Hard-to-parse protocols require complex parsers. Complex, buggy parsers become weird machines for exploits to run on. Help stop weird machines today: Make your protocol context-free or regular!
Protocols and file formats that are Turing-complete input languages are the worst offenders, because for them, recognizing valid or expected inputs is UNDECIDABLE: no amount of programming or testing will get it right.
A Turing-complete input language destroys security for generations of users. Avoid Turing-complete input languages!
Ensure computational equivalence of protocol endpoints: use only regular and context-free protocols!
Needless to say, you also doom us all to inhuman toil for the One whose Name cannot be expressed in the Basic Multilingual Plane.
Nielsen Soundscan Stops Making Sense
For like the 4th year in a row, Nielsen Soundscan is trying to convince us all that selling a billion things for $1 is somehow a sales increase over selling a half-billion things for $10-$15 each.
"According to the Nielsen Co.'s year-end figures, music purchases - CD, vinyl, cassette and digital purchases of entire albums (grouped together as total albums), plus digital track downloads, singles and music videos - attained a new high of 1.5 billion, up 10.5% over 2007." -- Ken Barnes, USA Today
This requires you to believe that selling three songs for $1 each is an improvement over selling a CD for $15. This is about the stupidest fucking way I can think of to measure sales when the price disparity between items is so great and the "gain" is in the cheapest item. But the L.A. Times went with it, using a headline that says "Overall music sales hit an all-time high in 2009; Taylor Swift's Fearless is the year's top-selling album." The truth is that no, they didn't, and no, it wasn't.
This is clever:
Researchers have shown how a flaw that is common to most popular Web programming languages can be used to launch denial-of-service attacks by exploiting hash tables.
Researchers Alexander Klink and Julian Wälde explained that the theory behind such attacks has been known since at least 2003, when it was described in a paper for the Usenix security conference, and influenced the developers of Perl and CRuby to "change their hash functions to include randomization."
"This attack is mostly independent of the underlying Web application and just relies on a common fact of how Web application servers typically work," the team wrote, noting that such attacks would force Web application servers "to use 99% of CPU for several minutes to hours for a single HTTP request."
Basically you pass a zillion parameters that hash into the same bucket (meaning you need to know the bucket size) and the hash table goes O(N^2) while trying to parse the arguments to see if they're even valid.
Easily thwarted by keeping N small by limiting request size or number of parameters early, but it's a neat trick anyway.
This is kind of a neat idea: The Hanke-Henry Calendar
. If, instead of having a 365-day year with a leap-day inserted every 4-ish years, you have a 364-day year
with a leap-week inserted every 6-ish years, you end up with a 12 month calendar where every day/month pair lands on the same day-of-the-week every year. The error between calendar day and solar day stays about the same.
There's not a chance, of course, but it's a neat trick. It's the Dvorak keyboard of calendars -- worse, because everyone would have to change at once. The switch from Julian to Gregorian took two centuries.
Sadly, the combination of the author's 1992 web design, and the fact that he also wants to eliminate time zones and put everyone on GMT, puts him firmly in the "internet kook" category.
Doing the math we can conclude it will take 1.7 x 10^17 years for our sun to generate the same amount of energy as a cubic light year of cheese.
Be warned, however, that at 977 kilograms per cubic meter, or 8.27 -- 10^50 kilograms per cubic light year, the Schwarzchild Radius of a cubic light year of cheese would be 1.23 -- 10^24 meters, significantly greater than the 9.46 x 10^15 meters in a light year. From this we can conclude that a cubic light year of cheese, should that somehow manifest itself, will immediately collapse into a black hole.
So while you would think a cubic light year of cheese would be the obvious choice over the sun, if you are presented with a choice between them, the numbers suggest you would be far better off choosing the sun.
Previously, previously, previously.
"Police said they suspected alcohol was involved."
A Utah man who was trying to kill a mouse ended up shooting one roommate and getting another arrested for child rape, while a fourth roommate slept through the whole thing.
Taylorsville Police Sgt. Tracy Wyant told Deseret News that the first roommate, 27, had been trying to kill a rodent when he missed and the round went through the kitchen wall and struck a second roommate, 28.
Officers responding to the scene early Tuesday morning found a 13-year-old girl hiding in a basement closet. She told police she had been having an affair with the third roommate, 34-year-old Paul Daniel Kunzler. During an interview, the Children's Justice Center determined that the girl had been having sex with Kunzler over a period of four months.
Also, I was wondering: "The mouse did survive."