farmdev

Thoughts on Whatever

How To Protect Against Heartbleed And Other Vulnerabilities

The OpenSSL heartbleed bug was a heavy wake up call. This video provides a quick overview if you want the details. In summary, an attacker could craft a payload with a fake size (up to 64k) and trick openssl into sending a random chunk of server memory. WTF?! To understand how bad this was I spent a minute hacking on this script that was going around. I pointed it at login.yahoo.com (which is no longer vulnerable) and tried to see if I could catch a username and password flying by. I had one within 30 seconds. That's how bad it was; you could read random parts of the server's memory which may contain passwords, private keys, or whatever else OpenSSL was processing for current site visitors.

I had stolen someone's credentials. Game over, right? How do you protect yourself against something as bad as this? ...

read article

Ramblings

Oh, hey! I almost forgot I have a blog. I wanted to write a quick note about where you can find stuff I write.

read article

CHIRP Radio Is Looking For Android Developers

CHIRP Radio in Chicago is looking for someone to help us build a custom Android application so that our listeners can have a better experience on their Android phone. There are already a few Android apps for radio but they are clunky. Also, we have some plans to better engage listeners on phone apps with currently playing tracks, click-to-request-a-song, and other ideas like that.

We already have a pretty slick iPhone application created by volunteer John Carlin and after only a few months it already has 1,000+ downloads...

read article

Using Dropbox As A Worm Hole To All My Computer Worlds

Dropbox has nailed a use case that I've struggled with for a long time. I have a computer at work. I have a computer at home. Generally I keep files in sync via version control (Subversion, Mercurial, etc) but this is cumbersome for large files, specifically mp3 files. I consume a lot of music, digital and otherwise. How do I keep my music in sync between computers? ...

read article

Glögg, Swedish mulled wine, the Chicago recipe

Now that it's -5 F in Chicago with a windchill of -25 F I thought it was an appropriate time to share one of the secrets to surviving a Chicago winter: Glögg! If you live in the old Swedish neighborhood (Andersonville) like I do then you can sip Glögg at most local bars but with weather like this, why even leave your house? Here's my recipe...

read article

When Online Advertising Actually Works

Telemarketing is one of the most ineffective forms of advertising. Hello? Yes? I'm cooking dinner, why would I want to buy something? How do you know I'm even remotely interested in your product? Online advertisements like text ads and banner ads are slightly different. I usually buy things online out of convenience so the venue is good for advertising. There is also a lot of information about me online ...

read article

Adrenallin For The Brain

Someone passed me a link to this really nice article, Annals of Science: The Eureka Hunt, which talks about how neuroscientists have been studying what goes on in the brain when we get those amazing ideas that seem to come from nowhere. In my own life I can think of several times where I've experienced a sudden "burst" of thought like this. Sometimes it seems like...

read article

The Monty Hall Problem (win a goat or a car)

There is a puzzle used in game shows known as The Monty Hall Problem. It's been around for a while but over lunch yesterday someone explained it to me for the first time and 3 out of 4 of us argued convincingly the same answer. And it was wrong. Here's the problem:

Suppose you're on a game show, and you're given the choice of three doors: Behind one door is a car; behind the others, goats. You pick a door, say No. 1, and the host, who knows what's behind the doors, opens another door, say No. 3, which has a goat. He then says to you, "Do you want to pick door No. 2?" Is it to your advantage to switch your choice?

The most logical answer to me was no it doesn't matter if you switch or not because you never knew what was behind the first door you chose anyway. It seemed to me that the problem was no different than having two choices, a goat or a car and randomly choosing one. But this is all wrong!

Since I'm not good at math I could only loosely follow the explanations for why I was wrong. So, naturally, I wrote some code to see it in action (bear with me, I spent all of 5 minutes on it):

import random
from decimal import Decimal
choices = ['goat','goat','car']
tries = 99000
switch_correct, stay_correct = 0, 0
for num in range(tries):
    doors = [c for c in choices]
    random.shuffle(doors)
    first = doors.pop(random.randint(0,len(doors)-1))
    for i,val in enumerate(doors):
        if val == 'goat':
            doors.pop(i)
    switched = doors[0]
    if switched == 'car':
        switch_correct += 1
    elif first == 'car':
        stay_correct += 1
print "stay: you win %s%% of the time" % (Decimal(stay_correct) / Decimal(tries) * 100)
print "switch: you win %s%% of the time" % (Decimal(switch_correct) / Decimal(tries) * 100)

I found the result astonishing:

stay: you win 33.5% of the time
switch: you win 66.5% of the time

The wikipedia link above explains why this is but it is still incredible to me, like a magic trick.

read article

Software is written by hand

...that's right, it's not molded or prefabbed, it's not made on a production line or in a lab. Are we insane??! Here is a hilarious probe into the darker side of this art we call programming.

read article

Blogging, Blogosphere, or something

So ... I have a blog now. Dunno about Bonde but I always kinda told myself I'd never have a blog because I don't read them much and think the whole phenomenon is a little weird and self-indulgent.

On the flipside, I find myself googling a lot for things like "make it work damnit!" (more specifically of course) and usually that pops up a blog where someone kindly posted his/her instructions for making it work. So hopefully this will be a useful blog for technical nerd stuff at best.

I also find myself perusing Planet Python via RSS on my lunch breaks these days. I always seem to find some useful python tidbit in there. Then again, being a nerd is hard work so I'll probably post my handful of useless, self-indulgent rants and add to the clutter we call the Internet. Oh, what beautiful clutter it is.

Speaking of blogs, can someone post a comment if they know of a good blogging app for python? I say python because I would be interested to contribute if it was well designed, open source, etc. I ended up installing Wordpress for my sister, even though I loathe PHP for all the usual reasons. Wordpress pretty much rocks, but as a wounded PHP veteran, I have no desire to touch the language ever again.

Typo seemed promising at first but looks a little dead. I tried installing Mephisto and, although their install instructions seem more reasonable now, when I tried a month ago it required subversion and rails edge. Both of which caused the tests to break. And pass. Then break again. You get the picture. I couldn't even get the thing to run without a 500 error and gave up after a couple of weeks. Woodlog looked promising too since I like Django but that too seems a little dead. Sigh.

So I built this thing with Django in about 4 sittings and it's super basic but seems to work!

read article