Here’s four examples, starting with the trivial and working up to the biggies. I do it this way because the biggies are well-trodden at this point. Warning: I’m cranky this morning.

Reusable Grocery Bags

Good idea, right? Of course. While some of us paid for them, though, there are literally millions of them being given away. These are people who wouldn’t otherwise do their share. They need both the carrot and the stick. They keep using the environmentally-polluting bags until someone gives them a bag, and even then we have to threaten with taxes or fees just to make them use it. So your reward for not spending the $6 or $7 to get 6 or 7 reusable grocery bags is that you will have them given to you. Your reward for buying them 18 months ago: priceless—as in zero.

Maryland’s Tax Amnesty

At the end of a booming stock market, as we’ve slid deep into a recession, the state of Maryland is trying to boost its tax revenues. Its plan is a tax amnesty, the second one this decade. So what does this tell you? If you live or pay taxes in Maryland, don’t pay your taxes on time or in full. Use that money to invest in a booming stock market, make a bunch of profits and then pay the taxes during an amnesty. Done well, your market winnings should easily exceed the reduced interest and waived fees during the amnesty. If you don’t make a big bundle on the stock market, that’s OK. It wasn’t your money you were gambling anyways. And all the people who paid their taxes on time? They see no relief or reward.

Cash for Clunkers

I know of few other laws that slap good people in the face like this one. If you’re making good money and you drive a responsible car: keep doing that because we’re gonna take that for granted. People who drive gas guzzlers (which should never have been manufactured in the first place) will get a check, practically made out to GM, that lets them get a car more easily. Most importantly, the teeming millions who drive reasonable cars that are neither gas guzzlers nor hybrids get nothing. If you drive a gas guzzling beater and pollute to high heaven for years on end,  you’ll get a nice government handout. Be responsible and pick a middle-of-the road car? We have nothing for you.

Gross Mismanagement? There, there, it’s not so bad, have a few billion…

As I said, I’m leaving this for last because it’s the biggest and it’s well trodden. The whole concept of capitalism, however, is that market forces pick the winners, thin the herd, etc. However, the new measure of corporate success is not being a blue-chip stock. That’s so 20th century. The new measure of corporate success is TBTF: too big to fail. Given the bailouts we’ve seen lately, why does it not make sense to build behemoth companies that acquire tons of strategic business units. Profit like mad as you grow, then when it falls, hand it to the government to clean up the mess. The list of companies where this is happening is staggering.

The problem with this one is that I’m way out of my league here. I have no solution. Economic armaggeddon might be a bit of a high price to pay to “teach those guys a lesson.” Fine. But surely there is something else we can do other than saddle our grandchildren’s grandchildren with the debts that our own grandparents created. I can’t believe that the best solution is to throw it in the landfill of public debt and let it become someone else’s problem.

I had a Nokia phone for several years before I got my first iPhone. Now, don’t get me wrong: I’m sticking with Apple. I love my iPhone. But there are still a few things that it makes a pain or impossible.

SMS Templates: I find myself sending lots of messages that are largely the same. Nokia had templates for SMS messages. If I want to say “on my way” or “leaving work” or “where are you?” I could just flick through a few templates, hit a couple of buttons and I was on my way.

Wireless Sync: Huh? What’s this USB cable thing, anyways? MacOS X was able to sync over bluetooth with my Nokia back in 2004. Now, I realize that 16GB of data isn’t going over Bluetooth any time soon. But we’ve got WiFi. How about some WiFi sync?

Files and Data: To this day, you have to use iTunes and a proprietary interface to pull photos out, and you can’t store files on the thing unless you jump through some hoops and buy some software. Regular iPods were always a hybrid of music and data. Most phones allow it, too. This thing tries to pretend it doesn’t have a filesystem and it doesn’t offer interfaces. Again, we had this 6 or 7 years ago in phones.

Bluetooth is crippled: I should be able to zing my contacts, photos, voice recordings, applications, or anything else via Bluetooth OBEX. As it is, there are just a few limited things you can do with Bluetooth. Far less than the typical bluetooth phone.

Take a look at the graphic from their front page:

Neuton Mowers Comparison

Two things strike me as a bit odd. I currently have one of these “Old” mowers. Notice that they characterize my mower as “Heavy.” They don’t say how heavy, but I’d estimate mine between 40 and 50 pounds. Then notice that their mower is “Only” 69 pounds. There is no way my old skool mower is 69 pounds. It’s obvious why they just said “Heavy,” because if they gave a typical number or an average, they couldn’t compare favorably.

The other thing they say is that the Neuton makes “less than half the noise.” Now, noise is traditionally measured in decibels, and lawnmowers are typically estimated around 90 decibels. The decibel scale is a logarithmic one, which always makes it a bit unintuitive. Now, half of 90 dB would be 45, but they say it’s “less than half.” Refrigerators humming are estimated at 40 dB. I find it hard to believe that this thing is somewhere around as loud as a refrigerator humming.

Finally, there’s the fallacy of “emissions-free.” Nothing is emissions free. At best we can say it does not directly emit pollutants after you purchase it. However, consider how many pollutants were generated  to produce it in the first place. Compare that to the traditional mower and they probably compare more or less equally. While Neuton mowers may be zero emissions when operating, they are not zero pollution. Your coal-fired electric plant provides the electricity that charges the batteries. And some day some really awful chemicals in the batteries have to be disposed of carefully when it has reached the end of its life. So zero emissions, yes. Zero pollution, no.

I got the idea after explaining some really crappy code to my wife and how it did a ridiculous job protecting against SQL injection. I said “there must be 50 ways to inject SQL into that code.” That’s when she sang a couple bars and I realized it would be a great idea. Now, my singing it might not have been such a great idea, but the parody was a good idea.

I downloaded the music from a MIDI site, and then arranged it in GarageBand. Here are the lyrics:

I see your input’s not validated properly
You have to check it at all tiers: 1, 2 and 3
Give me a browser and quite soon you will agree. There must be
50 ways to inject your SQL

You see it really is my business to intrude
The CTO wants to see this web app broke into
Turn on my proxy and all doubt will be removed. There must be
50 ways to inject your SQL
50 ways to inject your SQL

Try a quick hack, Jack
Add a new row, Joe
Try an insert, Kurt
Change their SQL query

Evade the regex, Rex
Encode it all in hex
Unbalance the quotes, Vinod
And change the query

Break the syntax, Max
Use a backslash, Cash
Try command shell, Mel,
And change the query

Use “one equals one,” son,
Unhandled exception!
Read the stack trace, ace
and change the query

He said our application is secure against your kind
There are no simple vulnerabilities to find
I said your coders write their code like they are blind, there must be
50 ways to inject your SQL

He said our logs show unexpected funds were sent
Its probably time we started using Prepared-Statements
I said I’m glad you’re seeing what I meant, there were
50 ways to inject your SQL
50 ways to inject your SQL

Break the syntax, Max
Use a backslash, Cash
Try command shell, Mel,
And change the query

Use “one equals one,” son,
Unhandled exception!
Read the stack trace, ace
and change the query

Try a quick hack, Jack
Add a new row, Joe
Try an insert, Kurt
Change their SQL query

Evade the regex, Rex
Encode it all in hex
Unbalance the quotes, Vinod
And change the query

The TimeLine

Thursday 5/14: I call Dell and report the problem. They made me find a wired connection, do a whole lot of apt-get updates and so on to get the latest version of Linux. Downloading hundreds of megs of feces (like gnome, evolution, thunderbird, firefox, gcc, libstdc++) that is totally unrelated to my problem makes me mad. Knowing that the only way out is through, I do it. After 2 hours of back and forth we decide I need to ship the unit back.

Friday 5/15: A box arrives to ship it back. Wow. Very fast.

Monday 5/18: I ship the unit out through my office’s regular 7pm daily pickup.

Thursday 5/21: I get a call from “Saikumar,” my case worker, asking if I have shipped the unit yet. I tell him yes. He has no info for me, he’s just wondering where the laptop is. Why can’t he go to FedEx.com?

Friday 5/22: I get a voice message at 7:00pm from an authorized repair service in Houston saying that he wants to reinstall the operating system on the unit, but that will delete all my data. I leave him voice mail saying that’s fine. In my voice mail I tell him I want him to be sure to check that the unit can connect to a Wi-Fi network. I specifically ask him to call me so we can talk about this. I also send email (by replying to Dell’s automated messages) describing this exchange of voice mails.

Monday 5/25: I get a call at 10:30pm from Saikumar asking if I have received my laptop yet. He had no information for me, just wanted to know if I had received the laptop. Given that a technician was working on it on Friday, receiving it on Monday seems pretty improbable. What’s the point of this support guy calling me?

Wednesday 5/27: I get a phone call and an email saying that my laptop has shipped. That’s handy, but the laptop shows up on my doorstep about 2 hours later, so it’s a little superfluous. There is a note in the box with the laptop. It says they “tested its hardware extensively” and then they reinstalled the OS. Guess what? It is still broken! So I call them back and I am irate. They want me to update Linux. It says it will take 2 hours, so I go back to work and let that run a while.

Wi-Fi kernel panic on Dell Mini 9

So: let me get this straight: it is not unusual that Dell’s service technician will install an operating system that doesn’t work and that exhibits my problem? OK. So back to the reinstall thing. Meanwhile, I blow them off and learn how to use the wpa_supplicant command to bring up the WiFi from the command line. Instead of using the X-based GUI, I go to the console (Ctrl-Alt-Fn-A, which is essentially Ctrl-Alt-F1) and fire up the WiFi. Sure enough, kernel panic. The sequence of steps, though, is specific and completely reproducible.

• It will associate with my access point just fine (i.e., wpa_supplicant works fine and gives me good messages)
• It will get an IP address from DHCP just fine (dhclient runs fine)
• As soon as I start doing traffic over it, blam!

I sent the screenshots of the kernel panic to Dell. Right. Like they know what a kernel panic is.

Criticisms of Dell Tech Support

1. Saikumar, my case worker, is not giving me information. He is asking me for information. He is not helping me, I am helping him. He doesn’t know where my laptop is, who is working on it, or what they’re doing to it. He should begin conversations by giving me information that I don’t have. Otherwise, he should not call me. Furthermore, I sent email, but he seemed unaware of that email when he called 2 days later. What is his purpose in this transaction?
2. I specifically asked the Dell authorized technician to call me to be sure that my issue was tested correctly. I got no response or acknowledgement. I called the number I was given many times, but no one ever answered. The next contact I got from Dell was a phone call and email saying my laptop was shipped back to me. At that point it was too late to address my concerns.
3. I don’t think Dell has correctly understood my issue. My laptop does not “freeze” randomly. It only freezes (and ALWAYS freezes) when connecting to WiFi networks. So the service technician calls and mentions my “freezing problem” and how he’s going to reinstall the operating system. That tells me he doesn’t know or isn’t paying attention to my specific symptom. I updated the operating system when Saikumar and I were troubleshooting. If an OS update were going to fix the problem, I think it already would have.
4. Dell sent me an operating system installed that still exhibited my problem. Despite that, they STILL want to update and upgrade and so on.
5. At what point will they admit that it is a hardware issue?

The place they went that no one had gone before? They made a good prequel. Virtually all revisits of classic things (c.f., the Transformers, George Lucas’ revisits to Star Wars and E.T., Batman) are terrible. This one is the best in a long, long line of movies and TV shows.

The actors are A+. Unlike George Lucas, who only directs in clichés and can’t direct humans to save his life, JJ Abrams knows how to elicit amazing performances from a cast of great actors. None of these actors is a marquee name like Patrick Stewart, but they deliver marquee performances. The major cast is Chris Pine, Zachary Quinto, John Cho, Ben Cross, Bruce Greenwood, and Simon Pegg. You can tell that they studied the original actors some, but yet it’s still fresh, new, and worth seeing. It’s not a rehash.

Warning! Spoilers!

I’m not interested in writing a review where I can’t talk about what happened, so I’m going to give up various details. If you don’t want to read spoilers, look elsewhere.

Great Stuff

This is stuff that I think is really outstanding, unique and new to the Star Trek universe.

Spock is really nuanced

I’m not sure i like the fact taht he seems to have an achilles heel for emotion related to his mother, but it works. I especially like the way he gracefully gives up command, recognizing his own instability. It was dignified and played well.

Pike’s best line

One of the best lines in the whole film is when Pike challenges Kirk to join Starfleet. It goes something like this: “Your father was captain of a ship for 12 minutes. And in that time he saved the lives of 800 people, including your mother and you. I’d like to see you try to do better.” I thought that line was delivered brilliantly, and that it really reached out at Kirk and poked him where he was vulnerable.

All the good lines, none of the bad

All the lines you expect from the classic characters are here.

• Dammit Jim, I’m a doctor not a…
• Fascinating…
• I’m givin her all she’s got, Captain

While there’s definitely a tribute to the classic lines, they don’t dwell on it. It’s not like watching a rerun on TV.

New depth for Bones

Dr. McCoy has a more nuanced character. He’s sorta pessimistic and gloomy, but in a way that’s not too far afield from the original character. I really like his attitude. It’s different, but it works. “Tell me something I don’t know!”

A new spin on Scotty

Scotty gets a sort of unsung hero geek makeover. He easily gets some of my favorite lines in the movie, and I’m already a big fan of Simon Pegg’s work (Shaun of the Dead and Hot Fuzz). The Rolling Stone review suggested that he was one of the scene stealers, I think he was far and away the biggest scene stealer. If he was in the scene, you wanted to watch him. The unsung hero bit is good. It makes him out to be this sorta genius whose greatness is completely taken for granted and nobody realizes how unbelievable it is. Contrast this with, say, Data from the Next Generation, where all his intellectual prowess is totally expected. Scotty is taken for granted in a different way.

Brilliant casting

I’ll stop singing their praises soon. But I would watch this group of actors over and over again, assuming they were written and directed at the same quality.

The not-so-good

There were a few things I was not keen on.

Reboot

By invoking time-travel (which is already overused in the Star Trek universe—to the point of being taken for granted), they have rebooted a few things. Now Kirk never knew his father. Now Kirk was born in space fleeing a Romulan ship. Now Kirk and Spock started off hating each other and Spock was the designer of the unwinnable scenario at Starfleet Academy. Vulcan is now destroyed and they’re recolonizing some new planet. Now Spock and Uhura are getting it on after hours. I feel like this was a bit of a cop-out on the part of the writers. They needed room to write new and interesting stories for the characters and the whole Star Trek universe has gotten so built up with cruft. It does sorta ignore what has come before, though.

A little George Lucas

One of the things George Lucas does a lot in the various Star Wars movies, especially the prequel abominations, is pointless travel from one place to another that does not advance the plot or the characters. In Star Wars these are like special effects solos the way there are big multi-minute instrument solos in rock concerts. But I digress.

In Star Trek there is a point where Kirk is marooned on the moon overlooking Vulcan (Delta Vega?), which appears about as hospitable as Antarctica. The wise computer tells him to sit tight, help is on the way, but he seems to think that wandering the frozen wastes is a better idea. It’s not clear that he has a plan or even a vague idea which direction to go. I get the whole idea that he’s a “man of action” and I realize he can’t just sit still, but that looked like suicide.

So then he’s walking across the wastes. This is the point-A-to-point-B thing. Where’s he going? Why is he just walking? A big monster comes to get him. But the big monster is attacked by a bigger monster. This is right out of Episode I: The Phantom Menace when the main characters take a pointless journey from point A to point B “through the planet core.” Twice (not once, but twice) on that journey they are attacked by a big sea creature and then rescued when a bigger sea creature eats it.

Star Trek, unfortunately, borrows this gimmick and then gets it a bit wrong. I mean: here’s this Tyrannosaurus Delta Vega who was happy to attack the rabid polar bear monster because it looked like lunch. Then T-Rex sees a scrawny human and says “hey, I’d rather chase that wimpy thing that’s a third the size of polar bear.” This makes no sense. The bigger monster should have gone after the biggest lunch—the monster polar bear—and ignored Kirk. The scene also takes too long. It’s too many minutes out of the screen play and we don’t really advance the plot or learn something about the characters. I mean, Kirk isn’t even ingenious or particularly interesting in these scenes. He’s just running, tumbling, etc.

Finally, Kirk just happens to bump into time-travelling Spock. That’s just too coincidental. This movie could have cut 10 minutes out by having Spock find Kirk (having seen the pod crash land) or by having Kirk find Spock without the goofy monster chase. Something more believable would have made things move along faster and not strained believability so much.

Of course, when the two of them set out to go to the Starfleet outpost, they arrive there without incident.

Sudden rise to the top?

I like Star Trek, but I’m not a big enough fan to know if the Enterprise was always Starfleet’s flagship, or if that detail was added later. Moreover, I’m not sure I buy the timeline. Kirk graduates in 3 years from the academy when most do it in 4, and a couple amazing displays of leadership lands him the position of Captain on the Starfleet flagship? Seems unlikely. I got the feeling, in the original series, that Kirk served under Pike for more than a few hours. I think the timeline has been compressed a bit too much for believability.

Love interest for Spock?

I’m not sure I see the value or the believability in the Spock/Uhura thing. They may have gone a bit too far in the Spock-is-half-human department.

A little time travel never hurt anyone

In the end, we’re all OK. The timeline has been altered, there are two Spocks running around, but nobody seems the least bit troubled by this. Nobody’s studying it trying to put things right. Everyone’s just happy living in an altered timeline, with only the old Spock knowing both timelines. I think this is pretty cavalier on the part of every character who understands what has happened. (i.e., only a few are aware that time travel has occured). Both Spocks, Kirk, and presumably a few others know what has happened. But nobody’s worried and there’s no need to fix it.

First, go to Tools → Rules. In my case I’m attached to an Exchange server, so I have to make a new Exchange rule. Note that! If you POP your email, you have to create a POP rule. If you use IMAP, you have to create an IMAP rule. This is dumb. You can create the rule in the wrong category and it will never fire, and you’ll be left wondering why. If you have more than one account, you have to create more than one copy of this rule. Sigh.

Here’s the kind of message I’m trying to block. In Entourage, it looks like this:

If you go to Message → View Source, you’ll see the actual source, which shows why it’s kinda hard to write a rule for this:

The Subject, From, and other fields use the koi8-r character set (A Russian character set), but they do it in-line. That is, rather than having some top-level header that says “Hey, we’re all in Russian,” they do it at each place they need it. Standards-compliant, sneaky, and effective.

What I do is the following:

1. Open one of the messages and copy a small, presumably common word, like на. You have to do this by copying (possibly from my blog post right here) because there’s nothing you can enter by hand that will actually match.
2. Open your rules (Tools → Rules) and create a new rule.
3. In the criterion section, choose “Subject” and “Contains” and then paste your small Russian word in the box.
4. Add some actions. I use:
   • Change Status: Junk E-mail
   • Move Message: Junk E-mail
   • Remove Attachments
5. Go ahead and save the rule

If you want to add another small word (I also filter on это), you can copy and paste it the same way. In my case, I didn’t have this blog post to copy from. I had to copy from the message in Entourage, and that was a pain. Entourage wouldn’t let me copy from the message while I was in the rules editor.

Here’s my finished rule:

Complete Entourage Rule that Deletes Russian Spam

I overlooked a team of five doing blah, blah, blah…

So, did this person fail to notice a team of five that was doing a lot of important work? Or did he actually mean that he “oversaw” them?

I also notice that we can have an insight, but not an outsight. We can have an outlook, but not an inlook. We can oversee and overlook, but we can’t undersee or underlook, unless we are perhaps undersea.

Bankroll Chart

That chart brought into sharp contrast where I was doing well and where I wasn’t. I think I am often less objective than I should be about my money, and this is just the exposure I need.

I think a lot of people probably like the heads-up display that shows you real-time feedback about yourself and your opponents. I watch myself a lot more than my opponents, because I can’t count on my own behavior, yet. I’m still learning whether I’m seeing too many flops, playing too many weak hands, trying to bluff when I have no idea what I’m doing, etc.

The Good

• It works. Just point it at your history files and off you go.
• Steve has clearly understood good graphic design, or at least some of the elements of, say, Edward Tufte. The “dashboard” gives some really simple line graphs with no axes that give you an instant feel for the way you’re trending.
• It’s real-time. You’re getting feedback while you play. Anyone who knows anything about learning will tell you that the closer the feedback is to the action (whether good or bad), the better you learn. Doing post-mortem analysis of a session later imparts different (not less valuable, but different) lessons.
• I find the heads-up display really informative. Again, I’m pretty much a novice, so almost anything helps me.

Areas for Improvement

• As a micro-stakes guy, I’m not sure I can justify the price. I go back and forth on it. I think at $15 or $20 I’d buy it without hesitation. At $50, though, it makes me pause.
• Despite the fact that I’m not getting the most out of the features it already has, I still feel sorta second-class. That is, the Windows people have more features (not that I would know what to do with them if I had them).

I hope more Mac people get into online poker so the demand will be there for rich and useful helpers. I’m guessing the demand is far weaker than for the Windows-based ones, which is a shame.

Fuzzing for Software Security Testing and Quality Assurance

Good Things

• He really puts fuzzing in context. Fuzz testing has been around for a long time, and this book gives you the full historical perspective, as well as a modern view.
• Fuzz testing is important. When Gary McGraw and company did their Building Security In Maturity Model, one of the activities that virtually everyone did was fuzz testing. Clearly we need books like this to get everyone onboard.
• Although Ari is CTO of Codenomicon, a commercial fuzz testing tool vendor, the book is not a pitch for his tool. He actually gives lots and lots of information on a broad variety of tools, including free tools. It’s a complete and honest vision that is not overly promoting his company’s product.
• I learned a lot of fundamentals that make a difference to how I fuzz test things. For example, I now understand mutational versus generational fuzzers. They each have benefits and you probably want some of both for good coverage.

The Not-So-Good

• I think he spends too much time talking about motherhood and apple pie security things. Things like security testing, risk analysis, code analysis, etc. There have been ample trees killed on these topics and I don’t think the treatment in this book really adds to that body of knowledge. I would have been happier with just some references to the rest of the world.
• The comparisons of commercial and free tools are intermixed with all this extra security discussion. So sometimes you have to read about security metrics or some other broad topic in order to find a specific example of a specific tool.
• The authors’ perspective is too much fuzzing über alles. They downplay the value of techniques like static code analysis and architecture risk analysis. Those techniques are complementary, not counter, to fuzz testing.

I like the book a lot and am glad I have it. I recommend it.