Saturday, October 29, 2005

Does Visual Studio Rot the Mind?

I don't really do any Windows programming, so even if VS does rot your mind, it doesn't affect me. But this looks interesting enough to read later.

Thursday, October 27, 2005

cookie theft demonstration

cookie theft demonstration, originally uploaded by jeff_robertson.


This is some of what you're going to miss seeing if you don't come to my security presentation tommorrow.

Wednesday, October 26, 2005

Using and Programming Generics in J2SE 5.0


Tuesday, October 18, 2005

FDIC: FIL-103-2005: Authentication in an Internet Banking Environment

The Federal Financial Institutions Examination Council (FFIEC) has issued the attached guidance, “Authentication in an Internet Banking Environment.” For banks offering Internet-based financial services, the guidance describes enhanced authentication methods that regulators expect banks to use when authenticating the identity of customers using the on-line products and services. Examiners will review this area to determine a financial institution’s progress in complying with this guidance during upcoming examinations. Financial Institutions will be expected to achieve compliance with the guidance no later than year-end 2006.

Two-factor banking


Steven, I do believe it's fire drill time.

In the U.S., federal regulators
are now requiring banks to have at least two-factor authentication with
their websites by the end of 2006. The Federal Financial Institutions
Examination Council (made up of the FDIC - Federal Deposit Insurance
Corp, the U.S. Federal Reserve, the U.S. Comptroller the Currency, and
others) has very recently issued a press release as well as specific, non technology-specific guidance (PDF) on the need for two-factor authentication. It's an idea being sold to banks and the public as a way to address identity theft in a supposedly proactive manner.

Using setInterval() to Make a JavaScript Listener

/work Improving JSF by Dumping JSP


JavaServer Faces vs Tapestry - A Head-to-Head Comparison


Urban performance legends, revisited

This has to be one of the most heavily discussed blog postings to come out of the Java world in a long time. So finally, after weeks of seeing it even turn up everywhere, I'm finally linking to it.

Thursday, October 13, 2005

back from (pseudo-) DC

Sid, if you're reading this, sorry I didn't have time to look you up. I was too caught up trying to hang with the rock stars of my current profession and getting drunken under the table by them.

Full disclosure: the rest of this entry shows me in a pretty irresponsible light.

Monday night, dinner with my co-workers at a Vietnamese next to the hotel. No drinking.

Tuesday night, several conference attendees walked to the nearby mall and ate at "Red Robin". Apparently a chain in these parts; never heard of it before. Large (think TGIF or Fuddrucker's) burgers and 25-ounce mugs of beer.

Wednesday night, the conference provided dinner and I had a few snifter's of liquor to go with it. I then went back down to O'Malley's Guiness-less Irish pub and had several Sam Adamseses. (Didn't count).

Had an interesting conversation with a middle-aged security guy whose presence in town had nothing to do with OWASP; something to do with web applications running on naval vessels. WTF? He also claimed to have had some sort of involvement with the capture of Kevin Mitnick. Don't remember his name so I can't verify.

Then, already drunk, I walked over to O'Leary's Irish Pub, where several of the hard-drinking security crowd had proceeded instead of O'Malley's. Probably about a half-mile walk, but it's along a 4+ lane highway with near-freeway-speed traffic. Not exactly a pleasant stroll down the block.

Had an indeterminate number of Guinessessess, and then someone who shall remain nameless (not to protect his identity, but to avoid giving him any fame as a result of what he did to me!) suggested Jaeger shots.

I turned down a cab ride with the rest of them, because I was busy arguing with some local people who IIRC were insisting that RHCP was the greatest band evar. (My argument, from what I remember: I'll give you "Higher Ground" and "Under the Bridge" but what have they done lately?)

On the way back to the hotel, placed the drunkest phonecall I've made in years, to the Mallet lobby phone. I have no idea what I told those kids.

After that, I think I was hazed. A couple of my so-called colleagues took my drunk self to an unfamiliar part of the hotel and left. It was actually worse than that, but I'm not getting into it here. I through what I thought was a door back to my part of the hotel, and found myself outside.

Some point later, not sure how much later, I pulled myself up off the ground in the pseudo-forest of pine trees and found my way back to bed. There were pine needles and such in the bed the next day to prove it.

I was *sick*. Worst hangover since MalletCon 2000. Possibly worst since college. The next day during the conference, I kept having to get up during the middle of powerpoint presentations to go run to the bathroom. Eventually I gave up

Went out with the same bunch to an establishment in Adam's Morgan called "Madam's Organ" (not nearly as bad as it sounds from the name). This time, I didn't touch a drop, I just had dinner. I had forgotten how it feels to be one of the few sober people in a room of drinkers.

Flight back was unmemorable. On MARTA heading back to work, a woman sang:

Got J-O-Y
Joy in the Holy Ghost
Not gonna let the Devil take my Joy
Not gonna let the Devil take my Joy
Got J-O-Y
Joy in the Holy Ghost

Got P-E-A-C-E... etc.,

For a period of about 10 minutes. Nouns inserted in place of J-O-Y included "power", "worship" and even "covering".

Apparently my baby took her first few steps while I was gone.

Monday, October 10, 2005

Jakarta ECS - Element Construction Set

The Element Construction Set is a Java API for generating elements for various markup languages it directly supports HTML 4.0 and XML, but can easily be extended to create tags for any markup language. It is designed and implemented by Stephan Nagy and Jon S. Stevens.

Sunday, October 09, 2005

i'm in DC

Well, no not really in not. I'm Gaithersburg, Montgomery County, Maryland. And I'm somewhat drunk, and somewhat surly.

I'm up here for the OWASP web-app-sec 2005 conference. No link because you can just google it and I'm free forming these thoughts, no time to link anything.

I flew in Reagan National. This at first glance appeared to be the crappiest run-down airport I'd ever seen. Then I least the immediate gate area and saw all these vaulted cathedral-style ceilings and that was kinda rockin, but still old and outdated.

The DC Metro has to be the cruftiest, most 1970's-looking rapid transit system around, and I've been on a lot of 'em. The stations all look like rejected designs for Space Mountain. And approximately half the escalators are under repair.

Montgomery County has their own bus system called "Ride-On" that connects with the Metro but doesn't use the same fare cards. The bus is $1.25.

Today I took a very brief walking tour of downtown DC. Basically the beareaucracy tour. I saw the department of Education, Transportation, HUD, DHS/FEMA.. this is where your tax dollars go people, to build a bunch of big blocky buildings in DC. Your city probably has a city hall and courthouse, and if it is a city of a certain size you probably know how monolithically soul-sucking and imprisoning those buildings are. Well, those are just little slices of DC in your home town. On both sides of the Mall, except for the Smithsonians, it's like a whole city of your local DMV.

Gaithersburg, or at least the parts right around this holiday INN, is worse. I had 'dinner' at 'O'Malley's Irish Sports Pub' in the basement of the hotel. An 'Irish' pub that does not serve Guiness. Ginness. Guinues. I may not be able to spell it but they still don't serve it. Their menu lists a location in Auburn Hills, MI. That's about right. Auburn Hills is the other place I've been to that is this bleak and empty of a suburban experience.

I stopped drinking and came up to my room to blog this, but I may just have to go back down there and drink some more.

Choose a single layer of cleverness (Loud Thinking)

The degree to which this goes against the "the database is sacred and the DBA is the high priest" approach to enterprise development, is down-right mind blowing to someone who, like me, has been taught nothing but since I started my career.

Thursday, October 06, 2005

The Fractal Microscope

I'm sure this isn't the only online Mandelbrot zoomer thingy around, but it's the one linked by Wikipedia, which is how I found it.

Fractals played a very important role in my development as a geek. Back in the 1980's, fractals were "cool" even among people who didn't know anything about math and computers. Being able to write a BASIC program to draw the Mandelbrot set or that Feigenbaum-birfucation-whatsit would impress the chicks and get you laid back then..

Well, not really. (I wish) But it was amazingly cool that using only really basic math (no calculus, not even trig required!) you could make these amazing pictures that looked a lot like the psychedlic acid-trip depictions that were popular again in the late 80's because of the Wonder Years and 20th anniversary of Woodstock and such.

(Note: I've never done LSD myself, so I can only assume that when you do it, it really does look like the Mandelbrot set)

yet more

July 15, 2003
Ok, I'm about to finally jump on the bandwagon and try Firebird.

I first tried Mozilla somewhere around Milestone 13. At first I found that the Windows version was noticeably slower than MSIE, at least on the 500mhz, 128mb of RAM that I had at the time. And I don't just mean startup time, I mean everything was slow (you could actually speed it up appreciably by using the classic theme instead of modern). It actually didn't take many more milestones after that to close this gap, though.

I've been using Mozilla regularly since approximately 0.8. For a while I actually used it on a 133mhz machine running Red Hat 6.2. That was just asking for trouble, and I got some of it in the form of long startup times and occasional crashes, but it did HTML and CSS so much better than Netscape 4 that it was worth it.

Around 1.1 time was when I finally decided to forget how to use MSIE and just use Mozilla for all my browsing except for the few intranet applications that use ActiveX controls and stuff like that.

I guess my point is, except for those early experiences I've never found myself saying "this thing is bloated! I want a smaller browser!". So I just never got the point of the Phoenix/Firebird project. But if that's the way that the Mozilla winds are blowin', I guess I'll have to go along.

Firebird just finished downloading; I guess I'll go install it.


I am convinced that Gilmore Girls carries a secret anti-big-government, pro-free-enterprise message.

Proof? Which secondary character is more positively protrayed: Taylor, who constantly tries to use the organs of town government to further his own agenda; or Luke, who just wants to be left alone to run his restaurant in peace?

Watch this space. I may actually get bored enough to write an essay on this topic fit for submission as a 10th grade term paper.

pretty much rounding up every thing I ever said about Iraq

April 15, 2003
Because the U.S. chose to get involved in the affairs of Iraq, we now have a moral obligation to set up an actual free society there. If we replace one tyranny with another, we have betrayed our own highest principles. Ways in which we could fail include, but are by no means limited to, the following:

If we install or allow the formation of some kind of a government where "tribal" membership is very important and tribal leaders have a lot of influence, you can bet that we will just be paving the way for the warlords and their private/family/tribal armies to carve up the place in a few years.

If we install or allow the formation of any kind of theocracy, we will produce a government that will eventually be much more likely to attack the U.S. than the one we just removed.

If we set up a government that has no actual support from its people, then it will either require our continuous military help just to stay in power, or resort to totalarian measures of its own, or fall apart and be replaced by something much worse. Or all three, in that order.

If we decide to keep Iraq under our thumb and run their affairs for an indefinate time, that would be naked colonialism, a repudiation of the principles of the American revolution itself (unfortunately, far from the first in our history).

this beginning an orgy of self-quoting

March 19, 2003:
I don't usually say much about war or politics, either here or in email or on usenet. But I don't think this would be a real weblog if I didn't say something now.

Once the shooting starts (and it may have already started by the time you read this), the anti-war folks may as well go home and start working on your signs and slogans for the next big crisis. If protesting didn't do anything to prevent the war (and it didn't), then it sure isn't going to end the war or bring our troops home one day sooner. In the event that the war goes badly (however you define that), no "I told you so!" smart-assed-ness will accomplish anything except to make you look like pseudo-traitors who enjoy seeing the U.S. fail in every way possible.

On the other side, making a spectacle of pouring French wine down the drain and boycotting the Dixie Chicks doesn't accomplish anything except to make the people doing these things look like a bunch of ignorant medieval peasants burning some hated person in effigy. In the event that the war goes well (however you define that), no "I told you so!" smart-assed-ness will accomplish anything except to make you look like bloodthirsty hooligans who enjoy watching your military smash and destroy other countries as if it were all some kind of spectator sport.

If the Iraqis surrender quickly, this could be a short and relatively bloodless war. If they put up a fight, it may or may not be short, but it will certainly not be bloodless. I don't know which of these is going to happen. I do know that the war itself is out of my hands and its out of yours, too. What is still very much in our hands is how we behave towards each other during and after.

XSS, Trust, and Barney

Another very old article on web app security, from the waning days of the dot-boom when most people were still happily being paid to crank out XSS-vulnerable applications.

(Aside: note how people in 2000 already thought of 1995 as the ancient days of the web.)

Cross-Site Request Forgeries

I think this is the original email discussion in which Cross-Site Request Forgery was first named and described.

Tuesday, October 04, 2005

my new favorite bit of plumber's jargon


comp.arch.arithmetic > Where should the type information be?

Tantalyzing information about the elusive Wang character set.

The Wang systems had similar problems with charcter sets, so much so that not only were there "characters" that could not be generated from the keyboard, they also had caracters that could not be represented by an 8-bit hexadecimal code.


I've turned on the word verification for comments, since I've finally started to get comment spam.

Code page 437 - Wikipedia

Almost the best Wikipedia article EVAR. What would be the best, would be if there was a link to the Wang character set which is cited as the inspiration for the smiley faces and such. Maybe if I could find such a page, it will tell me what the actual use for ⌂ was supposed to be.

<mallet>I wonder if *that* Wang had these characters?</mallet>

Title screen for HLA Adventure?

Classic usenet... from June 2005! A thread that starts out about ASCII art descends rapidly through Microsoft bashing to people calling each other Nazis.

Sunday, October 02, 2005 Project Info - PDFCreator

Have I stumbled across a simpler-to-install way for my wife and her friends to make PDFs, than using that "FreePDF" thing I blogged a long time ago? That thing was such a bear to install that I had told my wife that unless her friend wanted to bring her laptop over and let me install it for her, she'd be better off just forking over the money for the real Acrobat.

Saturday, October 01, 2005

strangely inspiring random quote of the day

Comic strips are moving toward a primordial goo rather than away from it.
Bill Watterson