Category Archives: Web/Tech

On the risks of ad-lib sociology

There’s a thing sloshing about the internet just now, wrapped in the question Where are the women coders? The idea is that women are under-represented in the software industry, and that we’d all be better off if that were corrected.

It’s hard to argue with that. The tricky part is in why women are under-represented. That’s a minefield. Ask the wrong question – or even the right question, artlessly phrased – and a tempête de merde will erupt across the internet.

Today’s target is Dave Winer, who said:

Programming is a very modal activity. To be any good at it you have to focus. And be very patient. I imagine it’s a lot like sitting in a blind waiting for a rabbit to show up so you can grab it and bring it home for dinner.

…and thereby upset a great many people. (I’m not surprised. It surely was a dumb thing to say.)

My own theory – not that anyone cares what I think – is:

It’s impossible to disentangle innate from learned behavior in humans. The societal influence is too strong. So it’s pointless to look for traits inherent to men or women that influence whether they end up writing software for a living.

(Though if it were possible, the results of such an inquiry would be fascinating.)

Ten years ago…

From August 19, 2003:

…put the following (invalid) HTML in a file, then try to open it with Internet Explorer.

<html><form><input type
crash></form></html>

Internet Explorer fall down go BOOM.

I wondered whether the ‘softies had ever gotten around to fixing their bug, so I created a text file & pasted the HTML into it. But before I could open it with Internet Explorer, Windows Defender popped up a MALWARE DETECTED warning box, and deleted my file.

The Windows Defender quarantine log says:

Detected Item: Trojan:HTML/Crasher
Alert level: Severe
Description: This program is dangerous and executes commands from an attacker.

Does that mean they haven’t fixed it?

Windows 8 vs. OS X

For all their big talk of UX research & testing, Microsoft often displays a stunning ignorance of the Right Thing To Do. Here’s an example that’s been annoying me ever since my employer (hi, Stephen!) issued me a Windows 8 laptop:

OS X:

  1. Open laptop. Password prompt appears.
  2. Enter password. Computer unlocks.

Windows 8:

  1. Open laptop. Nothing happens.
  2. Press power button. Lock screen appears.
  3. Press any key. Unlock screen appears.
  4. Enter password. Computer unlocks.

It smells like the ‘softies have uncounted thousands of (admittedly clever) people, each beavering away on his own tiny cog of the vast mechanism known as Windows; but they have nobody thinking about how all the pieces fit together.

I suppose item #1 might be a hardware issue – perhaps it never occurred to the laptop manufacturer that raising the screen might imply a desire to use the computer.

#2, though, is just dumbness. It’s a very pretty lock screen; I’m sure the Lock Screen Group at Microsoft spent months designing & tweaking it to a state of utter perfection; but admiring the lock screen isn’t why I have the computer.

Maybe there’s a registry hack to work around this. Must investigate.

Goodbye, Internet Explorer

Jennifer’s computer picked up some malware the other day; Internet Explorer started popping up ugly dialog boxes: “This content requires Media Player 12.7”, or some such.

It’s happened a few times, in the four years Jennifer’s had her computer. When it does, she worries that she’s done something wrong, or visited a bad web site, and seems dubious when I tell her it’s not her fault. (Whose fault is it? Microsoft’s, for shipping an insecure web browser.)

So, my project for last night was malware removal. This proved mildly challenging.

The virus scanner claimed to have detected & quarantined it, but it didn’t seem very quarantined: the ugly dialog boxes kept coming.

My usual technique for dealing with these things is:

  • Log in as administrator. (Regular user accounts should not have admin privileges, because that gives the malware admin privileges – a Very Bad Thing indeed.)
  • Fire up the autoruns utility. (It’s astonishing, really, how many different ways Windows provides to automatically execute untrusted third-party code. It’s almost as if Microsoft wants Windows computers to be infected.)
  • Look for unsigned executables with random names: in the temp directory, downloads directory, etc., etc. Delete all registry references to these, then restart the system.
  • When the machine comes back, delete the executables. (Since they never started, they can no longer interfere with their removal.) Presto, your machine is disinfected.

Alas, this time that last step didn’t work. I could see the executables, but Windows wouldn’t let me delete them. (Gee, thanks, Windows!)

Fortunately, there’s more than one way to remove a file; so I switched to plan B, the PendingFileRenameOperations registry hack. That one runs in the system context (which can do most anything), and runs before any of those pesky autorun registry entries.

One restart later, the bad software was no more.

I decided to poke around a bit more, to see if I could make reinfection less likely. I made sure Windows was up to date; I updated Java (a notorious malware vector, Java – perhaps the name is an acronym for Just Another Virus Accumulator); and I disabled Internet Explorer’s Java plugin.

Then I installed Chrome, and made it the default web browser.

I feel bad for Microsoft. They’re still working as hard as ever – on Windows, on Internet Explorer – but no one cares any more. The world has moved on.

Docked

Yesterday’s project was to back up, reset & restore the iPhone: this, according to AT&T, is the final step in unlocking the iPhone. Alas, there were…distractions.

When I docked the iPhone (for the first time since January), iPhoto popped up with an offer to upload the 159 new pictures – new vs. last January, that is – that it found.

Sure, go ahead, thought I.

Alas, the upload process did not include any of the titles, descriptions, tags, etc., etc., that I had set in iPhoto on the iPhone. iPhoto for iOS is off in its own little world, and will not give up any of the data entrusted to it.

There’s a word for that sort of behavior, but it isn’t a very nice word. I imagine I won’t be using iPhoto on the iPhone any more.

iTunes also offered to download available updates for sixty-three apps. Never mind that most of those are tried-once/didn’t-like, or apps I bought for the iPad & don’t want on the iPhone; never mind also that the iPhone has been happily downloading its own updates for the last six months; the bandwidth gods must have their offering.

With resignation bordering on despair, I clicked the Download all updates button, and watched the blue progress bars crawl slowly across the screen.

(It turns out Jake had his own download running, so my completely-pointless download included a bonus starved-for-bandwidth waste of time.)

After a while, I gave up & went out to watch television with Jennifer. I never did get the iPhone backed up. Maybe tonight….

Blink

A few weeks ago, the Wii’s message light started blinking. I wonder what that’s for, thought I. A message from Cousin Ryan? An available software update?

The Wii has been sadly neglected, ever since the Xbox arrived. All those games, all those controllers & their goofy accessories – they sit in baskets near the television, gathering dust.

So the Wii’s efforts to gain our attention met with little success, until last Sunday evening. The kids were in bed, Jennifer was elsewhere in the house; it was time to solve the mystery of the pulsating blue glow.

It turned out to be nothing exciting, nor even very interesting: just an advertisement for the Wii U. Nintendo must be desperate to boost sales, if they’re nagging Wii users.

Once the Wii home screen came up, I noticed that somebody had left a Call of Duty: Black Ops disc in the drive. (I hate it when the kids do that. Alas, my attempts at teaching proper CD handling to the next generation have failed.) After ejecting the CD & returning it to its case, I brought up the Wii calendar thingy, to see when Blacks Ops had last been played.

The answer: somebody played Black Ops for five hours on February 3rd. And that’s the only time all year anyone has used the Wii.

Nullification

Suppose you have a MySQL table, that contains a field like this:

start_time datetime default NULL

As it turns out, the start_time field is never null: it always contains a value. Every record in the table has a value, and new records are never created without one. So, in the interest of good data hygiene, you do this:

alter table …
modify start_time datetime not null default ‘0000-00-00 00:00:00’;

This should be a very fast operation: the data type isn’t changing, the current values are all valid under the new schema. MySQL could just update the schema, and leave the data alone.

Alas, it does not. It insists on making a copy of the entire table. If the table is large – say, because it contains thirteen years of data – this can take a rather long time.

Annoyance, I have it now.

Passwords

I’ve been thinking about passwords.

Long ago, passwords were short & simple, usually a single all-lowercase word: cabbage, turkey. Those turned out to be easily guessed, since most people chose from a fairly small set of words.

Then everybody started mangling their passwords, replacing letters with vaguely-similar digits: ca66ag3, turk3y, that sort of thing. They were harder to guess, but also harder to remember.

The bad guys responded with rainbow tables: tables of pre-computed password hashes. They’re huge – 8GB or more – but disk space is cheap.

The latest (proposed) solution is to string together several words: supposedly, an easy-to-remember password like “correct horse battery staple” has 44 bits of entropy, and at 1,000 guesses/second would take 550 years to crack.

A few thoughts:

Some web sites won’t accept a twenty-five-character password, or one that’s all lowercase letters.

There are already storage systems large enough to hold a 44-bit rainbow table. They’re insanely expensive, for now; but soon enough they’ll cost $100 at Best Buy. What then?

As passwords get larger, is there a risk of hash collisions – two passwords with the same hash? (I know very little about cryptography. Maybe there is no risk.)

Passwords are obsolete. (No, I’m not the first person to think that. Thanks for asking!) I hope clever people are working on a replacement.

“I have…a *plan*….”

CNN says: At long last, Microsoft has an Apple-beating vision:

But Microsoft’s plan may be even better than anything Apple or Google currently have to offer. If – and it’s still a lofty if – there’s a shred of validity to rumors that Microsoft will merge the Windows and Windows Phone platforms, “Blue” could end up being a huge deal. Dissolving the barrier between mobile and desktop would be nothing short of impressive.

My first thought on reading this was that if Microsoft does merge Windows and Windows Phone, all existing Windows Phone devices will be orphaned. Users won’t be able to update their devices to the new OS; and the old OS won’t work with the new apps, app store, etc., etc.

I don’t think screwing over your existing users counts as an ‘Apple-beating vision’….

MySQLdb gives me a pain

Consider the following Python code:

import MySQLdb
conn = MySQLdb.connect(...)
cursor = conn.cursor()
sql = "create temporary table t1 (a datetime, b integer)"
cursor.execute(sql)
sql = "insert into t1 (a,b) values (ifnull(%s,now()),%s)"
args = [(None,0),]
cursor.executemany(sql, args)
cursor.close()

If you run it against MySQLdb 1.2.4, you get this error:

TypeError: not all arguments converted during string formatting

…even though there’s nothing wrong with the insert query. Any of the following changes will make the error go away:

  • Replace now() with ‘2013-01-01’;
  • Reverse the field order, e.g.: insert into t1 (b,a) …;
  • Use an earlier version of MySQLdb (I tried 1.2.1b4).

I found a comment on the ever-helpful StackOverflow that says this is a bug in MySQLdb  (unfixed, despite the developer’s claims to the contrary), and even offers the specific regex that’s broken.

(I’d say using a regex to parse sql, when all you really need to do is find & replace instances of “%s”, is the real breakage….)

The end result of all this is that I get to waste my time looking at every single instance of executemany in my code, to make sure my queries won’t confuse the easily-bewildered MySQLdb.