stream and overlay it on the picture, but turning CC on and off requires turning off the unit and going into a special setup menu (it is not on the standard configuration menu and it cannot be controlled using the remote). Historically, DVD players and cable box tuners did not need to do this overlaying, they simply passed this information on to the TV, and they are not mandated to perform this overlaying. Many modern HDTVs can be directly connected to cables, but then they often cannot receive scrambled channels that the user is paying for. Thus, the lack of a standard way of sending CC information between components, along with the lack of a mandate to add this information to a picture, results in CC being unavailable to many hard-of-hearing and deaf users. "HDMI not allowing Closed Captioning?" has some of the gory details.

10 security challenges facing closed source software uses my list of 3 OSS security requirements in reverse. Very cool.

The Blank Slate by Steven Pinker notes the following: "The language of the Wari people of the Amazon has a set of noun classifiers that distinguish edible from inedible objects... the edible class includes anyone who is not a member of the tribe. This prompted the psychologist Judith Rich Harris to observe:"

In the Wari dictionary
Food's defined as “Not a Wari.”
Their dinners are a lot of fun
For all but the un-Wari one.

The Long Now foundation "was established in 01996 to creatively foster long-term thinking and responsibility in the framework of the next 10,000 years." They have some cool projects. They're perhaps best known for their work to develop a 10,000 year clock. Their Rosetta project has produced the Rosetta disk, which records the world's languages. What's more, the Rosetta disk demonstrates a technique for recording other information for a long time by inscribing human-readable information (under magnification) on nickel. This is a big problem; DVDs, floppies, and other storage mediums fail quite quickly. "The Rosetta disk is not digital. The pages are analog 'human-readable' scans of scripts, text, and diagrams. Among the 13,500 scanned pages are 1,500 different language versions of Genesis 1-3, a universal list of the words common for each language, pronunciation guides and so on."

One big challenge is to store information so that it will be readable in the future. A start-up, Millenniata, is releasing an optical disc format (the "M-Disc") and writer to store data "forever"; its data can be read using any current DVD or Blu-ray player. The Millenniata's M-disc is supposed to be "stone-like"; it can be dipped into liquid nitrogen or boiling water. The DoD study "Accelerated Life Cycle Comparison of Millenniata Archival DVD" (by Ivan Svrcek, Naval Air Warefare Center Weapons Division) was very positive; in their tests, "None of the Millenniata media suffered any data degradation at all. Every other brand tested showed large increases in data errors after the stress period." To be fair, this certainly doesn't solve archival issues. The thesis "E-ternally Yours: the Case for the Development of a Reliable Repository for the Preservation of Personal Digital Objects" by Lesley L. Peterson discusses some of the preservation problems.

Here's one way to create a tiny Fedora install.

Kevin Kelly's "The Next 100 Years of Science: Long-term Trends in the Scientific Method." is interesting. He's collected an interesting "timeline" of past events in science.

StartSSL provides free certificates.

Mythbusters was gagged to not disclose the problems of RFID; but that doesn't solve RFID's problems, it just means the criminals can keep exploiting it. (Think passports, entrance systems, etc.)

Python is not Java.

The Absolute Beginner's Guide to Programming on the Web only requires a browser - it teaches how to write programs in Javascript.

Interested in Lisp implementation? Here's the original definition of Lisp, in Lisp. (Paul Graham has translated this to modern Lisp.) mal - Make a Lisp has a bunch of example implementations of a simple Lisp, and walks through how to do that (it's an eye-opening intellectual exercise). If you're interested in Lisp implementations, there's a ton of info out there; Implementing Lisp has a nice list of references such as Structure and Interpretation of Computer Programs (aka the "Wizard Book" from MIT; you can get related video lectures) and Lisp in Small Pieces. The older classics include John McCarthy's 1960 paper "Recursive Functions of Symbolic Expressions and their Computation by Machine" (Part I) (the original Lisp paper) and John Allen's "Anatomy of Lisp". "Three Implementation Models for Scheme" by R. Kent Dybvig has a lot of neat information. Here are some slides about Scheme in Scheme. Here's a Lisp in Python - here's a more complete Lisp in Python. Unfortunately, many of these "Lisp in Lisp" examples omit macros (or at least omit a discussion about their implementation), which is sad (that is one of Lisp's major capabilities). A classic implementation approach is the SECD approach; "A Rational Deconstruction of Landin's SECD Machine" Olivier Danvy discusses SECD. Proper tail recursion and space efficiency (William D. Clinger, 1998) gives a careful definition of proper tail recursion useful for implementers. Andreas Bauer's "Compilation of Functional Programming Languages using GCC - Tail Calls" explains why it's not trivial to compile Scheme, etc., using gcc etc. Proper tail recursion in C (by Mark Probst) explains how to extend C to support proper tail recursion; here's discussion about adding support for proper tail recursion in gcc. Henry Baker's "CONS Should Not CONS..." is clever. Continuations in C discusses this. Implementation Strategies for first-class continuations discusses various options. Stalin is a highly optimized Scheme compiler (with limitations).

Henry G. Baker's "Pragmatic Parsing in Common Lisp" is useful if you need to do that.

In OCaml, do not use the -custom option; -custom is not considered useful and leads to corrupted files on many systems due to prelink. OCaml has nice properties, but debugging isn't one of them; OCaml debugging can be a problem due to its lack of runtime reflexivity.

What Makes Web Sites Credible? A Report on a Large Quantitative Study

Heinlein's Fan Mail Solution is fun to read.

ChangeDetection.com will let you monitor web pages for changes.

U.N. agency eyes curbs on Internet anonymity.

"Water bears (tardigrades) are first animal to survive space vacuum"

Nessus is has been forked to Open Vulnerability Assessment System (OpenVAS)

DVD playing on Linux systems requires that it have a program that can read the "CSS" format. The DVD cartel claims that running a program (like deCSS) that they didn't approve of, to watch movies you own, is illegal... but I can't see what legal theory justifies their claim. There seems to be no patent problem in doing so (at least, I can't find any claim with patent number in doing so). Copyright doesn't apply when someone indepedently writes the program (like deCSS was written). Their claim about "decryption" is sheer nonsense; if it's legal to watch a DVD using program #1 on your laptop, then clearly it's legal to watch it using program #2, right? Their nonsense about "copy protection" was even sillier; CSS doesn't prevent copying at all (you can copy bits without decrypting them, as large-scale pirates do). Early court decisions seem to have followed the DVD cartel's hysteria. But more recently, Norway found that deCSS broke no law, and in 2004 a California court found that it was legal to post deCSS, and that it was no longer a trade secret.

smolts.org tracks Fedora users who are willing to report on their hardware.

Here's a Security analysis of the Internet Protocol (July 2008).

See Don't Talk to the Police (Professor James Duane) and Confirmation by an officer. Basically, you should be taking the fifth amendment.

"Counterfeit Chips Raise Big Hacking, Terror Threats, Experts Say" Glenn Derene and Joe Pappalardo, Popular Mechanics, April 2008.

"WHAT MAKES PEOPLE VOTE REPUBLICAN?" by Jonathan Haidt is intriguing. While I don't agree with everything (he's speaking from a liberal democrat atheist's perspective), he may be on to something here. People who think that only individuals matter simply don't seem to be able to understand that to many - possibly most - people, that's just selfishness, and that they understand that the family, not the individual, is the basis of society.

Librarian Chick has free and open source educational resources (inc. lots of books).

Linguistic humor: How I met my wife.

Fedora 9's Firefox can in some configurations default to "Work Offline". One solution is to run Firefox and invoke "about:config". Then set "toolkit.networkmanager.disable" to false, and "browser.offline" to false.

Physical security maxims.

Interesting commentary: U.S. Military Fails To Learn An Ancient Military Lesson: No Industrial Economy Equals No Army.

"Understanding Technology Standardization Efforts" by Stephen R. Walli explains how many commercial companies view standards efforts, which can be depressing. It also explains how to "fight dirty" to delay the creation of useful standards for a very long time (see the text on what Microsoft "should" have done about ODF). Note that many commercial organizations are working hard to prevent commoditization, even though that is exactly what the user wants! This text also shows why organizations like Digistan are necessary.

This article about Google's handling of vulnerabilities notes that many researchers do not use the (scam name) "responsible disclosure" process created by vendors, particularly with vendors who have a bad track record. Many use "full disclosure" instead. Some sell their vulnerability information, something I find distasteful but it certainly happens. I find it distasteful because if most researchers do that, a small clique of highly-funded organizations will know lots of vulnerabilities, while the suppliers will not know what to fix and customers will not know which suppliers are providing bad products. Short of a law, I don't see what could be done about that though.

Checks are rediculously insecure.

Automatically mount encrypted filesystems at login with pam_mount.

John McCain lost to Barack Obama in the 2008 Presidential Campaign. Frankly, I think it's amazing that McCain even made it somewhat close, given the wide reviling of President George W. Bush. As noted in a clever cartoon, in 2008, Bush defeats McCain (again).

In November 2008, Microsoft patch closes 7-year-old OS hole. This was reported back in 2001 to Microsoft, and there was a released exploit tool (SMBRelay)... and yet they didn't fix it until 2008 (in MS08-068). What is wrong with these people???

"Proof Requirements in the Orange Book: Origins, Implementation, and Implications" by Garrel Pottinger (Cornell University), February 11, 1994 is an intriguing look at the history of computer security in the DoD.

Here's How to reinstall the Palm desktop and still access pre-existing data (in Windows). Basically, run regedit, and set HKEY_CURRENT_USER\Software\U.S. Robotics\Pilot Desktop\Core\Path to the new path. This lets you move where the data is stored (yay!). Palm's GUI to set this value doesn't work, so you have to do this instead.

Eben Moglen's "Software and Community in the Early 21st Century" is interesting, discussing what would happen if you had to pay for each use of mathematics, and the relation of that idea to software.

Jeff Atwood's "Profitable Until Deemed Illegal" exposes the nasty approach of swoopo.

There are now a number of projects that quantitatively examine FLOSS. Examples include:

  1. FOSSology "The study of FOSS" (originally to study open source licensing by examining lines of code and specific licensing statements),
  2. FLOSSmole (which studies repository metadata)
  3. FLOSSmetrics

The Leapster and Leapster2 are handheld systems for kids. Software is developed using Flash, as is noted here as well. Patrick Brennan thinks it's neat. Wikipedia has some info on Leapster. Unfortunately, there doesn't seem to be much info on how to create homebrew games for the leapster. The Leapster2 supports a USB connection to a Windows/Mac system (Wine might work on Linux), and it supports downloading software into an SD chip, so in theory it might not be hard to do homebrew development for it. Wikipedia's article on SWF (the format Flash runs); here's a concise summary of SWF.

There are lots of FLOSS HTML editors; I usually edit with vim, but if I want a more capable HTML editor, I usually use Seamonkey. I looked at several before deciding on this:

Kid's programming languages that are OSS and/or run on Linux include Alice, Scratch (built on Squeak), Shoes, and Inform 7. Here's a review of some open source programming languages for kids.

Python 3 is incompatible with Python 2. Discussions such as Looming Python 3000 Monster note that the big problem for distributions is that there are lots of Python libraries - so a distributor in theory would have to carry both Python 2 and Python 3 versions of everything. Ugh. The program 2to3 tries to convert Python 2 to Python 3, but has to punt often. That's the official way to convert, but for many, a gradual transition using Python 2 (but increasingly using Python 3 capabilities) is probably easier. You can try to stay with code that's easy to (later) convert to Python 3, especially with "import from __future__" statements and judicious renames. Python 2.6 in particular has lots of capabilities from Python 3. It may take a long time for Python 2.6 to promulgate everywhere, but it will happen over time. "Python 3 Compatibility" by Lennart Regebro discusses this. (his later talk is probably worthwhile, but I can't see it yet).

Here's a document about Microsoft's methods for "evangelism", revealed through Court actions.

There are lots of content management systems (CMS) - here's a review of some CMSs. A Fission-Fusion hybrid can greatly reduce fission waste - this sounds promising.

I don't know what to do with the Floating Head of Ayn Rand's seal of approval, but it sure is funny. Kudos for the Floating Head of Ayn Rand's going to Mars.

Here's the website of Lower Skippack Mennonite Church, the second-oldest Mennonite church in North America. Chistopher Dock is buried there; he was a Mennonite schoolmaster in colonial Pennsylvania whose teaching methods led to the first book dealing with education in America.

If you're writing in (Bourne) shell, and you want your code to be truly portable across many shell implementations, take a peek at Open Group's Base Specifications for the shell, along with the portable shell guidelines from the GNU autoconf documentation. Lots of good information on stuff that works and stuff to avoid. You can simply write for the bash shell, but in that case, make sure the header clearly runs the bash shell - don't assume that /bin/sh is bash! Programming in the shell is generally easy; the big problem is that it's easy to write code that works unless its data (e.g., filenames) have spaces in them. If a variable can include a space, you typically need to refer to it using "$variablename", not just $variablename. If you want to run a command (mycommand) and pass it a parameter "--filename" with the value of variable $x, but only if $x was set, do something like this: mycommand ${x:+--filename "$x"} - the "${NAME:+...}" to do it. This means that the whole expression disappears if variable NAME isn't set, otherwise, the text after "+" is substituted. The most important rule for shell programming is "use shellcheck"; it's an OSS tool that notices lots of common mistakes and can be a huge help. Writing robust shell scripts has some other suggestions, and Bash pitfalls lists some common mistakes, and here's another list of common shell mistakes. A Guide to Unix shell quoting explains the Unix shell's quoting system (which can be confusing to newcomers); its golden rules of shell quoting is a nice summary. Here's a list of ways to do simple GUIs from shell.

Programming languages like Python are not reasonable substitutes for shell; it's way too complicated and takes too many lines to invoke lots of other commands (which is what shell is all about). A few options can help remove some of the biggest problems; simply adding "set -eu" to the beginning of a script is 100% portable. Aaron Maxwell's Use Bash Strict Mode (Unless You Love Debugging) argues for the following in bash as an "unofficial bash strict mode":

set -euo pipefail

Shell works differently than many other programming languages. The biggest oddity is needing to put double-quotes around everything. One cause for that is the field separator (IFS), which is a weird mechanism to compensate for the lack of arrays in standard shell. You can easily turn off field separators (just set IFS=''), but in simple shells like dash that don't have arrays, I think that's a pain. Also, that doesn't deal with "myfunc $one $two $three"; if $two is empty, it's quietly removed if you don't quote it. That may be okay, e.g., binary.phile says that one approach is to remember that "where a variable may legitimately expand to an empty string, and to quote those occasions only".

If you don't like the way that "traditional" shell works, a bigger alternative is to use options to make it work "more like other languages". One approach is here, which accepts bash's extensions and makes it work more like "traditional" systems: Approach Bash Like a Developer The oil shell creates its own language; I don't know if that will go anywhere, but it (and shellcheck errors) might be a good source for ideas on "how to make the shell language easier". Implementing a new shell is one approach, but I wouldn't be suprised if it'd be easier to add extensions to existing shells (ideally with specific semantics so that all shells could implement them in the same compatible way). For example, Oil Language Design Notes discusses some possible options. It suggests shopt -s simple-word-eval, an alternative word evaluation algorithm that means you don't have to use double quotes everywhere because it disables word splitting, empty elision, and dynamic globbing. This focuses on using arrays instead of word splitting, but with that change it's important to make arrays easier to use. So he also proposes shopt -s parse-at so you can use @flags to splice an array flags into a command, e.g. ls @flags ~/src. In addition, "The push builtin appends one or more elements to an array, [and] there's a new literal syntax for arrays, var myarray = @(bare words)."

Interesting article: Women opt out of math/science careers because of family demands

Theremin world has a crazy amount of information about Theremins (a very unusual and old electronic instrument). It includes links to schematics, like this information on how to build a Theramin. The Cult of the Theremin has more information on Theramins. Pamelia Kurstin's TED presentation playing the theremin is a great introduction to this unusual instrument.

Many parents want to be able to filter web content for kids. A simple web content filtering approach is offered by OpenDNS; Linux Journal has an article about OpenDNS. MVPS also has info on how to set hosts to get rid of some annoyances. Some browser extensions can help, such as Firefox's Adblock Plus and My web of trust. Linux/Unix/MacOS users can use Dan's Guardian or Privoxy.

Windows in bed with Linux is a collection of interesting stuff. I need to plow through this some time.

Skysoft is developing OSS for air traffic control (GPL).

Clay Shirky's "Newspapers and Thinking the Unthinkable" is an insightful piece. Many people keep thinking "now that the Internet is here, how can X survive?" (where X is "newspapers" or something else). Skirky wisely notes that in any revolution, not all institutions survive; institutions based on the high cost of publication make no sense when publication costs are petty cash.

Here's a fan-made trailer for the upcoming "New Moon" movie (from the Twilight series).

Here's what falling into a black hole would look like.

Regarding attacks on major OSS organizations (they've been repulsed; it's not impossible, but not as easy as some would think):

There are lots of resources about Linux and DVDs/media. VLC is a good player, though 0.9.9 has a bug in its conversion process (it won't work if you disable menus... which means it can't convert normal DVDs). Here's a Slashdot discussion about DVD-ripping for Linux. Options include Handbrake and AcidRip and MakeMKV. You need to pick a container formats: two good ones are Motroska (MKV,an is open standard free container) and OGG. Typical DVD movies use dual-layer recording and take 6G+, but cheap CD-Rs only record about 4G, so you need to compress or shrink to fit it in, e.g., dvdshrink or k9copy. Command line solution: vobcopy -i /folder/to/copy/to -m [executed where the dvd is mounted]; mkisofs -dvd-video -udf -o desired_iso_name.iso /directory/to/put/iso. MediaCoder can do lots of conversions. Don't violate copyright while doing so.

"95% of all Harley Davidsons ever made are still on the road. The other 5% made it home okay."

Here's a remarkable paper: "Microsoft - A History of Anticompetitive Behavior and Consumer Harm" by ECIS (HTML format). You can also get "Microsoft - A History of Anticompetitive Behavior and Consumer Harm" by ECIS (PDF format).

Here's a cheatsheet to hang up in your time machine.

Here's an ABC special on "how we (US) cheat our kids" - aka the problems of public school. Scary stuff.

If you're buying an x86-based computer, make sure its CPU chip supports hardware virtualization. If it's Intel, you want "VT" support. Intel makes this harder to figure out than it should be; here's how to determine if your Intel chips supports VT (hardware virtualization).

Here's a comparison of Microsoft Word, OpenOffice.org Writer, and LaTeX.

California's open source digital textbook plan may eventually produce useful textbooks. I hope they look at Wikipedia for schools for inspiration.

Bing is not Google, but it is a spin engine reports that Bing produces biased results.

The Code of Best Practices in Fair Use for Media Literacy Education helps educators gain confidence about their rights to use copyrighted materials in developing students' critical thinking and communication skills. You can get various explanations from there. Creative Commons noted this.

Interesting: Microsoft strikes back at Linux netbook push and Is Microsoft ‘Buying-Off’ Linux Netbook Vendors? [Updated] .

Software Installation in Linux is Difficult? No, not at all.

Contiki is a tiny operating system with an open source software license. It even runs on Apple // and Commodore 64 systems.

A discussion about older versions of copyright law put into focus some of the many problems in today's copyright laws.

You can easily reset the root password on Linux if you have physical access (and the system is not configured to prevent it). Basically, at LILO or grub boot, set the "init" option, like this:

  linux init=/bin/sh rw ...
If you forget the "rw" part, you can remount the filesystem to permit editing, like this:
  # mount -o remount,rw /
Now use "passwd" to set the password:
  # passwd
After that, you should probably "sync ; sync ; sync". You can remount the filesystem as read-only using "mount -o remount,ro /", but frankly you should probably just type "reboot now" and let the system reboot cleanly. Of course, none of this works if you can't change the reboot options; if you set GRUB to forbid changes to the boot parameters, and set the BIOS to forbid changing of the boot location (and make sure that the disk is first), you'll need to take more drastic physical measures (e.g., erase the BIOS settings or move the main storage unit to another machine so you can control it). Or, you'd need to break into the system in other ways, which hopefully is non-trivial on an important machine. The fact that it takes non-trivial effort or deeper knowledge to do reset a root password on well-protected machines is a good thing.

Here's an interesting statistical analysis of the U.S. Supreme Court: "An empirical analysis of supreme court certiorari petition procedures: the call for response and the call for the views of the solicitor general" by David C. Thompson and Melanie F. Wachtell

I appreciate Daniel Lyons' mea culpa about SCO and Linux.

Perhaps texting and bulletin-board discussion is increasing U.S. literacy. At least, Clive Thompson on the New Literacy makes that case on Wired.

On Influenza A (H1N1) explains the H1N1 virus in terms of computing concepts. Interesting.

"Singular Simplicity" by Alfred Nordmann (IEEE Spectrum, June 2008) argues that "the story of the Singularity is sweeping, dramatic, simple — and wrong". He says that the "trouble begins with the singularitarians' assumption that technological advances have accelerated. I’d argue that I have seen less technological progress than my parents did, let alone my grandparents."

Dan Pink on Motivation (TED) argues that there is a big mismatch between what business does to motivate people, vs. what science knows actually motivates people. In short, motivation doesn't work the way many people think it does. Rewards narrow the mind's focus... so for simply mechanical skills, they work well. But for creative problems, traditional rewards tend to inhibit creative thinking, and higher incentives led to worse performance. The experiments justifying this have been replicated, many times. Instead, people are motivated by autonomy, mastery, and purpose.

Software Wars is the updated version of Andy Tai's wonderful older map, showing the struggle over control of software (and thus, the struggle for control over people and their information).

The defaults matter - many people will "choose" the defaults.

I certainly don't agree with all of President Obama's policies, but I thought he gave a great pep talk to school kids in September 2009. It wasn't really partisan, it was really just a "work hard to get educated" speech. But that doesn't make it unimportant. It is important for kids to work hard to learn, and I hope that this speech had an impact.

Here's a weird bug: Can't print on Tuesday. Long fixed, but funny. Execution in the Kingdom of Nouns argues that Java's focus on "everything is an object" is too strict.

There's lots of interesting stuff about HTML5. Dive into HTML5 is a good (and practical!) book on HTML5. Video for Everybody is simply a chunk of HTML code that embeds a video into a website using the HTML5 "video" element, falling back to Flash automatically, without the use of JavaScript or browser-sniffing. ExplorerCanvas makes it possible to use the HTML5 canvas in some older versions of Internet Explorer (7 and 8, important because the widely-used Windows XP will not run IE 9). HTML5 + JS: The Future of Open Education argues that interactive educational content should be created using HTML5 + Javascript (not Flash or other approaches). Karma is a framework to help make that a reality. Can I use shows that Internet Explorer is the worst of all desktop web browsers in supporting HTML5. As of May 2011, the current version of Internet Explorer (IE) is 9.0, which cannot even run on widely-used Windows XP. Older versions of Windows can only run older versions of IE, for example, IE version 8.0 only supports 41% of HTML5. Yet even when we only compare current versions, IE is not doing well. IE version 9.0 only supports 77% of HTML5, compared to 92% (Firefox 4.0), 88% (Safari 5.0), 92% (Chrome 11.0), and 97% (Opera 11.1). In the farther future Microsoft hopes to get IE 10.0 up to 81%, which is worse than the current values for its desktop competitors. To be fair, part of the problem is that support for some functions is unknown. I really hope that the can I use site is wrong, or that more will be supported that is currently in the "unknown" column. Otherwise, Microsoft needs to get on the stick. FunctionPlotter (public domain) is a straightforward plotter for single functions (with pan, zoom, stretch); public domain. I wish it did more than one function, but I suspect that would be easy to add. graph.tk is an fancy graphical system implemented using HTML5's canvas that implements differentials, pretty display of equations, and so on (GPL or LGPL, can't tell). ( GraphSketcher is a small Java program to graph functions.)

My new sense organ — an interesting report from someone who's wearing a device that continuously reports where north is.

I'm definitely going to take a look at "Nudge : improving decisions about health, wealth, and happiness" by Richard H. Thaler. Looks interesting.

John Temple (former editor, president and publisher of the now shuttered Rocky Mountain News) has a nice explanation of what happened to their newspaper. Basically, like many newspapers, they weren't ready for the technology change to the web; they thought they were in the "print newspaper" business, instead of the news and related services business, and got creamed when things changed. He notes that "As one former Scripps executive told me in talking about what has happened to the newspaper industry, words that I think apply to the Rocky, 'We had all the advantages and let it slip away. We couldn’t give up the idea that we were newspaper companies.' "

Mozilla no longer needs to get clearance for U.S. export rules.

Logicomix is a really interesting book. Recommended.

I've fiddled with Microsoft Sharepoint's Wiki implementation, and I am not impressed. My biggest gripe is that it does not graciously handle multi-person edits (e.g., when two people try to simultaneously edit a page at the same time), even though the whole point of a Wiki is to collaborate with others. Multiple people can try to edit, and the first person to save "wins". After that, anyone else who tries to save are told that someone else saved before them, and they can go "back" to their submission page. At that point, the "easy" solution is to just refresh and lose all their work. The only alternative I found was to first cut-and-paste changes to some other program (possibly losing information), refresh the page, and then figure out how to re-incorporate the work. Free programs like MediaWiki do better than this. Sharepoint has a GUI that looks reasonable at first, though some operations are clunky multi-step ones. It supports per-person, per-page, per-wiki access controls, and for some apps this could be nice. But I've found that in practice, what's more important is recording and handling of versions, and Sharepoint doesn't do so well. Sharepoint does record versions, but I did not find an easy way to compare arbitrary versions (only adjacent versions). What's worse, if you delete a page, the entire history of that page goes away too... so you cannot really rely on the history mechanism. You can edit pages without using Internet Explorer, but it's hideous - the GUI essentially goes away, and exposes the really bad HTML that they use internally (e.g., "div" divisions end in essentially random locations). The screwed-up file format makes me suspect that as pages get long, getting the formatting right could be really hard - it just doesn't seem to put the endings in the right places, so stuff that you would THINK are separate are subtly bound together (sort of like "spooky action at a distance"). For trivial uses Sharepoint might work okay. However, using sharepoint as a Wiki for larger collaborations is hard to justify, especially given the price; in many areas the free Wikis are way better. FOSS: War is over (if you want it) points out various reasons, including a quote from the Economist, that "The argument has been won. It is now generally accepted that the future will involve a blend of both proprietary and open-source software."

100 years of Big Content fearing technology—in its own words shows that for over 100 years, copyright holders have raised their shrill voices in over-the-top claims that creativity was endangered by copying, yet it simply wasn't true. William Patry's summary is apt: "I cannot think of a single significant innovation in either the creation or distribution of works of authorship that owes its origins to the copyright industries." The article itself ends with "The great irony of these debates is that most new devices become popular only because buyers really want them, which means they open whole new markets that can then be monetized by rightsholders."

Sneaky Microsoft plug-in puts Firefox users at risk: Patches critical bug, exploitable because of add-on silently slipped into Firefox last February by Gregg Keizer (ComputerWorld, October 16, 2009 06:02 AM ET) reports that "An add-on that Microsoft silently slipped into Mozilla's Firefox last February [2009] leaves the browser open to attack... thanks to a Microsoft-made plug-in pushed to Firefox users eight months ago in an update delivered via Windows Update". The 'Windows Presentation Foundation' plug-in had an incredibly dangerous vulnerability - it was a "browse-and-get-owned" situation. Now, there's nothing wrong with Microsoft creating a plug-in for Firefox... and while having a vulnerability isn't good, as long as it's accidental, it happens. But quietly slipping it in, and making it incredibly difficult to remove (unlike other Firefox plug-ins), is absolutely not okay.

Gnomes in the Fog is a book that explains the huge controversy in mathematics in the 1920's... one that's remarkable in part because few people know of it now. This was a controversy that struck at the heart of mathematics... how do we know that mathematical statements are themselves true? It's basically about Brouwer's intuitionism, and the fight about how do we know what we know.

A Wall Street Journal article claims that We're Governed by Callous Children

Most computer arithmetic is only approximate.

Matt Asay says we don't need OSS evangelism anymore, because open source software is now a given.

Here are creative answering maching messages.

"The Distinction Between WHICH and THAT With Diagrams Especially for Scientists" by Lorraine Lica actually makes sense.

There are lots of English translations of the Bible. A Guide to Modern Versions of the Bible is a nice quick summary with some history, while Translation Comparison Chart compares how close they are to the original text.

The 3D Mandelbulb creates beautiful images. Phil Agre has disappeared; I hope he's okay.

OSTP wants to know if government-funded research should be available to the public.

Here's an interesting essay: "I live in a van down by Duke University".

Here are some comments on Fedora 12. The provided NVIDIA drivers don't support 3D acceleration, leading some users to reach for the proprietary NVIDIA Linux drivers. But if you decide to install proprietary drivers, you can easily get into problems. The Linux world has a standard solution for drivers: Release the code as open source software. Otherwise, each upgrade (even ones inside a major release) can create serious problems. I have repeatedly told the NVIDIA people that keeping their drivers proprietary is a serious problem for customers, but NVIDIA is simply not interested in listening to their customers. So you end up with problems like this. Sigh. The good news is that the open source software Linux driver for NVIDIA, Nouveau, is making great progress, so there's hope that this problem will go away soon.

Microsoft has had some really bad ads, as noted by PC Pro, but the PC Pro list missed some. My favorite "bad Microsoft ad" is a 2000 TV ad, which uses the musical theme of "Confutatis Maledictis" from Mozart's Requiem. The screen says "Where do you want to go today?" while the chorus sings "Confutatis maledictis, flammis acribus addictis" ("The damned and accursed are convicted to the flames of Hell"). There's also a 2009 ad featuring a vomiting woman.

Scientists are supposed to notice when data does not match their hypotheses, but that's often not what really happens.

Dumb-dumb bullets: As a decision-making aid, PowerPoint is a poor tool explains why typical bullet presentations can be terrible for decision-making. They are useful for sharing certain kinds of information, but that's not the same as making a critical decision.

Clay Shirky has interesting comments about newspapers. He also quotes Bob Spinrad, who once ran Xerox Palo Alto Research Center (PARC), who said, "The only institutions that do R&D are either institutions that are monopolies or wrongly believe that they are."

Here are interesting-looking books that I'd like to read some time:

Engines of Logic (Davis).

Here's a funny comic about vampires.

Has gravity been explained? "On the Origin of Gravity and the Laws of Newton" by Erik P. Verlinde seems to be a plausible go at it; Johannes Koelman has some initial comments.

Google's 2010 Super Bowl ad "Parisian Love" was absolutely inspired.

Here's a cool video: Touhou/Bad Apple promotional video (with stylized shadow art). There's an impressive parody using apples, lots of dancers (here's one), and so on; even one with real apples. For more about this, see Know your meme's info on bad apple, or Wikipedia's entry on the Touhou Project.

Coping with an Attack: A quick guide to dealing with biological, chemical, and "dirty bomb" attacks is exactly what it says it is.

Philip K. Howard: Four ways to fix a broken legal system (TED) notes that our culture has changed - people no longer feel free to act according to their best judgement, because they are afraid of legal attack. He recommends four ways to change this:

  1. Judge law mainly by its effect on society, not individual situations. ($60-$200 billion year are caused by defensive medicine. The rules for due process in education cause paralysis — teachers are spending up to half their time controlling their classes, because fear of the law prevents them from effectively doing controlling their classrooms.)
  2. Trust in law is an essential condition of freedom. Distrust skews behavior towards failure. (Law carries the power of the state!) (Edison: "We're don't have rules around here... we're trying to accomplish something!")
  3. Law must set boundaries protecting an open field of freedom, not intercede in all disputes. ("We've forgotten this... people wade through law all day long.")
  4. To rebuild boundaries of freedom two changes are essential: (1) Simplify the law (it has to be simple enough that people can internalize it), and (2) Restore authority to judges and officials to apply the law ("rehumanize the law, in accordance with reasonable norms").
"Authority is essential to freedom... Law is a human institution. Responsibility is a human institution. If teachers don't have authority to run the classroom, to maintain order, everybody's learning suffers. If the judge doesn't have authority to toss out unreasonable claims, then all of us go through the day looking over our shoulders... a free society requires red lights and green lights."

Here's an odd paper: When Zombies Attack!: Mathematical Modelling of an Outbreak of Zombie Infection.

"Teach like your hair's on fire" emphasizes building up trust and having kids go through Kohlberg's stages of moral development.

Here's a funny note. Andrew Morton commented on some rediculously-complicated code, "yikes, that macro should be killed with a stick before it becomes self-aware and starts breeding".

Don't judge too quickly (Ameriquest commercials).

Building a Better Teacher (Elizabeth Green, NY Times, March 2, 2010) describes how to make teachers better teachers. It mentions the work on getting and keeping attention, specifically Doug Lemov's "Taxonomy of Effective Teaching Practices", as described in the book "Teach Like a Champion". That book is "a collection of instructional techniques gleaned from years of observations of outstanding teachers in some of the highest-performing urban classrooms in the country". It also mentions content-specific stuff like "mathematical knowledge for teaching" (e.g., "The Curious — and Crucial — Case of Mathematical Knowledge for Teaching" by Heather Hill and Deborah Loewenberg Ball and Toward a framework for the development of mathematical knowledge for teaching ).

For Android development, look at the official Android development site and the Android development blogspot.

Lee Sheldon (Indiana University) has replaced the traditional grading system in two of his game design classes with a system that is based on experience points (XP) like role-playing games. , which were typically used to track progress in role-playing games. Students start at level one (e.g., zero XP and a grade of 'F'); and gain XP by giving presentations, doing quizzes/exams, iand handing in projects. The students were grouped into "guilds" and had to complete quests solo, as guilds, or as 'pick up groups' with members of other guilds. Sheldon said that students have responded to the classes with "far greater enthusiasm".

Cell phone makers don't seem to learn much. They keep trying to claim that no one needs a native interface for developing native software... and then realize they are wrong. As one Slashdot poster says: "Speaking of native apps, it's kind of funny how every new smartphone repeats this:

Apple, 2007: Javascript is good enough!
Apple, 2008: Okay, okay, here's a C SDK.
Google, 2008: Java is good enough!
Google, 2009: Okay, okay, here's a C SDK.
Palm, 2009: Javascript is good enough!
Palm, 2010: Okay, okay, here's a C SDK.
Microsoft, 2010: Silverlight and Flash are good enough!
I think we can guess where that last one is going. Firefox just announced that they were stopping development for Windows mobile because of this failure to support a native API. Footgunning again!

Idealware's article "Microsoft Office vs. OpenOffice.org" compares the two office suites. It's old, but still interesting. Their comments about security match my own: "Just a brief word about security. MS Office, OpenOffice, Firebird and Thunderbird are all reasonably secure as long as you follow standard procedures (install updates and patches as soon as they're released, maintain firewalls, antivirus, and antispyware, etc)." I notice that they did not include Outlook or Internet Explorer in the list; those programs have historically had lots of problems. Also, here's a note about OOXML support in Microsoft Office.

Economics of perfect software shows the economic problems of "bugfree" software.

Every Programmer Should Know

Too many software developers don't know how to deal with floating point numbers. For more info, see What Every Programmer Should Know About Floating-Point Arithmetic and What Every Computer Scientist Should Know About Floating-Point Arithmetic (by David Goldberg, March 1991).

Also, too many software developers don't know how to deal with the many languages around the world, including character encodings, Unicode, UTF-8, internationalization (i18n), and localization (l10n). The Absolute Minimum Every Software Developer Absolutely, Positively Must Know About Unicode and Character Sets (No Excuses!) (by Joel Spolsky) and UTF-8 and Unicode FAQ for Unix/Linux (by Markus Kuhn) can get you started.

Can DOD really defeat PowerPoint? By Kevin McCaney (Apr 28, 2010) claims that "The Defense Department has declared war on PowerPoint. Army Gen. Stanley McChrystal, who heads U.S. and NATO forces in Afghanistan, told the New York Times, 'It's dangerous because it can create the illusion of understanding and the illusion of control. Some problems in the world are not bullet-izable.'"

Here's Fedora 13 running on an Acer Aspire One. I like the background music, Unreal II/PM by Purple Motion of Future Crew (1993).

Many people use C++ to implement programs, but this is definitely a language where you can shoot yourself in feet you don't even have yet. If you're using or considering C++, you should look at Bjarne Stroustrup's FAQ, C++ FAQ Lite, and the C++ FQA ("Frequently Questioned Answers") Lite (The last one argues why C++ may not be necessarily suitable for your special purpose, and in particular warns of some issues when using C++).

How to Save the News (The Atlantic).

On a Linux system every disk partition has a unique identifier called the UUID. this tip on UUIDs shows that you can find the UUIDs by running "blkid /dev/sda1" (replacing the parameter as desired) or by doing "ls -l /dev/disk/by-uuid". You can change the UUID using tunefs, e.g.:

 tune2fs /dev/hdaX -U numbergeneratedbyuuidgen
 vol_id /dev/hdaX

"One of my computer science professors once stated, quite succinctly, that Microsoft was not in business to make a quality operating system (or quality product). They are in business to make money. On a related note, if they were in business to make a quality operating system, they would have a tough time selling 'upgrades.' " - HeX314 (570571), Thursday June 10, @10:51AM. "Microsoft is an incredibly successful empire built on the premise of market dominance with low-quality goods." - Richard A. Clarke, "Cyber War: The Next Threat to National Security and What to Do About It."

Here is James Young's info on how to connect MediaWiki to RADIUS. He has info on Cygwin and other stuff, too.

If you need to do network visualization (e.g., automatic layout of node-and-arc graphs), graphviz is a well-known tool (especially its "dot" and "neato" programs). Other alternatives are Gephi, GUESS (GPL), and Ondex (GPLv3). Related surveys include Tim Evans' Complex Networks and Complexity, Network analysis links, Dmoz' "graph drawing", mapping tool list, Wikipedia's list of Social network analysis software, and Software for Social Network Analysis (Mark Huisman et al.), Best tools for visualization (though not focused on this).

This apron is not the same as this apron.

The Real Science Gap argues that "It’s not insufficient schooling or a shortage of scientists. It’s a lack of job opportunities. Americans need the reasonable hope that spending their youth preparing to do science will provide a satisfactory career." Women in Science (by Philip Greenspun) makes basically the same point: "Adjusted for IQ, quantitative skills, and working hours, jobs in science are the lowest paid in the United States."

A mostly wrong history of programming languages is funny if you know a lot about programming languages.

"The bright side of wrong" by Kathryn Schulz makes an important point. "[Mistakes are] a byproduct of all that’s best about us... We get things wrong because we get things right... inductive reasoning undergirds virtually all of human cognition... [but] this intelligence comes at a cost: Our entire cognitive operating system is fundamentally, unavoidably fallible. The distinctive thing about inductive reasoning is that it generates conclusions that aren’t necessarily true. They are, instead, probabilistically true — which means they are possibly false. Because we reason inductively, we will sometimes get things wrong... it suggests that we should work with rather than against our natural reasoning processes to try to prevent mistakes and mitigate their consequences. This is doable."

Michael Meeks has a long and interesting discussion on copyright assignment.

Here's how amateurs can build a working fusion reactor. Unfortunately, it's useless as a power source because the energy going in far exceeds the energy going out, but it's still pretty cool.

"The Problem with Threads" by Edward A. Lee (2006) has an interesting argument about why threading is a difficult way to do parallelism.

Khan Academy is one person who's produced an extraordinary number of instructional videos.

World Builder is a cool short file; a man uses holographic tools to build a world for the woman he loves.

Some people think that computer attacks can only be a nuisance, and nothing more; I think they are grossly mistaken. For example, take a look at O. Sami Saydjari's April 2007 testimony before the House Committee on Homeland Security, Subcommittee on Emerging Threats, Cybersecurity, and Science and Technology (Sami is president of the non-profit "Professionals for Cyber Defense" and CEO of the Cyber Defense Agency, among other things). He states that "The US is vulnerable to a strategically crippling cyber attack from nation-state-class adversaries. Cyber space primarily controls our real-world critical assets and is as legitimate a part of our territory as physical land, thus the government must provide for the common defense of this new territory... Imagine the lights in this room suddenly go out, and we lose all power. We try to use our cell phones, but the lines of communication are dead. We try to access the Internet with our battery-powered laptops, but the Internet, too, is down. After a while, we venture out into the streets to investigate if this power outage is affecting more than just our building, and the power is indeed out as far as the eye can see. A passer-by tells us the banks are closed and the ATMs aren’t working. The streets are jammed because the traffic lights are out, and people are trying to leave their workplaces en masse. Day turns to night, but the power hasn’t returned. Radio and TV stations aren’t broadcasting. The telephone and Internet still aren’t working, so there’s no way to check in with loved ones. After a long, restless night, morning comes, but we still don’t have power or communication. People are beginning to panic, and local law enforcement can’t restore order. As another day turns to night, looting starts, and the traffic jams get worse. Word begins to spread that the US has been attacked—not by a conventional weapon, but by a cyber weapon. As a result, our national power grid, telecommunications, and financial systems have been disrupted—worse yet, they won’t be back in a few hours or days, but in months. The airports and train stations have closed. Food production has ceased. The water supply is rapidly deteriorating. Banks are closed so people’s life savings are out of reach and worthless. The only things of value now are gasoline, food and water, and firewood traded on the black market. We’ve gone from being a superpower to a third-world nation practically overnight." He simulated attacks in a project called "Dark Angel".

100 quotes every geek should know.

Sorting algorithms - with sound!

CIA Software Developer Goes Open Source, Instead has an article about an open source software program that implements of multi-user "Analysis of Competing Hypotheses" by Matthew Burton.

Sic transit gloria mundi is a Latin phrase that means "Thus passes the glory of the world" (i.e., "Worldly things are fleeting").

The Effect of Snake Oil Security By Robert Hansen (September 7, 2010) explains how worthless security tools ("snake oil") can be proven to “work” if you look at the numbers.

"Real Software Engineering" by Glenn Vanderburg argues that what is called "Software Engineering" is a caricature of engineering, and that what we need is "real software engineering".

"Float on" by Modest Mouse is catchy.

Beware of the perfect balanced sample.

In 2003 I was a keynote speaker at SIGAda. In that keynote, I strongly recommended that Ada be modified so that Ada would permit "in out" parameters. I was greeted with great scepticism at the time, but I'm amused to note that the draft Ada 201X includes a change to allow "In Out parameters for functions". Looks like people eventually agreed with me!

VirtualBox runs many operating systems well, but I had some trouble with running a NetBSD guest on a Windows host. To run NetBSD on VirtualBox:

Oddly, NetBSD doesn't give you the option to start up the network right away; edit /etc/rc.conf and add to its end the line 'dhclient=YES'. You could reboot, but 'sh /etc/rc.d/dhclient start' will start the network without rebooting. To get source code, follow its instructions:
 mkdir /usr/src
 export CVS_RSH="ssh"
 export CVSROOT="anoncvs@anoncvs.NetBSD.org:/cvsroot"
 cd /usr
 cvs checkout -P src/bin # or whatever
 # You can build a new userland with:
 cd /usr/src
 # The "-u" sets NOCLEANDIR; it's critical to avoid multi-day rebuilds:
 ./build.sh -O ../obj -T ../tools -u -U distribution
 # To run programs in /usr/obj, must set LD_LIBRARY_PATH or you'll
 # get errors like: Undefined PLT symbol "_libc_init"
 LD_LIBRARY_PATH=/usr/obj/lib/libc  COMMAND_NAME
 # To recompile kernel:
 # cd /usr/src/sys/arch/i386/conf
 # cd /usr/src
 # ./build.sh -O ../obj -T ../tools -u -U kernel=/usr/src/sys/arch/i386/conf/MYKERNEL

Pac-Man has been popular for a long time. The Pac-Man Dossier (by Jamey Pittman) has an in-depth description of it; Understanding Pac-Man Ghost Behavior is a nice summary of their behavior.

Denis Roegel's "A brief survey of 20th century logical notations" shows the vast variation in logic notation over the years. "Completeness before Post: Bernays, Hilbert, and the Development of Propositional Logic" by Richard Zach (The Bulletin of Symbolic Logic, Volume 5, Number 3, Sept. 1999) shows that Bernays' role in the discovery of important results was greater than is often acknowledged.

Artists are doing better, the labels are not.

PAX Celebrity Game - a live AD&D game at PAX Prime 2010, with Chris Perkins as DM, and players Jerry Holkins, Scott Kurtz, Mike Krahulik, and Wil Wheaton (aka Acquisitions Incorporated). This is a fun demo of what this kind of game is supposed to be like. (At the start of the game, Wil's character Aeofel had recently died, and this was a key plot point. Warning: Contains adult language.) You can also see PAX Prime 2010 Celebrity game via Wizards of the Coast.

Uncle Yo does stand-up comedy aimed at the "geek community" (esp. anime/manga lovers).

"Why Most Published Research Findings Are False" by John P. A. Ioannidis is very concerning.

Morse code is still in use, but it is no longer in use as a primary international communication mechanism. It had a long run, though, from its beginnings in the 1830s. The French managed a truly poetic end, though, that's hard to pass. On January 31, 1997, they decomissioned their Morse equipment, with this poetic phrase: "Calling all. This is our last cry before our eternal silence".

Ross Anderson had a wonderful Christmas 2010 message to bankers who wanted to censor security research.

Make programming interfaces hard to misuse - see Rusty's list on how to do this.

"Stacked Borrows: An Aliasing Model for Rust" by Ralf Jung, Hoang-Hai Dang, Jeehoon Kang, Derek Dreyer. POPL 2020.

Rust's ownership and borrowing model counter many problems. That said, the model can sometimes seem a little constraining. For example, if you want to mutate a part of a container, and work with it for a while, you have to grab the whole container - which can be a problem if you want to mutate multiple parts. One solution is to swap out portions, which you can then work on separately, and then put them back, because Rust includes mechanisms to safely swap things. This reminds me of decades-old research in swapping-based languages, e.g., where swapping instead of copying was the normal operation. See, for example, "Copying and Swapping: Influences on the Design of Reusable Software Components" by Douglas E. Harms and Bruce W. Weide, IEEE Transactions on Software Engineering, Vol 17, No. 5, May 1991.. It turns out that just swapping is too limited, but this early work showed that a lot can be done with just swapping, and now swapping seems to have become an often-forgotten part of the toolbox. More info is in places like Part V: annotated bibliography of RESOLVE research, ACM SIGSOFT Software Engineering Notes, October 1994, DOI: 10.1145/190679.190685, Stephen H. Edwards, RESOLVE Software Research Group (Clemson). and A Synopsis of Twenty Five Years of RESOLVE PhD Research Efforts (this last one does not seem to be publicly available, so I haven't read it, but it might be of interest).

Scalability, Availability & Stability Patterns by Jonas Boner is a nice presentation, it covers a lot of ground.

Ninja is a build system, somewhat like make, that is focused on speed. Heise Online has a short article about Ninja.

This Dr Dobbs article by Robert Seacord notes various ways to handle C strings - strncpy (standard but harder to use, e.g., they don't always nil-terminate), strcpy_s (ISO/IEC TR 24731, Microsoft but not currently elsewhere), strlcpy (OpenBSD but spotty elsewhere), SafeStr (Messier and Viega), and a "Managed String Library". Microsoft also has the Strsafe.h safer string library, better string library (bstring) (Paul Hsieh, dual-licensed under either BSD-new 3-clause or GPLv2, does dynamic non-garbage-collected access). The bstring page has a comparison table. Here's a large comparison table. Here's some collected information about various Steampunk roleplaying game (Steampunk RPG) options.

"This is Why I'll Never be an Adult" ("Clean all the Things!") from Hyperbole and a Half (Allie Brosh) is really funny.

Cygwin is really handy if you use a Windows system. You should set up your home directory so that it has no spaces in the name, to avoid various problems. The 2011-02-03 Dilbert shows the problem with current software incentives; vendors make more money by making buggy software.

Hackerspaces are an interesting idea. Ones in my area (which I hope to visit sometime) include HacDC and Reverse Space.

Mel Chua's post "Capturing SIGCSE conversation: Computer science professors discuss teaching open source" collects useful insights on putting open source software development into classroom settings.

An ALS sufferer used his legs to contribute a final patch to GNOME. (here's the bugzilla entry.)

Here's an interesting primer on open source software and government. Open Software Solutions for the Government" by Mark Lucas (Open Source Software Institute), 29 September 2010 (prepared for the Department of Homeland Security) "provides guidance for software vendors and government program managers desiring to evaluate open technologies". It tries to help people who don't know anything about government contracting or about open source software.

I'd be interested in a discussion of using distributed VCSs with classified data. Obviously git, mercurial, etc. are getting more wide use.; Google's gerrit can filter processes and work with git (in fact, they re-implement a lot of git in Java), and gitosis can provide finer control over who can change a git repository. There's many hosting organizations such as github, gitorious, SourceForge (recently added git support), etc. I'd like to see full solutions for distributed bug tracking (there's a lot of research). I remember that Google had a tool that let you filter out some code before release to the public, yet merge it back when you took patches; I don't remember its name.

The Art of the Animated GIF points out some amazing animated GIFs - they remind me of the photos in the Harry Potter movies. And of course, you need the snail transformer.

PuTTY-CAC is a free SSH client for Windows that supports smartcard authentication using the US Department of Defense Common Access Card (DoD CAC) as a PKI token.

8bitpeoples.com has lots of 8-bit music. Check out "Bad Joke EP" by Random.

The Architecture of Open Source Applications Amy Brown and Greg Wilson (eds.)

I've been looking at various tools to help with Javascript and canvas. Cakejs, aka CAKE (MIT license), is a JavaScript scene graph library for the HTML5 canvas tag ("You could think of it as SVG sans the XML and not be too far off"). FunctionPlotter (public domain) is a simple function plotter that can zoom and pan a grid. Jquery is a general JavaScript Library to simplify "HTML document traversing, event handling, animating, and Ajax interactions". Liquid Canvas builds on top of Jquery that "allows you to draw inside an HTML canvas element with an easy yet powerful description language". The Closure Javascript compiler optimizes Javascript (it compiles Javascript into more efficient Javascript). Here's a hint on drawing lines quickly on a canvas. box2d lets you create trivial physics simulations you can interact with. SVGCanvas accepts canvas API commands to create SVG. A trivial trig demo. "Open standards, web-based mathlets: making interactive tutorials using the html5 canvas element" by Shane Steinert-Threlkeld1 and J Tilak Ratnanather, The Johns Hopkins University "Interactive math tutorials, often called mathlets, are designed to provide a more visceral learning experience than traditional textbook methods and to enhance intuitive understanding of complex ideas by allowing users to alter parameters that influence visual scenes. We describe methods for creating such tutorials using the HTML5 canvas element. First, we discuss some motivations for writing such mathlets, then walk-through the process of creating a mathlet with canvas. Then, we compare canvas to alternatives, explaining our decision to use it, and provide links to other demonstrations and resources." (Note: Geogebra uses Java, not canvas.) Here's a Javascript PC emulator that boots a Linux image.

Even Lockheed-Martin has released a program (EurekaStreams) as open source software.

You can make homemade playdough circuits. Here's a TED talk about playdough circuits. Amazing.

Storing passwords in uncrackable form discusses using hashes, salt, and key-stretching (e.g., by using a hash or encryption algorithm multiple times).

Wiretapping and Cryptography Today: Report from the sky didn't fall department (Matt Blaze) looks at the 2010 U.S. Wiretap report and shows that legalizing cryptography did not cause the end of the world, in fact, we are still trying to recover (and gain security of the Internet) from the long and fruitless effort to make it illegal.

JSTOR uploading shows someone dangerously doing something legal (!): Releasing works that are in the public and whose copyright has ended.

Microsoft pays nearly nothing in taxes. To be fair it is "straightforward about the core reason for its lower tax bill: It is increasingly channeling earnings from sales to customers throughout the world through the low-tax havens of Ireland, Puerto Rico and Singapore."

"Every time I get frustrated with doing paperwork, I simply imagine having the job of estimating how much time it takes to do paperwork, and I feel better immediately." - Valerie Aurora

Grubb's Security Assessment Tools can find various problems in a Linux system.

Why Are Manholes Round? The 10 Toughest Interview Questions

The U.S. government's "Technology Neutrality" memo (January 7, 2011) by Vivek Kundra, Daniel I. Gordon, and Victoria A. Espinel states that "as a general matter... agencies should analyze alternatives that include proprietary, open source, and mixed source technologies... considering factors such as performance, cost, security, interoperability, ability to share or re-use, and availability of quality support."

Privacy is really hard to keep. "Simple Demographics Often Identify People Uniquely" by Latanya Sweeney (Carnegie Mellon University, 2000) showed the avoiding individual identification is hard. Based on the 1990 U.S. Census summary data, the paper showed that 87% of the U.S. population could be uniquely identified just using {5-digit ZIP, gender, date of birth}; 53% could be uniquely identified using just {place, gender, date of birth}. "In general, few characteristics are needed to uniquely identify a person." BlackHat USA 2011: Faces Of Facebook-Or, How The Largest Real ID Database In The World Came To Be argues that your face creates verifiable links between lots of data, thanks to face recognition systems.

Mudge explained in BlackHat USA 2011 the DARPA-RA-11-52 work (14-day turn around time to get on contract, for small cyber tasks).

AI vs. AI - two chatbots talking to each other.

If you violate the GPLv2, and then fix it up, what does it take to be reinstated? One solution is to just use GPLv3 instead; most GPL licenses say you can use "or later versions", and the GPLv3 has a nice, clear restoration clause (it's one of the things that was added in version 3). Only a few programs are GPLv2-only, but that includes the Linux kernel, so it still matters what GPLv2 means. Armijn Hemel says you just need to re-download, and I think he's got a good case. But those who disagree include Brad Kuhn, and the FSF seems to agree with Kuhn.

"A Sum Greater than its Parts?: Copyright Protection for Application Program Interfaces" by Efthimios Parasidis (Saint Louis University - School of Law), Texas Intellectual Property Law Journal, Vol. 14, pp. 59-90, 2005 discusses copyright law as it applies to APIs.

Intel is giving research money to universities - but with the stipulation that all results be released as open source software (not patents!).

Here's an amazing video of the AlphaDog prototype.

Oracle to pay US almost $200M to resolve false claims lawsuit involving GSA schedules.

Security experts at UKFast say they were able to crack a six-character password in 12 seconds, a seven-character password in less than five minutes, and an eight-character password in four hours.

2D Googles (webcomic with Lovelace and Babbage - fun! You can start with Lovelace the origin. The author recommends The Steampunk bible.

EFF's guideliens to securing open source software. Cool quote: "no software source code is truly open until it has been rendered as understandable as possible to as many people as possible." - David Nelson (Document Foundation) "I (personally) almost never read documentation - only code or headers or specs - and the best hackers I know tend to do the same." - Michael Meeks

Can we tape? answers when you can and cannot record phone calls.

Steve Jobs Solved the Innovator's Dilemma - basically, Steve Jobs focused on making great products that the customers would love (even if they had no idea they would want one), and explicitly not on profit. With that focus, worrying about "cannabalizing" your own business melted away, and with it, many of the problems of the Innovator's Dilemma.

"Why Economic Models Are Always Wrong" by David H. Freedman (Scientific American) gives an interesting argument about the folly of recalibrating models, focusing on the work of Jonathan Carter. Carter concluded in his work that, "when you have to keep recalibrating a model, something is wrong with it."

Ludwig von Mises’s "Human Action: A Treatise on Economics" looks interesting, I need to read it some time.

Microsoft has submitted code to the Linux kernel, and more recently, Microsoft has submitted code to Samba... both of which are GPL'ed. Years ago, Microsoft claimed that the GPL was a "cancer" and "anti-American" - it is amazing how much has changed.

What if this is the future? looks at current trends, and notes that while software developers are doing well, almost everyone else is not. There are jobs, but due to automation, many of the traditional "middle class" (and many of the "lower class") jobs are disappearing due to automation. An economist would say, "well, they'll just have to switch jobs" - but many people simply are not capable of doing the jobs that we actually need doing. Leading possibly to a "great majority who are [in] various degrees of poor and struggling".

Heavens above reports on where various orbiting things are (and will be).

You must read They're made of meat by Terry Bissom. It's short, funny, and makes you think too.

WebhostGiant is a cheap hosting service. So far they've been fairly reliable, but their interface is odd. To change the SSH password, you use the Plesk control panel "Web hosting setup" and change the FTP password.

Bitpocket uses rsync to perform two-way synchronization of files between systems. Unlike Unison, you don't need to install special software on both systems (just rsync will do). The author uses it as a "personal Dropbox". Here is a post about bitpocket.

Here's a "mkcd" command-line command that makes a directory, then cd's into it:

# mkdir, cd into it
mkcd () {
    mkdir -p "$*"
    cd "$*"

Meet The Hackers Who Sell Spies The Tools To Crack Your PC (And Get Paid Six-Figure Fees) points out that many of the best attackers do not report the vulnerabilities to the supplier; they sell their attacks to the highest bidder. A supplier who is not grateful for vulnerability reports, or who does not act quickly on them, is foolish.

"The ethics of astro-turfing: sleazy or smart business?" by Jeff John Roberts notes that "Florian Mueller, a self-proclaimed patent expert funded by both Oracle and Microsoft, has been issuing a flurry of biased blog posts that don’t mention his paymasters."

The US Department of Defense (DoD) has changed the URLs for some of its information on Open Source Software (OSS). Unfortunately, there are currently no redirects, and that makes them hard to find (sigh). Here are new links, if you want them.

A good place to start is the Department of Defense (DoD) Free Open Source Software (FOSS) Community of Interest page, hosted by the DoD Chief Information Officer (CIO). This used to be at http://cio-nii.defense.gov/sites/oss/

From that page, you can reach:

If you are interested in the topic of DoD and OSS, you might also be interested in the Military Open Source Software (Mil-OSS) group, which is not a government organization, but is an active community.

Here is the New Hampshire law on open source software and open data format, HB 418-FN (FINAL VERSION).

Here are a few simple licensing rules that software developers should follow.

"Why Copyright Law Excludes Systems and Processes from the Scope of its Protection" by Pamela Samuelson (University of California, Berkeley - School of Law), Texas Law Review, Vol. 85, No. 1, 2007; UC Berkeley Public Law Research Paper No. 1002666 has a nice summary of why copyright is the way it is.

Meet The Hackers Who Sell Spies The Tools To Crack Your PC (And Get Paid Six-Figure Fees) worries me. Selling vulnerabilities has been going on for a long time, but these perverse incentives are only getting worse over time. Perhaps we should criminalize selling vulnerabilities to anyone other the software supplier (supplier bounties are okay) or governments. People could still give them away (e.g., by posting them to the public), but this would at least reduce the financial incentives and raise the risks to people who find vulnerabilities and then sell them to criminal organizations, terrorist groups, and so on. Bruce Schneier's "The Vulnerabilities Market and the Future of Security" (June 1, 2012) discusses this too. Just one part of the Flame espionage software (exploiting Microsoft Update) has been estimated as being worth $1 million when it was not known. Very worrying.

Hotaru Koi is a cool traditional Japanese children's song.

There are interesting arguments that tau, not pi, should be the primary math constant (e.g., for radians, relating radius to circumference, etc.)..

"What Colour are your bits?" by mskala (10 June 2004) discusses copyright and supply chain (or at least pedigree) as "colour" (color)

Here's a cartogram showing a world map, intentionally distorted to show population. You can learn a lot from this one map.

"Obama Order Sped Up Wave of Cyberattacks Against Iran" By David E. Sanger, NY Times, June 1, 2012, claims that Stuxnet was created by the US and Israel to slow down Iran's efforts to build nuclear weapons. I have no idea if this is true or not.

Gallup says that Forty-six percent of Americans believe in the creationist view that God created humans in their present form at one time within the last 10,000 years.

An interesting book about software patents is Mark Lemley, The Patent Crisis (2009).

Mathics is free and open source software (GPL) for mathematics, supporting Mathematica syntax.

FedRAMP for the impatient (Gunnar Hellekson) explains FedRAMP, the US government's approach to FISMA authorization (not certification!) for cloud computing. Here's the FedRAMP portal.

VCs are liars. And so am I.

"Embracing the Kobayashi Maru: Why You Should Teach Your Students to Cheat" Gregory Conti and James Caroland

Bit-twiddling hacks

Gunnar's "The Accumulo Challenge, Part I" points out a (frequently-ignored) rule established by the Reagan Administration, OMB Circular A-130, that says that the government shouldn’t build something already available from the private sector. It says the government should, "acquire off-the-shelf software from commercial sources, unless the cost effectiveness of developing custom software is clear and has been documented through pilot projects or prototypes". Actually, this particular guidance is all through the government regulations.

No install programming at work has a comment by monk that lists lots of useful ways to do it.

Lights over lapland - Aurora Borealis video.

"Linus Torvalds: Linux succeeded thanks to selfishness and trust" by Leo Kelion, BBC has some interesting quotes from Linus Torvalds: "I actually think the real idea of open source is for it to allow everybody to be 'selfish', not about trying to get everybody to contribute to some common good... open source only really works if everybody is contributing for their own selfish reasons. Now, those selfish reasons by no means need to be about 'financial reward', though... 'Trust' is not about some kind of absolute neutrality, or anything like that, but it's about a certain level of predictability and about knowing that you won't be shafted... The fundamental property of the GPLv2 is a very simple 'tit-for-tat' model: I'll give you my improvements, if you promise to give your improvements back. It's a fundamentally fair licence, and you don't have to worry about somebody else then coming along and taking advantage of your work. And the thing that then seemed to surprise people, is that that notion of 'fairness' actually scales very well... the whole 'tit-for-tat' model isn't just fair on an individual scale, it's fair on a company scale, and it's fair on a global scale."

"Dilemmas in a General Theory of Planning" by Horst W. J. Rittel and Melvin M. Webber (1973) is a classic paper describing the characteristics and issues of "wicked problems".

Kees Cook has managed to get the Linux kernel modified to counter symbolic link (symlink) vulnerabilities, but it took 16 years for this kind of countermeasure to get in (it's been around in grsecurity, and other places, for a long time). The modification to VFS counters a whole class of attacks, without harming anything else. We need to prioritize these kinds of changes.

The story of Zappos makes it clear that while courts are often willing to accept clickthrough agreements (clickwraps), where users have to take some unambiguous action, they are generally unwilling to accept browsewraps (aka "not a contract"), since there's no evidence the user actually agreed to anything. That's especially true if the so-called terms have an "we can change the terms at any time" clause - that just makes it even more obvious that there is no evidence of user agreement. Goldman says that, "Avoiding this outcome is surprisingly easy. Use clickthrough agreements, not browsewraps, and remove any clauses that say you can unilaterally amend the contract."

The Internet is remarkably resilient - here is the story from 2012 hurricane Sandy.

Eric Goldman prefers Gumroad.com over Scribd as a paid publication platform. "Gumroad is less feature-rich than Scribd (though Scribd isn't exactly a publisher's paradise), and it's still working through some kinks in its service. However, compared to Scribd as a paid publication platform, it has two clear advantages: (1) it's a noticeably more seamless purchasing experience for buyers, and (2) they keep only 5% of revenues (plus 25 cents), compared to Scribd's 20% rate."

"China Mafia-Style Hack Attack Drives California Firm to Brink" says that, "For three years, a group of hackers from China waged a relentless campaign of cyber harassment against Solid Oak Software Inc., Milburn’s family-owned, eight-person firm in Santa Barbara, California."

LWN reviews "Open Advice" - a collection of essays on free and open source software (FOSS) that centers around the idea of "what we wish we had known when we started".

roll20.net helps you run tabletop RPGs easily; I learned about it from Byron Clark at Anime USA 2012. It's free, and based on HTML5 (so you can use it with anything).

A "un-Googleable" name is the "THE multiprogramming system" (T.H.E., standing for "Technische Hogeschool Eindhoven"). This was described by E.W. Dijkstra in "The structure of the THE multiprogramming system", Communications of the ACM, 11(5). I once accidentally attributed the THE system to Peter G. Neumann, which is a mistake; Peter Neumann did PSOS, not THE. Peter Neumann's Principled Assuredly Trustworthy Composable Architectures (CHATS report) has more info.

Here's a trailer for the "Software Wars" movie about open source software. A nice quotable quote is from Linus Torvalds: "If you can control the software, it's like controlling the flow of oil." That makes it clear that the arguments about software are about who has power - and who does not - instead of just some esoteric technical discussion.

We Aren't the World points out a real insight into problems in social science. Historically, many social science experiments have been done on Americans, under the assumption that people are the same everywhere. This turns out to be completely false; "social scientists could not possibly have picked a worse population from which to draw broad generalizations. Researchers had been doing the equivalent of studying penguins while believing that they were learning insights applicable to all birds." The Weirdest People in the World? goes into detail, where by "weird" they meant both unusual and Western, Educated, Industrialized, Rich, and Democratic. "It is not just our Western habits and cultural preferences that are different from the rest of the world, it appears. The very way we think about ourselves and others - and even the way we perceive reality - makes us distinct from other humans on the planet, not to mention from the vast majority of our ancestors. Among Westerners, the data showed that Americans were often the most unusual, leading the researchers to conclude that 'American participants are exceptional even within the unusual population of Westerners—outliers among outliers.' "

You can hear the great vowel shift.

Ian Hickson explains DRM: Discussions about DRM often land on the fundamental problem with DRM: that it doesn't work, or worse, that it is in fact mathematically impossible to make it work... [but] The purpose of DRM is not to prevent copyright violations. The purpose of DRM is to give content providers leverage against creators of playback devices.

If you're looking at Common Lisp, The Newbie Guide to Getting Started on Common Lisp (2012) is a quick pointer to useful info. Ariel Network's Common Lisp Style Guide has useful pointers.

Here's a cool example of OSS at work: Linux Kernel Development Visualization (git commit history - past 6 weeks - june 02 2012) - through Gource. Here's a code swarm of Apache. Another one is a code swarm of Python commit history.

See: How to spread the word about your OSS code.

8 famous software bugs in space lists several software errors that produced expensive failures - and it doesn't even include the Ariane 5.

Dave and Gunnar show (Dave Egts and Gunnar Hellekson talk about government, open source, and Red Hat.)

Prof. dr. Dan J. Bernstein discusses crypto problems, including DNSSEC issues and timing attacks.

Using Metadata to Find Paul Revere.

Why are there so many native applications for mobile devices? Shouldn't mobile web apps replace native apps today? No, and there are many reasons why (at least today). "Why mobile web apps are slow" explains why Javascript has problems on mobile devices, in particular, the issues of memory management. Web apps: the future of the internet, or an impossible dream? explains some other reasons. I suspect that over time there will be a growing number of areas where HTML-based web apps can be used instead of native apps, but that there will always be some reasons for native apps.

Malcolm Gladwell's "Outliers" famously argues for a cultural explanation of Korean plane crashes; "Culturalism, Gladwell, and Airplane Crashes" strongly argues that the argument is wrong.

Better than nothing has some interesting ideas for minimal web server security.

"Metadata, the NSA, and the Fourth Amendment: A Constitutional Analysis of Collecting and Querying Call Records Databases" by Orin Kerr looks at the relevant law.

A new perspective on temporary copies: The Fourth Circuit's Opinion in Costar v. Loopnet (Band and Marcinko) has a discussion about the "temporary copy" issue in copyright, which has had the effect of distorting copyright into a control system controlling any use (not just copying, modifying, or distributing) of software and other data.

Hollywood accounting is the widely-applied - but in my opinion fraudulent - way that Hollywood counts its money, with the goal of ensuring that the studios get paid while many other people do not.

CMS Comparison: Drupal, Joomla, and Wordpress gives a quick comparision of these three widely-used CMS systems for creating websites.

How To Find The Chords To Any Song is a nice intro.

Short video of a surprise. See also: noooo, blind man driving, and wrong shirt.

Separating programming sheep from non-programming goats points out that many people have trouble learning how to program. Indeed, far too many programmers can't program.

Here's an idea to improve the North Paw compass.

Stick figure guide to AES.

A Jewel at the Heart of Quantum Physics Quantum computers can provably solve some problems classical computers cannot.

Adobe Source Code Leak is Bad News for U.S. Government by Rachael King, Wall Street Journal, October 8, 2013, 6:28 PM ET, reports that Adobe Systems source code leaked. "one fear is that attackers could exploit the code for ColdFusion, a Web application development platform, to find ways to directly access databases linked to public-facing websites." But Adobe’s security chief is doubtful, for reasons that also apply to open source software: “From my experience as someone who’s been in possession of the source code for five years, I don’t know that it helps the bad guys very much,” Brad Arkin, chief security officer at Adobe told CIO Journal. “In my experience, the most efficient way of finding vulnerabilities is not spending time with the source code but directly testing the product while it is running,” he said. Having source code is valuable for fixing vulnerabilities, or for broadly finding vulnerabilities, but attackers generally only need to find one vulnerability.

Geeks for monarchy?!?

If you need a Windows Postscript reader (or Windows DVI reader), try Evince. Evince is part of GNOME, but it is also available for Windows.

It's in the syllabus

Here's an explanation of how the bitcoin protocol works.

CIA's 'Facebook' Program Dramatically Cut Agency's Costs is disturbingly wonderful.

Some researchers are working on sugar-based batteries. I hope it works, because Lithium supplies are in the hands of a very few countries.

"The drug revolution that no one can stop" by Mike Power in Matter. The summary: "Designing your own narcotics online isn’t just easy - it can be legal too. How do we know? We did it."

Cartoon "censorship vs. copyright".

Bill Gates changed his views over time about open source software.

Paul Vixie's "Rate-limiting state" makes some great network security points, namely, that gateways should implement simple SAV (source-address validation), and that many protocols should rate-limit to reduce DDoS attacks. I make similar points in my paper on attribution years ago.

Metamath is a cool formalized math project. What is amazing is that it is an incredibly tiny core (it supports only one real rule, substitution). You can then define axioms (e.g., set theory and logic) - or use those that come with it - and then prove lots of other things. A lot has been proven with it; here is a list of the "100 theorems" that have been proved with Metamath. I have contributed a few small proofs, including tanneg, tancal, and reccot, and I have also posted a video introduction to Metamath and mmj2. Most work involves proofs using the typical axioms used today by most mathematicians Zermelo–Fraenkel set theory plus the axiom of choice, aka the ZFC axioms. However, metamath is not limited to this; New Foundations (NF) has also been developed. NF is a descendent of Russell and Whitehead's Principia Mathematica used a hierarchical typing system that was eventually refined into typed set theory (TST). TST's hierarchy of types was created to avoid paradoxes (ZFC takes a approach; it instead restricts the "size" of a set). Quine noticed that these hierarchies could be "collaped" to create a simpler one-sorted set theory, and first proposed it in 1937. A remarkable result - proved in metamath - is that the axiom of choice (an axiom in ZFC!) is false in New Foundations. For more, see this forum discussion. You can get a sneak peek at coming metamath improvements (including changes to set.mm) by looking at the Metamath pre-production site, including the pre-production set.mm file noted in its most recent proofs page.

mathtoys and prooftoys let you manipulate algebra or logic through your web browser. Cool.

Here's how to make sure you don't into tax problems on a Kickstarter project - the same would be true of any similar fund-raising project (say, for an open source software project).

There are many ways to learn how to write code; one is Code Combat.

Here's the info on Red Hat Urges Supreme Court to Address Impediments to Innovation (an Amicus Curiae brief to the U.S. Supreme Court by Red Hat, Inc., in support of respondents of Alice vs. CLS Bank) - most of the public URLs are wrong.

Maybe Electric ‘thinking cap’ controls learning speed.

Only the U.S. excludes evidence if police erred in getting it.

The Dictator's Practical Internet Guide to Power Retention, aka Running your non-democratic state in the Digital Era (Laurier Rochon)

"Google Has Most of My Email Because It Has All of Yours" by Benjamin Mako Hill (May 11, 2014)

You can create adversarial data for neural nets to make them fail to recognize things.

NSA. BSG. AAAS. FOAD. asks a disturbing question: "How long before local offline storage becomes either widely unavailable, or simply illegal?" A big downside of cloud-based storage is that it becomes easily available to others, and thus a big erosion of privacy.

"Comparative Language Fuzz Testing: Programming Languages vs. Fat Fingers" by Diomidis Spinellis, Vassilios Karakoidas, and Panos Louridas.

Email self-defense discusses how to add encryption to various email clients using GnuPG. Security in-a-box discusses how to create private storage and communication with Android, and it identifies various applications to help. Note: Orweb is the current web browser typically used with Orbot (Tor), but the developers are in the processs of switching to OrFox.

Some programming language popularity surveys: http://www.tiobe.com/index.php/content/paperinfo/tpci/index.html http://langpop.com/ http://spectrum.ieee.org/static/interactive-the-top-programming-languages

Exodus Intelligence finds vulnerabilities and lets customers know before informing the wider community. It has announced that it knows of vulnerabilities of Tails, but will currently only tell others (and not the Tails developers). This is hideously bad behavior, but perfectly legal today.

How our botched understanding of 'science' ruins everything has some great points. I particularly appreciate his clear definition: "Science is the process through which we derive reliable predictive rules through controlled experimentation." Science is important, too important to misunderstand.

It's fun to find early posts from yourself. Here's a post from me on 1990-03-09 on comp.lang.minux (on how to extend MINIX to allow user process messaging). Here is a post from me on 1992-03-02 on comp.lang.minux on the same topic. I was using the Internet by the mid-1980s, and in particular read many Usenet newsgroups then, but I have not found earlier evidence of my (posting) presence. I posted on comp.software-eng on 1991-02-13. I posted on comp.risks on 1996-08-23 (notice by that point I'm already using URLs). I was also present on comp.lang.ada (here's comp.lang.ada post on 1992-03-12 and 1991-05-25). Once the world wide web was created I contributed to websites such as adahome.com, and in 1999 I set up my own domain, dwheeler.com. I am grateful to Henry Spencer, Google, and many others for saving Usenet history.

Bitergia does a lot of work involving FLOSS metrics. Debian maintains many metrics.

Setting up TLS/SSL is too hard.

Wget vulnerability: http://www.eweek.com/blogs/security-watch/the-internet-dodges-another-bullet-with-wget-flaw.html http://www.openwall.com/lists/oss-security/2014/10/27/3 https://bugzilla.redhat.com/show_bug.cgi?id=1139181 http://git.savannah.gnu.org/cgit/wget.git/commit/?id=18b0979357ed7dc4e11d4f2b1d7e0f5932d82aa7

There are many tools to generate automated test suites, typically built on fuzzing (at least). Some interesting papers (of the many): Fuzzing: The State of the Art Richard McNally, Ken Yiu, Duncan Grove and Damien Gerhardy. "Symbolic Execution for Software Testing in Practice - Preliminary Assessment" by Cristian Cadar et al. Code-based test generation lists some tools to do this. Promising tools include American fuzzy lop, CATG, and KLEE.

Here's a list of 2D physics engines for Android, including Box2D which supports Top-down. AndEngine includes it and other things for Android.

Kyle Simpson has a book series on Javascript that counters common misconceptions.

There are many extensions/variations of Javascript; a common one is TypeScript, a typed superset of JavaScript that compiles to plain JavaScript implemented as open source software (Apache 2 license). Typescript adds support for classes (using traditional syntax), optional static typing, declaration files, and so on.

The battle continues regarding static typing (declaring in code the types of data). Static vs. dynamic languages: a literature review reviews some studies, which on first blush are contradictory. Frankly, I find the studies which report "no effect" much less convincing; the better-run experiments do tend to find effects. A more recent paper, To Type or Not to Type: Quantifying Detectable Bugs in JavaScript finds that about 15% of defects were found by static typing. Static typing can be a valuable aid for defect detection, but the importance of that aid depends on the importance of defects. Not all systems are that vital, after all, and static typing does impose additional effort. Once again, there's a trade-off in an engineering discipline; that should surprise no one.

Memory management in C is rather rediculous. Asprintf is helpful - but only when it's there - and there are interface problems too.

At least 5 foreign intelligence agencies tapped German Chancellor Angela Merkel's cellphone according to reports in November 2014.

You can set up your own forge (software project development hosting system); you need to support at least version control (at least git), issue tracker (for bugs and wishes), discussion (e.g., mailing list), a website (often a wiki), and a way to download final results. Allura is what SourceForge now uses (they switched years ago). For simple git repository management, gitosis has been deprecated; many have switched to gitolite instead. Gitlab is very featureful; it used to use gitolite, but now does its own thing. Gitorious is also in significant use. Less well known is Gitblit (in Jaava). Wikipedia recently switched to Phabricator.

If you want to learn more about Git and GitHub, there are many videos available. Here's one set of videos from GitHub that’s reasonably straightforward, available via Youtube. There are many more GitHub training videos A common case is when you have a master repo (managed by someone else), a “forked” copy of that on GitHub, and a copy on your local machine. Git handles this easily, you just need to set up a “remote” (a one-time action). More in fork a repo.

The Management Engine (or Manageability Engine) is a dedicated microcontroller on all recent Intel platforms. At one time it was on the network card; it then moved into the chipset. It is completely independent from the main CPU; it can be active even when the system is hibernating or turned off, and it has a dedicated connection to the network interface (e.g., it can intercept or send any data without the main CPU's knowledge). More info on the Intel Management Engine here. IPMI has similar problems: it's a set of interfaces that have poorly-secured implementations and runs outside the OS (and thus can subvert everything the OS does).

Internet archive software library.

C Exploit mitigation status for OSS.

This video shows stretches for piriformis syndrome, if you know someone with that.

The Update Framework (TUF) is a plug-and-play library for securing a software updater.

Bonker's World is a fun cartoon. Check out Organizational Charts and Lessons (not) Learned. Agreement illustrates the silliness of user "agreements" (no one reads these things!). Stores in the Cloud is all too accurate, as is Patents office. One last time is a disturbingly accurate description of how many software developers spend their day. Forgetting is a disturbing comment on the right to be forgotten.

Technologies that betrayed Silk Road.

Abigail Loraine Hensel and Brittany Lee Hensel (born March 7, 1990) are conjoined twins, each of whom has a separate head, but whose bodies are joined. Amazing.

An empirical study of goto in C code - in almost all cases C program developers, when they use goto at all, use it in a reasonable way.

"What ISIS Really Wants" (Graeme Wood, The Atlantic, March 2015) is an intriguing look at ISIS.

"Our interviews revealed that Technical Data Packages (TDP) are not being procured as much as they should be. Furthermore, during system development the government has the leverage to get a useful TDP at a fair price. If TDPs are bought after EMD, the government runs the risk of buying something that is inadequate for re-compete not just at the system level, but also the subsystem and component level. When armed with a sound TDP, the Army has been able to successfully break out subsystems and components, and achieve rewarding price competition during production." (page xv). - "Army Strong: Equipped , Trained and Ready", Final Report of the 2010 Army Acquisition Review, Chartered by the Secretary of the Army, January 2011. (aka the "Decker-Wagner report").

The Thing (aka the Great Seal bug) was used by the Soviet Union to spy on the United States. It was embedded in a carved wooden plaque of the Great Seal of the United States. On August 4, 1945, a delegation from the Young Pioneer organization of the Soviet Union presented the bugged carving to U.S. Ambassador W. Averell Harriman. It hung in the ambassador's Moscow residential study until it was exposed in 1952. It used passive techniques and was energized by an outside source, making it extremely difficult to detect. The Thing was designed by Léon Theremin, who also made the theremin (Source: Wikipedia).

The Dune movie by David Lynch film includes a scene in which Mentat Piter De Vries recites the following upon drinking sapho juice: "It is by will alone I set my mind in motion. It is by the juice of sapho that thoughts acquire speed, the lips acquire stains, the stains become a warning. It is by will alone I set my mind in motion." According to Wikipedia, this mantra is a creation of Lynch and does not appear in the books, though in Dune there is mention that Thufir Hawat has cranberry-stained lips from sapho juice. It is a really cool and slightly disturbing scene.

jsPlumb is a cool Javascript FLOSS library (MIT or GPLv2) for visually connecting elements on web pages. Google Charts is another Javascript library for data visualization (it includes a GraphViz option). Dagre is a Javascript library that lays out directed graphs completely client-side. Vis.js processes graphviz files. Dygraphs is a FLOSS Javascript charting library.

World's Biggest Data Breaches (Information is Beautiful).

My book-reading bucket list includes "Becoming Batman: The Possibility of a Superhero" by E. Paul Zehr. I have no idea if it's any good, but it sounds fun.

In Firefox you can view or remove the certificate authorities that you trust. Just select Options -> Advanced -> Certificates -> View Certificates -> Authorities -> Delete or Distrust. By default Firefox has around 100 organizations (as it groups them), with around 200 certificates totally trusted; other web browsers are similar. That is a large number of totally-trusted organizations, and perhaps you do not trust them all.

GOOD for enterprise can be helpful for mobile corporate email, but cell companies like to add surcharges.

"More Is Different" by P.W. Anderson (Science 4 August 1972: Vol. 177 no. 4047 pp. 393-396 DOI: 10.1126/science.177.4047.393) makes a strong case that reductionism has led some scientists to mistakenly think that "only scientists who are studying anything really fundamental are those working on [the most fundamental laws]. In practice, that amounts to some astrophysicists, some elementary particle physicists, some logicians... and few others... [the fallacy is that the] ability to reduce everything to simple fundamental laws does not imply the ability to start from those laws and reconstruct the universe... At each stage entirely new laws, concepts, and generalizations are necessary, requiring inspiration and creativity to just as great a degree as in the previous one. Psychology is not applied biology, nor is biology applied chemistry."

VENOM vulnerability info from Robert Graham (CVE-2015-3456).

There are many problems with the traditional p-value measure. Here's a story about how a journalist created a fraudulent study about chocolate reducing weight. xkcd's "Significance" demonstrates how p-hacking works. Regina Nuzzo's "Scientific method: Statistical errors" discusses the problems of p-values. What a nerdy debate about p-values shows about science — and how to fix it (2017)

Pointers to freely-available textbooks are available at the Open Educational Resources (OER) page of Tidewater Community College.

Jiffo ("Javascript Interactive Fiction Framework that's Open Source Software") is a small interactive fiction (IF) framework. If you're interested in making those kinds of games, check it out.

Humans Need Not Apply - this is a real issue. It is quite plausible that huge numbers of people - perhaps a majority - will be unemployable in the future because automation will make humans economically unviable. The industrial revolution really only eliminated muscle power; computers add mental power as something often not needed. What should we do if this really happens? No idea.

"The best minds of my generation are thinking about how to make people click ads... That sucks." - Jeff Hammerbacher (Facebook, Cloudera).

"The Web We Have to Save" by Hossein Derakhshan emphasizes the serious problems of centralized social media and its lack of hyperlinks.

"... if you care about systemic security... you don't chase and fix vulnerabilities, you design a system around fundamentally stopping routes of impact. For spender it is eradicating entire bug classes in his grsecurity project. For network engineers it is understanding each and every exfiltration path on your network and segmenting accordingly. Containment is the name of the game. Not prevention. The compromise is inevitable and the routes are legion. It is going to happen." - Bas Alberts, "The old speak: Wassenaar, Google, and why Spender is right" (Dailydave)

OpenIntegrity.org tries to help you choose secure and private tools.

The Bill of No Rights is interesting. I don't agree with it all, but I do agree that people do not have the right to be unoffended.

GPSD has a low defect rate; here's why.

Oracle security chief to customers: Stop checking our code for vulnerabilities (Ars Technica. Is Oracle Using Legal Pressure To Increase Cloud Sales? Feds move to open source databases. Why Oracle is absolutely right about Oracle wanting more money.

Are we headed to AOL 2.0?.

"All complex systems have bugs. Even well-audited systems have bugs... bugs in the stuff you depend on are likely being discovered by people who want to hurt you, right now... the software your attacker wrote is interested in pwning everything, regardless of who owns it. The only defense is to have those bugs discovered by people who want to help you, and who then report them to manufacturers. But manufacturers often view bugs that aren't publicly understood as unimportant, because it costs something to patch those bugs, and nothing to ignore them, even if those bugs are exploited by bad guys, because the bad guys are going to do everything they can to keep the exploit secret so they can milk it for as long as possible, meaning that even if your car is crashed (or bank account is drained) by someone exploiting a bug that the manufacturer has been informed about, you may never know about it. There is a sociopathic economic rationality to silencing researchers who come forward with bugs." "Car information security is a complete wreck - here's why" by Cory Doctorow, August 23, 2015, BoingBoing.

Color brewer provides color advice, e.g., for mapmakers.

EnChroma is supposed to help colorblind people... sounds intriguing.

Color blindness is an especially good explanation about what it means to be color-blind, in particular its most common type (red-green). Those with red-green color blindness can see red or green, but not as well. That is, they can see large swatches of those colors. The problem is that "color detection when looking at small things, deciding what color an item is when it's so small that only the color difference signal at the edges can make the determination, is worse for color-blind people. Even though the colors are easy to distinguish for large objects, it's hard when they get small... I can see the colors just fine (more or less). But that is true only when the object is large enough that the color analysis isn't being done only by edge detection. Fields of color are easy, but lines and dots are very hard."

Tale of three backdoors shows that adding security backdoors (aka "lawful intercept") typically leads to no security at all.

The Incredible Shrinking U.S. Defense Industry, September 2015, by Tom Davis (National Defense Magazine).

Cheaper flow batteries for electrical power storage sounds promising.

An interesting look at the origins behind #NoEstimates and #Estimates; see also #NoEstimates? Not so fast.

There are many different Javascript styles. Javascript, the winning style (Seravo) is a great survey of what is more or less popular. I'm currently preferring the Node.js style guide.

Xiki looks cool - it's a combined shell console, database user interface, and more.

Homesick lets you port your dotfiles (so you can more comfortably move between machines for development).

Beers in Bunnie's Workshop - Workshop Video #36 gives an eye-opening view of what it's like to build electronics devices when you're in Singapore.

It should be easy to distribute a collection of web pages elsewhere. In particular, it should be possible to (1) package up a bunch of pages in a zip file and use them as an application, or (2) just view a page and have it auto-load everything for use offline later. The ideas are common, but there's no single standard implemented by everyone. We need a standard zipped HTML file format and app manifests, an anthology discusses this.

There are lots of front-end Javascript frameworks. Choosing a front end framework discusses Angular, Ember, and React (and claims that use is waning for Backbone and Knockout). AngularJS is the most widespread, but the core development team decided to make Angular 2 completely different than Angular 1, which is likely a mistake (it's kind of crazy, really - does no one care about the users?). At least they finally figured out how to make Angular 1 and Angular 2 coexist, which should aid transition, but it still looks like a pretty painful transition (even fundamental constructs are changed). Originally Angular 2 dropped 2-way bindings (bi-directional bindings), which was rediculous; thankfully Angular 2 now has them again (though with a different syntax). Here's a recommendation for Ember over AngularJS; one argument is that "every member on Ember’s core team is actively working on one or more production apps that use Ember... [so they are] forced to experience all the joys and pains of using the framework... [and] will naturally look out for the good of all developers using the framework... Angular 2.0 is a perfect case in point for this situation. One reason they are going forward with a complete rewrite of the framework is because the core team members will not experience the pain of rewriting an app to migrate from version 1.x to 2.0."

When Coding Style Survives Compilation: De-anonymizing Programmers from Executable Binaries" by Aylin Caliskan-Islam et al explains that it's possible to determine who wrote code just from the compiled executable (!). Softpedia provides a basic discussion.

"I Moved to Linux and It’s Even Better Than I Expected" by Dan Gillmor.

Standards for Web Applications on Mobile: current state and roadmap has a nice summary of the state of web applications on mobile standards.

Connected mirror is a very human application.

A History of U.S. Communications Security (Volumes I and II); the David G. Boak Lectures, National Security Agency (NSA), 1973 has this gem: "Here is a COMSEC fact of life for you: A system offering perfect security which is so complicated that the holder of the system cannot (or will not) use it, offers the same degree of security as no system at all."

"NSA Hacker Chief Explains How to Keep Him Out of Your System" by Kim Zetter, 2016-01-28 summarizes a talk by Rob Joyce, chief of the NSA's Tailored Access Operations (TAO). Joyce explained how attackers get in, and how to keep them out. Fundamentally they "hunt sysadmins", in particular, they hunt for the "credentials of network administrators and others with high levels of network access and privileges that can open the kingdom to intruders." They look for hardcoded passwords in software or passwords that are transmitted in the clear. No vulnerability is too insignificant for the NSA to exploit, even if it's only temporary. Good ways to counter them are to "limit access privileges for important systems to those who really need them; segment networks and important data to make it harder for hackers to reach your jewels; patch systems and implement application whitelisting; remove hardcoded passwords and legacy protocols that transmit passwords in the clear... [and use an] use an 'out-of-band network tap'". "NSA and other APT attackers don’t rely on zero-day exploits extensively... they don’t have to... There’s so many more vectors that are easier... [including] known vulnerabilities for which a patch is available but the owner hasn’t installed it."

A backdoor in a DVR model manufactured by MVPower; its firmware is sending CCTV stills to a Chinese email address. This is based on open source software that included the backdoor; the backdoor was found and reported - but instead of fixing it, the project was taken down. This shows that people really do review OSS, and that backdoors may very well be reported... but when developers pick OSS to include, they need to choose ones that don't have backdoors, and monitor for changes. Slashdot has a discussion.

This University of Oregon Study on Feminizing Glaciers Might Make You Root for Trump (by Soave).

The Billion-Dollar Disinformation Campaign to Reelect the President

"The three golden rules to ensure computer security are: do not own a computer; do not power it on; and do not use it." - Robert Morris Senior, quoted in p. 1, Inside Java 2 Platform Security: Architecture, API Design, and Implementation, Li Gong, Gary Ellison, and Mary Dageforde, Boston: Addison-Wesley, 2003, 2nd ed., ISBN 0-201-78791-1.

"How We Discovered Thousands of Vulnerable Android Apps in 1 Day" by Joji Montelibano and Will Dormann (US CERT) - RSA 2015 presentation shows that a vast number of mobile applications are really vulnerable, and many developers appear to be either clueless or not care.

Steven M. Christey (Coley) resigned his position as technical lead, CVE Editor, and chair of the CVE Editorial Board. on 26 Oct 2015.

Being paranoid with Ruby Gems.

The Cyber Vault documents cyber activities of the US and foreign governments, as well as international organizations.

"No matter what promises are made on the campaign trail, terrorism will never be vanquished. There is no ideology, no surveillance, no wall that will definitely stop some 24-year-old from becoming radicalized on the Web, gaining access to guns and shooting a soft target. When we don’t admit this to ourselves, we often swing between the extremes of putting our heads in the sand or losing them entirely... Accepting these vulnerabilities means our safety can be measured and evaluated on three core premises: how well we minimize our risks, maximize our defenses and maintain our spirit... We lock doors, wear helmets and keep a fire extinguisher in the kitchen — but we don’t shy from cooking on the stove... We must demand much from our government to make us safer. But we must also accept that vulnerability isn’t always failure." - "No, America isn’t 100 percent safe from terrorism. And that’s a good thing." by Juliette Kayyem (a former assistant secretary at the Department of Homeland Security), The Washington Post, March 25, 2016.

UC Davis (University of California, Davis) pepper spray incident - not good.

SourceForge no longer no longer modifies its executables in highly suspicious ways (its notorious "DevShare" policy), after being bought out by a new owner (BIZX). Details here: SourceForge acquisition and future plans, Information on the BIZX buyout, and the previous change to opt-in only.

Software Audits: How High Tech plays hardball (InfoWorld) - if you thought open source software licenses were hard to deal with, just read some horror stories from the proprietary world.

If you're rebuilding the upstream Linux kernel on Ubuntu, GitKernelBuild has lots of useful info. Note that the command:

make -j `getconf _NPROCESSORS_ONLN` deb-pkg LOCALVERSION=-custom
cleans everything; replacing "deb-pkg" with "bindeb-pkg" will not clean and just build the binaries.

Here are some science fiction things. How well-read are you in Science Fiction. Some statistical analysis: Classics of Science Fiction, Worlds without end top listed, Premiosylista Comparativas: Comparativas: Ciencia ficcion (Spain). There's Steve Gibson's "Steve's Much-Requested Sci-Fi Reading Guide. Infinite Matrix is an interesting collection of science fiction short stories available on the web, and is periodically updated. Turkey City Lexicon for Science Fiction writers.

Joint Federated Assurance Center (JFAC) public website is here.

Book of Proof (Second Edition) by Richard Hammack is an introduction to the standard methods of proving mathematical theorems. It has been approved by the American Institute of Mathematics' Open Textbook Initiative, and is freely available online.

I found that when recording on a Windows system, recording would start too soft and over 5 seconds would get loud. I found the solution was to turn off "AGC". Go to Control Panel, Sound, Recording tab, Microphone properties, custom tab, and unclick "AGC". Presumably this is Automatic gain control, but it caused problems, and this cured things.

Looking for metadata about open source software projects? This discussion about what OMB should ask for has a list of approaches for collecting data about OSS projects.

Logic books often start by using the example "Socrates is a man; all men are mortal; therefore Socrates is mortal". But where did this example come from? Sextus Empiricus "Outlines of Pyrronism" Book II does not include this exact example - according to the translation by Benson Mates it has a similar yet different example:

Socrates is a human being,
Every human being is an animal,
Therefore, Socrates is an animal.

Vuls is a known-vulnerability OSS scanner written in Go.

Make with Ada: Redux

If you're interested in Javascript: How it feels to learn Javascript in 2016 and and State of Javascript (survey). A potential tonic: Modern Javascript Stack training.

Opposition to Galileo was scientific, not just religious; original article.

Here are some great quotes about manufacturing jobs, and the various nostalgic claims about "bringing them back": "Manufacturing retains its powerful hold on the American imagination for good reason. In the years after World War II, factory work created a broadly shared prosperity that helped make the American middle class. People without college degrees could buy a home, raise a family, buy a station wagon, take some nice vacations... From an economic perspective, however, there can be no revival of American manufacturing, because there has been no collapse. Because of automation, there are far fewer jobs in factories. But the value of stuff made in America reached a record high in the first quarter of 2016, even after adjusting for inflation. The present moment, in other words, is the most productive in the nation’s history. Politicians of all persuasions have tried to turn back time through a wide range of programs best summarized as “throwing money at factory owners.” ... By and large, those strategies haven’t helped... This myopic focus on factory jobs distracts from another, simpler way to help working Americans: Improve the conditions of the work they actually do... The manufacturing boom of the postwar years was an oddity, and there will be no repeat of the concatenation that made it happen: The backlog of innovations stored up during the Great Depression and World War II; the devastation of other industrial powers, Germany in particular, which gave the United States a competitive edge..." "Why Are Politicians So Obsessed With Manufacturing?" by Binyamin Appelbaum, New York Times, Oct. 4, 2016

Interesting experiment on using ultrasound to keep brains younger.

Foundations of Data Science (book) by Avrim Blum, John Hopcroft, and Ravindran Kannan.

Here's how to set up automatic heading numbering in Microsoft Word. It's rediculously complicated, but it is possible to use this basic functionality.

3 Rules for Rulers.

Good Enough Practices in Scientific Computing

"Girls and Software" by Susan Sons, Feb 04, 2014 - "Do not punish the men simply for being here. 'Male privilege' is a way to say 'you are guilty because you don't have boobs...', and I've wasted too much of my time trying to defend good guys from it. Yes, some people are jerks. Call them out as jerks, and don't blame everyone with the same anatomy for their behavior."

"How might the alience spacecraft work" includes a list of reasons aliens might visit Earth (it's an interesting list)

Best board games 2016

Why the Open Code of Conduct Isn’t for Me (Sean M): "While I agree with most of the Open Code of Conduct (as well as its underlying intent) - these passages struck me as being problematic. They, like all forms of political correctness, center around people being offended, sometimes about things like technical ability which can and should be spoken about frankly in any open source project. Here is the problem with using offensiveness as a standard in a code of conduct: It judges the speaker by the listener’s opinions [and] opinions are subjective and cannot be known by the speaker until after they speak. Judging and punishing the behavior of those who speak based on the sensibilities of those who listen is a standard which is inherently unfair to the speaker. This precipitates an environment where the exchange of ideas between people who differ is impossible if either of them thinks that the other may find the topic offensive. This carries with it the danger of stifling communication and learning between people who would otherwise benefit from a conversation that might just ruffle some feathers. ... I think that the difference between intent to offend and being offended is an important distinction... I hope that Github will reconsider their decision to use subjective metrics like this as a part of their code of conduct. I hope that they will let the people who may say things I disagree with continue to speak their minds honestly. And when they do, I hope Github judges their actions based on their own mindset and not mine." See also: The trouble with FreeBSD.

The Fallacy of Premature Optimization (Hyde) - ACM's Ubiquity Volume 10, Issue 3 (February 24 - March 2, 2009) - an essay on Tony Hoare's statement, "We should forget about small efficiencies, say about 97% of the time: premature optimization is the root of all evil." and I agree with this. Its usually not worth spending a lot of time micro-optimizing code before its obvious where the performance bottlenecks are. But, conversely, when designing software at a system level, performance issues should always be considered from the beginning. A good software developer will do this automatically, having developed a feel for where performance issues will cause problems. An inexperienced developer will not bother, misguidedly believing that a bit of fine tuning at a later stage will fix any problems."

Kids can't use computers... and this is why it should worry you (2013) " [Most] kids can't use general purpose computers, and neither can most of the adults I know... Tomorrow's politicians, civil servants, police officers, teachers, journalists and CEOs are being created today. These people don't know how to use computers, yet they are going to be creating laws regarding computers, enforcing laws regarding computers, educating the youth about computers, reporting in the media about computers and lobbying politicians about computers. Do you [think] this is an acceptable state of affairs? I have David Cameron telling me that internet filtering is a good thing. I have William Hague telling me that I have nothing to fear from GCHQ. I have one question for these policy makers: Without reference to Wikipedia, can you tell me what the difference is between The Internet, The World Wide Web, a web-browser and a search engine? If you can't, then you have no right to be making decisions that affect my use of these technologies. Try it out. Do your friends know the difference? Do you? ... I want the people who will help shape our society in the future to understand the technology that will help shape our society in the future. If this is going to happen, then we need to reverse the trend that is seeing digital illiteracy exponentially increase."

Wanted: Factory Workers, Degree Required (NY Times)

Everycircuit lets you create electronic circuits - and its animations make it easier to see what's going on.

Microsoft improved git and is using git everywhere.

The widespread and persistent myth that it is easier to multiply and divide with Hindu-Arabic numerals than with Roman ones.

Trump Is Right: Silicon Valley Is Using H-1B Visas To Pay Low Wages To Immigrants

Map camp (Simon Wardley) has many interesting comments about mapping out strategy. See also: Liam Maxwell.

What do engineers want? Camille Fournier says: Rewards, respect (stickiness of commitment), purpose. "Engineers like to ship" - so delivering things fast, with fast feedback, is a reward.

Open source books about JavaScript.

Use git? Show your current branch with a new "git current" alias:

  git config --global alias.current 'name-rev --name-only HEAD'

Use Google App Engine and Golang to Host a Static Website with Same Domain Redirects

Ninja is a make-like build system designed to be very fast. Meson is like the autotools: It tries to make it easy to create a cross-platform build system that adjusts to your current platform. Both Apache 2.0 licensed.

Lack of an Oxford comma could cost a company $10M. Please, use the Oxford comma.

When people say a user interface is "intuitive" they really mean that it is familiar. In most cases, it is much better to implement a familiar interface, because that means users don't have to relearn something. This isn't a new observation; see: "Intuitive Equals Familiar" By Raskin, J., Communications of the ACM. 37:9, September 1994, pg. 17.

Tips are available at 97 Things Every Programmer Should Know (O'Reilly collection of essays), including other edited contributions.

JavaScript Stack from Scratch proposes a modern JavaScript stack.

Version control market share in 2016 - git dominates.

"How to Study: A Brief Guide" by William J. Rapaport - interesting points. It also points out that the "learning styles" evidence is remarkably weak (to the point of non-existence).

Harry Potter's chess game.

6.2 - Binary Logistic Regression with a Single Categorical Predictor is an especially-readable description of the statistics for estimating the probability that something is (vs. isn't) in some binary category.

https://tech.slashdot.org/story/17/04/23/2238211/is-social-media-making-us-hate-each-other "How tech created a global village — and put us at each other’s throats" by Nicholas Carr has this nice quote: "Technology is an amplifier. It magnifies our best traits, and it magnifies our worst. What it doesn’t do is make us better people. That’s a job we can’t offload on machines."

"Maker's Schedule, Manager's Schedule" by Paul Graham

I'd like to get more information available to the public about the "Trusted Software Methodology" (TSM), previously called the "Trusted Software Development Methodology" (TSDM) and later extracted into the "Trusted CMM". This was a 1990s effort to counter unintentional and intentional vulnerabilities being inserted into software. Sure, it's old, but I think there are some useful lessons/nuggets in there. This is all I can find publicly:

"There are two kinds of fools: one says, 'This is old, therefore it is good'; the other says, 'This is new, therefore it is better.'" - Dean William Ralph Inge (1860-1954), Dean of St Paul's Cathedral, "More Lay Thoughts of a Dean" (1931), p. 200.

American energy use in one diagram. More generally, the LLNL flowcharts about commodities can be very instructive.

Verifythis has a list of verified programs.

Battleship USS Missouri computers (decommissioned 1992)

Gender Imbalances Are Mostly Not Due To Offensive Attitudes, August 1, 2017 by Scott Alexander Are women paid less than men for the same work?: When all job differences are accounted for, the pay gap almost disappears, August 1, 2017, The Economist

44 engineering management lessons

Some useful comments on the limits of machine learning:

"This Is How Your Fear and Outrage Are Being Sold for Profit: The story of how one metric has changed the way you see the world" by Tobias Rose-Stockwell, The Medium, July 14, 2017 discusses a large-scale disturbing trend in news and journalism. Related: Is Social Media the New Smoking?

Eclipse 2017: https://www.vox.com/science-and-health/2017/7/25/16019892/solar-eclipse-2017-interactive-map https://www.theverge.com/2017/8/7/16025284/total-solar-eclipse-2017-date-time-lunar-map-glasses-path https://dyer.vanderbilt.edu/solar-eclipse/ http://earthsky.org/astronomy-essentials/august-21-2017-solar-eclipse-4-planets-bright-stars http://astromaven.blogspot.com/2017/06/weird-things-happen-with-total-solar_72.html?m=1

Typing with pleasure - in this bake-off, gVim was radically faster than other text editors, and that makes a difference when you use them a lot.

Papers I like (ryg) links to some interesting science/technology papers. For compilers, it lists the interesting “Destination-Driven Code Generation” (1990; compilers) by Dybvig, Hieb, Butler and the related "One-pass Code Generation in V8" by Kevin Millikin.

Teach Yourself Logic 2017: A Study Guide by Peter Smith, University of Cambridge - lists relevant books and gives lots of descriptions about them in an organized way. "NASA study proposes way to prevent Yellowstone super volcano from destroying United States" (by Jamie Seidel).

YC’s Essential Startup Advice

The Last Invention of Man: How AI might take over the world by Max Tegmark.

Physicists find we’re not living in a computer simulation (they assume that the "real" and "simulated" worlds are basically the same though).

Free speech disagreements

"The Last Line Effect" by Andrey Karpov (2014-05-11) show that when programmers copy and paste code, the most likely location for a mistake is in the last fragment of a homogeneous code block.

Here's more on the nasty legal underbelly of "mattress wars".

Q. What's so great about ISO standardization?
A. It is often said that one of the advantages of SGML over some other, proprietary, generic markup scheme is that "nobody owns the standard". While this is not strictly true, the ISO's pricing policy certainly has helped to keep the number of people who do own a copy of the Standard at an absolute minimum. [ Ed. note: I'm not exactly sure why this is seen as an advantage, it's just something people say. ] (Source: "NOT the comp.text.sgml FAQ" from Joe English)

Spreadsheets do calculations, but don't make it easy to see how you got there or explain things. They also have limited calculation capabilities. Active worksheets let you see graphical presentations of how the calculations occurred, and the result. Open source software (OSS) implementations are especially interesting to me. Jupyter is especially clean and easy; it supports worksheets that are easy to exchange, you can use it remotely, and it supports a number of common underlying tools like Python and Spark (you can even install Jupyter on Cygwin). SageMath supports more underlying components. CoCalc which includes both. wxMaxima can do lots, in particular symbolic math manipulations.

There's a lot of source code duplication on GitHub, but it's explainable.

Here are some freely-available D&D 5th edition Adventures; The Dreaming Heralds looks like a decent level-1 adventure. Here's a D&D character spreadsheet.

How Driverless Cars Will Reshape Our World

Python hashes and equality

When is a Dollar not a Dollar? - e.g., remember the principal-agent problem, that it's easier to sell something if it fits into an existing budget, and products priced under discretionary limits are much easier to sell.

"What Makes A Great Software Engineer?" However, see the Hacker news comments.

"A History Of The Silmarils In The Fifth Age" (Posted on December 26, 2017 by Scott Alexander) is hilarious.

"Discretion still matters — don’t ruin your career by sharing too much" by lawrence krubner

"Legends of the Ancient Web" - an examination of the technology arc of radio, and what it means for the Internet today.

"Collision Course: Why This Type Of Road Junction Will Keep Killing Cyclists" - Constant bearing, decreasing range problems in roads can kill people.

Software Crisis: The Next Generation

The Law of the Somalis, a Nation Successful Without Any Central Government is a truly different system, yet it apperas to work. I wonder if it'd be a good background for a Science Fiction story?!

‘Never get high on your own supply’ – why social media bosses don’t use social media

"Conflict Vs. Mistake" by Scott Alexander

DNA through the eyes of a coder.

Facebook’s Desperate Smoke Screen (by Cal Newport): Soros notes that social media companies “deliberately engineer addiction to the services they provide,” acting like casinos that “have developed techniques to hook gamblers to the point where they gamble away all their money, even money they don’t have.” "To ask Facebook to make their service less addictive would be like asking Exxon Mobile to switch to less efficient oil pumps: it would be a body blow to their bottom line, and investors wouldn’t tolerate it."

"The Longest Debugging—The journey towards a reliable Linux workstation" (Jeff Tam, posted on February 25, 2018) - a long debug session led to the identification of a subtle graphics card heat issue and the driver's failure to deal with it.

FinFisher exposed: A researcher’s tale of defeating traps, tricks, and complex virtual machines - a description of how FinFisher works.

"Fake it till you make it: meet the wolves of Instagram" - Their hero is Jordan Belfort, their social media feeds display super-rich lifestyles. But what are these self-styled traders really selling? By Symeon Brown

Pan Am flight 18602's flight around the world in 1941 is an amazing story. It was the first flight around the world by a commercial airliner, but it was not originally planned to be one! See: The Long Way Round: The Plane that Accidentally Circumnavigated the World. See also The Pan Am Series – Part XVIII: First Round the World Flight, The Long Way Home….Pan Am Flight 18602 – May 4, 2018 (Novell)

"A few words on Doug Engelbart" by Bret Victor, July 3, 2013: "The problem with saying that Engelbart "invented hypertext", or "invented video conferencing", is that you are attempting to make sense of the past using references to the present... Engelbart's vision, from the beginning, was collaborative. His vision was people working together in a shared intellectual space." In short, his work was intended to augment human intellect, not just create the technologies such as the mouse. It's certainly true that his Mother of all demos (1968) (Wikipedia) was a landmark event in computing. That said, one reason today's systems don't work the same way is because of security concerns, and all ideas are transformed as they enter into practice. Engelbart was an amazing innovator, and humanity has been greatly enriched because of his work.

The Slippery Math of Causation - it is hard to determine causation, not just correlation!

"Notes on Discrete Mathematics" by James Aspnes - a nice book on discrete math for computer science, including some discussion about the foundations of mathematics. A cool aspect: it's available under the Creative Commons Attribution-ShareAlike 4.0 International license (so it's Free in all senses). It references this pair of papers justifying the use of the typical widely-used axioms in math:

Madly Ambiguous game - see the paper and Atlantic article.

Sheep Logic. Here are sheep hallmarks:

  1. Enormous capacity for other-regarding behaviors.
  2. Zero altruism and overwhelming selfishness.
  3. The determination to pursue any behavior that meets Hallmark #1 and #2 to absurd ends, even unto death.

The TRUTH Why Modern Music Is Awful - the music industry's relentless drive to reduce its risks.

A framework for thinking about Open Source Sustainability? (by Titus Brown) has interesting thoughts on OSS sustainability, based on Elinor Ostrom's work on Common Pool Resources (CPR). It references An alternate ending to the tragedy of the commons (by Nadia Eghbal).

"AV1: next generation video – The Constrained Directional Enhancement Filter (CDEF)" by Christopher Montgomery discusses the CDEF enhancement to the AV1 video encoding standard. It has a cool illustration, an Intra Paint prediction algorithm as applied to a photograph of Sydney Harbor.

Teaching R to New Users - From tapply to the Tidyverse (2018)

The Great CEO Within (Formerly: Founder to CEO): How to build a category-killing company from the ground up By Matt Mochary

Graduate School in the Humanities: Just Don't Go.

Learn.adacore.com provides an interactive learning platform for the Ada and SPARK programming languages.

Choose wisely, as it can't be changed later.

Some old x86 chips have a nasty "god mode" back door. Code is available.

"Data Organization in Spreadsheets" by Karl W. Broman & Kara H. Woo provides guidance on how to create spreadsheets that are less likely to have errors (a big problem).

A poll worker commmited voter fraud in Ohio.

Python vs. JavaScript comparison

Here's how to archive a website using wget (yes, it's arcane):

    $ nice wget --mirror --execute robots=off --no-verbose --convert-links \
                --backup-converted --page-requisites --adjust-extension \
                --base=./ --directory-prefix=./ --span-hosts \
                --domains=www.example.com,example.com http://www.example.com/

RPG plots (list)

Story of a failed pentest / Taking down an insider threat (Tinker) - it is possible to counter attackers, even if they are on the inside. But you have to be diligent. The blue team succeeded due to:

“The 's' is sad”: 4-year-old submits Linux kernel doc patch (2014); see also kernel.org commit.

Machine learning for humans - references has some useful references.

Greatest Sales deck I've ever seen.

Algebras we love - explains what is a magma, semigroup, etc. in mathematics.

Attackers Up Their Game with Latest NPM Package Compromise (2018): "a package called flatmap-stream, a dependency of event-stream was injecting some AES-encrypted code. Event-stream is a toolkit that helps developers create and work with streams in Node.js more easily. It is used by almost 1,600 Node packages and gets downloaded around 1.8 million times per week from the npm registry. Flatmap-stream was added as a dependency to event-stream back in September; not by the original maintainer, but by a user who received publishing rights to the package. It seems that this user, using the handle right9ctrl (now suspended on GitHub and npm), managed to convince the original author, Dominic Tarr, to transfer the package to him after making a few legitimate code contributions." See event-stream issue #116. The Register and Hunter (Medium) also discuss it.

"This clever AI hid data from its creators to cheat at its appointed task" by Devin Coldewey, TechCrunch, 2018.

"Ontology is Overrated: Categories, Links, and Tags" by Clay Shirky

Statistics done wrong.

"Some Fundamental Theorems in Mathematics" by Oliver Knill (2018)

Tech Is Splitting the U.S. Work Force in Two by Eduardo Porter (Feb. 4, 2019) (NY Times) describes the world as it is becoming, even though many economists have been ignoring reality: there are a few high-paying high-skills jobs, and "the vast majority of new jobs are in workaday service industries, like health care, hospitality, retail and building services, where pay is mediocre."

I Cut the 'Big Five' Tech Giants From My Life. It Was Hell

Fun with Calculators

Wat (presentation showing bizarre things, esp. in JavaScript, it's funny). China’s impact on the U.S. Education System Staff Report Permanent Subcommittee on Investigations United States Senate (2019) - Chinese-funded (but expressly not acknowledged) propoganda through organizations such as Confucius Institutes.

To lose weight focus on controlling intake; exercise is good, but doesn't help weight loss very much; see "Why you shouldn't exercise to lose weight, explained with 60+ studies" by Julia Bellu and Javier Zarracina, Vox, October 31, 2017.

Coffee naps are a good thing - see "Scientists agree: Coffee naps are better than coffee or naps alone" (by Joseph Stromberg, Vox, April 23, 2015).

"What students know that experts don't: School is all about signaling, not skill-building" By Bryan Caplan Feb 11, 2018 (LA Times)

yarchive.net comp index has an interesting set of archived computer-related quotes.

Common statistical tests are linear models (or: how to teach stats) by Jonas Kristoffer Lindeløv "The Man Who Tried to Redeem the World with Logic" (about Walter Pitts)

Image-to-Image Translation with Conditional Adversarial Nets - A GAN that converts images to images, cool.

Why the Open Code of Conduct Isn’t for Me

Handbook of Analog Computation

STAMPing on event-stream (an analysis of the causes of the malicious code in JavaScript event-stream)

Seizing the means of Knowledge Production (Musa Al-Gharbi)

"How pharmaceutical industry financial modelers think about your rare disease" (Apr 29, 2019) by ericminikel.

Why Three Prongs? (US electrical outlets explained) and Neutral Wire Facts and Mythology (EE Times)

"Microsoft admitted to private Linux developer security list" by Steven J. Vaughan-Nichols (ZDNet, July 8, 2019) quotes me: "As David A Wheeler, an open-source security expert, pointed out, the purpose of the list is to enable "everyone to coordinate so that users get fixes." That includes Linux users on Windows and Azure. So, he supported Microsoft being allowed into the private list."

You probably shouldn’t be citing the "No Free Lunch" Theorem by Wolpert: "I think there are very few cases when citing Wolpert supports whatever point you’re making. If your point is “No model can always be best”, I would suggest citing Shalev-Shwartz and Ben-David. If your point is “Learning is impossible without proper assumptions”, you might cite the whole chapter by Shalev-Shwartz and Ben-David."

Introduction to Clifford Algebra by John Denker describes Clifford Algebra, a mathematical approach to modeling constructs (like physical space) that seems to have a lot of advantages. In particular, its "wedge product", unlike the traditional "cross product", does not require any concept of handedness (e.g., right hand rule). As a result, the 4 equations of Maxwell's equation become a single equation!

Algebra cheatsheet.

High performance, exactly-once, failure oblivious distributed programming with AMBROSIA Dating: a Research Journal, Part 1 Get started making music (online tutorial) and discussion about it.

Meditations on Moloch

How the Gigatron TTL microcomputer works - the Gigatron is cool, a computer built out of TTL logic and no microprocessor at all. If you want to get a deeper understanding of how computers really work, this isn't a bad way to do it.

"Open Source Software: A Survey from 10,000 Feet" (2011) by Stephanos Androutsellis-Theotokis, Diomidis Spinellis, Maria Kechagia and Georgios Gousios is an interesting attempt to survey OSS overall.

How the ‘Magic: The Gathering’ Color Wheel Explains Humanity.

Graphtage is an open source software command line utility and underlying library "for semantically comparing and merging tree-like structures, such as JSON, XML, HTML, YAML, and CSS files." It looks really amazing as-is. It'd be cool if they added support for source code abstract syntax trees!

When creating videos it's great to include some music. You can find music released under various Creative Commons licenses at CChound, audionautix (Jason Shaw), and Creative Commons' list of Music Communities.

Presentation on how older consoles work.

A Researcher’s Guide to SomeLegal Risks of Security Research (2020)

Anki as Learning Superpower - long-term memorization can be done well if you repeatedly check, focusing on what was missed. This article goes into some details.

Strongly recommended: "Leadership Lab: The Craft of writing Effectively" presentation by (Larrry McEnerney, Director of the University of Chicago's Writing Program aka Little Red Schoolhouse). This is a good video about writing when you’re trying to create and explain new ideas. In particular, “your writing needs to be valuable for your audience” and "you're here to create valuable work, not original work". Another point: "Writing is not about communicating your ideas to your readers, it's about changing their ideas." He sometimes apologizes for focusing on the audience, but in my mind, focusing on anything other than the audiences' needs is a form of selfishness. For background, see Larry McEnerney, AM’80, reflects on 40 years of teaching in the Little Red Schoolhouse and Larry McEnerney, director of university writing program, and Cathe McEnerney to retire as resident deans.

"Hello! You've Been Referred Here Because You're Wrong About Section 230 Of The Communications Decency Act" by Mike Masnick (June 23, 2020) is a wonderful explanatory piece about Section 230 of the Communications Decency Act. He recommends (and I agree) reading the actual law, 47 U.S. Code § 230 - Protection for private blocking and screening of offensive material.

"Most Organizations Have Incomplete Vulnerability Information" by Jai Vijayan (2019-11-25) says that "Companies that rely solely on CVE/NVD are missing 33% of disclosed flaws, Risk Based Security says." I don't know the exact value of the number (it's probably higher than that), but this shows that there's clearly work to do to make it easier to submit reports to the CVE process, and I think the CVE process needs to be more proactive so that it identifies the known vulnerabilities.

Why you should never use MongoDB

"Weak Men are Superweapons" by Scott Alexander ("Weak men" are like strawmen, but more dangerous).

LibreTranslate translates between natural languages and is open source software. 100% self-hosted and uses machine learning techniques. LibreTranslate code and LibreTranslate Models are posted on GitHub. Uses Open Parallel Corpus (OPUS), a collecction of translated texts.

It's now possible to get the original Unix Magic poster!!

Little Bobby #322 is a wonderful cartoon about SolarWinds vs. vulnerability disclosure, source code analysis, and SBOMs.

Evidence based Software Engineering

Scot Adams' pre-arranged public apology, quoted from Life After an Internet Mob Attack.

Tabs (I got tabs in the browser) is a hilarious song!

Do not get a PhD in history (or allied fields). There are simply far too few jobs, so it's generally horrific when you're done (unless can afford to do it as a hobby).

"Ownership You Can Count On:A Hybrid Approach to Safe Explicit Memory Management" (aka "single owner model") discusses a memory management approach implemented in "Gel". This is an ownership model that has some similarities to Rust. It appears to be simpler to use, but less efficient (because it has to manage run-time counts) and less likely to detect errors at compile time, than Rust's model. Friendship ended with the garbage collector discusses implementing this in Inko. (the title is a nod to this meme).

automatically publishing your build artifacts.

Threat Modeling Manifesto is interesting. THey include, in their threat model, "what are we going to do" & "did we do a good enough job". This is Adam Shostack's approach; note that many others only include in threat modeling the analysis, not deciding what to do to fix it (which would then move into becoming an assurance case). But as long as you analyze your system & fix problems found, the name is less important. :-).

How to freeze your credit - do it for Equifax, Experian, TransUnion, and Innovis (Innovis is less common, but some attackers exploit that).

"Picturing Git: Conceptions and Misconceptions" by Matt Neuburg explains the mental model of git, without trying to explain its implementation in detail.

"Someone Dead Ruined My Life… Again." by CGP Grey is a fun example of why it's hard and important to track down original sources. All too often, information is mindlessly copied from past sources, and sometimes it's quite false.

"20 Things I’ve Learned in my 20 Years as a Software Engineer" by Justin Etheredge, October 7, 2021

How close is nuclear fusion power? (2021)

"Software Crisis 2.0" by Baldur Bjarnason

Hacker Laws (pithy patterns).

"System error: Japan cybersecurity minister admits he has never used a computer" by Justin McCurry and agencies, Wed 14 Nov 2018 23.23 EST, The Guardian. When people who lack basic knowledge about their field run organizations, little good can come from it.

There have been big advances in generating images from text using machine learning. OpenAI's GLIDE is an older system for doing this; OpenAI's GLIDE official codebase is available. OpenAI's Dall-E-2 is pretty amazing. Google's Imagen appears to be a worthy competitor. Imagen, the DALL-E 2 competitor from Google Brain, explained (video) explains how Imagen works, and notes that all 3 (GLIDE, Dall-E-2, and Imagen, but not the older Dall-E) are diffusion model based. Neither Dall-E-2 nor Imagen are available to the public at this time. Imagen was trained on two datasets; one is OpenAI's LAION-400M, billed as "the world’s largest openly available image-text-pair dataset with 400 million samples." imagen-pytorch is a (re)implementation of imagen. Imagen takes some interesting approaches (really simplifications); it uses an off-the-shelf huge language model (T5-XXL) instead of using one specific for captions. Some useful pages about T5 include Exploring Transfer Learning with T5: the Text-To-Text Transfer Transformer and google-research/text-to-text-transfer-transformer. There is already a DALL-E mini that generates images from text, but it's nowhere near the capabilities of say DALL-E-2.

Here are the Lyrics to Sail Cat.

Feel free to see my home page at https://dwheeler.com.