Wednesday, November 28, 2007
Sunday, November 11, 2007
I think you may find these videos interesting as well (to put it mildly).
Check out his website at http://www.philinthecircle.com/.
Monday, November 05, 2007
Soon, staples won’t just keep papers together—they’ll make sure you keep them, period. As RFID tags shrink in price and size, Swingline wants to embed them in staples so that lost documents can radio their location to a tracking device.
Saturday, November 03, 2007
I clicked on the next video that was supposed to be an ad looking for Software and Software QA Engineers. Obviously, it's a total joke. But a funny one. (Wait for Sundeep Patel [or however his name is spelled] who claims (about 2:05 into the video) that "Yesterday I singlehandedly reduced indexing time 25.44 percent.")
Or . . . maybe this is no joke at all. Maybe Xobni's foray into offbeat videos on YouTube is an absolutely brilliant ploy to find exactly the kinds of employees it wants. . . .
I visited again and found myself entranced once more with a discussion of Security Practices Gone Wild. First in the original post but perhaps even more by the comments made as a result of the post. Amazing what computer programmers have to deal with . . . and the kinds of things, then, that they think about.
To get you started, let me quote from the original post:
It's common knowledge that a security system is only as effective as its weakest point. You can install a reinforced steel door with a two-phase palm-print/retinal-scan entry to protect your home, but if you leave a first-floor window open, you're more vulnerable than your neighbor with a simple deadbolt. One of Nate's clients learned this lesson first hand with its e-commerce Web site. The operation didn't involve terribly sensitive data: there were no bank accounts, no Social Security numbers, nor even any credit card numbers. Pre-approved customers would simply sign in and place their orders. Accounts payable and fulfillment would take it from there.Enjoy!
Yet the Web site painted a different picture, featuring two-factor authentication, encrypted databases and a giant padlock graphic advertising "secure."
Before Nate's team arrived, hacking the Web site proved to be about as difficult as entering a house through an open, ground-floor window. The original developers managed to implement virtually every type of vulnerability:
Every time the Web site was hacked, the original developers insisted it was an infrastructure problem. They had the company buy a secure certificate. Then they added a separate database server. Then they installed a firewall to put between the servers. Then an intrusion detection server. And so on. Still, hackers waltzed right in.
- Query String Replacement. Users could (and did) fiddle with the URL in the address bar (for example, changing "/viewOrder.asp?OrderNumber= 80023" to "/viewOrder.asp?OrderNumber= 80024") to view other customer's data.
- SQL Injection. By using single-quote characters, attackers were able to easily "inject" SQL code. For example, typing "' OR '' = '" in the Password textbox would result in a query that asked for users "WHERE Password='' OR '' = ''." Because an empty string ('') is always equal to itself, this would always return a user.
Eventually, the company decided that enough was enough and hired Nate and his team to remediate the problems. But his hands were tied as the client insisted on dictating security requirements. And dictate they did. . . .
. . . Oh. I posted this partially to "explain" how I got to Spamusement.com (see my post directly beneath this one). --One of the respondents said the proposed security measures everyone was talking about reminded him of this "Security Issues" cartoon.
I'm astonished: I've looked at 29 cartoons so far--just clicking on the buttons beneath whatever cartoon I'm viewing at the moment: all the cartoons have been "clean" . . . even though quite a number of them have been based on gross subject lines--where the language alone makes you cringe, expecting a perverse cartoon.
If you can handle the language of the subject lines, based on my experience so far, I expect you will find the cartoons themselves at least non-offensive, and, more probably, hilarious. . . . A good example: "s*xy baby and bad erection?"
--Somehow, I appreciate the fact that the cartoonist is making fun of people whose "business" really is perverse.
Friday, November 02, 2007
I received it from my brother who is founding president of the International Christian Technologists Association.
Anyway. Once more: please go to http://2007.weblogawards.org/polls/best-science-blog-1.php and vote for Climate Audit for "Best Science Blog."
Right now, the 2007 Best Weblog Contest is going on. Ten blogs in each of a number of categories. One category is science.
An underdog blog is the mouthpiece for a guy who, on his own dime, is working hard to see better scientific work done on the challenge of climate change. Leslie and I [that's my brother and his wife--JAH] have enjoyed helping a bit in our spare time.
Last year's contest (in the science arena) was won by 4000 votes -- and voters are allowed to vote every 24 hours for a week. (The last day of voting is Nov 7... it's already well under way.)
The great blog: http://www.climateaudit.org/
Climate Audit is by Steve McIntyre -- the guy who demonstrated errors in the "hockey stick" graph for Global Warming -- a graph created using such bad math that almost *any* data set -- even plain noise! -- will generate hockey sticks. (Steve also proved that the NASA scientist (Mann) at fault KNEW his method was bad: Mann denied he had done a particular statistical test for spurious data... yet Steve discovered Mann had an analysis hidden away in a "CENSORED" folder...with exactly the analysis Mann denied having done!)
Steve is also the guy who recently proved errors in NASA's "revisionist" temperature history, forcing them to update their data. (Yes -- today is not warmer because it was measured warmer. Today is "warmer" because they keep revising OLD temperatures DOWNWARD. I'm not kidding.)
Steve is the guy who keeps highlighting unbelievable practices among climate scientists. Practices that, despite the nasty things said about him, are slowly but surely causing the rest of the scientific community to wake up. For example, this is an actual quote, in print, from a leading climate scientist:...this does not mean that one could not improve a chronology by reducing the number of series used if the purpose of removing samples is to enhance a desired signal. The ability to pick and choose which samples to use is an advantage unique to dendroclimatology.
Oh, yes: these guys literally believe that data that doesn't fit their hypothesis can be TOSSED OUT! (Earliest post on the theme: http://www.climateaudit.org/?m=200509 -- search for "A quote from Esper." It's been used more often since then, and picked up elsewhere.)
THAT is actually one key reason Leslie and I helped collect new data up near Pike's Peak.
The claim has been consistently made that Trees tell a temperature story of global warming. And that it's too hard, too expensive for the Boulderites to go back up and update the data (last collected in 1984.) Yet we'd been hearing rumors that maybe all was not well. So, based on Steve's Starbucks hypothesis (can a team start at Starbucks in the morning, collect tree ring samples and be back in time for dinner?), we went on our adventure. And proved his hypothesis right.
Photo Gallery, by the way: http://picasaweb.google.com/Almagre.Bristlecones.2007
Some of the story (google Almagre climate audit and you'll get more than you want to know)... http://www.climateaudit.org/?p=2189