"Known Hole Aided T-Mobile Breach"

There have been a bunch of stories in the techie and gadget press lately about a security breach at T-Mobile. Wired News has an article that it all stemmed from a known hole in BEA's WebLogic application server that had been discovered 18 months before the suspect in the T-Mobile breach was arrested.

The lesson is obvious: patch your production systems.

"Can I Switch" marketing application idea

So as my nostalgia trip of a few days ago probably demonstrated, I'm more than a little tempted to get a mac. But, could I get by in with a mac in my non-mac work world? There are two ways to answer this question. I could just jump in and see, or I could identify all programs I'm now using at my job and do the appropriate web research to see what's available for the mac. I don't have the time or patience to do the research nor do I have the time just to jump in and try it now either.

There's a better way. And I think the marketing types at Apple should pester some of their techies to make it happen.

I want to install a new program on my work computer (running WinXP Pro) that will track every program I run for two weeks or so. At the end of that period it should report to me how much of what I ran is available under Mac OS X.

I've written more details on this, but some key points are that it can show alternatives even if the same program exists (e.g. Office), it must be open source, it must be honest about the mac capabilities (e.g. "program X will work for most users, but may not be compatible with a corporate server environment because of blah blah").

Of course, this might work to convince people to switch to a linux desktop as well, but the linux desktop has bigger issues to cover than just application compatibility.

My next keyboard?

Real Programmers don't need to look at the keys. So why not get a blank keyboard?

Geeky Friday: An Illustrated Guide to Cryptographic Hashes

Via Tiny Apps.org's blog, "An Illustrated Guide to Cryptographic Hashes". I've used md5sum directly to verify big downloads and I had a basic understanding of how hashes are used to store passwords in plain text files. The author addresses something I've wondered about: "it seems obvious that many input streams are available that can produce any given hash." (also known as a collision). He goes on:

If so, this seems to undermine the whole premise of cryptographic hashes until one learns that for industrial-strength hashes like MD5, nobody has found a collision yet (well, almost nobody, but we're getting to that) .

This astonishing fact is due to the astonishingly large number of possible hashes available: a 128-bit hash can have 3.4 x 10³⁸ possible values, which is:    340,282,366,920,938,463,463,374,607,431,768,211,456 possible hashes

Well, now it make more sense. Even though there are so many possible hashes, it takes some serious craftiness to make sure that the math to generate the hash values don't all cluster on a small percentage of those 3.4 x 10³⁸ values. Those mathematician types are pretty clever.

Google Cheat Sheet

Today I learned that not only does Google have a one page cheat sheet, but I also didn't know that you can search for synonyms (e.g. searching "~auto" will also find truck, car, etc) and you can search for words near each other (e.g. "red * blue" will find the words red and blue separated by exactly one word).

Nostalgia tripping

I just spent a half-hour sitting in front of Ika's Mac Mini, exploring the Xcode and InterfaceBuilder development tools. Xcode is the modern equivalent of the old NeXTStep ProjectBuilder tool (introduced in NeXTStep 3.0 in 1992), InterfaceBuilder is amazingly similar to the InterfaceBuilder which shipped with the first NeXT computer I ever played with, running NeXTStep 0.8 in 1989.

Pretty quickly I was able to put together a very simple GUI application for converting between Celsius and Fahrenheit. This was a first day exercise when I taught five-day NeXTStep bootcamps back in '93-'94.

Of course, some advancements have been made such as alignment guides within InterfaceBuilder. There are probably many more, but I didn't find them in my 30 minutes of play time. (I also had to get used to a one button mouse.)

"Do not fail your species"

Bork posted a link to My Little Golden Book About ZOGG. It sheds new light on why my children act the way they do sometimes.

Heavy metal umlaut and other scholarly topics

From an article in the Christian Science Monitor about Wikipedia's list of unusual articles which includes a discussion of the history and usage of the umlaut in heavy metal band names which is subsequently analyzed in a movie (flash) presenting a scholarly analysis of the evolution of this page.

How can people say the Internet is full of drivel?

Serialized Dickens (made two ways)

I learned in high school English that Charles Dickens' novels were published in weekly installments and I bemoaned the fact that he was paid by the word. Russ Beattie has brought this idea to the current day. His Mobdex site was originally created to distribute smaller chunks of novels to cell phones and other low-bandwidth mobile devices. More recently he has adapted this for RSS distribution. You can add a feed from a novel to your aggregator and get a new little bit every day. In addition to Dickens, Mobdex has many more authors and titles.

Take a look at the Discovering Dickens project at Stanford University for a different take on serialized Dickens. They are distributing reproductions of Dickens' Hard Times as it was originally published. You can download PDF files or you can actually have paper copies mailed to you. The site also has the PDFs for their past novels (A Tale of Two Cities (2004) and Great Expectations (2003)).