This weekend I treated myself and bought the first Deluxe Set of Y: The Last Man (issues 1-10, I had the second set before by a happy accident). It's really a marvelous comic, and suggest people take a look at it.
My friend Lyn has a comic of her own, which I also greatly enjoy. I keep petitioning for the inclusion of another character, and maybe one day my calls will be met.
Last summer I tried to get a comic going. I considered posting the 1.5 pages I completed. It was going to be based in the world of the Catlevania: SOTN tribute I thought about writing. I may get back to it, in the meantime, here's the basic 'standing sprite' I drew, both the complete (enlarged, sorry for the blur) version, and the to-scale evolution using Derek Yu's Pixel Art guide:
Finally, I can't stop watching this (make sure you full-screen it):
The song is great, if only because it channels chip music. But the animation! Made with real wood blocks using old-school stop motion? It inspires me to create.
On the old (lost) blog I had a long post as to why I used LaTeX instead of Word, even for non-mathematical documents. I'll surely re-post it sometime (I have the source somewhere...), but in the meantime, this little comparison beautifully demonstrates the aesthetic advantages. It also links to this essay, which very articulately describes many of the other advantages.
---
On Hacker News someone linked to a very non-hacker article, namely, an author of the gaming site Kotaku is very displeased with many things Japan. It's a moderately epic rant, I only made it until about halfway down before I had to be somewhere else.
It's interesting in the way I find very crying babies interesting*.
* = Crying babies, to me, are hilarious and very interesting. It's a display of emotion we 'grow out of' (read: learn to hide) and almost never see again. Do you see how hard babies cry? Heave in their chests, deliberately take in as much air as they can for the express purpose of yelling louder? And then they do it again! You never see grown-ups do anything like it.
I think the poor guy needs a) to come home for a few months (depressurize), and b) stay there for at least a few years, since he seems so far gone in his bitterness to give it a fair shake again. Many of his gripes arise from social issues regarding his differences (vegetarianism, his unfortunate allergy to alcohol), particularly in a professional social setting.
Bad news though: that's true most everywhere. In many corporate dinners in this country, being a vegetarian gets you all sorts of weird looks (going to a steakhouse and ordering a salad?). While his distinguishing features are obviously more acceptable here (tautological, since he's writing from a US perspective), I hesitate to believe our businesspeople are paragons of tolerance (just think of all the ways to blow a professional interview. Most have nothing to do with substance).
This isn't to say his article is completely baseless; I would likely agree with the part on smoking. At the very least, parts of it are entertaining, the segment on 'mistress bars' had me laughing out loud and got me wanting to get into theatre again (this kind of human-interaction 'market failure' is what makes life worth living).
But many of his points, namely the cultural artifacts (music, comedy) are so bad they merit further discussion. First off, when is it ever a good idea to criticize how 'smart' popular media is, and derive cultural judgment on it? Especially when you're from here?
Complaining about comedy being all about 'catch phrases' ignores too many lame catchphrases that got too trendy here. I've heard "I'm Rick James, bitch!" way too many times to ever find it funny.
Speaking more broadly, other cultures find other things funny (this is the basis of the Bumblebee Man character on The Simpsons). This shouldn't be surprising, since (by definition) other cultures live differently than you do. So complaining that a stand-up comic doesn't want to joke about masturbation (like they do here) tells us more about you (expecting to find things funny to you, somewhere else) than it does strengthen your argument.
Add this to the contradictions ("the stereotyping" is a gripe of his, after saying he hates people fitting an "everybody's uncle" stereotype, among others) and punitive tone (he digs a lot on an ex-girlfriend he had there) make this another Rick Santelli rant: entertaining, angry, and wrong. Like the Santelli rant, you only hope (but know otherwise) that people are smart enough to not believe it.
(usual disclaimer: I'm not arguing for moral relativism, or universal acceptance of all cultures. There are many legitimate issues that can and should be soberly addressed. The Kotaku author makes very few of them, and makes them poorly.)
Edit: The comments refer to the last five paragraphs ("Can Videogames Make Us Better People?") as the "real" article. I would recommend reading it. My commentary is the same: the rules he complains about exist here too, you just don't see them as starkly since you're from here.
I love memes, but haven't produced any of my own. In light of this awful, awful late night coding, as well as the newest episode of Burn Notice, here's a quickie:
When I was about 6, I told my mom I wanted to be a garbageman when I grew up. I mostly just liked the truck, and hanging from the side of it while it drove from house to house.
Garbage collection still fascinates me. I found this talk on Ruby's garbage collector of great interest. While we program with abstractions to make application development easier, the sad fact is that it still helps you avoid shooting yourself in the foot to know how your languages features are being implemented. Even if it didn't, wouldn't you be curious?
This is also a great example of a poor (or simply inflexible) design choice having major consequences down the road. In the talk they explain how Ruby's conservative, stop-the-world mark and sweep collector can't really be replaced by other, more efficient collectors due to the representation of objects. Personally, I'm partial to generational stop-and-copy's; but it only showed up in the talk as an impossibility. The best they could do was curb their lame mark-and-sweep (also Python uses reference counting lol).
I dropped a lot of jargon there; for any curious folk, I can explain what they mean in a later post ^_^ I'll spend the remainder of this one talking about another Ruby feature whose underlying implementation destroyed my algorithm.
---
Ruby is one of the few languages to support continuations out-of-the-box (in Ruby 1.8 anyways, in 1.9 you have to 'require continuation'). The presence of continuations are a sign of flair: when a designer has worked to put it in the language (Matz called it the hardest language feature of Ruby to implement) they are pretty much telling you they are committed to writing a flexible, powerful language that lets the programmer do whatever they want. Naturally, when I see a use for them, I use them.
Kent Dybvig shows us that continuations can be implemented to be very efficient. Unfortunately in Ruby, they aren't: like the GC, continuations are implemented in about the most bare-bones way possible. In Ruby, they implement a continuation by copying the entire program stack in its current state and storing it elsewhere. When you call the continuation, they copy back the old stack over the current one.
Here's the problem: I wrote a program to push the current continuation onto a stack before every call to the recursion. The idea was to use the continuations to keep track of backtracking over several parameters, and the stack meant you would only call as many as you needed.
The problem was, every recursive call increased the size of the stack, since Ruby doesn't support tail-call optimization. So at every recursive call, you would copy over the entire stack somewhere in memory, augment it, and recur. DEATH!
Needless to say, I found another solution. But this was another example of how the implementation of a feature can make the feature usable or not. Had I implemented the same algorithm in Dybvig's Chez Scheme, with both tail-calls and efficient continuations, this algo would have sailed. --- Coming back full circle, there was a time when I considered peeking into the Ruby source and forking it to support Dybvig's stack frame model (gutting the whole language primarily to support... continuations?). Looking at the object representation from the GC talk though, it's probably much harder than I imagined ^_^.
For two years I was a UTA for our department's Introduction to Security course, and my current roommate is the current Head TA. So when a friend was looking for someone to perform a security audit on his web application, he called my roommate, who called me in as his surgeon's assistant. Here's what we found:
Dictionary Attack
Anytime you have a problem in computing, there's always a 'dumb way to do it,' which normally involves checking every possibility. Remember being a kid and asking someone to guess your birthday? The first thing they ask is 'What month is it in?' Suppose you say 'August.'
A dictionary attack is the kid who closes his eyes and says "August 1st August 2nd August 3rd August 4th August 5th..." (and ruins the game).
The idea is this: if you want to guess someone's password, try every value it could be. You do this by trying to log in as them with every password, and you stop when one of them works.
Sounds dumb? It is, but never underestimate a fast, dumb computer. After all, it worked against Twitter.
The attack is called a Dictionary attack because the idea is that you try someone's e-mail address with every word in the dictionary. A simple dictionary (one I used for this) consists of the 500 most common passwords, a couple hundred first names, and an actual dictionary (the puzzle links to a text file). Since most people use real words as their passwords, there's a good chance you'll stumble upon the correct one.
To stop this, you have a few options:
Create a delay after some failed attempts, and report the behavior to an admin. So if someone messes up their password 3 times, make them wait 15 minutes. Another 3, make them wait an hour, etc. This slows down your opponent, and makes you aware of suspicious activity.
Demand strong passwords. We all get annoyed having to mix numbers and letters (one of the most common passwords is 'password1', the most common is '123456'), but it helps your security, since you won't find 'h4ll0MRP3ANut' in a dictionary.
Keep track of your requests, and stop trolls. This is a similar tactic to a DoS, but keep track of where people are logging in from. If you have 100 failed logins in 1 minute from IP Address 113.154.2.110, stop letting them try to connect (again, at least for a day or two).
File Upload
Most web applications let you upload files to share, or view online. There was once an artist who bound his book with sandpaper so that shelving and re-shelving it would destroy the books next to it. That bookshelf is your application, and that book is the other exploit we found.
The site in question had a file upload feature, so we uploaded an executable file that would run whatever command we fed it on the computer where it resided (in this case, the company server). As soon as we 'viewed' the document, it would execute. So a command like
Will find a configuration file, and find all the passwords in it (most web frameworks have contain a file).
The fix to this one is simple: don't let users upload any type of file your server might execute (unless, of course, you're a code hosting site, in which case you don't need to be told about this).
----
Security isn't the way movies make it out to be: most hacks aren't mathematical or cryptographic breaks, and they're never as dramatic. The brilliance in the best ones is that they're so simple. Most security holes are little leaks in the way software gets written, or more usually (like weak passwords) flaws in predictable human behavior.
Posts
