Warrior Tang's Journal
[Most Recent Entries]
[Calendar View]
[Friends]
Below are the 20 most recent journal entries recorded in
Warrior Tang's LiveJournal:
[ << Previous 20 ]
| Thursday, May 15th, 2008 | | 9:19 pm |
| | Wednesday, May 14th, 2008 | | 10:31 pm |
| | 11:32 am |
Oh, the irony. Me, about two weeks ago back when I got my new computer, Skelisle:
Today, the main motivator for not building my own computer is to save money. [...] For price and reliability, it is better to go with a branded mass-market machine even if it is a brand I have never heard of. "Enpower"? "PC Club"? Whatever they call it, the specs are nice and if it doesn't work then there is a building in town for me to take it back to.
Today, via Digg and HardOCP:
We are sad to announce that PC Club and Clubit are now closed.
Well. What's there to say about that? At least I got a good spec'd machine at a good price. I was wondering how they could possibly stay in business selling it at the price they did. Current Mood: amusedCurrent Music: The Offspring - Pay the Man | | Tuesday, May 6th, 2008 | | 6:40 pm |
Good article on cracked.com Cracked is intellectually stimulating today with an article on 5 Psychological Experiments That Prove Humanity is Doomed. They go over the Asch Conformity Experiment, the Darley-Batson Good Samaritan Experiment, the Latane-Darley Bystander Apathy Experiment, the Stanford Prison Experiment, and the Milgram electric shock experiment. Definitely worth a read if there are any on the list that you hadn't heard of. Current Mood: impressedCurrent Music: Run Run Run - Song and Dance | | 9:21 am |
| | Saturday, May 3rd, 2008 | | 10:59 am |
Hungry geese Funny scene by the SSU duck pond: A woman was throwing breadcrumbs into the water for two Canadian geese. The geese either could not see the crumbs or were not interested in anything that small, so they just sat there honking. After some time, a few mallard ducklings came across from the other side of the pond and went to work on the crumbs. The geese just sat there and went honk, honk, honk, where the fuck is the food? Current Mood: amusedCurrent Music: Pink Floyd - Time | | Friday, May 2nd, 2008 | | 9:59 pm |
Website debugging Today I flattened three bugs that have been troubling my cs370 team's project website. First, the case of the disappearing form tag. We had a few input forms on the page that work if you are logged out, but not if you are logged in. CSS styles set on the form also stop working. In the latter case, the form tag is visible in "View Source" but not the Firefox DOM Inspector. The DOM Inspector shows form's contents being moved up to its parent container. The form tag itself simply vanished. The login/logout system itself uses some nifty AJAX and additional javascripting to create, destroy, replace, and otherwise mangle the tags in the page. Given that Javascript is what changes a page's contents between the time you get what you see in View Source and the time you get what you see in DOM Inspector, this Javascript is the first place to check. It also had nothing to do with the problem. I turned Javascript off and the problem still happened. So what was it? Back when I built the login system, I was a little unsure as to whether I should wrap the login menu's form inside a styled div or style the form directly and forgo a containing div, and whether I should completely destroy the form if the user was logged in or just blank out its contents. Switching back and forth between these options left me with inconsistent logic and a branch where the form tag was not closed if the user was logged in. How does this break later forms? The simple answer is that you can't have a form inside another form. The more complex answer depends on how the browsers choose to handle the error, but I found it interesting that both Firefox and IE7 break in the same exact way. I wonder if this goes back to Mosaic or if there is something in the spec requiring this behaviour. The second bug was that dates were not being displayed correctly on the website. A little inspection showed that a teammate was using PHP's date() function with custom arguments and sending the resulting variable to mysql. SQL requires that dates be in one of a few specific formats for insert, and that wasn't one of them. The problem with the website was that dates were being read in (and later displayed) as garbage data. I changed the PHP to call mysql's CURDATE() function since that was what we really wanted. Easy fix. The third bug was that several include()able components were accessed through relative paths, and a teammate started making files in a different directory. When they tried to access the components, the relative paths broke. In addition to making paths absolute, PHP has a nice way of solving this kind of problem: set_include_path(get_include_path() . PATH_SEPARATOR . "/path/to/those/include/files"); Of course, this does nothing for client-requested files (js and css). Paths to them need to be absolute from the website root. Current Mood: blahCurrent Music: Collective Soul - December | | Sunday, April 27th, 2008 | | 8:16 pm |
Skelisle Thera up and died. New computer is Skelisle which will be a dual-boot XP and Ubuntu system.
( Cut for computery stuff )
Dear Lazyweb:
Way back in the day, I would keep a list of freeware programs to install
on a Windows system. As I recall, the list included K-Meleon 0.5. I am a
little behind the times in my knowledge of useful Windows stuff. Recommend
things for me. I already know about PuTTY, Firefox, OpenOffice, and most
Unixy stuff worth running that has been ported to Windows. Here are some
things that I have already installed:
- Free ext2&3fs driver for Windows.
Nice; the last time I checked, ext2 drivers cost money. I could not copy
a directory on a click-and-drag, however. It also needed reinstalling after
I repartitioned my Linux drive.
- xxcopy, because neither
click-and-drag or xcopy would copy over my files from the ext3 partition.
- Foobar2000 music player. I googled
Windows media players to see if anything changed since WinAmp was the hot thing
ten years ago, and found this page from a few years back recommending it.
I am particularly interested in debugging and system management tools
and general "check this shit out" niftyness like SysInternals.
Current Mood: busyCurrent Music: Run Run Run - Song and Dance | | Friday, April 25th, 2008 | | 5:27 pm |
The Syrian reactor The US released a video showing that the curious Syrian facility bombed by Israel last year was a nuclear plant. There's a twelve minute video on that page that is a lot more convincing than Colin Powell's presentation at the UN. Then again, I know jack about nuclear reactors. Nick, Aris, care to comment? The video has pictures of the thing during its construction. This explains why there has been so little information about the site -- releasing these images could get someone killed if Syria can find out who might have taken the photos. It is good to see the US still practicing old-fashioned human intelligence. The United Nations has quickly responded to the new information by condemning the US and Israel for bombing the site. Add that to the list of reasons why they cannot be taken seriously anymore. Current Mood: contemplativeCurrent Music: The Cure - The Same Deep Water As You | | Sunday, April 20th, 2008 | | 11:40 am |
Javascript session management Nifty hack: Javascript-based session management that takes advantage of the fact that browsers allow a few megs of allocation in the no-longer-used window.name property. Current Mood: blahCurrent Music: Jefferson Airplane - White Rabbit | | Saturday, April 19th, 2008 | | 3:58 pm |
Flash NULL pointer exploit Time to update your Flash viewer. What's more interesting, the paper detailing the exploit also outlines a way of exploiting unchecked failed memory allocations. In short, make the program reference NULL + a valid address. Even more interesting is how the paper's author jumped through a lot of hoops to get his exploit to work. Go to that slashdot post and read some of the links that explain it all. Interesting stuff. Current Mood: contemplativeCurrent Music: The Rolling Stones - Gimme Shelter | | Wednesday, April 16th, 2008 | | 3:08 pm |
| | Monday, April 14th, 2008 | | 1:04 pm |
| | Saturday, April 12th, 2008 | | 4:40 pm |
Meme of the nonce: Antisemitism 2.0 Worth reading: Two articles using the term "Antisemitism 2.0" to note the growing power and prevalence of antisemitism on the social web, from Jewish Week magazine and the Jerusalem Center for Public Affairs. There are a few logical flaws in the latter article but the main points are well laid out. Current Mood: discontentCurrent Music: The Flaming Lips - Race for the Prize | | Friday, April 11th, 2008 | | 7:44 am |
| | Wednesday, April 9th, 2008 | | 9:11 am |
Cross-site request forgery The other day I surfed upon News Fight, a website that tracks Digg submissions based on their origin on liberal or right-wing blogs and scores how successful the Digg political communities are at getting their stories on the front page. Fun! Nifty! And this site could tell whether I had personally dugg or buried a story! Wait... WTF?!!!
Yeah, that's a security issue. Some random site should not be able to tell what user I am and what I do on another site. I remember Netscape people swearing cookies are safe and they fixed this sort of thing back in the '90s. Apparently it broke again.
If I'm not mistaken, this is an example of Cross-Site Request Forgery. CSRF is similar to Cross Site Scripting (XSS) except it does not require malicious injection of code into the target website.
Here's the simple version of CSRF. You are logged into site A which is a complex site with user accounts and authentication and everything. In another tab, you visit site B. Some wanker posted code on site B that will access something on site A, like <image src="http://site_A/foobar.php?action=whatever"/> or some javascript calling an XMLHttpRequest. Your browser then sends the request to site A, which thinks the request came from your legitimately logged-in session in the other tab.
The difference between CSRF and the old "let's change the arguments to this guy's CGI and see what happens" is that the HTTP request is initiated by someone else's browser and takes advantage of an open session that the victim has on the target web site.
In the case of News Fight it probably just pulls down an image from Digg, but the same technique can make your browser pass variables to a backend script on an arbitrary website you are logged in to for some nefarious purpose.
The situation of Digg is more interesting because CSRF is a useful feature for that site. Ever seen those "Digg This" links on some blogs? It's nice to be able to click a button on the blog and automatically Digg the story from there.
Links for more information on CSRF:
Current Mood: contemplativeCurrent Music: Laziest Men on Mars - AYBABTU | | Tuesday, April 8th, 2008 | | 5:26 pm |
Does Silverthorne Suck? There has been a lot of hype for the upcoming Intel Atom processors, formerly known by their code names Silverthorne and Diamondville. It is hard not to get caught up in the hype by the chip's power requirements and the story of its design: by streamlining a lot of features out of the chip and going back to basics with the design, they were able to get a CPU up to a respectable number of GHz while drawing under five watts of power.
Actual performance numbers have been hard to come by. This is important because the number of GHz is only useful when comparing chips with a similar design and similar efficiency. Intel customers recently saw this when Intel released a 1.6GHz "Pentium" chip with the Allendale architecture that ran as well in SPEC benchmarks as the older 3.0GHz "Pentium" chip. When a new chip's design is said to be notably different from everything else out there, especially when they talk about trimming features to save power consumption, you need more than the clock speed to know how the chip performs.
Here is a claimed Silverthorne benchmark taken at CeBIT. It's auf Deutsche and die Fische does not help, but there is a pretty graph to look at. Smaller numbers are better since it lists the time needed to complete a task. The results are not good for Silverthorne; it shows a 1.6GHz Atom being outperformed by a 900MHz Celeron Dothan. The three-year-old Celery chip completed the benchmark 20 seconds faster than the Silverthorne, 88 seconds to 108, while running at just over half the clock rate. The 1.6GHz Silverthorne barely outperforms a seven-year-old 1.1GHz Pentium 3. As would be expected, the more recent and higher powered chips smoke them all.
Of course, there are many things to be said in Silverthorne's defense. This is only one benchmark, and a better review would include several different benchmarks because different chips perform differently when asked to perform different tasks (example). More notably, the Silverthorne draws far, far less power than any of the other chips to get the results it does. If watts are more important to you than CPU time and you can accept turn-of-the-century processor speeds, then the Silverthorne is a good deal.
It must also be noted that Intel has been advertising Silverthorne for mobile devices and small laptops. The idea of comparing it to desktop chips comes mostly from the trade press and eager hardware enthusiasts. Intel is positioning the Atom as a replacement for the A100 and A110 series chips. Never heard of them? That's because they weren't intended for the desktop market. Current Mood: contemplativeCurrent Music: Reel Big Fish - Beer | | Saturday, April 5th, 2008 | | 10:06 am |
| | Friday, April 4th, 2008 | | 9:34 am |
Et cetera Nifty linkage:
Some bloggerel:
Anime aficianado that I am, I checked out Cartoon Network's Saturday evening lineup for the first time in a while. I am disappointed. The centerpiece of the lineup is Naruto, which is merely a better drawn Dragon Ball Z. They still had One Piece, a fun action comedy, but the TV schedule says they are replacing it with something else, so we'll see how that is if I bother to stay up to watch it. The biggest portent of danger: a full hour of the evening lineup is used by Goosebumps, which is not a cartoon. I'm not going to comment on the quality of the show, which is a kid-oriented version of Amazing Stories or Tales from the Crypt, just the fact that it's not a cartoon. If the heads of the network want to make a kids' channel that mixes cartoons and live action, let them make a separate kids' channel. I don't want the Cartoon Network to end up like Music Television (no music videos), Video Hits 1 (ditto), The Learning Channel (Paris Hilton 24/7), or the cable news channels (no news).
The best shows on Cartoon Network are Codename: Kids Next Door and Johnny Test, neither of which is in the Saturday evening timeslot. Kids Next Door is an action comedy with imaginative plots and James Bondian gadgetry, while Johnny Test is Dexter's Lab turned upside-down with lots of zingers in the writing. Courage the Cowardly Dog isn't bad either. Everything else is forgettable. Current Mood: blahCurrent Music: Laziest Men on Mars - AYBABTU | | Wednesday, April 2nd, 2008 | | 10:26 am |
Ironically, it's one of the better offers I've seen ( LJ-cut because it's long... ) Current Mood: amusedCurrent Music: Stone Temple Pilots - Naked Sunday |
[ << Previous 20 ]
|