Alkahest my heroes have always died at the end

August 22, 2006

a small request of the NC-DOT

Filed under: Personal — cec @ 8:55 am

I have a small request to make of the NC-DOT, if there are accidents on the interstate at I-40 and I-540 which backs traffic up 10 miles to NC-751, can we please, please make use of the expensive electronic information signs on the interstate to warn people?  There’s a difference between a small traffic slowdown that you will soon get past and one that means you’ll be driving 5-10 miles at an average speed of 10-15 mph.

August 19, 2006

a sign of the apocalypse?

Filed under: Social — cec @ 12:29 pm

Hmm, someone should go check the “rapture index,” I’m about to link to an article at Cato Unbound – the Cato Institute’s Blog. Richard Rodriguez write’s a beautiful article regarding Mexican Immigrants, their coming to America and what the clash of cultures means to second and third generation Mexican-American immigrants.

The response article by Victor Davis Hanson, restores my belief in the general silliness of the Cato Institute. For example, Hanson notes:

Only six out of ten second-generation Mexican Americans on average graduate from high school in four years; and less than ten percent have a BA degree—the legacy not of racism or America’s “cold heart,?? but of millions arriving from Mexico without English, education, and legality.

Of course, this is not something of which to be ashamed. When put it context, it is actually an amazing achievement and a sign of incredible assimilation. It is difficult to get precise numbers on the average high school graduation rate in the U.S., however, studies range from 70% to 80%, with those on the high side showing greater than 6 in 10 graduation rates for hispanics. Likewise, only about 20-25% of americans have a bachelor’s degree.

Go read Richard Rodriguez’s article, feel free to avoid the other.

August 17, 2006

Friday, er, Thursday Snake Blogging

Filed under: Personal,Photography,Wildlife Rehab — cec @ 9:39 pm

img_1936_m.jpgTook the day off and spent most of it working on the snake terrarium. Watching him pace (hmm, that doesn’t seem like the right word for a snake) his cage today made me particularly sad and motivated me to get about 95% finished. He could actually move in now – the only things missing are the decorative frames around the side vents. Overall, I’m pretty happy with the terrarium. There are a number of things that I would do differently next time, but some things will definitely stay the same. For example, I used plexiglass for the front which made the whole thing significantly lighter. The plexiglass was about $20 more expensive but definitely worth it. And here’s the (near) finished terrarium. Next time I post about this, we’ll be completely done and have the snake moved in.

img_1931.jpgIn other snake news, K caught a picture of an eastern hog nose in its red phase in our front yard last week. S/he’s an absolutely beautiful snake. In case you can’t quite tell from the picture, the snake is extremely red at the front and it gradually fades to yeallow at the tail. Your science tidbit for the day: the eastern hog nose eats the occassional small mammal, but is particularly well adapted to eating frogs and toads. As you can imagine, the amphibians don’t like being eaten and have a tendency to inflate to prevent a snake from swallowing them. The eastern hog nose has its fangs in the upper back of its mouth. These fangs are used to paralyze and “deflate” a swollen frog to enable swallowing. The eastern hog nose apparently also plays dead if it can’t drive off predators. When it plays dead, it goes limp and sticks its tongue out – which, IIRC, is how I played dead when I was five.

August 15, 2006

frustrations (social security, not work)

Filed under: Social — cec @ 11:16 pm

Some days, I just can’t write about work frustrations. Not that I don’t want to or that I don’t think they’re interesting, just that it’s part and parcel of the whole confidentiality thing.

On days like today, it’s important to write about other frustrations (trust me on this). Today’s topic: scare tactics in government funded letters. I received my social security statement the other day and it has a lovely section on the front page entitled “About Social Security’s future…”

Social Security is a compact between generations. For more than 60 years, America has kept the promise of security for its workers and their families. But now, the Social Security system is facing serious future financial problems, and action is needed soon to make sure that the system is sound when today’s younger workers are ready for retirement.

Today there are almost 36 million Americans age 65 or older. Their Social Security retirement benefits are funded by today’s workers and their employers who jointly pay Social Security taxes – just as the money they paid into Social Security was used to pay benefits to those who retired before them. Unless action is taken soon to strengthen Social Security, in just 11 years we will begin paying more in benefits than we collect in taxes. Without changes, by 2040 the Social Security Trust Fund will be exhausted. By then, the number of Americans 65 or older is expected to have doubled. There won’t be enough younger people working to pay all of the benefits owed to those who are retiring. At that point, there will be enough money to pay only about 75 cents for each dollar of scheduled benefits. We will need to resolve these issues soon to make sure Social Security continues to provide a foundation of protection for future generations as it has done in the past.

There are no lies as pernicious as half truthes. And the statement above is full of them. I fully predict that we’ll see a new round of Social Security privatization er, personal accounts, er reform this spring. Not that much foresight is needed since the president and the republicans have already said as much. So just as an exercise in identifying half truthes, let’s take a look at the above. Here are the things I find:

  • “Unless action is taken” – actually, it was. A group led by Greenspan in the 80s under Reagan took action to create the trust fund. Essentially, we are all paying in more to Social Security right now in order to get us past the baby boomers
  • “in just 11 years we will begin paying more in benefits than we collect in taxes” – possibly true. The specific year depends on the growth in the US economy, but yes, we will eventually begin spending more than we take in. This is BY DESIGN – see above
  • “by 2040 the Social Security Trust Fund will be exhausted.” Keep in mind that every year, the Social Security Trustees produce a report to congress. The report presents 3 scenarios using pessimistic, reasonable and optimistic assumptions. The pessimistic scenario results in exhaustion by 2040. The reasonable and optimistic scenarios have the trust fund lasting INDEFINITELY. It takes very little economic growth (1.9% as compared to our historical 3.1+%) to make the trust fund last indefinitely.
  • “only about 74 cents for each dollar” – This could be true, but keep in mind that most of the proposed solutions involve paying LESS than 74% of scheduled benefits. So even in the worst case, we still might be better off under the current system.
  • finally, and not captured here, most privatization schemes require a robust stock market to pay benefits. *IF* we have a problem (i.e., less than 1.9% economic growth) then the stock market will be in the tank and won’t be able to make up the difference. You can’t get a poor economy and a strong stock market.

Do you see others?

August 14, 2006

things that make a security officer cry

Filed under: Security,Technical — cec @ 3:33 pm

I spent a lot of time last week looking at an application in order to assess its security. The thing that was troubling me was that this is a web application and the primary form for data entry was defined like:

form name=”foo” method=”post” action=””

This means that the nothing happens when you hit submit on the form – at least not in the html world. So, I took a closer look and found that each of the buttons (submit and clear) actually had a field “onclick=’doSomething();’” attribute.

Okay, so we’re dealing with javascript. I can handle that. I grab the included javascript file and realize that I’m dealing with something exceedingly strange. The whole script is one line long and contains very little valid javascript. Instead it contains what looks like a brief function, a ton of line noise and a bunch of words at the end that are delimited with pipes (|).

Since it’s my job to be paranoid, I think, “ah ha! someone has something they’re trying to hide.” It takes me a bit, but I realize that the java script is actually an eval function with a number of arguments. Poking at the arguments, I realize that one is the line noise, one is 62, one is an array of words and one is the number of items in that array. The code at the beginning basically unparses the whole thing. It breaks the line noise into tokens. The tokens are indicies into the array in base 62! Base 62 b/c you can use numbers and upper and lower case letters for each digit.

The code takes all of the tokens and replaces them with the word in the right position. It then runs an eval() of the whole thing. Armed with this, I alert() on the final command, only to find that the whole thing is a fairly simple client side validation and Ajax based POST. There’s absolutely nothing sensitive there!

*sigh*

Update:  spoke to the developer.  This wasn’t an attempt at obfuscation, it was actually a test of a program he downloaded that is supposed to be a javascript accelerator.  It accelerates by creating a smaller version of your javascript so it downloads faster!  Never mind that it then takes 5 seconds to unpack the stupid thing.  🙁

August 13, 2006

Memo to the left hand

Filed under: Funny,Personal — cec @ 6:01 pm

To the left hand:  It is clear that you no longer know what the right hand is doing.  This weekend’s “accidental” dremeling was eerily similar to the wood carving incident in grade school where a supposed “art project” resulted in losing a chunk of left index finger.  Combined with the great butcher knife massacre where we almost lost left thumb’s nail when it “supposedly” looked like a carrot, we have a pattern that can not be ignored.

These incidents will likely continue until we become the dominant hand and end the right hand reign of tyranny.  That is all.

August 12, 2006

Get your woodworking geek on

Filed under: Personal,Wildlife Rehab — cec @ 9:09 pm

Just so you don’t think that I’m just a computer and photography geek, I wanted to update folks on another project. As I’ve said before, my wife does wildlife rehabilitation and managed to get conned talked into taking home a boa constrictor. Since they’re not native, he couldn’t be released once he was patched up.

img_1930_m.jpgFor the past eight months, he’s been living in a smallish (75 gallon?) aquarium. Okay, that’s not really small unless you’re a 6.5′ snake whose looking to get to be 8’+. This presented a great chance to do some woodworking. For the past couple of weekends, I’ve been building a 5.5′ x 2′ x 3′ terrarium for the snake. I’ve got the main walls, floor and top cut, stained and coated with many layers of polyurethane. Today, I put the cabinet together, caulked it (the caulk is still fresh, it will dry clear) and started working on the door.

Overall, I’m happy with how it is turning out. Hopefully by next weekend, the door will be complete and mounted and the snake’s furniture (water and food bowls, hide box and heating pad) will be here and we can move him in.

Oh, and for those whom know our family history with tools, I managed not to injure myself until tonight when I dremeled my fingernail and gouged the finger. I don’t think it’ll need stitches.

August 10, 2006

Plagiarism in engineering

Filed under: Personal,Social,University Life — cec @ 8:03 am

There’s an interesting article in the Chronicle of Higher Education (sorry, the link is behind the subscription firewall), about a mechanical engineering graduate student at Ohio University. After being invited to stay on after his masters and persue a Ph.D., he started having difficulty with his advisor. To help resolve his difficulties, he went to speak with the university ombudsman who advised him to examine disertations in the university library so that he might see where he was going wrong and what his advisor might want.

After reading through a couple of theses, he realized that he was starting to see the same material over and over again. Not just the same material, but the same words. In some cases, the same figures. My favorite example is that two of his advisor’s former students had an identical 50 pages in their theses. This has caused a huge scandal at the university which is now even requiring that some former students either explain why this isn’t plagiarism, rework those pages of their thesis, or forfeit their degrees. What is interesting is that similar investigations of other departments don’t turn up the same evidence. It seems to primarily be an issue with some international students in the school of engineering.

This reminds me of a situation from my own days in grad school. I had finished my masters and was working on my PhD when a faculty member asked me to help one of his masters students. He and I talked for a bit, he asked if he could borrow my copy of my masters thesis. A few months later, he asks if I would help proof his thesis. Reading through the material, I suddenly realize that I’m reading my own writing. Several pages of my literature survey, including some of the figures I constructed were sitting there in the middle of this other student’s thesis.

I spoke to his advisor and we resolved the issue, but I continue to wonder how common it is for graduate students to plagiarize former students. Moreover, if this is a common practice, not frowned upon by other cultures (as in my case, the student’s advisor suggested), then why isn’t this covered in the international student orientation?

August 8, 2006

Vacation pictures

Filed under: Personal,Photography — cec @ 6:55 pm

The vacation pictures checklist from earlier:

  1. Get 22 rolls of slide film back from the developer [Check – received mid June]
  2. Put 800 slides into transparancy holders so they are easy to look at on the light box [Check – took two nights]
  3. Go through 800 slides to determine which are worth scanning [Check – took another two days]
  4. Scan 120 or so “good” slides [Check – finished tonight after three nights of scanning]
  5. Color correct the images in the GIMP [done]
  6. Remove dust from scans because my slide scanner doesn’t have an infrared channel [done]
  7. Upload the results and put ’em online [finished today]

Everything is done! Pictures online finally. For the record, I’m not thrilled with them. My biggest complaint is that there aren’t really any good animal shots. This is different from prior years. I blame oversleeping.

a nomenclature question

Filed under: Security — cec @ 12:49 pm

given that the vulnerability and the patches haven’t yet been released, does this constitute a “-1 day exploit?”

« Newer PostsOlder Posts »

Powered by WordPress