Tom Dalton :: Doer of Good

There is a fine art to programming. The intricacies of bit manipulation, the subtleties of representation and abstraction. Layer upon layer of meaning in compiled code. Simple beauty in loops and control flow.

I hate it all.

It needs to be secure, and it needs to be on the Internet.

What could go wrong?

Google: [inurl:"ViewerFrame?Mode="]
Google: [inurl:"view/index.shtml"]

Here's what went wrong:

Stuttgart Airport, in Germany

No, I'm not going to add the near-requisite "oh my." (I know you were expecting it -- don't deny it!)

I'm writing this because I spent far too long trying to figure out what applets, servlets, and Java are. Well, not Java. I knew what that was.

So that makes an easy starting place:

WHAT IS JAVA?

Java is a programming language. The biggest thing that makes it different from any other, really, is that Sun (the creators of Java) have put a great deal of effort into making Java as universal as possible. That means a program written in Java can run on just about any computer in the world.

WHY DO I THINK JAVA IS COOL?

First, it's really easy to find tutorials and sample code and discussions about how to do specific, weird things with Java. That may also be true of other languages -- I don't know, because I've never looked.

Second, Java has lots of great functions that make it easy to do web stuff. I wanted to write a program that would search the web for me -- went from knowing absolutely no Java to having a working program in a couple days. When I needed to access the web through a cascading series of proxies, the functions were there. It was the simplest thing in the world.

Third, Java is free, and so is just about everything associated with it. "Eclipse" is a great tool to help write Java code, by the way.

WHAT ARE APPLETS?

No, they're not little apples.

Java Applets are Java programs that are designed to run inside web browsers. Basically, if you write an applet, people can browse to your web page and -- bingo! They're running your program, right in their browser. They might not even realize they're running a special program.

To convert a regular Java application into an Applet just requires you to change the main class to extend the Applet class, and rename your main() to init(). Basically. Then you have to debug all the other little things that break when you do that. But if you start there, Eclipse will walk you through the rest.

WHY ARE APPLETS COOL?

Applets are better than static HTML because the user interface is so powerful. They are faster than dynamic HTML because users just download the whole Java program at once, then it runs on their local machines. They don't have to download every new screen every step of the way.

I am using a Java Applet as the front-end user interface for a complex system I'm putting together.

WHAT ARE SERVLETS?

Servlets are Java programs that are designed to respond to web pages or applets. They run on the server, as opposed to applets (which, as I said, run on the client -- the end user's computer). As such, they are invisible to the users. Users should probably never need to know (or at least think much about) the servlets.

WHY ARE SERVLETS COOL?

Here's the groovy thing. Applets have a tiny drawback -- they can't read or write data on the user's hard drive. Part of the Java 'sandbox' that keeps us safe. (Because wouldn't it make you mad if a site you visited loaded up an applet that played a pretty song at you while it reformatted your hard drive?)

Since servlets run on the server, though, they can write to the server and do all sorts of other cool things in the background. If you have a program that takes some time to run -- for instance, a bulk email program (which is NOT what I'm working on!) -- an applet can start the servlet and then let the user get on with his browsing.

If you were running the long program in the applet, the user would have to sit there until the whole thing finished. If the window were accidentally closed (or if you clicked on a link from an email and it automatically moved your browser to the new page) you'd lose everything. Kind of a bummer.

HOW FUN!

Yes. I just figured out the last part (about servlets) today. I am excited to write my servlet piece and see if it really works. I suppose I'll let you know how it goes.

THE END?

It sure is.

Here's a fun challenge that was presented to me at work:

We had one hour, to take 100 newly registered domain names and put up websites and tracking on them. We needed to be able to tell how many people visited each website. I figured there was no way we were going to be able to create 100 separate websites, so I'd have to make one and have it automatically display the right content. I'd never done that before, but I've seen it done in other places, so I figured I could do it.

The domains were registered at Godaddy, so I used their batch editing tool to point all 100 at my (personal) hosting reseller space. (We didn't have time to register new hosting or anything like that, so it's handy that I had this reseller account available!)

On the backend of the hosting space, however, no bulk editing tool was available. I needed to add all 100 domain names to the nameserver, so I wrote a macro to loop through the names and enter them for me. That took about five minutes to write, then I started it running.

While it did that, I went to Google and looked up the PHP commands to read a domain name -- to figure out which domain people had entered to get to the website. There were numerous examples, so I grabbed the code from a clean one and dropped it into my page. It worked the first time I tested it. (How often does THAT happen?) That whole process took about another five minutes.

Then I needed to get tracking code up on these sites. We usually use Omniture's enterprise-level SiteCatalyst for tracking, but there is a lot of overhead and it takes a while to set up, in several areas. Way more time than we had available.

I briefly considered adapting a simple php page-tracking script I wrote last year for another client, but that didn't feel right. I'm still not sure if it really wouldn't work, but it's not the most reliable script even when it's working properly. (The client I wrote it for originally didn't pay us for it, so I never built in any error-checking or bot detection or any of the hundred other things a robust tool should have.)

One of my coworkers had been pushing us to look at another site analytics tool, WebStat. I called him in and asked if they had a free trial. We discussed it as I browsed quickly through the website to make sure it would do what we needed. I downloaded the free version and installed it on the web page.

Amazingly, that, too, worked the first time I tested it. I plugged the php variable for the detected domain name into the WebStat tracking code, so it would read the domain names and report those as pages viewed.

And that was that! I had 100 websites created and configured with tracking code. I had reporting that would show us how many visitors each domain got. And I had done it all within the ridiculous one-hour window we needed it in. In fact, the whole process took about 37 minutes.

Hooray! I don't think anyone at work truly appreciates the enormity of that accomplishment. So I post it on my website and hope that someone, somewhere will read this and say, "what a guy!" :o)

(Even if that someone is only me!)

Canyoureadthis? I bet you can. How is it that we can read sentences without the spaces?

More to the point, how can we teach computers to read without spaces?

A nifty paper by Matt Mahoney, from the Florida Institute of Technology outlines one approach:

http://www.cs.fit.edu/~mmahoney/dissertation/lex1.html

The paper cites research by another scientist, showing that infants are able to parse the continuous sound of English before they are even able to speak their own first word.

Matt shows a way to apply stastical analysis to the breaks between characters and determine which breaks signify words. I need to put together something like it, if I choose to go that route for a project I'm working on.

But then I have to figure out how to words in get order the right. And that you do how do?

A puzzle for another day.

Satellite radio is the wave of the future. Higher-quality broadcasts, digital feeds, no commercials, and hundreds of channels. Even the equipment is cooler -- most interfaces display the names of the songs that are playing and can provide other information. It's just awesome.

Of course, if you want to listen to it, you have to buy a satellite receiver. Which is understandable. But then you have to pay an additional monthly subscription fee. Which is not understandable.

What if I were to walk down the street, screaming at the top of my lungs? It would irritate my neighbors, sure. But they'd get even more irritated when I told them that they had to pay me for the privilege of listening.

That's exactly what satellite radio is doing! A satellite broadcasts across a huge chunk of the country. The satellite broadcasts through my air, and through your air. The radio waves it emits might even now be causing cancerous mutations in our cells.

The government intervenes to ensure that companies don't step on each other's frequencies. Otherwise we would end up with an entire spectrum of unusable space, as companies block each other out. But there is no clear reason for the government to enforce the companies' decisions to lock their content and charge for it.

If I build my own receiver and write some software to decode the signal, why should that be illegal? If I broke into Sirius' corporate headquarters and stole the specs for their encryption, fine. Are they arguing that the encryption method is patented? I bet they never filed for the patent on it.

Hrm.

Machine translation never ceases to amuse me! (I'm pretty easily amused.)

I did a Google search for [utada hikaru single collection] and Amazon.jp came up first. Following the "translate this page" link, I was presented with the following:

Price
Price: XXYEN 2,753 (including tax) as for this commodity being domestic delivery charge free, we report! As for details this way It can utilize also payment on delivery.

Reviews
Being something which is written by the your other customer it does the customer review * pickup & the customer review. The case of purchase please utilize with customer himself last judgement.
Your review is recorded before the sight.

Recommendations
The person who buys this CD has bought also such a CD:
# Wish You The Best warehouse wooden flax robe
# Someone's request Kanai う time space/large house Tada ヒカル
# A BEST beach promontory ayu seeing

User Review
5つ星のうち5Waiting, it increased, (HBAR - * HBAR), 2005/10/08
レビュアー: ミキ northeast
Variegated favorite me taking the tune of the space/large house Tada ヒカル, 1 it is highest!
Sometimes the favorite, the tune which the space/large house Tada ヒカル does not like it being, you did not buy the album easily.
This album comes off and is not well being to be the cousin taking, how. It is possible to be the feeling which the lyric you speak in daily conversation don't you think? is. It was the lyric which you can make think.
Also voice has done simply, you say, or make sticky clearly and increase.
If listening it is not, loss! 1 is.

The whole thing is hilarious. But I must admit -- I can understand the gist of most of it. Certainly more than I got from looking at the Japanese text!

I ran across a blog entry that talked about "Disruptive Technology." The definition given there shared space with the author's echo of Dvorak's assertion that 'disruptive technology' is not a useful term.

I think Dvorak enjoys dismissing popular terms and concepts, and I agree that people have pulled the word far from its original context. However, in the sense that a disruptive technology is simply one that causes major shifts in the business models, companies, or ideas prevalent in a given industry, there are plenty of interesting examples of it.

Napster disrupted the music industry -- shook it from a complacent almost-monopoly, propmpted a hard and forceful response from the incumbent, and awakened consumers to renewed contemplation of intellectual property and the value of N'Sync and friends.

Historically, numerous other inventions have prompted similar disruptions within various established industries. Think affordable and viable personal automobiles, to the horse-and-buggy industry. Think the telegraph, the radio, TV, and the Internet. Each has prompted three, important changes:

1. Major disruption to the incumbent industry - forcing a "change or die" upon them

2. Economic pressure brought against the challenger - the incumbent struggling to avoid change

3. Public acceptance of the new technology, overriding pressure from the incumbent and (if not saving the actual innovator) leading to the diffusion of the the improvement

As a tactic to "make more money in business," the idea of disruptive technology is no more useful than the idea of marketing better or creating better products. As a framework for analysing the impact of various technologies, however, the concept of disruptive technology is very handy.

(And maybe it's useful to contrast disruptive technology with iterative technology? The innovations within an industry or market space that come, generally, from the incumbent companies and are smoothly integrated into the existing system. Great stuff, just not "disruptive" and not terribly advantageous for the little companies struggling to grow in that space.)

Have you heard this one before?

A programmer walks into his manager's office. "I've started the update. All the data is being refreshed now."

The manager asks, "How long will it take to finish?"

"A long time," the programmer replies.

"Well, how long?" asks the manager. He's wondering -- will we have this data in time to send the final report this afternoon, or should he push it off until tomorrow?

"I have no clue," says the programmer.

The manager pauses for a moment, thinking to himself that there ought to be a clue. "How many words have been refreshed already? And how long has it taken to do that?"

"Four hundred words are already done, and it's been about an hour and a half."

"And how many words are we refreshing?"

"Two and a half million. Well, no. A lot of those don't need to be refreshed. Just over two million, probably."

The manager scribbles a few calculations. "So, it will take just under a year to finish."

"Yeah," replies the programmer. "Wait, no! Er... Yeah."

The manager suggests, "Maybe we can speed that up, somehow."

After a moment's thought, the programmer says, "Well, maybe by a factor of two thousand or so... if I use the 'update multiple words at a time' function."

The manager suggests again, "Why don't you go look into that."

(Audience laughs.)

It's weird, managing technical projects. Makes me wonder how often I completely miss the real point of the project when I'm actually doing the technical stuff myself. It's hard for a programmer to really see both sides -- the technical complexities and the business needs. That's what a good manager is supposed to do, I guess. Understand both, so the right trade-offs and decisions get made.

How do you reduce an article or other selection of text to a concise list of its important keywords?

For instance, from the above sentence, I probably only need the following words:

reduce
article
selection
text
concise
list
important
keywords

That could easily enough be done, I suppose, with a list of words to remove or exclude from consideration. But another problem comes up with different forms of words:

selection, selected, selections, etc...

That's where "Word stemming" comes into play. Each word can be reduced a core set of characters. "Select" migt be a good 'stem' for all the words listed above.

Martin Porter developed an algorithm to perform this kind of word stemming over 20 years ago. It's been tested and refined, and he's published many specific implementations of the algorithm in various languages.

http://www.tartarus.org/~martin/PorterStemmer/

Groovy beans.

But here's where I see a need for refinement: proper nouns. I don't want to see Microsoft stemmed to something else. Or IBM, or other company or people names. Maybe simply adjusting the process to skip capitalized words...? But then how do we account for words at the start of sentences? And what if Microsoft is at the start of a sentence?

I can see that I must think more on this issue. And maybe search more, to see who else has already solved it. I love the Internet!

The Pentagon views information, and more specifically the Internet, as a critical front in future wars. How cool is that?

I mean, yes, Big Brother and all that.

But -- what a great source of business ideas. The military seeks a way to disrupt and control the entire EM spectrum. The James Bond movie Goldeneye features a fictionalized EM Pulse weapon, but such weapons are not entirely fictional. A terrorist could detonate a nuke miles above a city and destroy not just the city but response equipment for hundreds or even thousands of miles around. How about deploying communications systems that are not dependent on electromagnetics?

The military also wants to publish information on the net without the source being identified. How about a system that would create virtual identities and extend their reach across the world? Enter some demographic info for the persona you want to have say something. We'll create a back-story and hundreds of timestamped posts by that person on hundreds of different sites. Then we'll start planting the target message in critical places.

In my comms ethics classes, of course, we decry the perversion of media to commercial and other purposive ends. Expression ought to be unfettered, free, and complete. But I'm not convinced we live in the world many theorists would inhabit. I think we live in a grimy, gritty real place with masses of human beings -- each good and bad, smart and lazy in varying degrees, and each struggling for survival. Wars will happen, people will want to kill each other.

If we can prevent some of that, fight the wars with words and signals instead of bullets and bombs... Well, I believe that is a better course.

And am I ethically crippled because I look at this as a business opportunity? No. Business is the tool our society has chosen for creating progress. We are structured for no other way.

I know nothing about MLB, except that most of the players are better than the kids playing Little League, most of the players get paid well, and most of the players get to wear cool uniforms. (I don't, personally, think the uniforms are actually that cool, but enough people do.)

One more small fact, and this is the most significant one for this essay: most major leaguers don't secretly disguise themselves as children and play Little League games so they can absolutely blow everybody away with their amazing skill.

Let's jump from this analogy to the actual subject at hand: hacking in online games. Just for fun, I downloaded a "radar" hack that would let me see through walls and know where all my opponenents were at all times. This by no means makes me a hacker -- rather, it earns me the title any real hacker would hurl at anyone who stooped to such cheating: script-kiddie.

That said, the radar hack did give me a significant advantage over the other players. And there are more complex, valuable hacks, like the "aimbot" that turns any player into a perfect killing machine, unable to miss and always firing the instant an enemy appears.

The people who write these scripts are good programmers, applying their talents in creative ways to use meta-data and intercept network traffic and play a very interesting game.

But they're playing a very different game than the one most of the other players are trying to play. Why do they do it?

For the glory and personal satisfaction of winning. But the only place where they can get that recognition is in the lower game, the basic, unenhanced game. And of course, they tromp everybody to the point where it's no longer fun for anyone.

What if there were no Major Leagues? If every good baseball player could earn no reward for being great except by playing in the Little Leagues? We'd probably start to see some of them coming in and ruining the game for everyone else.

That's the situation these hackers face. The only popular games, the only activities with real 'status' attached are the unenchanced games. The rules-based games. So they exercise their transcendant power and exert it in the kiddie realm of lunchtime shoot-em-up games.

When the game shifts, and becomes about changing the rules -- it's a different game. Somebody needs to provide that. A forum for programmer games. Competing bots and computer-assisted humans duking it out in games designed for that express purpose.

Maybe (obviously) the most practical solution right now would be to create a TacOps server (or whatever game you like to play) that is labelled and promoted expressly for cheaters. May the best cheater win!

Where would that take games? Beyond simply writing faster aimbots and better radar assistance, what sort of levels and challenges would evolve from that? How could a game engine be designed to best allow for creative hacking? The traditional server-client model is designed to resist hacking. A distributed world, where each client had input into the whole, so each could introduce modifications that would alter the game.

Would it be better to shrink myself to a single pixel? Or make myself bigger than the entire level, so I'm looking down on it from a mile above? Or remove gravity, or replace all the air with poison, or have all the walls work like Star Wars garbage compactors? Or make everyone's guns self-destruct? Or change the end-game goal to be the first one killed, instead of the last one standing?

It would be an incredibly dull game for normal people to play. But the right kind of people would thorougly enjoy it, I think.

How should we charge for Internet access? Recent discussion has focused on the idea forwarded by some US ISPs of charging content providers for 'premium' access to the network. If Google paid BellSouth for premium access, their packets would get priority over Yahoo or MSN, for instance, under this plan.

The response has been an outcry in favor of the "democratic net," which supposedly refers to what we have now, where all packets are neutral in terms of network priority. The neutrality of packets makes for some interesting Computer Science Geek discussions, but in practical terms, it's not the whole answer either.

Neither of these approaches address the real issue that will, ultimately, confront the Internet: end consumers aren't paying actual rates based on their usage. Bandwidth alone is only half of the cost. Distance matters, too. If I download a 50 MB file from my neighbor who is on the same ISP as me, that uses a certain amount of resources. If I were to download that same file from my friend in Japan, it's going to use a lot more resources -- the resources of several companies along the way.

We've seen steps to minimize this in caching systems employed by various ISPs and the mirroring system many popular download sites use to encourage people to grab files from closer sources. But these are voluntary efforts, not associated with the economic hammer.

The most fundamental shift that will hit the Internet is when pricing changes to reflect actual consumption of resources.

That what I think, anyway. So I'm not worried about the present discussion over packet neutralty and priority. And you shouldn't be either. Implementing that would just lead very quickly to the proper bandwith-distance pricing model that will make the Internet more stable overall.

Pick a company. Say, Laddernet. They offer to pay Yahoo up to $1.00 for every click on an ad for their website.

Yahoo runs the ad when people search for "electronic ladder system," and sometimes people click on it. Yahoo tells Laddernet, who turns around and writes a check to Yahoo. Everybody's happy.

But now Laddernet wants more clicks at that $1.00 per-click rate. Yahoo doesn't have any more people searching for "electronic ladder system," but they know that some other websites do. So they offer to give the ad to those other websites and split the dollar for every click. Everyone's still happy.

As this system scales, however, we get problems. Slimy Site joins this partner arrangement. They contract with adware providers to drive clicks through Yahoo to Laddernet. The adware providers, of course, don't actually generate meaningful clicks -- they fake it. But Slimy Site has a legitimate-looking site! When Yahoo comes out to check out these clicks, everything looks fine.

What can Yahoo do to prevent these fake clicks from destroying everything they've created?

I don't know. :o)

But I think similar problems have been addressed with credit cards and ATMs. And in one sense, it seems like the solution to this problem will be related to the problem of micro-payments.

Thinking... Thinking...

I love a fun problem.

It's the Next Cool Thing, of course. Google used it for Google Maps and suddenly everybody wants to use it. Asynchronous Javascript and XML -- man, it's a cool name and it uses nested acronyms! You almost can't get any cooler than that.

And Google Maps is cool. The technology allows you to do some really neat stuff. But when I see people jumping wholesale into AJAX development for its own sake, I have to shake my head and wonder why we don't consider the tradeoffs more carefully first.

One of my friends just told me that he developed a login script in AJAX. "It doesn't even refresh the page!"

But where's the problem in a login script refreshing a page? We've created no advantage through this new technology. And we've introduced another technical requirement -- where anybody could login before, now users must have Javascript enabled.

I told him this and he readily agreed, of course. He was just testing the technology to play around. But it's that sort of mindset that seems to pervade all new technology -- let's use it because it's cool!

Google Maps was cool not because it uses AJAX, but because it uses technology to provide a really slick, intuitive interface in an application that requires a lot of interaction.

Flash, XML, AJAX, Javascript, Java... So much cool stuff that gets misused so badly. Developers create nonstandard user interfaces that are not as intuitive or slick as Google Maps. Users are left behind when they don't know how to install the latest plugins. Corporate firewalls disable otherwise useful sites. Net benefit = -5.

Let's never use technology because it's cool. Let's use it if it fills a specific need, or provides a benefit that outweighs the tradeoff.

ps > That said, AJAX is way cool! And remind me to post about reverse proxies and the astonishingly clever use of them I ran across last week... It's a secret, but I can talk about it in generalish terms. It's so cool it makes me feel all tingly inside. :o) (Which is a good measure of how geeky I am.)

Due to more-intense-than-usual content in the following post, reader discretion is advised.

One night early in April, a man went to the Orem public library, signed on to their public computers, and went to a forum for ravers and other party-types. There he posted a two-part message:

"I cant do this anymore. I just wanted to let anyone out there know that it wasnt their fault. This was my choice and I hope you forgive me for what I'm about to do.

Im sorry."

And a bit later, "I dont care. I already took all my meds. Its just a matter of time. Im sorry..."

Aside from the supreme creepiness of the whole thing (which struck me especially hard when I found the archived post and read it for the first time in its original context), the interesting part is what followed:

Users on the board began discussing whether the message was real or not. (Real in the sense of conveying a real intent to commit suicide.) Since that particular message board software logs the IP address associated with all comments, someone was able to do a reverse-lookup on the IP address of the guy and find out that he was posting from the Orem, Utah Public Library.

Another user called the local police and told them what was going on and that the guy who'd posted the messages was also likely a heroin addict. The police went to the library and obtained the access log for the computer. They narrowed it down to four possible library users and a quick check of police records showed that one of those four had a prior arrest for heroin use.

Police went to the address in their records and found a man on the brink of death, overdosed and fading on his couch. His life was saved.

==================
Some thoughts.

1. It's great that the community around this guy was able to help him.

2. The Internet and the comunity where this guy chose to announce his suicide were not enough to help this guy not want to commit suicide in the first place.

3. You should forge an envelope or whatever other "authentication" the library wants you to use to get a library card and use anonymous relaying proxies when you use the Internet, if you don't want people to be able to track you down in a matter of hours.

I know, point #3 is horrible. But, c'mon. People need to understand that the Internet is not a magical fairy land -- it is part of the real world and what happens there is just as IRL as anything we do out here. Bad and good.

(This post was spurred by a report in the Deseret News. I don't frequent raver forums!)

Flash! I could give an entire lecture on the strategic implications of Flash, pros and cons, when to use it, why to use it, bla bla bla. I've given that lecture many times. But I'd never really dived in to making my own Flash until I was forced to for my final project in this semester's Web Technology class. ("If you can't do, teach?" I never liked that idea.)

Behold, the fruits of my almost obsessive labor:

http://www.tomdalton.com/flash/survival.htm

I put way more time into this than the project required because I wanted to learn how it all works. I drew the pictures myself (pencil, #2, sharp) on scrap paper, scanned them with my beautiful Epson 4180 Perfection, colored them in my LEGAL copy of Photoshop CS2, then imported them into Macromedia Flash. The sounds are all free, from flashkit.com.

This is, hands down, the best Javascript form validation tutorial I've ever seen. Granted, it's the only one I've ever seen. But it's fantastic! I sent it around to everyone at work and mandated that we follow these principles everywhere.

http://www.xs4all.nl/~sbpoley/webmatters/formval.html#example

Key points:

1. Javascript validation doesn't ever actually authenticate data -- must always be verified server-side
2. People don't always have JS on, so you must allow the code to degrade gracefully
3. People hate filling out complex forms -- help them out with fast validation and auto-formatting as much as possible

Follow these principles for happy living!

The Fusic is a fine piece of cell-phonery. However, I've had a couple of problems with it:

1. Sprint didn't activate all of my services when I got my new plan (not a phone issue, fine)
2. When the services were activated, my Photo Albums didn't work at all
3. After I installed the firmware update (after several calls to customer service), the albums worked but...
4. I can't view picture mail that comes from Verizon or any other network (this is a "known issue")
5. The phone includes GPS but to use it I have to pay extra for an application ($5/month)
6. The support for GPS in Java is nonstandard
7. The FM radio broadcast doesn't reach as far as my car antenna, which is on the back of the car
8. The custom, expensive Fusic case covers some of the camera lens

That's about all the bad I can think of offhand. The good?

1. It's easy to put my own mp3 ringtones on it (with some 3rd-party apps and the included USB cable)
2. The screens are clear and bright, to me
3. I can watch streaming TV with it
4. It has full web support so I can write my own web portal with bookmarks, RSS, etc.
5. It works okay as a cell phone -- quality is still not as good as a landline with Qwest, but it's not awful
6. Some have complained about the included 'themes' but I like them just fine

I don't have "texting" so I can't address that -- it seems like it would be a cool thing, but it's a value-added service that, like almost everything else, I'd have to pay more for.

There's my $.01.

Today's quote: "Technology is a bit too obsessed with remembering; there's a lot of value in forgetting." (From a commenter on BoingBoing.)

This grew out of a discovery that many teens on MySpace were happy to forget their passwords and start new profiles. Lose their old "friends" who they didn't really know in the first place. But this fits teenagers in general -- that whole time period is about moving through stages and shedding skins along the way. The general quote transfers the idea to broader society.

Does technology remember too much?

Selectivity is key to our cognitive processing; we couldn't handle the flood of data that would hit us at every stimulus if every related memory came back. And in a spiritual sense, the idea of repentance is all about forgetting. That we can experience pain and then -- not experience it any more. You may remember that you hurt at one time, but the memory of the pain is dulled.

And what about change? As chat logs and emails persist, idle comments from years previous can be dragged up and tied to the present. How do you account for something you said in a moment of carelessness years ago? Confronted with 'hard evidence' of a past thought, can we really allow people to change? (Four years ago, you said you hated so-and-so! Clearly now you're just trying to use him!)

I think the extension of copyright also plays along with this idea. There's a fixed space for artistic representation in any medium -- only so many songs using the same notes, only so many short stories using the same vocabulary, only so many paintings using the same colors and sizes. As each work is allowed to exist forever, the space becomes more and more crowded.

Sorry my blog is all just random threads. (Not like discussion board threads -- like snippets of thread that fall to the floor and wait to someday be assembled, or vacuumed, or assimilated into the carpet.)

Sweet day. I want a button-hole camera.

This morning I saw a clip of some Air Force Academy cadet whose roommate left a secret camera in the room. Though I think I'd probably want to sue somebody who did this to me, the cadet in question apparently approved of the release of the resulting footage. It showed him dancing to some pop music and getting pretty funky with it all.

I know a guy who bought the X-10 back when it was the subject of all those popups. He said it never really worked very well. I've found a much better variety of spy cameras at Pakatak. They've got all the standard stuff -- digital cameras are easy to make silent and IR or night vision responsive. But some of the cameras are specifically designed for concealment. That means they're sneaky!

One, for instance, has a front piece that looks like a button. But you'd have to have a golf-ball-sized cavity in your chest just behind the button to get away with that one. (Okay, so you disguise it as a shirt that you just didn't put away last night. And left conveniently hanging over your chair just so, and nobody is to disturb it, see?)

Okay. But just a small camera with a wireless transmitter. Think of all the opportunities! My dad and I used to talk about a game we'd like to play with remote control robots with lasers and targets. Wireless video cameras to provide a robots-eye-view of the mini battleground would be so cool.

Some of you may be asking, "Tom, why do you want one of those?" I'm sure you also wonder why I want to build a 3d camera with mirrors and wood planks. And why I'm always humming Japanese techno music.

The point is, your opinion isn't important. :o)

Someday, I will have my remote controlled, wireless video enabled robot. And I will rule the world.

To balance out my last entry, I want to share the experience I had this afternoon:

Shopping for some hardware, and specifically for 'bulldog clips.' I didn't know they were called that, just that they are those metal clips that sometimes have magnets on them, so you can clip them to the fridge and hang pictures with them.

I drove to Home Depot. No luck. Wal-Mart had some, in two packs with colored plastic pieces. I needed all silver. Target. No luck. Getting ready to head out to Bed Bath and Beyond, I decided to pull out my GPS and cell phone. With the GPS, I identified all the hardware and craft stores within a 10-miles radius. (In Virginia, that amounts to a billion stores. In Utah, I'd have been lucky to get one.) With the cell phone, I called each one.

Eliminated them all. But at least I didn't have to drive to them all to do that.

And the point of this post is that while I was sitting there in the car, marvelling at how cool my GPS is, I thought to myself, "the pioneers didn't have GPS, and it would have taken them ALL DAY to go to each of those stores to see if anybody has those clips!"

I proceeded to think through the fact that pioneers wouldn't have had that many stores, wouldn't have gone to them all, wouldn't have needed the clips in the first place, would probably have died of dysentery years ago...

Anyway, then I came home and used the Inter-webs to find more info. That was when I learned the name "bulldog clip" and found a craft store 11 miles away that actually had them in stock.

So I went and bought 20 of them. For four dollars. Then went to the library and checked out comic books and a Tom Clancy novel.

Now I'm going to go make dinner and start working on a fun project.

Remote Access is the wave of the future. And like most waves, it is generated by a combination of wind, tides, and currents. Or electromagnetic radiation. Or people in a stadium. Or people saying goodbye. Or bad haircuts from the '80s?

Okay, this is in my "technology" section because I'm talking about accessing your home computer from a remote location. (Get it? That's why it's called remote access.)

Gmail. Remote access to my mail. Used to pull everything down to Outlook and fight with pst files to syncronize everything. Gmail is much better. Mail on my upstairs computer? There. On the downstairs computer? There. On my cell phone? There. And not disappearing from any of those places when I access it somewhere else.

Media Service. The laptop connected to my stereo and TV. Wi-fi. Winamp server. From any computer in the house, I can start and stop and fast-forward and add or remove songs from the playlist. Step two is coming soon: play movies the same way.

Remote access to entire computers? A little scarier, and a little cooler when it works. Scarier because if you open remote access up to anyone, you open it up to potentially everyone. Hackers love looking for things like that.

So I've shied away from using the Windows built-in remote access stuff. (It's SSL! It's totally secure! Yeah. Next time I get a few days, I'm going to implement my man-in-the-middle SSL system that will read all the SSL sessions from my own computers. So ifyou come to visit, be sure you don't check your secure webmail. Because I'll be reading it!) (Except I won't really be reading it. But I'll have the power to!)

Today's sponsor, RemotePC, offers a commercial approach to remote PC access that promises to be more secure and convenient than the built-in Windows client. The other neat trick is having up to 10 people sharing one desktop. Could get messy, if you ask me. But if that great power were used responsibly (think Peter saving that train, not Peter dancing with Gwen in the nightclub) it could be pretty cool.

But I don't know that it's all such a good idea. I read a story once about a monkey whose brain was linked (remotely!) to a massive computer, so she became super-smart and escaped from the evil experimenters. But then she got too far away, so signal lag caused her brain to break down and she became a normal monkey again.

A normal monkey! And if we rely too heavily on remote access, we will surely suffer the same fate.

You have been warned.

Hey hey hey! I use online banking, but it's okay because I make sure to look for the 's' in https!

Virtually my entire life is recorded in Gmail, but it's okay because the authentication uses SSL!

SSL will save us all!

Except... not. It actually took me a few days, the first time, but now I could plug a computer into your network and read all your SSL traffic in matter of minutes. If I can get upstream of you, it's even easier.

When you go to your bank, your browser sees my SSL certificate, not the bank's. You accept it, and communicate with me. I take everything you say and relay it on to the bank, and say back to you whatever the bank said to me. You never know the difference, and I know your password and username.

It takes a handful of programs, but most of them are already compiled in the Backtrack 2 Live CD. The few days it took me were spent learning how to modify the Live CD and tracking down the software I needed to do the last few steps. Here's the quick rundown:

====================

1. ARP cache poisoning -- tricks your computer into using mine as its router, which I don't even need to do if I can get upstream of you (which is better for me, because a smart person could detect this little cache poisoning with a traceroute command)

2. Fragrouter -- sets my machine up to act as a router, relaying your information through me on to its intended destination

3. Webmitm -- creates a fake SSL certificate and presents it to your browser when you try to go to a real SSL-secured site (this is the other major weakness of this implementation -- I only can configure one cert, and you'll see it with a popup warning, so if you carefully read those warnings, you'll be alerted here) (but, realistically, who reads those warnings?)

4. Wireshark -- the new version of Ethereal, this grabs all the traffic that passes through my computer (which, of course, includes all your traffic now, which is still encrypted, but now it's encrypted with MY ssl certificate)

5. SSLdump -- decrypts all of your secure traffic with my ssl certificate, sucker.

====================

I'd like to improve this attack by writing a modification of webmitm that allows me to configure or have automatically generated multiple fake certificates and present them based on the destination URL. So when you go to Google, you'll see my fake Google cert. Go to your bank and see my fake bank cert. Odds of you ever realizing what's happening = fairly small. (Where you = average yokel, not the undoubtedly brilliant and web-savvy readers of my blog.)

So, next time you're having a friendly argument with some coworkers about how weak SSL is and whether it's purely theoretical or could actually, practically be broken, you don't have to do all this work -- just point them to my blog. Because I'm compulsively ridiculous about things like this.

When is a game not just a game? When it's also a vehicle for sending secret messages, like these guys managed to do with Go:

Steganography in Games

The article talks about hiding messages in the moves of a game. Like so:

"Oh, ho! He's moving that piece, eh? Means he's about to kill the Prime Minister of Malaysia."

Baseball is a more practical application, I think, where the secret communication contained within the game is actually part of the game, too. The whole pitcher-umpire-manager-kid-out-in-the-field-who-sees-angles thing.

"Did he just scratch his forehead? Or was he telling us to walk this next guy?"

If I had any idea how to play backgammon, I could probably insert some witty remark about people who play backgammon and how they could be telling each other to kick their opponents at strategic points during the game. That would certainly please Backgammon Masters, the company that is sponsoring this post. They run a site that hosts backgammon tournaments and allows players to chat with each other (and maybe cheat!). I don't actually know if you can cheat that way in backgammon.

In fact, I know nothing about backgammon other than that I used to actually think it was called that because it was always on the back of a checker board. (Seriously!)

Anyway, the whole topic just makes me remember that reporter who forged all those stories about eBay and steganography, back in the day. You must read the following:

Pure hype about Jack Kelley's stories

USA Today apologizing for the big faker

Great stuff.

In my continuing quest to learn everything that is both knowable and cool, I took and passed the FCC-mandated Technician class license test last Saturday. I got 32 out of 35 questions right, so I'm now an officially licensed ham radio operator. My call sign is KI4ZHB. (That's a capital 'I' followed by the number '4'.)

I studied online, with some Flash practice tests and various PDFs and Google searches. You can only transmit unidentified messages to remote control aircraft or to space stations. Remember that!

Anyway, to celebrate, I'm going to drag April to the nearest ham store (about half an hour away) one of these evenings to get a VHF/UHF radio. For our emergency preparedness, see.

(Don't tell her about the giant antenna I plan to build!)

Gimme one month, and I'll have passed the upgrade test for General, and maybe another month to Extra. Then I'll be able to broadcast to the moon!