Month: April 2004

Are you getting less spam lately?

I don't know about others, but I noticed a sudden drop in the number of spams I receive daily starting last week.  I used to get 600 to 1000 spams per day every day but now I am getting 150 to 250 per day.  First I thought there might be some spammers' convention going on but now I think the news of this spammer crack down might have been leaked ahead and froze at least the US spammers.  Are others seeing the similar drop in spams or did I somehow drop out of must-spam-this-guy list?

Lua 5

If you need a small yet fast embeddable scripting language engine, check out Lua.  Lua 5 now has a formidable array of tools and libraries you can choose from and there is also a Lua wiki.  Lua syntax is slightly funky but similar to Python.  Yes, it handles COM just fine so you can use it inside an ATL/WTL module (i.e. IE or shell extensions) to easily manipulate COM objects without writing a lot of duplicate code one has to write when using COM.  LuaPlus is a variation worth looking at also.

How to fold a T-shirt in 2 seconds

Some of you probably have seen this my wife showed me this video that has been going around among Korean-American mothers: a Chinese video showing how to fold a T-shirt in 2 seconds.  The technique works for long sleeve shirts too but takes a couple of seconds longer.  Although I am pretty much a typical male chauvinist pig when it comes to house chores, this video was so amazing it actually made me want to fold some T-shirts!  Wow.

Too much flexibility

Hanni at BileBlog occasionally hits the nail and this time it's his rant against the flexibility fetish rampant among Java programmers.  I suspect it was their obsession with the Design Pattern that lead Java programmers down this path.  Design Pattern is a useful tool but you can hurt yourself if you pull on it too much.

Being able to mold and fuse everything in your software is good, but such flexibility isn't useful if it isn't actually used.  I seriously doubt if more than 10% of all the extra flexibilities and abstractions being built into Java software are ever used.  All that 'fat' makes the software bigger, slower, and more difficult to understand.

Dive into any popular open source Java code and you'll see lots of design pattern artifacts like Factories, Adaptors, Managers, and Observers most of which has only one or a couple of implementations.  These sort of habitual abstraction often forces late comers to get lost in the abstractions to understand process and data flow.

I think the best example of flexibility is the mammal skeleton structure because flexibilities are like joints, points that can bend.  Joints in our bodies don't bend in all directions.  They also exist only where it's really needed.  Each joint has cost associated with it so if the benefits don't outweight the cost of having a joint a a certain location, it shouldn't be there.

Evolution doesn't happen in anticipation; it happens in real time.  Don't add flexibility in anticipation, but add it when you actually need it, where you need it, and no more than what you need.  Based on my experience, I would add that real flexibility comes from preventing assumptions from leaking across component boundaries.  Limiting surface areas between components will help in reducing the chance of such leaks.

Bloom Filters

Recent posts about LOAF, which uses Bloom filter, created a small surge of discussion about bloom filters, most notable being the Using Bloom Filters article at Perl.com by Maciej Ceglowski whom I like to remember as the fish guy (visit his blog to see why).

I went fishing for some bloom filter code but couldn't find a general library in either Java or C++.  There was one for Perl but…  Anyhow, it's probably because there isn't much code needed.  Most of the Bloom filter works is finetuning the parameters and choosing the right hashing function so it doesn't really matter.

Beside Maciej's article, I found these pages useful:

BF is pretty simple stuff but useful in many areas.  I am thinking of using it to detect 'access devices' (user name, password, SSN, credit card numbers, etc.) being submitted translucently (translucent as in Translucent Database) so I can throw up a dialog warning to the user.

Early Summer Flowers

Is it summer or late spring?  It sure feels like summer here in the Bay Area.  Anyhow, Steve Kirks shot his azalea for me, so I thought I should send him some of my flowers.  I guess Tim Bray is too busy with his new job to take snapshots of his lawn.

I am rather embarrased to admit that I have no idea what this flower growing in my backyard is.  The tag got lost you see and my head being filled with essentials like Boo leaves little room for flower names other than simple ones like the rose and the sunflower.  It's the same with wine names so all I can manage is 'I'll have the, er, red.'

Security Quotables

These are just catchy sentences floating in my head so I thought I should dump them here:

Best way to remove a threat is to make it worse.

Best way to protect a secret is to not have it.

If you don't know it, you don't have it.

Protection most appreciated is visible protection.

Invisible protection makes users more gullible.

Security is a scaaary business, Right Boo?

I am iffy about the 'best' part but they sound better than 'one of the' so there.  'Boo' is a god that looks like a hamster from the game Baldur's Gate.  Go For The Eyes Boo, Go For The Eyes!

Zombies at Starbucks

This particularly ghoulish scene from the movie Security Scenarios from Hell has three actors: WiFi, Zombies, and Spyware.

Perils of WiFi are well known and well publicized (i.e. Wireless Networks are in Big Trouble, a classic Wired from 2001).  If you are a geek, here is a more technical version of the same from Security-Forums.com.  While the perils were preached before their subjects have, WiFi is now commonly available which means those perils are now common as well.

Zombies are also well publicized.  Typically, they are poorly protected servers or home PCs with broadbands which are hijacked by hackers, supposedly even traded like Yu-Ki-Oh cards in the hacker community, and used to increase scalability to their attacks and to reduce likelyness of capture.

Spyware is software running on desktops that monitors user activities and report back to it's master.  Most of them are just privacy violators, some are used for more sinister purpose and are called trojans.  Earthlink recently claimed that PCs had, on the average, 28 spyware installed.  While I think the claim is over-hyped to fit their agenda, spyware is nonetheless common place and it's not difficult to place one on anyone's compure.  If your PC is more than six months old, chances are that there were plenty of opportunities for hackers to seed it with spyware.

So here is the scene: imagine a new class of spyware that monitors wireless network packets using code from these open source wiretapping tools.  AirSnort and one of the ARP poisoning packages should be enough.  Now imagine this spyware being delivered to laptops with WiFi cards that supports features AirSnort needs.  The laptop just became a new kind of zombie, which I call wireless zombie, that only wakes up when the WiFi card is used.

All that is missing from the scene is the stage: a WiFi hotspot like Starbucks.  The laptop owner sits in a corner and access the Net through the WiFi, it could even be someone like me writing this very blog post.  The spyware wakes up and starts monitoring the wireless traffic looking for passwords and credit card numbers.  If very strong encryption is used, wireless zombies can form a global grid and split up the work of cracking encryption keys.  Once a month, the zombies reports back to their master via USENET posts.

This Zombies at Starbucks scenario is particularly nasty because the potential number of compromises is just staggering.  Maybe the FCC will have to dictate higher level of standards and send out a warning that helps WiFi users detect wireless zombies by the unusual fan activities triggered by the zombie grid working overtime.

National Virus Defense System

Got up at 2pm after 14 hours of sleep to make up for 30 hours of demo preparation.  I feel rested but it's the kind of restful feeling one gets lying on the asphalt and lookup at the blue sky after getting hit by a truck.  I never been in such an accident but I was in a head-on motocycle collision when I was young and found myself in a slow-mo flying through the air scene.  I think the middle and the end part of an accident is a very tranquile place to be.  No pain, no fear, just watching things happen.  Weird.

One of the first news item I read was this Wired piece on the national missile defense system which prompted me to wonder if we'll ever have a national virus defense system along with virus tax levied against companies whose vulnerabilities are used by virus found at the 'wall'.  E-commerce tax is not popular among netizens, but I think taxing to improve the Net and to encourage better software and services might find more favorable support among netizens.

What is wrong with blogosphere

The problem with blogosphere is that it's all too personal, particularly at the ozone layer.  I like practically everyone in it but often it's difficult to post things without giving off unintended bad vibes.  When I have an opinion, I have to say it like I have to fart when I have gas.  But letting one loose can cloud up the room and you know that blogosphere is a really big room where you can't pretend it's someone else.

While some might deny it or might not even be aware of it, there are definitely cliques to which people and even companies belong to or are associated with by themselves or by others.  When I say something negative about something one of them did, I am doing so as if I would offer an advice to a friend, but it's often seen as if I am attacking the clique as a whole.  Even worse, I feel as if I did.