Rubenerd

Screenshot from my computer Saturday night Singapore time. You can click it to view the full window with all the labelled links!

So it was Saturday night and I was doing what every 22 year old was doing… doing Google searches for compression algorithms. I couldn't remember much about the acronym for this one particular algorithm other than it was three letters and began with "P", so in a half asleep, bored daze I was trying different combinations of letters.

After a few searches around 23:16 Singapore time I noticed something peculiar: underneath all the headings for every single result, Google was reporting that "this site may be harmful to your computer".

ASIDE: I knew something was up when even links to Wikipedia were being given the same suspicious treatment… I chuckled and assumed this must have been because of the comparatively poor performance of Google Knol highlighted recently!

It wasn't long before all the major wire services and news companies were picking up the story. I had no idea the little thing I had witnessed would become such an overnight news sensation. CNET ran an initial story (Google taking security a little too seriously?) and follow-up story (Google warns entire Internet is malware), but the BBC summarised the debacle the best in their "Human error" hits Google search report:

For a period on Saturday, all search results were flagged as potentially harmful, with users warned that the site "may harm your computer".

Google attributed the fault to human error and said most users were affected for about 40 minutes.

The internet search engine works with stopbadware.org to ascertain which sites install malicious software on people’s computers and merit a warning.

The list of malevolent sites is regularly updated and handed to Google.

When Google updated the list on Saturday, it mistakenly flagged all sites as potentially dangerous.

Marissa Mayer, VP, Search Products & User Experience at Google posted and revised an entry on the offical Google Blog:

If you did a Google search between 6:30 a.m. PST and 7:25 a.m. PST this morning, you likely saw that the message "This site may harm your computer" accompanied each and every search result. This was clearly an error, and we are very sorry for the inconvenience caused to our users.

What happened? Very simply, human error. […] We maintain a list of [malware] sites through both manual and automated methods. We work with a non-profit called StopBadware.org to come up with criteria for maintaining this list, and to provide simple processes for webmasters to remove their site from the list.

We periodically update that list and released one such update to the site this morning. Unfortunately (and here’s the human error), the URL of "/" was mistakenly checked in as a value to the file and "/" expands to all URLs.

Really gives you an idea about how valuable and critical a site like Google is thesedays that an error like this can generate so much news coverage in such a short amount of time.

Stupid, stupid, stupid, stupid!
Looks like the Google folks need an Ohio Computer Tutor…

This incident has also increased my already heightened doubt and scepticism I have for most content filtering and malware warning systems. There has been much publicity about the ethical side to warning users of and blocking sites with questionable content, but this is an example of the technical side of such a system failing. While this is an extreme case, mistakes of this kind are unavoidable.

It also chills my blood to think about another scenario: if all it took was a malformed string on the server side, what other mistakes have been made in the past that perhaps haven't been reported? I could go on for paragraphs about this, but I think you're smart enough to visualise the implications of this.

As for the algorithm I was looking for? Turns out it was PAQ. Not Bill Kurtis.

As I've said before here many times, I like to think of the how-to guides I post here as guides to help myself remember how to do something, with the added benefit that if someone else finds what I've written useful I've been able to help someone else too. My how-to guides are probably far too verbose and contain superfluous images for their own good, but I figure the last thing the world needs is another dry, text-only technical blog right? ^_^

In this case I feel humbled that the Fedora Tunisia team of all folks are listing my guide to using OpenBox with KDE in amongst other recommended guides in their window manager wiki page. I'm afraid I can't speak any Arabic and my limited grasp of the French language restricts me to just saying merci beaucoup!

Reading what I wrote in that post I wrote on the 19th of March 2008 reminded me of just how much attitudes and opinions can change in such a short amount of time. Back then I was primarily a KDE desktop user on FreeBSD who also dabbled in Xfce for his GTK+ (a graphical toolkit) application needs; now with the advent of KDE 4.x I've moved over to GNOME as well as Xfce and more generic vanilla window managers. That's why I love blogs and journals in general; they're a fascinating view into how you used to think… even if it was less than a year ago and even if I'm not Bill Kurtis.

Another day, another person hotkinking images I have hosted on my server here. As I've said before I'll often include images from other sources on the net in my own blog posts, but I'll always upload the images to my own server instead so I'm not wasting their bandwidth… I figure it's just common courtesy.

Well as of today the writers at the above linked blog silently uploaded their own copy of the hotlinked image and changed the URL when I submitted a comment.

You do know hotlinking is a sign of the devil right? You’re not possessed are you? ;)

Perhaps that's the key to tackling this problem; instead of sending polite emails that get ignored or at the other extreme blocking all outside requests to images, I should just leave friendly comments on offenders sites! Might not work every time, but it's worth a shot ^_^.

In the meantime they've made up for it with their review of Religulous. I thought it was much better than they did apparently, but they do raise good points. But that's a topic for another show or post. I'm not Bill Kurtis.

So this afternoon I was sent a link from a well meaning friend to download a compressed archive of photos. If it were me I would have just uploaded the lot to Flickr, but there you go.

The link he send me was to MegaUpload.com, one of the more popular one click file hosting sites (Wikipedia link). While I admit they are useful for people who don't have a web host of their own and want to share large files with friends, I tend to dislike using them because they're clumsy to use… by design.

The best business model the people running these sites have been able to come up with is providing a free, throttled service for people wishing to download content that they're friends want to share with them, with the promise that if you purchase a subscription the number of files you can download at a time increases and download speeds will be an order of magnitude higher.

But it's not that simple. Instead of just limiting the download speeds, these sites try all sorts of dodgy tricks. You're never allowed to start your download instantly, you have to wait just under a minute before the link "activates", during which time you're presented with a vague list of benefits you can claim if you pay. When the link finally appear it often doesn't work, and when you finally get a link that works the download often times out Murphy's Law style just when you're about to finish. Most one click file hosting sites have CAPTCHA (Wikipedia link) input fields, some of which are simple (like MegaUpload) and some are so difficult to read you can miss out several times.

ASIDE: At this point I’d really like to use stronger language… but I’m restraining myself :). Who knows, my year 12 English teacher might be reading this. Or my 8th grade Chemistry teacher. Wait, where was I?

Forcing users to pay for decent download speeds for material that the company hasn't even created themselves as they watch their current download crawl along at the rate of 4% an hour isn't blackmail, but I reckon it's close to it.

Sure there will be a few people who will whip out their credit cards and hand over a pile of cash so they can get what they're supposed to, but it baffles me that they think they can attract more customers by treating new users like this. It's hardly a glowing example of their service if it takes hours to download a file that should only take minutes. I certainly wouldn't want to give such a company any money after putting up with their awful service, and I suspect I'm not the only one!

To be fair, MegaUpload is much better than other sites such as RapidShare, but it still relies on Flash which isn't available on FreeBSD or 64bit Linux and JavaScript which I have disabled in my browser by default.

I've downloaded the file, but I will be advising my buddy in Germany to use alternative methods next time. I'm not Bill Kurtis.

For those of you like me who use a flavour of UNIX (Mac OS X, FreeBSD, Linux…) but at some point are stuck using a Windows computer, the built in Command Prompt FTP client can throw you off for one simple reason: Windows goes against what everyone else does (yet again!) and defaults to ASCII for file transfers instead of binary. This means any non-plain text files you upload via FTP will become corrupted and unusable.

Little tip for those doing this, make sure once you've logged onto an FTP server to type the "binary" command first before you do anything else. Windows will confirm the change by printing "200 Type set to I".

Another small Windows platform difference along the lines of my ifconfig versus ipconfig post I also wrote this month that regular Windows users probably already know, but passing it on for what it may be worth. I'm not Bill Kurtis.

Microsoft's TechNet has more details.

This is another post that’s been sitting in my Drafts folder since the 20th of June 2008. In trying to clean out this backlog I’m finishing and publishing these posts now, even if this particular story is somewhat outdated. Cheers ^_^

Robert Vamosi over at Defence in Depth has reported that Mozilla Firefox 3 has suffered a vulnerability since being released on the 19th of June.

Less than one day after its launch, Firefox 3 has a vulnerability.

According to Tipping Point’s Zero Day Initiative, the vulnerability, which it rates as critical, was reported within the first five hours of Firefox 3’s release.

Although the Zero Day Initiative team does not offer specifics until the vendor has a chance to patch it, the blog post did say this vulnerability, which also affects Firefox 2, requires user interaction and could result in an attacker executing arbitrary code.

There were the usual posts from people ignoring past trends and decrying that Internet Explorer is therefore obviously better, but by some miraculous feat of asserted association, Tbird1996 somehow managed to twist the story into a anti-Mac fanboy story.

..ok…it’s better than anything that MS has to offer. Mac guys…sorry you’re soooo insignificant…and when Linux get just a little further down the road…we’ll all be better for it.
(why do the Mac people trash Linux so badly when their OS is based on Linux…?’ eh?)

Don't get me wrong, I hate it when vocal Mac users loudly proclaim everyone else as stupid for not having Macs, but I do agree it's a superior platform for many uses. I also don't like it when generalisations are made, by people on either side of an argument. This was my response:

I’m a Mac user and I love Linux. Most Mac users I know acknowledge Linux as a positive force. Please don’t whitewash entire groups of people.

Oh and for the record, Mac OS X is not based on Linux. Please check your facts before submitting such comments.

Though to be fair, I actually "love" FreeBSD and "like" GNU/Linux, but I suspect if he thought that they were the same in asserting that Mac OS X is based on them, he/she wouldn't know the difference.

For what it's worth, Mac OS X is based on NeXTSTEP and FreeBSD with a Mach kernel. Despite having a few GNU userland tools and common commands, Mac OS X and Linux have almost no code in common, and one is certainly not derived from another! The funny thing is a 30 second look on Wikipedia would show this.

In case I haven't said so before, Google Reader is fantastic. By following items my friends are sharing I often get to see an entirely different world of ideas, images, quotes and the like that had I just used a desktop aggregation I would have missed. Unfortunately this means I find so much interesting material that I end up subscribing to even more feeds and the dreaded 1000+ unread message status appears with alarming regularity!

This evening a post Big Tom shared caught my eye. The title was If I can’t listen to you… I can’t care about you. and the post itself was concise and direct. I should take classes from Fran Snyder!

I’ll make this short. There are only two reasons not to let people hear your music very easily on your website:

1. Laziness
2. Ignorance

You might as well buy a shop downtown, and never unlock the door.

Make it hard for people to hear your music. That’s a great strategy. 8^)

I agree. It's called "promotion". To be even more accurate, it's called "free promotion". Or "free advertising". Sure there may be people who would download your material and never attempt to compensate you in any way, but those kinds of people would never have bought your music in the first place so you haven't lost anything. And if such free loaders were to play said music to their friends and two ended up buying your music, well then it doesn't matter that "piracy" occurred because you're still better off!

This is why I can't stand it when I read campaigns such as the nails-on-a-blackboard awful HIP Alliance in Singapore and sensationalised news stories that claim that piracy has cost industries trillions of dollars. Such special interest groups are assuming that every single pirate who ripped off music (or movies, or computer software) would buy the material if piracy weren't an option. Even our little white fluffy dogs who can't even figure out how to climb stairs would be able to see the logical fallacy in such a proposition. I'm not Bill Kurtis.

I think Fran Snyder's blog post could also be applied to free and open source software:

I’ll make this short. There are only two reasons not to let people [see the source code for your application] very easily on your website:

1. Laziness
2. Ignorance

You might as well buy a shop downtown, and never unlock the door.

Make it hard for people to [use, adapt, share and promote your software]. That’s a great strategy. 8^)

I wonder how many independent musicians run FreeBSD, Firefox or even Ardour on their computers? Seems like a match made in heaven to me!

(Update: Original picture was taken offline. Let's pretend there's a motivational picture of significant motivation here).

Amen! Though to be fair I also think black hair would also be appropriate in this context; and as a matter of disclosure some people say I have blond hair myself, though I'd argue I have light brown.

Some people accuse me of going off topic on this blog, can you believe it? I'm not Bill Kurtis.

While I admire Larry Wall and Yatsuhiro Matzumoto and use their respective Perl and Ruby programming languages, I can really relate on an entirely different level to Python inventor Guido van Rossum.

I only just discovered his new blog today, but I've read a lot of what he's written so far and have have agreed with a ridiculously high 99.995% of it. It's as if he's my older, wiser, wittier Dutch cousin living in California!

For example, it pains me to admit this, but I didn't know that Python was named as such because Guido was obsessed with Monty Python's Flying Circus and other absurd, hilarious British comedy:

By the way, the language is named after the BBC show "Monty Python’s Flying Circus" and has nothing to do with reptiles. Making references to Monty Python skits in documentation is not only allowed, it is encouraged!

Frankly, if people have never watched any Monty Python, I have to question their sanity. I've also questioned the sanity of those chaps behind Monty Python too, but that's for another post! And now for something, completely different!

What I've always thought was curious was how both Larry Wall and Yatsuhiro Matzumoto could be designers of programming languages which require such logical thought, and yet be advocates of their associated churches. I didn't intend for that comparison to imply you can't be a logical person of faith, but it does strike me as a non-believer (to use the HIGHLY controversial term Barack Obama used!) to be a surprising and perplexing combination.

I'm not sure if Guido van Rossum is a non-believer too, but we both do seem to share similar philosophical viewpoints. For example, when he discussed the One Laptop Per Child Programme in his post Bibles or computers: Its the same thing:

I’m not surprised that the pope is pleased by the OLPC program. The mentality from which it springs is the same mentality which in past centuries created the missionary programs. The idea is that we, the west, know what’s good for the rest of the world, and that we therefore must push our ideas onto the “third world” by means of the most advanced technology available. In past centuries, that was arguably the printing press, so we sent missionaries armed with stacks of bibles.

These days, we have computers, so we send modern missionaries (of our western lifestyle, including consumerism, global warming, and credit default swaps) armed with computers

I certainly hadn’t thought of it that way before, and my secular mind did appreciate the comparison.

But back to computer science: I’ve never really looked into Python as a programming language, though I’ve heard good things about it from other "scripting language" users… C/C++ users don’t count in this case because any language that’s interpreted instead of compiled/tested/compiled sends them into fits of agony!

I was going to look into experimenting with Haskell before I head back to Adelaide in March, but perhaps I’ll check out Python instead. As a Perl and Ruby guy I suspect the jump would be much easier than Haskell anyway, which is both good and bad of course. Python definitely looks like it has a very clean and minimalistic syntax which appeals to me visually as well as mentally, if that makes sense.

#!/usr/bin/env python
print 'You rock Guido van Rossum!'

Guido van Rossum also has quite a good Wikipedia page. I'm not Bill Kurtis.

My dad would agree with this. By luisrivera on Flickr.

While I'm holidaying back at my dad's place in Singapore I've thought I've been having some pretty bad nights again, but it's nothing compared to what he's going through. He's designing a new manufacturing plant in Woodlands and suffice to say the disagreements between the designers, engineers and managers are all being funnelled through to him. You'd have to have a darn thick skin to cope with stuff like that.

After going to bed at a ridiculous hour having only arrived back from the plant a few hours ago, it's almost time for him to wake up again… at 5am. I've managed to drag myself out of my comfortable bed to see him off and to tell him to break a leg, but here I am barely able to keep my eyes open after sleeping for six hours. Luxury!

Here's hoping he can finish earlier today and we can grab a bite to eat afterwards. I'm not Bill Kurtis.