the art of writing is discovering what you believe
Because it pleaseth me to do so (and because I’m avoiding work like mad), I’ve been tinkering with the aerial map of London that David found via the Evening Standard.
Interesting. It strikes me as possibly useful for learning more about geography and in this case, population density and resource usage.
U.S. Diet Proposals Reflect Nation’s Lack of Fitness
The new recommendations call for most women from 35 to 70 years old, for instance, to eat 1,600 to 1,800 calories a day, and for most men in that age group to eat 2,000 to 2,200 calories. Previously, the recommendation for most such people, then assumed to be active, was about 600 calories more.
I think I’m not too far off the mark here, but I know too many of the calories I take in are the worst possible kind.
Of course, there are always problems with oversimplifications: the food pyramid is a good example.
Bonnie Liebman, director of nutrition at the Center for Science in the Public Interest, a consumer advocacy group, said the changes being made were minor and would not make any difference.
The Agriculture Department, she said, “is still not dealing with serious deficiencies in the pyramid lumping together high-fat cheese and fat-free milk, and making no distinction between nuts and fish versus fatty meats.”
You can make almost any food non-nutritious if you really try. And then there’s deep-fried candy bars . . . .
Continue reading “if you’re like me, you eat too much”
Freedom to Tinker: Why So Many Worms?
Many people have remarked on the recent flurry of worms and viruses going around on the Internet. Is this a trend, or just a random blip? A simple model predicts that worm/virus damage should increase in proportion to the square of the number of people on the Net.
Professor Ed Felten has identified the components of the software worm’s ideal ecosystem: the post’s comments extend and amplify some of those points. I disagree that “use Linux” is a solution: trading one kind of homogenous network for another is not all that valuable, even allowing for the benefits of the true code review that open source permits.
Based on your answers, you are most likely a liberal. Read below to learn more about each foreign policy perspective.
Continue reading “Are you a neocon?”
I decided to track down all the niggling little things that were causing this index page to flunk as valid XHTML. Turns out most of the problems were due to code from other sources (Google and Amazon, to name the two main offenders).
Hunting down just what a SHORTTAG YES offense is and how to remedy it was a bit of a snipe hunt, but the work is done and the validation button is in place.
I always hear that the two largest financial commitments you make in life are your house and your car. In the past year, I purchased a car online and re-financed my house online.
I bought a car online in 1998 (essentially researched the vehicle I wanted online, got quotes from dealers via email and worked them over until only one was left standing). Chad seems to be hand-waving over a lot of steps here (he never mentions visiting Edmunds.com, for one thing, and who buys a car without doing that?). Did he get a good deal or did he just get a good enough deal without subjecting himself to the Dealer Experience?
I found the online refinancing anecdote more interesting. It’s hard to identify the parts he’s most happy about. Doing it all by email seems convenient: we have refinanced Thistle Dew, our stately home, 2 or 3 times (I’ve lost count) in the three years we’ve owned it, and email played a role in those transactions. But for me the bottom line is, well, the bottom line. How much do you save each month? This is akin to the magic of compound interest: I’ll put up with some red tape and phone tag _once_ to save some dollars _every month_. I’ll go to the mortgage company’s office and spend that hour shuffling papers and making bad jokes in exchange for smaller house payments.
When I read books like The Social Life of Information or Information Rules, coupled with my own experience, I’m skeptical about breathless promises. While I’ll concede there are inefficiencies to be wrung out of these processes, re-jiggering the processes themselves without making any fundamental changes in them is not earth-shattering. And that’s all I see going on here. No disintermediation or other New Economy buzzwords.
BBC NEWS | Technology | ‘Critical’ flaw found in Windows
Microsoft has issued a warning about a critical security flaw that affects most versions of its Windows software.
[ . . . ]
The flaw, found by eEye Security, would allow a specially crafted MIDI instruction to swamp the cache, or buffer, in DirectX and allow a hidden program within it to run on the target machine.
Such buffer overflow bugs are quite a common way for malicious programs to infect a machine.
Microsoft has issued an alert about the flaw and a patch to close the loophole. It said that currently there were no known exploits of the bug.
The instruction could get into a computer by being put on a webpage.
It can also be put into an e-mail message that uses web formatting.
Buffer Overflows
A buffer overflow is what happens when programs try to store more data in a variable than it has been allocated space for. For example, suppose you have a variable called name that’s defined as an array of 10 characters. There is room for 9 characters, plus the terminating null. By default, C does no bounds checking at run-time, so it is very easy for the user of a badly written program to over flow a buffer. Consider this code fragment:
char name [10];
printf ("Enter your name: ");
fflush (stdout);
gets (name);
If the user of this program enters a name that’s less than 10 characters, all is well. But if they enter a longer string, the stack will get stomped on and data corruption can occur, causing a core dump, or worse, giving the user shell prompt. If the program is running as root, this would be disastrous.
So what can you do to avoid these buffer overflow problems? One answer is to provide really big buffers that “no one will ever overflow”. This is a bad idea because it hasn’t fixed the problem; it merely makes it harder to accidentally overflow the buffer. But it won’t stop a malicious user from deliberately overflowing the buffer. To do that, you need to use functions that let you specify a maximum number of characters to copy. If you change the line that reads
gets (name);
to
fgets (name, 10, stdin);
it doesn’t matter how many characters the user types in response to the prompt, as only the first 9 characters will be copied into the variable name. (With this example, you also have to remove the n character from the end of the name, as fgets() doesn’t remove it.)
This is, literally, what you learn in a 1st quarter programming class, especially if you learn C or C++. Given no bounds-checking or other safety harnesses, it’s up to the programmer to verify with test cases that his code can’t be misused or exploited by either a naive or cunning end-user, person or process. A Google search for “profiling+tools+buffer+overflow+bounds+checking” turns up some research and tools on this topic.
The fact this bug is in Windows Server 2003 suggests those much-discussed code reviews aren’t being taken all the seriously.
Three Column Layouts – css-discuss
The question of finding good 3 column layouts comes up in the mail list from time to time. Here are some that I have found, along with a few notations about what features they include and how they work. The judgement of “good” is left to you and your needs. Each offers interesting techniques for the CSS student. By the way, when visiting these places, look around; many of these people offer other layouts that I have not included here.
Very nice to find all these, instead of partially re-inventing them, badly.
There Is No Cat – Adventures in The Trademark Zone
Did you know that Clue-by-Four[tm] is a trademarked term?
Apparently, I’m an offender as well, but I had never heard the term used before: it just stemmed from my exasperation at that moment.
Here’s the link to the USPTO details. This guy’s going to a lot of trouble to defend his foam rubber board. There’s a metaphor there that I’m not going to touch . . . .