Return of the Dog Shit Girl

Apparently my Dog Shit Girl (DSG hereafter) post resurfaced on the blogosphere and comments are snowballing. Well, this proves that she won't be forgotten. As I wrote in one of my comments: attention cuts, retention bleeds.


Apparently the resurfacing was due to being mentioned on Fark. Go check out the massive pile of comments and pictures gathered there. The funny thing is that they are fascinated by her middlefinger just like Korean netizens were.

Farkers have clicked on the above link 34528 times.
Oy. That's a lot of farking around. – Don Fark.
And here is the Technorati link for BoingBoing mention. I guess Mark doesn't subscribe but reads Fark.

Comment on Microsoft Embracing RSS

Others have already discussed this news into realms of fantasy and paranoia so I'll just point out one aspect I think no one has addressed yet: security.

Blogging and syndicated data technologies in general have yet to fully test the fires of hostile computing world. As their prime time nears, they will be subject to abuse and exploitation.

For example, the primary mechanism behind podcast, RSS enclosure, can be used to deliver worms and worse to the desktops. If there are any vulnerabilities in iPod (or any MP3 player hooked up to podcast sync client) codec, then podcasting is a good way to deliver overflow inducing content.

While some might consider social networking aspect of blogging and syndicated data as enhancing security, I see it more as a potential problem because I think trust itself is a primary source of vulnerability.

If you subscribe to 1000 feeds, you are hanging on a chain with 1000 links. Each of those 1000 links (feeds) are potential targets for hackers to attack to gain control over its content. All they need is one vulnerable feed hosting server to change what is delivered to your desktop. If you are using an insecure news client that pools news items from multiple sources, a hacker in control of Ponzi's Schemes feed (hi Ponzi :-)) will be able to send out posts that looks as if they came from the American Express feed.

Some of these problems are easy to fix, some are not. But it's difficult to fix them if you haven't thought about these issues and not many have so far because we were too busy enjoying the heat of creation and smelling the morning rose petals.

I think engineers at Microsoft who had more than their fair share of security-related criticisms will be able to help out in enumerating and addressing the security issues in blogging and syndicated technologies.

That's all.


FYI, this post is being slashdotted today. You can find their comments at Slashdot and AlterSlash. So far I am happy to see this blog withstand being Slashdoted and Farked at the same time. My fingers are still crossed though. Back to my work pile.

Biscuit – C++ recursive-descent parser framework

Biscuit is a C++ template-based recursive-descent that combines YARD and C++ Metaprogramming finite state machine to write, in C++, reasonably readable EBNF. While I suspect not all the kinks and bugs have been flushed out, I thought the project was interesting enough to keep an eye on.

For example, following EBNF grammar fragment:

group  ::= '(' expression ')'
factor ::= integer | group
term  ::= factor (('*' factor) | ('/' factor))*
expression ::= term (('+' term) | ('-' term))*

is written in biscuit like this:

struct expression ; // magic!
struct group  : seq< str<'('>, expression, str<')'> > { };
struct factor : or_< integer, group > { };
struct term  : seq< factor, star< or_< seq< str<'*'>, factor >, seq< str<'/'>, factor > > > > { };
struct expression : seq< term, star< or_< seq< str<'+'>, term >, seq< str<'-'>, term > >

And here is a XML comment micro-parser:

typedef seq<
  star_until< any, str<'*','/'> >
> c_comment;

which can be used like this:

if (match<c_comment>("/* hello, biscuit */")) {

If you are not attracted to the fatal beauty of C++ template programmng, nevermind.

Too Easy to Intervene

Read Billmon post on forewarnings we had about the Iraq invasion. The quote he ends with, in particular, hit me squarely:

The [Unified Quest] experience left a few, such as Adm. Bien, believing that the best course of action would have been not intervening at all. "We're developing a force that makes it almost too easy to intervene," says Adm. Bien. "I am concerned about America pounding herself out."

If we have to intervene, then the wisest thing to do might be to hit and run instead of staying around to fix what we destroyed. In other words, don't mix national security with politic, ideology, religion, economy, nor conscience.

P2P Supreme Court Ruling

While most of my collegues will disagree with today's P2P supreme court ruling and I fear the ruling will lead to abusive litigations by record labels, I can't bring myself to disagree with the judges in principle.

Most people used P2P services for illegal file-sharing. It would be silly to suggest that P2P tool vendors and service providers did not know about the ongoing illegal use of their tools and services. They were aware and turned the other way. Some of them even went further by introducing features that interfered with efforts record label companies made to directly prevent file sharing.

This doesn't mean that you are liable for every abuse of some well-intended software you released to the world. But you will be liable if you become aware and did not take reasonable steps to prevent abuse.

In the end, the choice is between destroying the music industry or stiffling a promising sector of the technology industry. Musicians have the power to create wonders for our ears. We the engineers have the power to turn their economic world upside down.

All the talk about how P2P can revolutionize the music industry and fairly reward musicians are just that, talk, because it's not their basket of eggs that is being threatened. If they are so sure, why don't they prove their wishful economic theory themselves instead of sitting on the sideline and yelling at record labels to jump across the chasm of uncertainty?

It is true that DRM solutions out there are terrible but IMHO that's OUR problem. We failed to come up with a more reasonable solution and commerical online music services failed to properly inform their customers on the limitations of the service they are providing. Frankly, I think they intentionally misrepresented the service they sold and profitted unfairly. Otherwise, people wouldn't have bought hundreds of songs through iTunes and they would have gotten upset when they switched machines.

We engineers cannot and should not escape our responsibilities with a few paragraphs of AS IS and IN NO EVENT SHALL [we] BE LIABLE. Power to create is not a license to unleash anything we can imagine into the world. Yes it will be stiffling, sometimes unbearably so. Can we prevail in the end? I think so. We are engineers after all.

BTW, here is the best interpretation of today's ruling I found.

Dell Order Cancellation Page

Where is the order cancellation link on Dell's order status page? I haven't been able to locate it anywhere. While I can understand why the link isn't there, I think they should be straight forward like most Texans are and put the link there for all to see instead of hiding it in some unautomated support forum or making people wait on the phone line.

If you need to cancel your Dell order, go to Dell order cancellation forum and post your order number.

Another gripe I have is that they make buyers cancel and reorder to change order. At the very least, they should have a box where buyers can enter the number of the order the new order is replacing.

Just discovered, a website that focuses on films, issues, people, and events that shape the film community in Korea. The best part is that everything is in English and most of the contributors are Korean film lovers from around the world. Superb if you are into Korean film and drama like I am.

Whidbey Blues

I played around with .NET 2.0 Beta 2 today, building a custom browser of sort. It was easy going at first but ran into a series of odd misbehaviors, incomprehensible features, and shortcomings. When I first ran into the Win32 API, more than a decade ago, it worked as I expected and the sea parted like butter at my command. Sweet. It was not so for this beta. VS 2005 was missing what I thought were crucial features too like being able to add an event handler by picking an event out of a list. Maybe I overlooked something or got too spoiled with Eclipse.

In short, it was promising but execution sucked and I am concerned that they just don't have their sh*t together. But then I realize that I have no business worrying about a closed IDE which will cost me an elbow.

Hey, Bill! I know it's crazy but I am already spoiled by a top quality FREE IDE. So why don't you just act crazy as well and forget about charging money for VS 2005? It's going to be shipping half-baked anyway. BTW, I've written a few IDEs before so I think I know what I am talking about. If you are having problem understanding what I am saying, just think of IDEs as browsers. It's the road into developer's heart. They'll choose .NET over Java if they are given a FREE developement environment that enables them to snap together what they have in their head faster than they can with notepad.