ptalk > August 2003

Eating your own dogfood (not)

Seems Microsoft has had to give up on using Windows to host its own web sites:
ZDNet UK - News

Homelan(d) Security

The Department of Homeland Security is all het up about Microsoft’s latest security flaws. What's a poor home user to do? One simple and safe solution is to not connect to the internet, but that’s probably too Draconian for the average user. If you have a dial-up connection, you are safe as long as you are not connected. But if you are like more and more people, you have an always-on, high-speed connection to the internet, and your PeeCee is plugged right into it. Might as well leave your front door open with a note on how to find your sugar jar taped to the jamb.

One solution is to put something between your cable/DSL modem and your computer. There are lots of routers available whose main purpose is to allow you to have several computers at home accessing the internet while only paying your ISP for one connection. A pleasant side-effect to many of these routers is that they stop most worms cold because they are not a PeeCee — they act as a firewall between you and the internet.

A router is in fact a computer, it typically has an operating system, but it has only one job to do, so there is a much better chance that its programmers have gotten it right. Much better than a general purpose computer running a general purpose operating system with half a billion lines of code any one of which might be wrong.

You can buy a “personal firewall”, a piece of software that runs on your computer and tries to do the same job, but it is not quite as good, because it is depending on your operating system to be working right, and this was the source of the problem in the first place.

That's why I suggest getting a hardware firewall, a dedicated box that has only one job to do. The best firewalls implement something called stateful packet inspection (SPI), which looks at every packet of information going in and out of your house to make sure it is something that you asked for.

A firewall does not protect you against viruses that you receive in email and are fooled into opening, so you still need good anti-virus software on your machine, but it can save you from malicious crackers invading your machine over the internet.

Macs are less likely to be affected by these worms and viruses. They are such a small share of the market, the worm and virus “vendors” usually don't bother to make a Mac-compatible version of their wares. Nevertheless, if you have a Mac plugged into an always-on internet connection, it is likely getting probed by worms just to see whether it is a PC or not, so a hardware firewall can still be of use to stop the worms from wasting your time (your computer does waste time looking at the probes, even if only to ignore them).

[The router/firewall that I use personally is the Linksys BEFSR41. If you are using wireless internet in your house, there are combination router/firewall/wireless gateways too. If you are a Mac user, the Apple Airport is one such device.]

Joke Technology

FW: Fw: Fw: Re: FW: re: Fw: Reely funny!

>>>>Note: Forwarded message attached
>>>>
>>>>>>>>Scroll down...

How many of these do you get each day? I think it’s amazing that email has been able to preserve all the features of the earlier fax joke technology where the joke becomes completely illegible after it has been passed on more than five times.

Luckily, Columbia University has shown that none of us are separated by more than six degrees; so, if you get a joke that is illegible, you can assume that everyone you know has already seen it and save the electrons (or fax paper).

Flash Hash

The new Flash 7 beta demonstrates a significant performance improvement.

Presumably some of that improvement comes from improving an algorithm that must be central to any Javascript virtual machine: looking up Object members. Objects in Javascript can have members with any Javascript string as the member name. Most implementations will use a hash table to implement Objects, where the hash key is the member name and the hash value is the value corresponding to that member.

Arrays in Javascript are really just Objects that happen to have members with names like '0', '1', '2', etc., and a special length property that is always 1 more than the member with the highest numeric index.

Implementing Array’s efficiently must be tricky, because programs will typically ask for array members using numeric indices, but Javascript semantics state that they must behave as if the numeric index was converted to a string first and then used to look up the member. Furthermore, you are allowed to add members to an array with non-numeric indices, so you can’t specialize your hash table to only support numeric indices.

Clearly, you’d like to avoid the overhead of converting to a string if you can. One way I can think of doing that would be to have a clever hash algorithm that hashes numbers and the string representation of a number to the same value, then you can delay the number-to-string conversion until you have a key to compare to.

I’m thinking that Macromedia may have an optimization something like that in the Flash 7 player, because of the following bug that I have found. If I set any array to have an element at '-', it seems to corrupt all the other arrays in my application that have an element at 0 — they all behave as if their 0 element moved to '-'.

If you have Flash 7 beta installed, you can see for yourself: Flash 7 Bug

Here’s the source code for this demonstration:

mylist.addItem("Create an empty array: var crud = new Array;");
var crud = new Array;
mylist.addItem("Store a value at '-':  crud['-'] = 'foo'");
crud['-'] = 'foo';
mylist.addItem("Create an array of one element: var ary = [ 'one' ];");
var ary = [ 'one' ];
mylist.addItem("What is at ary[0] now?");
var j = '0';
mylist.addItem('ary[' + j + '] => [' + typeof(ary[j]) + ' ' + ary[j] + ']');
mylist.addItem("What is at ary['-'] now?");
j = '-';
mylist.addItem('ary[' + j + '] => [' + typeof(ary[j]) + ' ' + ary[j] + ']');
mylist.addItem("What are all the elements of ary?");
for (var i in ary) {
	mylist.addItem('ary[' + i + '] => [' + typeof(ary[i]) + ' ' + ary[i] + ']');
}

Voting right

Our right to vote has two important principles: anonymity (so your vote cannot be coerced) and accountability (so your vote cannot be miscounted). Paper ballots work because the ballot is accountable (it is a physical token that represents your right to vote — counted when you identify yourself as a voter, counted when you vote, and counted when the vote is tallied), and the ballot is anonymous (you mark your ballot privately, the marks are tallied separately from your identity).

There is a possibility for fraud: extra ballots could be introduced, or ballots not counted — this is controlled by comparing the count of voters to the count of ballots; or the votes on the ballots could be incorrectly counted — this is controlled by recounting the physical ballots if something seems amiss.

So-called “electronic voting” threatens this system because there is no physical representation of each ballot. (Actually, there is a physical representation in the electronic charge of certain atoms in a RAM chip or the magnetic polarity of crystals on a hard drive; but these are hardly inspectable in the clear fashion that a physical paper ballot is.)

Independent of the issue of computers being complex and unreliable, without a physical token representing each vote that can be inspected directly by humans, there is tremendous opportunity for voter fraud, both intentional and unintentional.

If you want to know more about the issues surrounding electronic voting machines, you should read this article by Dr. Rebecca Mercuri, professor of computer science at Bryn Mawr. If you want to be frightened, read Lynn Landes' page on Voting Security.

Two recent events prompted me to think about this issue: First, a report in the Boston Globe regarding a push to use touch-screen voting machines in Massachusetts. Thankfully, Secretary Galvin is taking a careful approach. Second, a report from Scoop regarding Dr. Mercuri being ejected from an elections conference. Now, why would they want to do that?

John Peter Zenger

Today is the anniversary of the verdict in the trial of John Peter Zenger, considered by many the germ of our right to freedom of speech.

The outcome of the trial hinged on the (today) little-known principle of Jury Nullification. The jury's verdict of “not guilty”, against the judge's instructions, effectively nullified the application of the English seditious libel laws in the Colonies, paving the way for our freedom of the press.

[On a personal note, Lewis Morris, who was removed from the case by the royal governor, is an ancestor of my spouse. His great-grandson, Gouvenor Morris, penned the preamble to the constitution and noted the influence of the Zenger trial on our first amendment: “The trial of Zenger in 1735 was the germ of American freedom, the morning star of that liberty which subsequently revolutionized America.”

[A full account of the trial by Douglas Linder, Professor of Law at University of Missouri-Kansas City Law School is available at Zenger Trial.]

Why Fi?

Tech Superpowers, the folks who bring you Newbury Open — free wireless internet access on Newbury Street, have an interesting demo at Boston's South Station. The have set up a wireless internet “bubble” that lets travellers get a glimpse of what it might be like to have free wireless access in the station.

Unfortunately, they inform you, the “powers that be” are holding out, thinking that someone is actually going to pay them to have the right to the wireless airspace in the station (presumably because they will then charge people to access the internet from the station).

Wrong business model if you ask me. Wireless internet access should be like Muzak or plant services. They enhance the value of your space by making customers linger and spend more money…

Who are these mysterious “powers”, and how do we get though to them?