gemini://gemini.conman.org/boston/2015/04/05.1
Ah, today's holiday. A celebration of the reanimation of a Jewish carpenter using Nordic symbols, named after a Germanic deity and involving sweets derived from Central American food. Ain't modern life wonderful?
As for me, I'm spending the day reading about Anthony Bourdain's [1] eating his way [2] through Narnia [3].
[1] http://en.wikipedia.org/wiki/Anthony_Bourdain
[2] http://archiveofourown.org/works/137185
[3] http://en.wikipedia.org/wiki/The_Chronicles_of_Narnia
gemini://gemini.conman.org/boston/2015/04/06.1
When I left Casa New Jersey [1], it needed quite a bit of loving care. But sure enough, someone came along and lavished quite a bit of loving care on the house. And seriously, what a transformation! [2] (link via Spring [3] on GoogleMyFacePlusSpaceBook).
I especially like the work done upstairs. Wow!
[2] http://www.zillow.com/homedetails/1300-Mathis-St-Lake-Worth-FL-33461/46687068_zpid/
gemini://gemini.conman.org/boston/2015/04/07.1
I noticed one of the developers at The Ft. Lauderdale Office of The Corporation using the time of day to seed a random number generator, which is borderline okay (depending on how the resulting random numbers will be used) there are better ways to generate a random seed, at least on a modern POSIX [1] system—read data from /dev/urandom.
My fellow cow-orker B, with whom I was having this discussion, mentioned this borderline paranoid approach [2] to reading /dev/urandom. But I think that if you have to call fstat() to make sure the file is actually /dev/urandom then you have more things to worry about (really—if a cracker can substitute /dev/urandom with known data, it's pretty much game over [3]—B agreed with that statement, by the way). Besides, the author wasn't paranoid enough! Who's to say there isn't some extra code in there (say, via $LD_PRELOAD [4] or ptrace() [5] or maybe even through some ELF magic on the executable [6]) that intercepts the read() [7] function to return “random data” when reading from /dev/urandom? Hmmmm? (about the only thing you can do to counter that is nuke the site from orbit [8]—it's the only way to be sure)
But in the mean time, just use /dev/urandom [9].
[1] http://pubs.opengroup.org/stage7tc1/
[2] http://insanecoding.blogspot.com/2014/05/a-good-idea-with-bad-usage-devurandom.html
[3] https://www.youtube.com/watch?v=dsx2vdn7gpY
[4] http://stackoverflow.com/questions/426230/what-is-the-ld-preload-trick
[5] http://en.wikipedia.org/wiki/Ptrace
[6] http://www.exploit-db.com/papers/14087/
[7] http://pubs.opengroup.org/onlinepubs/009695399/functions/read.html
[8] https://www.youtube.com/watch?v=aCbfMkh940Q
[9] http://www.2uo.de/myths-about-urandom/
gemini://gemini.conman.org/boston/2015/04/08.1
I was inspecting Facebook's network traffic today in Firefox Devtools, when I realized that any text I put into the status update box was sent to Facebook's servers, even if I did not click the post button. Ever curious, I Googled this behaviour and came across a study which reveals some very frightening information:
> > Facebook calls these unposted thoughts "self-censorship," and insights into how it collects these nonposts can be found in a recent paper written by two Facebookers.
>
Via Lobsters [1], “Facebook sending 'nonposts' to its servers and storing unpublished thoughts [2]”
I wouldn't be surprised if all the sites in the MyFaceGoogleBookPlusSpaceosphere aren't doing the same thing. And the thing is, when I do a search on “experimenting on unwilling subjects” the results all seem to be Na zis Nazis Nazis (With the CIA in a close second place. Go figure.) [3] for some reason. Just approach FaceGoogleMyPlusSpaceBook that everything posted, whether “private” or not, is going to be seen by everybody. Because it is.
[1] https://lobste.rs/s/bkw8vw/facebook_sending_nonposts_to_its_servers_and
[2] http://blog.higg.im/2015/04/07/facebook-sending-nonposts-to-its-servers
[3] https://www.google.com/search?q=experimenting+on+unwilling+subjects
gemini://gemini.conman.org/boston/2015/04/09.1
Finally!
Harry Potter and the Methods of Rationality [1] is finally finished! I'm so happy!
I started reading this a few years ago, but the rate of new chapters was never that fast and it's only been in the past month or so that Eliezer Yudkowsky [2] finished writing it. I think the premise is wonderful—that Harry Potter was raised by scientists and skeptically approached magic at Hogwarts by applying rational thought and scientific experimentation. It takes a while to start, but once it does, I found I could not stop reading it (well, until I reached the current chapter and had to wait a several months for the next outburst of chapters).
Over the past two nights, I've finished reading it (staying up way past my bedtime), and I must say, I found He-Who-Shall-Not-Be-Named to be a quite facinating character (when he finally did show up—oh, is that a spoiler?).
I think it's worth the read, all 122 chapters of it. Don't worry, it's a complete story with Harry winning and He-Who-Shall-Not-Be-Named losing and not a seven book series, so don't let the length discourage you if you are a Harry Potter fan—at least now you can finish it in one reading binge if you so desire.
gemini://gemini.conman.org/boston/2015/04/10.1
“Aaaaaaaaaah!”
“What happened?”
“The 16 ounce bottle of vanilla extract fell on the floor!”
“Did the bottle break?”
“No, but there's vanillia extract all over the pantry.”
“Was it the used bottle?”
“It's used now.”
“Is there any left?”
“About a quarter of the bottle is left.”
“Sigh. That was the good stuff.”
“At the very least, it will smell incredible in here for a while.”
gemini://gemini.conman.org/boston/2015/04/11.1
It's nice to know that Coyote's Flying Saucer Retrievals and Repairs [1] exists so when my C-57D [2] needs repair, I know where to go to have it checked out. The only bad thing is that it is in California [3] and not in Roswell [4] or Rachel [5] where all the flying saucer activities seem to happen in this country. I guess I'll have to keep in mind that if I crash my C-57D, I need to crash in or near Ocotillo, California [6].
[1] https://www.facebook.com/pages/Coyotes-Flying-Saucer-Retrievals-Repairs/229294090604803
[2] http://en.wikipedia.org/wiki/C-57D
[3] http://www.roadsideamerica.com/story/46466
[4] http://www.roswellufomuseum.com/roswell.html
[5] http://www.rachel-nevada.com/
[6] http://en.wikipedia.org/wiki/Ocotillo,_California
gemini://gemini.conman.org/boston/2015/04/12.1
I was reminded of SPF (Sender Policy Framework) [1] the other day. It's an anti-spam measure, primarily to help identify email spoofing [2]. I set up an SPF (Sender Policy Framework) record [3] on my domain years ago, but other than that, I haven't really done anything else with it. But being reminded of it, I thought it might be a good idea to see just how effective it could be. I'm already using a greylist daemon [4] to cut down on spam but hey, the more spam that is caught, the better.
First step—just how effective is the greylist daemon? I have the logs from the greylist daemon for the past month (March 15^th to April 11^th). Some processing on the logs and I have my answer:
Table: Unique emails processed by the greylist daemon Emails accepted 5,028 Emails rejected 5,132 Total 10,160
Wow!
A bit over 50% of the emails received by my email server are spam. I'm not sure if I should be depressed that easily half the email addressed to me is spam, or happy that the greylist daemon is an easy way to avoid false positives [5]. I suppose both are in order.
Now, I still get spam despite the greylist daemon, but all that means is that the sender is actually bothering to follow the SMTP (Simple Mail Transport Protocol) protocol—not that high a bar. So, of the emails that do get through, how much would get flagged with SPF? Okay, time to check up on the SPF specification (Sender Policy Framework) [6], and boy, is that a mess. The grammar [7] to parse SPF records requires backtracking [8] (lovely!—and lest you think a message from 2010 has any relevence to a 2014 standard, think again; the grammar [9] didn't change all that much) and not entirely context free either (sigh—one letter in the macro-expansion has two meanings depending on where it appears).
Oh, and that grammar [10]? It's actually covers three different grammars—one for parsing the SPF record itself, a second one to parse an email header, and the third a secondary text string via a secondary DNS (Domain Name System) query (the SPF record itself is obtained via a DNS query, by the way).
Okay, so munging the grammar to what I think is intended and leaving out what I don't need, I went through the log file and for each accepted email, did an SPF check according to the specification. Granted, the data I get now might not reflect the results made at the original time, but it should give me a baseline to go by.
For the test, I pulled out all emails accepted (5,028) and removed those I explicitly allowed (for example, accept anything from a given IP (Internet Protocol) address, or from a given domain) or that did not have a sender address (allowed by the SMTP protocol to prevent mailing loops when generating mail bounce messages), leaving me with 4,343 emails. Then, for those, I looked up the SPF record for the given domain, and if it had one, applied its policy.
The 4,343 accepted emails came from 1,000 unique domains, of which only 433 had an SPF record. Okay, 43% of the domains have an SPF record. And of the domains that had an SPF record, only 629 emails accepted were checked. Or 12½% of all accepted incoming emails could be checked via SPF. Sigh.
But of those that were checked via SPF, how did we fare? Were a lot spam? Or were most acceptable forms of email pef SPF policy?
Table: Results of applying SPF policy against incoming email fail 43 IP address was not allowed to send this email softfail 53 IP address should not be sending this email (used for testing) neutral 90 IP address has no policy pass 443 IP address is allowed to send this email
A 70% pass rate for SPF. Only 43, or almost 1% (or around two per day) could have been deleted as spam. Another 53 maybe, possibly, could have been deleted as spam. And 90 no idea one way or the other. Sigh.
You want to know what has a better rate of catching spam than SPF for my email? Any email addressed to my domain registration email not from the registrar. For me, I don't think it worth the effort to implement this.
[2] http://en.wikipedia.org/wiki/Email_spoofing
[3] http://www.zytrax.com/books/dns/ch9/spf.html
[5] http://en.wikipedia.org/wiki/False_positives_and_false_negatives#False_positive_error
[6] https://www.ietf.org/rfc/rfc7208.txt
[7] https://tools.ietf.org/html/rfc7208#section-12
[8] http://article.gmane.org/gmane.mail.spam.spf.devel/2080
[9] https://tools.ietf.org/html/rfc4408#appendix-A
[10] https://tools.ietf.org/html/rfc7208#section-12
gemini://gemini.conman.org/boston/2015/04/13.1
This is simply amazing.
[Don't attempt this on an emulator. This will only work on a real, honest to God, IBM 5150 with an IBM CGA card. That shouldn't be hard to get, right?] [1] [2]
I'm impressed. I didn't think it was possible to get more than 16 colors from the CGA (Computer Graphics Adapter) [3] card and here is a demo showing over 1000 colors. On a stock IBM 5150 PC [4] from 1981 (video via 8088 MPH: We Break All Your Emulators « Oldskooler Ramblings [5], from a discussion at Hacker News [6]). And for those of you who are curious as to how this was done, there're indepth articles about the graphics programming [7] (via Hacker News [8]) and the sound programming [9] (again, via Hacker News [10]).
[1] /boston/2015/04/13/one-k-cga.jpg
[2] https://www.youtube.com/watch?v=yHXx3orN35Y
[3] http://en.wikipedia.org/wiki/Color_Graphics_Adapter
[4] http://oldcomputers.net/ibm5150.html
[5] http://trixter.oldskool.org/2015/04/07/8088-mph-we-break-all-your-emulators/
[6] https://news.ycombinator.com/item?id=9338944
[7] http://www.reenigne.org/blog/1k-colours-on-cga-how-its-done/
[8] https://news.ycombinator.com/item?id=9353411
[9] http://www.reenigne.org/blog/8088-pc-speaker-mod-player-how-its-done/
[10] https://news.ycombinator.com/item?id=9356488
gemini://gemini.conman.org/boston/2015/04/14.1
The most successful fully funded crowdfunding campaign on Indiegogo is not for a new smartwatch, video game, or 3D printer. It is for a new way to harvest honey, a potential breakthrough in a practice that has not seen a significant technological advance since 1852, when the Rev. Lorenzo Langstroth [1] patented America's first movable frame beehive.
The Flow hive [2] has amassed $8.9 million from more than 25,000 backers in one month (the goal was just $70,000), a possible sign that the urban-hipster revival of beekeeping is still alive, even as the U.S. honeybee population continues to die off. (The USDA has sounded the alarm, estimating that a third of all honeybees have died since 2006. The main suspect is a class of neuro-active insecticides called Neonicotinoids.)
Via Instapundit [3], “This 'Honey on Tap' Beehive Design Just Raised $9 Million on Indiegogo [4]”
I've heard of this, but this is the first time I've seen how the Flow™ Hive works [5], and it's pretty ingenious. I know T, my fellow cow-orker, might be interested in this as he keeps bees as a hobby.
[1] http://americasbeekeeper.org/Father_of_American_Beekeeping.htm
[2] https://www.indiegogo.com/projects/flow-hive-
[3] http://pjmedia.com/instapundit/205017/
[4] http://www.popularmechanics.com/home/a15011/beekeepers
[5] https://www.youtube.com/watch?v=WbMV9qYIXqM
gemini://gemini.conman.org/boston/2015/04/15.1
Telonephobics beware! For it is the Ides of April and the second inevitability of life [1] is upon us. But fear not if you lack health insurance and cannot afford $95 or 1% of your income (whatever is higher) since it is very easy to avoid paying the [DELETED-penalty-DELETED] tax:
**#4. Get beaten by your wife.** Required documentation: None > Official text reads: "You recently experienced domestic violence. Required documentation: None." > **Translation:** Get attacked by your wife. You may then apply for the exemption by simply stating “I am exempt because my wife beat me.” No documentation required.
Via Captain Capitalism [2], “Citizen Liberty: 17 Ways To Avoid The Obamacare Tax Penalty, Including Being Beaten By Your Wife [3]”
It doesn't surprise me that a 2,700 page bill that no Congresscritter read [4] and over 33,000 pages of regulations [5] (wow! Something longer than Atlas Shrugged [6]) would have egregious loopholes in it.
Really?
Sheesh.
[1] http://en.wikipedia.org/wiki/Death_&_Taxes
[2] http://captaincapitalism.blogspot.com/2015/04/avoid-obamacare-by-
[3] http://www.citizenliberty.com/2015/04/17-ways-to-avoid-obamacare-tax-
[4] http://www.washingtonexaminer.com/obamacares-2700-pages-are-too-much-
[5] http://www.washingtonpost.com/blogs/fact-checker/post/how-many-pages-of
gemini://gemini.conman.org/boston/2015/04/16.1
I was pulled into an improptu design meeting at work. Originally it was to discuss the format of a new URI (Uniform Resource Identifier) for our Android [1] application to use, but it quickly shifted into an authentication issue on the Android platform.
I don't work on Android applications (I do the call-processing on the telephony network side, not the cellphone side), so my terminology might be a bit off but the gist of the issue is our application, named Awesome Application (name changed to protect me), comes preinstalled on Android phones. We've allowed another preinstalled application, Bodacious Bronies (name completely made up), not written by us, to, when a certain action is done by the user in Bodacious Bronies, launches our application. This is done by Awesome Application listening for an intent [2] sent by Bodacious Bronies, and then doing it's thing.
But the issue the our developer, D, had with this is to prevent the Malevolent Malcontent application (for example) from spamming Awesome Application with repeated intents. The fear here is that Malevolent Malcontent could so annoy the user with our program always popping up that the user would then uninstall Awesome Application, or worse, bitch, complain and moan to the phone carrier to remove or disable our application post-haste.
Our application could check the uid [3] or the package name of the intent sender and only do the thing it does if the sending application is allowed, but neither the uid or the package name is fixed; either one can change with an update, and if our application isn't updated with the new uid or package name, then our app does nothing since it doesn't know the intent is from an allowed application.
And other methods, like having Bodacious Bronies sign the intent (somehow) is still subject to attacks; in order to sign the intent, a private key needs to be stored with Bodacious Bronies, (and we were sure that the creators of Bodacious Bronies would not want to include a private key with the application) and what's to stop the creators of Malevolent Malcontent from nabbing that private key (the developer of Malevolent Malcontent could get an Android phone, jailbreak [4] it, and extract the Bodacious Bronies private key) and forge intents?
Security is hard. So is authentication.
There is a way to keep intents from being broadcast to every application. D was trying to find a way to avoid this, as one of our customers wanted the broadcast method of intents (for some reason—again, I'm not an Android developer so I'm not sure what the trade-offs are here) but he decided that the best course of action is to use the non-broadcast intent method. Now he has to convince the Powers-That-Be that this is the only way.
[2] http://developer.android.com/guide/components/intents-filters.html
[3] http://en.wikipedia.org/wiki/User_identifier
[4] http://www.ijailbreak.com/how-to-root/
gemini://gemini.conman.org/boston/2015/04/17.1
Today, we bring you urgent and breaking news out of Minnesota, where a battle over umlauts has been — well, not raging. What is the more polite version of raging? Occurring? Happening? Gently taking place? Something like that.
Anyway! Minnesota. Umlauts. See, there is a city in Minnesota that had been known as Lindström — or, if you saw the signs greeting you on the way in or out of town in recent years, Lindstrom.
Via Brian Yoder on MyFaceGoogleBookPlusSpace, “Minnesota’s great umlaut war is over (also, Minnesota was having an umlaut war) - The Washington Post [1]”
My first thought was couldn't the MDOT (Minnesota Department of Transportation) just spell [2] it “Lindstroem?” But then I read that Lindström has a sister city in Sweden, Tingsryd [3], and I wasn't sure if the umlaut served the same function in Swedish as it did in German. It turns out it doesn't [4], and the “ö” in Swedish is a distinct character, unlike in German where the “ö” is a shorthand notation for “oe.”
It all turned out fine though, the MDOT is going around adding umlauts on all the Lindström signs.
[1] http://www.washingtonpost.com/news/post-
[2] http://en.wikipedia.org/wiki/Diaeresis_(diacritic)#Printing_convent
[4] http://en.wikipedia.org/wiki/Swedish_orthography
gemini://gemini.conman.org/boston/2015/04/17.2
Via a link on FaceGoogleMyBookPlusSpace is an article [1] about a cut passage from an early draft of A Wrinkle In Time [2]. The article talks briefly about the cut passage and then goes into some details about Madeleine L’Engle [3], but I can't help but quote from the cut passage:
So she said, “But Father, what's wrong with security? Everybody likes to be all cosy and safe.”
“Yes,” Mr. Murry said, grimly. “Security is a most seductive thing.”
“Well—but I want to be secure, Father. I hate feeling insecure.”
“But [DELETED-not enough-DELETED] you don't love security enough so that you guide your life by it, Meg. You weren't thinking of security when you came to resuce me with Mrs Who, Mrs Whatsit, and Mrs Which.”
“But that didn't have anything to do with me,” Meg protested. “I wasn't being brave or anything. They just took me.”
Calvin, walking beside them with his load of wood, said, smiling warmly at Meg, “Yes, but when we got here you didn't go around whining or asking to go home where you could be all safe and cosy. You kept yelling, where's Father, take me to Father: You never gave a thought to security.”
“Oh,” Meg said. “Oh.” She brooded for another moment. “But I still don't see why security isn't a good thing. Why, Father?”
“I've come to the conclusion,” Mr. Murry said slowly, “that it's the greatest evil there is. Suppose your great great grandmother, and all those like her, had worried about security? They'd never have gone across the [DELETED-country-DELETED] land in flimsy covered wagons. Our country has been greatest when it has been most insecure. This [DELETED-longin-DELETED] sick longing for security is a dangerous thing, Meg, as insidious as the strontium 90 from our nuclear explosions that worried you so about Charles Wallace when you read in science at school that it was being found in greater and greater quantities in milk. You can't see strontium 90. You can't feel it or touch it. But it's there. So is the panicky searching for conformity, for security. Maybe it's because of the Black Thing, Meg. Maybe this lust for security is like a disease germ that it has let loose on our land. I don't know, Meg. All I realize now is that my fight is much bigger than this little one on Camazotz.”
Despite being written over fifty years ago, it seems to apply more to us today than it did in 1962 (and here's a discription of Camazotz [4] if you are unfamiliar with the book).
[1] http://www.wsj.com/articles/a-new-wrinkle-in-time-1429219305?mod=e2fb
[2] https://www.amazon.com/exec/obidos/ASIN/0312367546/conmanlaborat-20
[3] http://www.madeleinelengle.com/madeleine-lengle/
[4] http://en.wikipedia.org/wiki/Places_in_the_works_of_Madeleine_L'Engle#Other_planets
gemini://gemini.conman.org/boston/2015/04/18.1
Tell me, does any of this sound familiar?
(1) Random acts of violence by crazy individuals, often taking place at schools …
(2) The other major source of instability and violence comes from terrorists, who are now a major threat to U.S. interests, and even manage to attack buildings within the United States.
(3) Prices have increased sixfold between 1960 and 2010 because of inflation. …
(4) The most powerful U.S. rival is no longer the Soviet Union, but China. However, much of the competition between the U.S. and Asia is played out in economics, trade, and technology instead of overt warfare.
(5) Europeans have formed a union of nations to improve their economic prospects and influence on world affairs. In international issues, Britain tends to side with the U.S., but other countries in Europe are often critical of U.S. initiatives.
(6) Africa still trails far behind the rest of the world in economic development, and Israel remains the epicenter of tensions in the Middle East.
(7) Although some people still get married, many in the younger generation now prefer short-term hookups without long-term commitment.
(8) Gay and bisexual lifestyles have gone mainstream, and pharmaceuticals to improve sexual performance are widely used (and even advertised in the media).
(9) Many decades of affirmative action have brought blacks into positions of power, but racial tensions still simmer throughout society.
(10) Motor vehicles increasingly run on electric fuel cells. …
(11) Yet Detroit has not prospered, and is almost a ghost town because of all the shuttered factories. However. a new kind of music … has sprung up in the city.
(12) TV news channels have now gone global via satellite.
(13) TiVo-type systems allow people to view TV programs according to their own schedule.
(14) Inflight entertainment systems on planes now include video programs and news accessible on individual screens at each seat.
(15) People rely on avatars to represent themselves on video screens …
(16) Computer documents are generated with laser printers.
(17) A social and political backlash has marginalized tobacco, but marijuana has been decriminalized.
Oh, and let's not forget President Obomi.
Wait—what?
What you read was eighteen predictions (The Millions : The Weird 1969 New Wave Sci-Fi Novel that Correctly Predicted the Current Day) [1] (link via Hacker News [2]) made by John Brunner [3] is his 1969 novel Stand on Zanzibar [4]. It's an incredible list, scarily accurate in its portrayal of life in 2010. I never read that book, but I did read Shockwave Rider [5] that predicted a global network besieged with malware and The Sheep Look Up [6], a book about global environmental collapse that was the single most scary book I've ever read (that I try not to think about too much least I start having nightmares again). Both of those were very good (even if The Sheep Look Up [7] is too horrifying to think about), so I would think Stand on Zanzibar [8] would be great as well.
[2] https://news.ycombinator.com/item?id=9399457
[3] http://en.wikipedia.org/wiki/John_Brunner_(novelist)
[4] https://www.amazon.com/exec/obidos/ASIN/0765326787/conmanlaborat-20
[5] https://www.amazon.com/exec/obidos/ASIN/0345467175/conmanlaborat-20
[6] https://www.amazon.com/exec/obidos/ASIN/B00J5X5LVQ/conmanlaborat-20
[7] https://www.amazon.com/exec/obidos/ASIN/B00J5X5LVQ/conmanlaborat-20
[8] https://www.amazon.com/exec/obidos/ASIN/0765326787/conmanlaborat-20
gemini://gemini.conman.org/boston/2015/04/19.1
This self-portrait:
[I swear I thought it was a red jelly bean!] [1]
also happens to be a valid QR code (Quick Response Code) [2]. Go head, try it if you can. See how deep the rabbit hole goes.
For the curious, I used QArt Coder [3] to generate the image. And for the really curious, the theory behind how it works [4].
[1] /boston/2015/04/19/spc-qc-medium.png
[2] http://en.wikipedia.org/wiki/QR_code
[3] http://research.swtch.com/qr/draw
[4] http://research.swtch.com/qart
gemini://gemini.conman.org/boston/2015/04/20.1
[I don't think it has the whole toilet paper thing down quite yet] [1]
Because a picture of a bunny with a pancake on its head [2] is cliché.
[1] /boston/2015/04/20/BunnyWithTP.jpg
[2] http://en.wikipedia.org/wiki/Oolong_(rabbit)
gemini://gemini.conman.org/boston/2015/04/21.1
“Do you know how I get to the timesheet application?”
“Timesheet application? You want to apply for some vacation time?”
“Yes.”
“Okay, first you need to log into the VPN (Virtual Private Network).”
“But we're in the office, why do I need to log into the VPN?”
“No, you're thinkging of The Corpration VPN. You need to log into the Corporation Overlord Corporation VPN.”
“Oh. Where do I go to log into that?”
“Here, let me email you the location.”
“Thank you. Hmm … Ah, I use that account name … but I don't seem to know the password for that account. Is it the same as any other password you use?”
“No, it's a different password.”
“Sigh. … Okay it's not that password … and it's not that password. I'm afraid of trying it a third time lest I get locked out.”
“So once you reset your password and can log on, do not select the ‘Timesheet Application’ but instead select the ‘Monopolistic Database Corporation Application Suite’ instead.”
“Do tell.”
“Yeah, I can't make this stuff up even if I wanted to.”
“So skip ‘Timesheet Application’ and instead use the ‘Monopolistic Database Corporation Application Suite.’”
“Yes.”
“I won't ask.”
“Good, beacuse I don't know the answer.”
gemini://gemini.conman.org/boston/2015/04/21.2
“Okay, I copied down the new password.”
…
“Wait? I'm stuck with that password?”
…
“Oh, I can't change the password for ten days. Then I can change it to something less obvious.”
…
“Okay, fine. Now let me try logging into the site.”
…
“No, I don't have Internet Explorer.”
…
“No, I'm not running Windows 7, or any version of Windows for that matter.”
…
“A Macintosh.”
…
“No, really.”
…
“No, I'm not running Google Chrome.”
…
“Firefox.”
…
“Is there a joke I didn't get?”
gemini://gemini.conman.org/boston/2015/04/22.1
A couple of months ago, I was at a party somewhere, and a boy came up to me who was, like, 8 or 10 years old, and he said, “Oh, I really liked Airplane! I thought it was really funny!” And I said, “How was it that you came to see it?” And he said, “Well, my grandfather made me watch it.” [Laughs.] If you’d told us in 1980 that the grandkids of the audience would be the ones who’d keep the movie going, it would’ve been very gratifying. But I don’t think we ever anticipated it. And it’s one of the great thrills, I think, of all of our lives that it still remains well known.
Via Instapundit [1], “Surely you can’t be serious: An oral history of Airplane! · Oral History · The A.V. Club [2]”
It's an oral history of the making of “Airplane! [3]” from many people who were involved in the making of one of the funniest movies to ever come out of Hollywood. And stop calling me Shirley.
[1] http://pjmedia.com/instapundit/205348/
[2] http://www.avclub.com/article/surely-you-cant-be-
[3] http://www.imdb.com/title/tt0080339/
gemini://gemini.conman.org/boston/2015/04/23.1
From: "John" <yjonjens@mail.com [1]>
To: sean@conman.org
Subject: business leads
Date: Thu, 23 Apr 2015 17:22:50 +0200
> Hey,
You are receiving this email because we wish you to use our email marketing service.
We wish to be your email marketing partner, we can grow your business 2-5 times than now.
If you would require more information please send us an email and we would be glad to discuss the project requirements with you soon. Looking forward to your positive response.
Kind Regards > John > Email: pottleyo@aliyun.com [2]
> * * * * *
This e-mail message and its attachments (if any) are intended solely for the use of the addressee(s) hereof. In addition, this message and the attachments (if any) may contain information that is confidential, privileged and exempt from disclosure under applicable law. If you are not the intended recipient of this message, you are prohibited from reading, disclosing, reproducing, distributing, disseminating or otherwise using this transmission. Delivery of this message to any person other than the intended recipient is not intended to waive any right or privilege. If you have received this message in error, please promptly notify the sender and immediately delete this message from your system.
If you don't wish our future news letter, pls send address to ttickmay@aliyun.com [3] for removal.
I'm only reproducing this because of the disclaimer. Really? You're fishing for clients, not giving legal, medical or confidential information. It doesn't mean a thing. Also, when I tried searching for this, Google [4] helpfully mentioned:
**Did you mean:** This e-mail message and its attachments (if any) are intended solely for the use of the addressee(s) **thereof.** In addition, this message and the attachments (if any) may contain information that is confidential, privileged and exempt from disclosure under ap…
Heh.
Also, that text shows up on a lot of emails. A lot.
I would like to note that this came from 135328.com, a domain registered in China, from a server in Williamsville, NY [5]. The email was from yjonjens@mail.com [6], which is from a domain registered to a company in Chesterbrook, PA [7] and administered by a German company in Karlsruhe [8]. The default Reply-To: address is broling@aliyun.com [9], which is from a copmany in China registered by what appears to be either a European or American. And as you can see, it doesn't match the “sender” address, nor the address mentioned in the email itself. I'm not worried about being sued by these jokers.
[2] mailto:pottleyo@aliyun.com
[3] mailto:ttickmay@aliyun.com
[5] http://www.walkablewilliamsville.com/
[7] http://en.wikipedia.org/wiki/Chesterbrook,_Pennsylvania
[8] http://en.wikipedia.org/wiki/Karlsruhe
gemini://gemini.conman.org/boston/2015/04/24.1
Luacheck is a static analyzer and a linter for Lua [1]. Luacheck detects various issues such as usage of undefined global variables, unused variables and values, accessing uninitialized variables, unreachable code and more.
“Luacheck [2]”
The one real issue I have with Lua [3] is its dynamic typing [4]. Of all the bugs I fix in my own Lua code, I would say that the majority are due to typos (wrong variable name) or an unexpected type. So I was quite happy to come across and try out Luacheck. And fortunately, it's pretty straightforward to run [5].
I ran it over “Project: Sippy- Cup [6]” and … wow. The extensive regression test I have has already flushed out the typos and the unexpected type errors I tend to make. But Luacheck found quite a few unused variables (which is nice—it also found a bunch of unsused LPeg [7] expressions) and a ton of unintentional global variables (because I forgot to declare them with local).
The output is easy to read (here's a representative sample from some non- work related code I have):
>
```
Checking ptest-cr-select.lua **Failure**
ptest-cr-select.lua:53:9: variable **amount** was previously defined as an argument on line 52
ptest-cr-select.lua:128:9: variable **okay** is never accessed
ptest-cr-select.lua:193:40: unused argument **event**
ptest-cr-select.lua:197:43: shadowing upvalue **conn** on line 194
ptest-cr-select.lua:213:21: shadowing upvalue **argument** event on line 193
ptest-cr-select.lua:215:15: unused variable **rem**
ptest-cr-select.lua:215:15: shadowing upvalue **rem** on line 194
Total: **7** warnings / **0** errors in 1 file
```
About the only false positive it finds is this idiom:
>
```
function foo(param1,param2)
local param1 = param1 or "default value"
local param2 = param2 or 3
local a = ...
-- ...
end
```
where it will flag param1 and param2 as shadowing an upvalue. This idiom though, is used to provide a default value if a parameter isn't given to a function. It's easy enough to fix, either:
>
```
function foo(param1,param2)
param1 = param1 or "default value"
param2 = param2 or 3
local a = ...
-- ...
end
```
or
>
```
function foo(param1,param2)
local param1 = param1 or "default value" -- luacheck: ignore
local param2 = param2 or 3 -- luacheck: ignore
local a = ...
-- ...
end
```
Overall, I'm glad I found this tool. It's been a real eye opener.
[2] https://github.com/mpeterv/luacheck
[5] http://luacheck.readthedocs.org/
gemini://gemini.conman.org/boston/2015/04/25.1
Bunny and I just saw Jamie & Adam UNLEASHED [1] at the Kravis Center [2]. What a fun show. Adam and Jamie would select [DELETED-crash test dummies-DELETED] [DELETED-victims-DELETED] volunteers (and there were no shortage of thoses) to come up on stage to help demonstrate some principle of physics, such as a nine year old girl lifting two grown men a foot above the stage, or arranging four men in a sitting position without chairs, and other physics-based tricks.
They also talked about several myths they've done on their show Mythbusters [3] which included lots of explosions. A lot of explosions. Including a several minute clip of various things they've exploded over the years (like water heaters, cars, buildings, cement trunks, more cars and in general, nearly every type of explosive device you can conceive of) that nearly brought down the house (literally, since they boosted the base so you could feel the explosions rattling the theater).
And to end the show, they shot a volunteer with a paintball gatling gun [4] for what seemed like a solid minute (don't worry—the volunteer was wearing the suit of armor Adam wore to protect him underwater from sharks [5]) leaving one paint covered volunteer and a volunteer shaped space on the wall behind him.
Very amusing stuff.
But I think the most amusing thing to happen at the show happened during intermission. I received the following text message:
[“Is this still Sean Conner's phone?” “Yes” “Look to your right”] [6]
I didn't recognize the number, and it took me a few moments to decide to even answer “Yes.” The response to my response was classic, and indeed, when I looked to my right, I saw my old roommate Rob, his wife Laura, Squeaky and his wife Tanya, sitting at the other end of the aisle.
'Tis a small world indeed.
[1] http://www.mythbusterstour.com/about#
[3] http://www.discovery.com/tv-shows/mythbusters/
[4] http://en.wikipedia.org/wiki/Gatling_gun
[5] https://www.youtube.com/watch?v=GL411hkK2vE
[6] /boston/2015/04/25/text-message.png
gemini://gemini.conman.org/boston/2015/04/26.1
The script kiddies are active tonight.
>
```
Chain ssh-block (1 references)
pkts bytes target prot opt in out source destination
17 1812 REJECT all -- * * 188.135.202.39 0.0.0.0/0 reject-with icmp-port-unreachable
38 2272 REJECT all -- * * 113.106.85.23 0.0.0.0/0 reject-with icmp-port-unreachable
4 348 REJECT all -- * * 117.253.105.235 0.0.0.0/0 reject-with icmp-port-unreachable
19 2080 REJECT all -- * * 37.190.87.219 0.0.0.0/0 reject-with icmp-port-unreachable
20 2316 REJECT all -- * * 187.72.49.52 0.0.0.0/0 reject-with icmp-port-unreachable
16 1796 REJECT all -- * * 201.75.109.180 0.0.0.0/0 reject-with icmp-port-unreachable
512 25388 REJECT all -- * * 218.83.6.81 0.0.0.0/0 reject-with icmp-port-unreachable
20 2248 REJECT all -- * * 177.70.122.255 0.0.0.0/0 reject-with icmp-port-unreachable
15 1800 REJECT all -- * * 117.253.215.122 0.0.0.0/0 reject-with icmp-port-unreachable
17 2032 REJECT all -- * * 117.244.25.226 0.0.0.0/0 reject-with icmp-port-unreachable
18 2048 REJECT all -- * * 134.255.165.240 0.0.0.0/0 reject-with icmp-port-unreachable
17 1964 REJECT all -- * * 187.49.248.42 0.0.0.0/0 reject-with icmp-port-unreachable
```
These are just the script kiddies caught trying to brute force a login to my home machine over the past hour (they're blocked after five attempts, and the block remains for an hour lest I end up with hundreds of entries). I wonder if there's a quota they have to meet?
gemini://gemini.conman.org/boston/2015/04/27.1
I sit down. As soon as I do, the phlebotomist drops a padded bar across the seat. Sure, they claim its for resting your arm while they draw blood, but it's real purpose is to keep people from escaping. Most people don't hear the soft click as it's locked into position.
Then my arm is wrapped with a large rubber band, cutting circulation to my hand. Again, the claimed reason is to help a vein rise to the surface of the arm, but in reality, it's there to weaken the arm so you can't fight.
I'm surprised that I'm letting them do this to me. There must be something in the air to keep me docile throughout the procedure.
“This won't hurt a bit.” A lie. Not quite as bad as “the check is in the mail,” or “I'm from the government, I'm here to help,” but it's still a lie.
“Aaaaaaaaaaaaaaaaaiiiiiiiiiiiiiiiiieeeeeeeeeeaaaaaarrrrrrrrrrrrrrg!”
“I haven't started yet.”
“Just pract—aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaah!”
“Just a few moments more.”
“Aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaahhhhhhhhhhhhhhhhhhhhhhhhhh!”
“Be patient.”
“Errrrrrrrrrrrrr—are you a phlebotomist, or a vampire?”
“That remark cost you three more vials.”
“Aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaarrrrrrrrrrrreeeeeeiiiiiiii!”
“There we go, that wasn't so bad, was it?”
“Aaaaaaaaaaaaaaaaaaaaaaaaaah!”
“The needle is out.”
“Aaaaaaaaaaaa—oh.”
“Here, hold this cotton pad here.”
I reach over with my other, non-blood-starved hand and place it over the cotton pad to staunch the flow of blood. The phlebotomist then tapes the cotton pad and my hand to my arm. “Um, you taped my hand to my arm.”
A very subtle click as the bar across the chair is lifted. “You are free to go.”
“Um. My hand is still taped to my arm.”
“Just pull it off. It won't hurt.”
gemini://gemini.conman.org/boston/2015/04/28.1
Everybody knows how to ride a bike, right? But not everybody unlearns how to ride a bike. But Destin Sandlin did just that [1] (link via Jason Kottke [2] and no, it did not involve injury or a rare disease—he did this intentionally). He also untaught his six-year old son, who proved more adaptable because he was younger.
So, how do you unlearn riding a bike? Well, first off, you get a bicycle that steers backwards …
[1] https://www.youtube.com/watch?v=MFzDaBzBlL0
[2] http://kottke.org/15/04/the-backwards-bike-will-break-your-brain
gemini://gemini.conman.org/boston/2015/04/29.1
To help test “Project: Sippy-Cup [1],” I wrote a mock component [2] to return precanned data releated to our test data. The mock component is basically a specialized DNS (Domain Name Service) server that only expects a certain type of query. I wrote it so it would be easier to configure and run than a full blown bind [3] installation.
But for the past few weeks it was crashing and pretty much the only report I would get back is “it crashed.” Sigh. I did find the error path in the mock component to be a bit spotty, but this was never intended to be a full blown product but rather something that would work just well enough to get the testing done. I never tested it with bogus queries because I never expected it to get bogus queries. We had control over all the data. The mock component would only talk to programs we were testing.
Even after fixing some “how did I not see that error?” type problems, the mock component was still crashing, and the only way that could happen is if the queries being sent were too large (over 512 bytes), the query was corrupted or malformed and could not be decoded, or if the query wasn't the single query type supported by the mock component. And there was no way any of that could happen. We controlled all the data!
Or so I thought.
It turns out the mock component was receiving God knows what from random computers on the Internet, which is incredible when the computer the mock component is running on **doesn't have a public IP (Internet Procotol) address!**
Well, okay, it does have a public address, but it's a public IPv6 (Internet Procotol version 6) address, but the queries causing the crashes were all coming from IPv4 (Internet Procotol version 4) addresses.
Wow.
About the only thing I got to explain that behavior is the IPv6 address is routed via a tunnel, and perhaps there's some routing leakage that lets public IPv4 packets through. Other than that, I got nothing.
At the very least, I did fix the dodgy error handling so the mock component doesn't crash from data that it shouldn't get.
[2] http://en.wikipedia.org/wiki/Mock_object
[3] https://www.isc.org/downloads/bind/
gemini://gemini.conman.org/boston/2015/04/29.2
Bunny was in the process of cutting up an old computer desk on the back porch with a sawzall when a chunk fell off in such a way not to break her big toe, but rip the nail off of it (ugh).
[It is perhaps a bad idea to cut heavy objects while not wearing steel tipped shoes.] [1]
She managed to bandage it up and off we headed to the non-emergency emergency room at the local hospital. Bunny said it was more of a clinic than an emergency room but that it happens to be located in the emergency room.
Ooookay.
I drop her off, then spent the next ten minutes trying to locate the parking lot. Turns out that at the Boca Raton Regional Hospital [2], the emergency room parking lot (as well as the non-emergency emergency room parking lot) was across the street, marked by a few tiny signs with a low albedo.
Oddly enough, the emergency room wasn't crowded, and thus non-emergency emerency room wasn't crowded. By the time I had arrived in person, Bunny was already in the bowels of the hospital being treated.
And I'm stuck in the waiting room watching “Jurassic Park III [3].”
[1] /boston/2015/04/29/Oops.jpg
[3] http://www.imdb.com/title/tt0163025/
gemini://gemini.conman.org/boston/2015/04/29.3
A bunch of people got eaten. Sam Neil managed to escape being eaten. The dinosaurs [1] still roam that Central American Island like they own the place or something. And Bunny finally limped out of the non-emergency emergency room.
[And here we see the very latest in the Spring Line of Foot Braces.] [2]
One clunky foot brace, some good medicine, dinner from Denny's [3] (slogan: “You never start out for us, but you'll always end up here”) and all is, mostly, right with the world.
[1] http://www.imdb.com/title/tt0163025/
[2] /boston/2015/04/29/owie.jpg
gemini://gemini.conman.org/boston/2015/04/30.1
This is one of those “Oh, yeah, I didn't think that through, did I?” type of bug.
I wrote a signal module [1] for Lua [2], which can handle both ANSI C [3] and POSIX signals [4] with largly the same API (the POSIX [5] implementation one has some additional functions defined).
Handling signals in Lua is not that straightforward because of the nature of signals—you are effectively writting multithreaded code [6]. You just can't call back into Lua from the signal handler (while the Lua VM (Virtual Machine) has no static data and each Lua state is isolated unto itself, two threads sharing a Lua state can lead to problemss). The only Lua function you can safely call is lua_sethook() [7], which can be used to stop the Lua VM at the next VM instruction (it's typically used for debugging and signal handing [8]). This callback can then call back into Lua [9]. It is a bit convoluted (the signal handler will call lua_sethook() and return; the Lua VM will resume and then call the hook), but it does allow you to write signal handlers in Lua:
>
```
signal.catch('windowchange',function()
print("Wheeee! Our terminal just resized!")
end)
```
and not have it blow up on you.
So, with that in mind, I give you this code:
>
```
local net = require "org.conman.net"
local clock = require "org.conman.clock"
local signal = require "org.conman.signal"
local raddr = net.address("127.0.0.1",udp,'echo')
local sock = net.socket(raddr.family,'udp')
signal.catch('alarm',function()
sock:send(raddr,tostring(clock.get()))
end)
clock.itimer(1)
local previous = clock.get()
while true do
local _,data = sock:recv()
local now = clock.get()
if data then
local zen = tonumber(data)
print(string.format("%.7f\t%.7f",now - zen,now - previous))
previous = now
end
end
```
This is a UDP (User Datagram Protocol) echo client program. signal.catch() handles the alarm signal (SIGALRM) by sending a packet of data (which is just the current time) to the echo server. clock.itimer() informs the kernel to send the alarm signal once a second. So once a second, our program receives the alarm signal and sends the current time. Then, in an infinite loop, we just wait for packets to arrive (which should be the packets we sent to the echo server—they're “echoed” back to us) and we calculate how long the packet took round trip and how long it was from the previous packet. The output looks like:
>
```
0.0002971 1.0014961
0.0003922 0.9999950
0.0002851 0.9998930
0.0003171 1.0000319
0.0003910 0.9999740
0.0002551 0.9998641
0.0003359 1.0000808
```
The first column is the round trip time (in seconds) for the packet (around 3 to 4 ten thousandths of a second), and the second column is how long (in seconds) from the previous packet (a second, give or take a few ten thousandths).
But our call to sock:recv() is interrupted by the alarm signal. Unfortunately, one side effect of signals is that they will interrupt “long running” system calls, which is almost always system calls dealing with I/O, such as read() or write(). When such a call is interrupted, the system call will return an error of EINTR. We can see this if we change the code a bit:
>
```
local net = require "org.conman.net"
local clock = require "org.conman.clock"
local signal = require "org.conman.signal"
local errno = require "org.conman.errno"
local raddr = net.address("192.168.90.118",'udp',22222)
local sock = net.socket(raddr.family,'udp')
signal.default('int')
signal.catch('alarm',function()
sock:send(raddr,tostring(clock.get()))
end)
clock.itimer(1)
local previous = clock.get()
while true do
local _,data,err = sock:recv()
local now = clock.get()
if data then
local zen = tonumber(data)
print(string.format("%.7f\t%.7f",now - zen,now - previous))
previous = now
else
print(">>>",errno[err])
end
end
```
and when we run it:
>
```
>>> Interrupted system call
0.0003049 1.0015509
>>> Interrupted system call
0.0002320 0.9998269
>>> Interrupted system call
0.0002131 0.9999812
>>> Interrupted system call
0.0001860 0.9999728
>>> Interrupted system call
0.0002639 0.9999781
```
With POSIX, you can specify that for a given signal, system calls are to be automatically restarted so you can dispense with EINTR error handling.
And here's were we finally get to the “Oh, yeah, I didn't think that through, did I?” type of bug.
Not wanting the code to be interrupted by the alarm signal, I changed the call to signal.catch() so it would restart any system calls:
>
```
signal.catch('alarm',function()
sock:send(raddr,tostring(clock.get()))
end,'restart')
```
When I ran the code, I got nothing! There was simply no ouput happening. It caught me by surprise and it took me several minutes to figure out what was happening (or rather, what wasn't happening):
And thus we get to the punchline: the Lua VM doesn't resume because we're still in a system call! And thus, the signal handler written in Lua is never called, which doesn't send a packet, because we're stuck in our system call (recvfrom()) waiting for some data that will never arrive.
D'oh!
If the above code were written in C, there would be no issue; clock_gettime() and sendto() (the system calls underlying the Lua functions clock.get() and sock:send() respectively) are safe to call from a signal handler [10]. I may not have been able to safely convert the time to text (since snprintf()—the only standard C function able to convert numbers to text, isn't documented as being safe to call in a signal handler) but sending the raw binary values would be okay in that case.
But this isn't C, it's Lua. And what we have here is a type of leaky abstraction [11]. That 20/20 hindsight is such a bastard.
[1] https://github.com/spc476/lua-conmanorg/blob/master/src/signal.c
[5] http://pubs.opengroup.org/onlinepubs/9699919799/functions/V2_chap02.html#tag_15_04
[7] http://www.lua.org/manual/5.3/manual.html#lua_sethook
[8] http://www.lua.org/source/5.3/lua.c.html#laction
[9] http://www.lua.org/source/5.3/lua.c.html#lstop
[10] http://pubs.opengroup.org/onlinepubs/9699919799/functions/V2_chap02.html#tag_15_04_03_03
[11] http://www.joelonsoftware.com/articles/LeakyAbstractions.html
gemini://gemini.conman.org/boston/2015/05/01.1
Most of the patients here have been diagnosed with garden-variety neurological disorders: schizophrenia, dementia, psychosis, severe depression, or bipolarism. But the ones I am searching for are different. They suffer from an affliction even more puzzling: They believe that they are dead.
It’s a rare disorder called Cotard’s syndrome, which few understand. For patients who have it, their hearts beat and lungs pump, yet they deny their existence or functionality of their bodies, organs or brains. They think their self is detached.
Via Hacker News [1], “Living With Being Dead — Matter — Medium [2]”
I would like to congratulate Sean Hoade [3] on his Zombi epalooza interview [4], and what better way to do that than to link to an article about people who think they're dead. Does that mean they think they're zombies? Or ghosts? Or just dead and their body has yet to notice?
[1] https://news.ycombinator.com/item?id=9454005
[2] https://medium.com/matter/living-with-being-dead-
[4] https://www.youtube.com/watch?v=Rdp6bxyKLZU&feature=youtu.be
gemini://gemini.conman.org/boston/2015/05/02.1
Sigh.
I hate web based applications, because as soon as you get used to the interface—**BAM** some attention-deficit programmers [1] change how everthing works, just because. Google Maps [2] is a good example of this. It's still perhaps the best mapping application out there and I always use it, but every few months they change how the entire interface works, destroying existing patterns of use and wasting days, nay weeks of time as I attempt to learn how to use the features I use, only to find out half of them have been removed, because.
Ahhhhhhhhh!
But today I'm not here to bury Google Maps, but Facebook [3]. They broke my posting application. The application I use when I post to this blog [4] and send notification to Facebook that is posted on my … whatever that thing is called at Facebook. My wall? Timestream? Spam channel? Whatever it's called.
Facebook changed how things work on the backend, and now I'm getting the dreaded 803 error [5] (and of course there are no real answers there [6]).
Thank you Facebook.
Thank you a lot.
[1] http://www.jwz.org/doc/cadt.html
[2] https://www.google.com/maps
[4] https://boston.conman.org/
gemini://gemini.conman.org/boston/2015/05/02.2
It appears that Facebook [1] wants to be the internet (much like Google [2] in fact) or at the very least, force the impression that the web is Facebook. Why else make such a drastic change in API (Application Programming Interface) that disallows small blogging sites from updating Facebook remotely?
After spending several hours pouring over the Facebook API documentation [3], my eyes are glazing over and from what I can see, it appears Facebook only supports three use cases (aisde from using the Facebook website itself):
And that last one—it's someone actively using the website. My now-broken application? That was kicked off when I posted to my blog (most of the time that's via email, where I can use an editor of my choice to compose the entry instead of whatever hideous crap editing you get in a TEXTAREA on a webpage) where I may or may not be logged into Facebook at the time (usually not, not that it matters at all for tracking purposes, which is for another post).
And my application wasn't the only one Facebook broke [6]. And that appliation looks like it won't be fixed [7] [DELETED-any time soon-DELETED] ever! (sorry Dan [8])
So it looks like I'm stuck manually posting to Facebook when I update here. I was already updating GooglePlus [9] manually because they have yet to provide an API to update remotely (I don't expect one any time soon). I suppose I could automatically update Twitter, which can update Facebook [10] (now that I worked around the broken Twitter API [11]—are you seeing a pattern here?) but there's no telling how long that will last; I'd be stuck with a 140 character limit including the link and well … no.
There's more to the web than just GoogleMyFacePlusSpaceBook, and long term, I think it'll be easier to just manually update FaceGoogleMyBookPlusSpace. XXXX the GoogleMyFaceSpaceBookTwitterPlus APIs. XXXX them all!
Petty, I know [12], but it made me feel better.
[3] https://developers.facebook.com/
[4] http://developer.android.com/index.html
[5] https://developer.apple.com/devcenter/ios/index.action
[6] http://fbcmd.dtompkins.com/
[7] https://groups.google.com/forum/#!topic/fbcmd/5blSRl6wzkA
[8] http://www.flutterby.com/archives/comments/21508.html
[10] https://facebook.twitter.com/
[12] https://github.com/spc476/mod_blog/commit/64e26807486dcec270278327af2ef3e05d56ba91
gemini://gemini.conman.org/boston/2015/05/03.1
Ah, Lost Wages [1]. It's been a few years since my last visit [2], but each time I've been there, I technically wasn't in Las Vegas, but in Paradise [3]. Paradise, Nevada [4] to be precise.
And yes, it was a tax dodge.
[1] http://www.lasvegasnevada.gov/
[3] https://www.youtube.com/watch?v=naDCCW5TSpU
[4] http://en.wikipedia.org/wiki/Paradise,_Nevada
gemini://gemini.conman.org/boston/2015/05/04.1
[Getting hit in the nuts hurts a lot more than getting hit in the head. Conclusion: Evolution thinks that your nuts are more important than your brain. I agree with evolution.] [1] [2] [Getting hit in the nuts hurts a lot more than getting hit in the head. Conclusion: Evolution thinks that your nuts are more important than your brain. I agree with evolution.] [3] [4] [Getting hit in the nuts hurts a lot more than getting hit in the head. Conclusion: Evolution thinks that your nuts are more important than your brain. I agree with evolution.] [5] [6] [Getting hit in the nuts hurts a lot more than getting hit in the head. Conclusion: Evolution thinks that your nuts are more important than your brain. I agree with evolution.] [7] [8] [Getting hit in the nuts hurts a lot more than getting hit in the head. Conclusion: Evolution thinks that your nuts are more important than your brain. I agree with evolution.] [9] [10]
So … does this mean The Empire should have installed a cup on the Death Star?
May the Fourth be with you!
[1] /boston/2015/05/04/one.png
[2] http://abstrusegoose.com/571
[3] /boston/2015/05/04/two.png
[4] http://abstrusegoose.com/571
[5] /boston/2015/05/04/three.png
[6] http://abstrusegoose.com/571
[7] /boston/2015/05/04/four.png
[8] http://abstrusegoose.com/571
[9] /boston/2015/05/04/five.png
[10] http://abstrusegoose.com/571
gemini://gemini.conman.org/boston/2015/05/05.1
It's been brought to my attention by a few parties that my blog was unviewable on some smartphones; which smartphones I don't know (but I suspect Android [1] based devices). I finally got around to it [2] and the changes were minimal. This:
>
```
<meta name="HandHeldFriendly" content="True">
```
(the Google Mobile-Friendly Test [3] fell on the floor laughing when it encountered that line) changed to:
>
```
<meta name="viewport" content="width=device-width, initial-scale=1">
```
And that's it for the HTML (HyperText Markup Language) changes. The CSS (Cascading Style Sheets) changes weren't that bad, once I figured out what was needed. I asked a fellow cow-orker, D, what I needed to do in order to serve up a “mobile-friendly CSS file” and his advice was: “Do whatever CNN (Cable Network News: Scaring the crap out of people 24/7 since 1990!) [4] does.”
Sigh.
It appears there is no real reliable way to detect a smartphone through CSS only. Sure, I could try to detect a smartphone by sniffing the user agent [5], but I wanted something easy, not something error prone despite a ton of ongoing configuration and testing. So that was out. And the obvious media query [6]:
>
```
<link media="handheld" rel="stylesheet" href="/CSS/smartphone.css" type="text/css">
```
was right out because “smartphones” are “smart” and not at all a “handheld.” Sheesh.
I ended up doing what CNN did—base the style upon the width of the browser. It seems that a “safe” width for smartphones is around 736 pixels [7]. Larger than that, and I can assume a real desktop (or laptop) display; that or less and hey, treat it as a smartphone. And if your browser window on the desktop (or laptop) is less than 737 pixels, you'll get the “mobile” version of my site.
Anyway, the changes weren't all that bad. The “not-main-content” is positioned via CSS and that's all I really wanted to change. For instance, I had this style for the main content:
>
```
/* Yes, the DIV is redundant. I left it in because I want to be explicit */
DIV#content
{
margin-top: 0;
margin-bottom: 0;
margin-left: 220px;
margin-right: 180px;
border: 0;
padding: 0;
}
```
To fix this for the smartphone:
>
```
DIV#content
{
margin-top: 0;
margin-bottom: 0;
margin-left: 220px;
margin-right: 180px;
border: 0;
padding: 0;
}
/* override some previous settings for "smartphones" */
@media screen and (max-device-width: 736px),
screen and (max-width: 736px)
{
DIV#content
{
margin-left: 0;
margin-right: 0;
}
}
```
The rest of the changes were along those lines for the major portions of the page—override the placement settings for the various bits and pieces.
So now the blog should be readable on small devices [8].
I hope.
[1] https://www.android.com/intl/en_us/
[2] https://www.amazon.com/exec/obidos/ASIN/B009RP7I2C/conmanlaborat-20
[3] https://www.google.com/webmasters/tools/mobile-friendly/
[5] https://developer.mozilla.org/en-US/docs/Browser_detection_using_the_user_agent
[6] http://www.w3.org/TR/css3-mediaqueries/
[7] http://stephen.io/mediaqueries/
[8] https://www.google.com/webmasters/tools/mobile-friendly/?url=http%3A%2F%2Fboston.conman.org%2F
gemini://gemini.conman.org/boston/2015/05/05.2
It seems that one Sylvia Ann Driskell is suing homosexuals [1] (link via Flutterby [2]). The handwritten lawsuit is a riot to read, but ultimately, it does seem that Ms. Driskell might be in need of some mental care (if not a proofreader).
Also, I think that Ms. Driskell needs to read (or listen) to Matthew Vines' talk on the Bible and homosexuality [3] (it's long, but I think it's worth the time if only for some Christians to gain some perspective, and for gays to get some counter arguments for the Westboro Baptist Churches [4] out there).
[1] http://ia801502.us.archive.org/2/items/gov.uscourts.ned.69317/gov.uscourts.ned.69317.1.0.pdf
[2] http://www.flutterby.com/archives/comments/21532.html
[3] http://www.matthewvines.com/transcript/
[4] http://en.wikipedia.org/wiki/Westboro_Baptist_Church
gemini://gemini.conman.org/boston/2015/05/06.1
I'm watching an animated interview of Buckminster Fuller [1] when I see this sequence of equations:
a = b a^2 = ab a^2 - b^2 = ab - b^2 (a+b)(a-b) = b(a-b) a+b = b 2b = b 2 = 1
And I'm thinking, that looks right, as far as I can remember algebra, but two can't be equal to one, can it?
I had to work through it by hand to find the problem, and now, gentle reader, you get to work through it yourself.
You're welcome.
![[1] /boston/2015/04/13/one-k-cga.jpg](/gemini.conman.org/boston/2015/04/13/one-k-cga.jpg){kind=link}
![[1] /boston/2015/04/19/spc-qc-medium.png](/gemini.conman.org/boston/2015/04/19/spc-qc-medium.png){kind=link}
![[1] /boston/2015/04/20/BunnyWithTP.jpg](/gemini.conman.org/boston/2015/04/20/BunnyWithTP.jpg){kind=link}
![[6] /boston/2015/04/25/text-message.png](/gemini.conman.org/boston/2015/04/25/text-message.png){kind=link}
![[1] /boston/2015/04/29/Oops.jpg](/gemini.conman.org/boston/2015/04/29/Oops.jpg){kind=link}
![[2] /boston/2015/04/29/owie.jpg](/gemini.conman.org/boston/2015/04/29/owie.jpg){kind=link}
![[1] /boston/2015/05/04/one.png](/gemini.conman.org/boston/2015/05/04/one.png){kind=link}
![[3] /boston/2015/05/04/two.png](/gemini.conman.org/boston/2015/05/04/two.png){kind=link}
![[5] /boston/2015/05/04/three.png](/gemini.conman.org/boston/2015/05/04/three.png){kind=link}
![[7] /boston/2015/05/04/four.png](/gemini.conman.org/boston/2015/05/04/four.png){kind=link}
![[9] /boston/2015/05/04/five.png](/gemini.conman.org/boston/2015/05/04/five.png){kind=link}