The Turing Police say you have more than two problems.

11 years ago
Occupy Babel!

Hard-to-parse protocols require complex parsers. Complex, buggy parsers become weird machines for exploits to run on. Help stop weird machines today: Make your protocol context-free or regular!

Protocols and file formats that are Turing-complete input languages are the worst offenders, because for them, recognizing valid or expected inputs is UNDECIDABLE: no amount of programming or testing will get it right.

A Turing-complete input language destroys security for generations of users. Avoid Turing-complete input languages!

Ensure computational equivalence of protocol endpoints: use only regular and context-free protocols!

Needless to say, you also doom us all to inhuman toil for the One whose Name cannot be expressed in the Basic Multilingual Plane.

11 Comments
Tags: , , , ,
Current Music: Duran Duran -- Blame the Machines ♬

Google Plus: Still keepin' it klassy

11 years ago
parislemon: Dear Google+

Earlier today I noticed something funny. My Google profile picture -- the picture associated with my Gmail account, my GChat account, my Google+ account, etc -- had vanished. A bug? Nope.

It turns out, Google -- without telling me -- went into my account and deleted my profile picture. Why? Because I am giving the middle finger in it. See: above.

While ridiculous prudish, I figured this was probably the case so I uploaded the picture again to make sure. Sure enough, gone. At least this time, Googler Alex Joseph left a comment as to why:

As the first point of interaction with a user's profile, all profile photos on Google+ are reviewed to make sure they are in line with our User Content and Conduct Policy. Our policy page states, "Your Profile Picture cannot include mature or offensive content." Your profile photo was taken down as a violation of this policy. If you have further questions about the policies on Google+ you can [ go fuck yourself ].

[...] Anyway, I've fixed my attitude and uploaded a picture (below) which should hopefully be in line with the terms of service no one actually reads anyway:

Previously.

13 Comments
Tags: , ,

Today on the Lying with Numbers show...

11 years ago

Nielsen Soundscan Stops Making Sense

For like the 4th year in a row, Nielsen Soundscan is trying to convince us all that selling a billion things for $1 is somehow a sales increase over selling a half-billion things for $10-$15 each.

"According to the Nielsen Co.'s year-end figures, music purchases - CD, vinyl, cassette and digital purchases of entire albums (grouped together as total albums), plus digital track downloads, singles and music videos - attained a new high of 1.5 billion, up 10.5% over 2007." -- Ken Barnes, USA Today

This requires you to believe that selling three songs for $1 each is an improvement over selling a CD for $15. This is about the stupidest fucking way I can think of to measure sales when the price disparity between items is so great and the "gain" is in the cheapest item. But the L.A. Times went with it, using a headline that says "Overall music sales hit an all-time high in 2009; Taylor Swift's Fearless is the year's top-selling album." The truth is that no, they didn't, and no, it wasn't.

2 Comments
Tags: , ,

Denial of service via hash bucket collisions!

11 years ago
This is clever:

Researchers have shown how a flaw that is common to most popular Web programming languages can be used to launch denial-of-service attacks by exploiting hash tables.

Researchers Alexander Klink and Julian Wälde explained that the theory behind such attacks has been known since at least 2003, when it was described in a paper for the Usenix security conference, and influenced the developers of Perl and CRuby to "change their hash functions to include randomization."

"This attack is mostly independent of the underlying Web application and just relies on a common fact of how Web application servers typically work," the team wrote, noting that such attacks would force Web application servers "to use 99% of CPU for several minutes to hours for a single HTTP request."

Basically you pass a zillion parameters that hash into the same bucket (meaning you need to know the bucket size) and the hash table goes O(N^2) while trying to parse the arguments to see if they're even valid.

Easily thwarted by keeping N small by limiting request size or number of parameters early, but it's a neat trick anyway.

7 Comments
Tags: , , ,

Leap Weeks

11 years ago
This is kind of a neat idea: The Hanke-Henry Calendar. If, instead of having a 365-day year with a leap-day inserted every 4-ish years, you have a 364-day year with a leap-week inserted every 6-ish years, you end up with a 12 month calendar where every day/month pair lands on the same day-of-the-week every year. The error between calendar day and solar day stays about the same.

There's not a chance, of course, but it's a neat trick. It's the Dvorak keyboard of calendars -- worse, because everyone would have to change at once. The switch from Julian to Gregorian took two centuries.

Sadly, the combination of the author's 1992 web design, and the fact that he also wants to eliminate time zones and put everyone on GMT, puts him firmly in the "internet kook" category.

Also. Previously.

28 Comments
Tags: , , ,
Current Music: The Soft Moon -- Out of Time ♬

Legislative schadenfreude

11 years ago
Prop 8 lawsuits lead to attack on Prop 13: A lawsuit argues that Prop. 13 was improperly approved.

(Prop 8 is the "we hate teh gays" one. Prop 13 is the mid-70s Republican-minority power-grab that explains why California is the 8th largest economy in the world but has a public education system that consistently ranks 49th out of 50 in the country.)

In analyzing Proposition 8, the state Supreme Court, led by Chief Justice Ronald George, laid out those definitions and concluded that the measure was properly thought of as an amendment, for though it did great and noxious damage to the rights of gay Californians, it did not reach the structure of government itself. Reading the court's opinion in that case, Norris said he had two reactions. "I thought the outcome was correct ... even though I didn't like the outcome," he said in an interview last week. "And I was intrigued by Ron George's review of the various California Supreme Court cases over the decades on the distinction between an amendment and a revision."

That started Norris thinking: WasProposition 13, which was passed as an amendment, really a revision? [...]

That language has had a profound impact on the power of the executive and the Legislature. The power that it constrains -- the authority to raise public funds -- is among the most fundamental of government. And the requirement gives more weight to some legislators -- and, by extension, their constituents. As the lawsuit notes, "legislators opposing a tax increase are given the functional equivalent of more votes than those legislators who favor such proposals."

The result is that Proposition 13 has altered power in the Capitol and appreciably weakened the ability of the Legislature to pass new taxes, which sounds an awful lot like a "change in the basic plan" of state government.

1 Comment
Tags:

Astrophysics

11 years ago
Doing the math we can conclude it will take 1.7 x 10^17 years for our sun to generate the same amount of energy as a cubic light year of cheese.

Be warned, however, that at 977 kilograms per cubic meter, or 8.27 -- 10^50 kilograms per cubic light year, the Schwarzchild Radius of a cubic light year of cheese would be 1.23 -- 10^24 meters, significantly greater than the 9.46 x 10^15 meters in a light year. From this we can conclude that a cubic light year of cheese, should that somehow manifest itself, will immediately collapse into a black hole.

So while you would think a cubic light year of cheese would be the obvious choice over the sun, if you are presented with a choice between them, the numbers suggest you would be far better off choosing the sun.

Previously, previously, previously.

3 Comments
Tags: ,
Current Music: The Airborne Toxic Event -- All At Once ♬

"And By Raging I Mean Flailing, And By Light I Mean Relevance"

11 years ago
A fine rant:

David Young, Hachette's chief executive, says: "Publishers can't meet to discuss standards because of antitrust concerns. This has had a chilling effect on reaching consensus."

Mr. Young lays it flat out: that laws prohibiting anticompetitive collusion and price-fixing are having a "chilling effect" on major publishers' attempts to collude, fix prices and thwart competition.

I can't imagine a functioning adult saying this with a straight face, but there it is. "Laws against doing evil things are having a chilling effect on the efforts of aspirant evildoers." I'm sure it's a problem for somebody, but as far as I'm concerned, mission accomplished, gold stars all 'round, well done laws and keep up the good work.

As has been noted many times, by many people, we've juiced up the entirely artificial copyright laws of the world to the point that if libraries weren't already a centuries-old cultural institution, there's no chance they'd ever be able to come into existence today. And here in this miraculous age of free-flowing information, that's sad as hell.

4 Comments
Tags: , ,
Current Music: Viva City -- Remove Money Maker ♬

Man misses mouse and shoots roommate, revealing child rapist

11 years ago
"Police said they suspected alcohol was involved."

A Utah man who was trying to kill a mouse ended up shooting one roommate and getting another arrested for child rape, while a fourth roommate slept through the whole thing.

Taylorsville Police Sgt. Tracy Wyant told Deseret News that the first roommate, 27, had been trying to kill a rodent when he missed and the round went through the kitchen wall and struck a second roommate, 28.

Officers responding to the scene early Tuesday morning found a 13-year-old girl hiding in a basement closet. She told police she had been having an affair with the third roommate, 34-year-old Paul Daniel Kunzler. During an interview, the Children's Justice Center determined that the girl had been having sex with Kunzler over a period of four months.

"The Aristocrats!"

Also, I was wondering: "The mouse did survive."

9 Comments
Tags: ,
Current Music: Yoav -- Where Is My Mind ♬

  • Previously