It’d be really neat if f-spot could use face recognition and self-tag photos with who’s in them. It’s a real pain going through all my photos and adequately tagging them.
wishlist: Face Recognition and f-spot
Reply
Restaurant Web Sites
So, having a bit of a google for restaurants around the place (well, okay, in Melbourne) and noticed that about 90% of the web sites are Flash only and hence unusable. Well, guess what – you lose.
Sound Volume
I like listening to music while I work. I also like notification sounds – such as gaim chiming when messages are received (so I look at them) and such things.
I use an iMic USB audio dongle to output sound to my headphones (partly because the connector on my laptop is a bit dodgy now) and I’ve detailed in the past how support for hotplugging of audio devices leaves a lot to be desired (it’s worse than it used to be sadly – I used to just be able to run esd against sound device and all was hunky dory).
What currently gets me is that music can be an adequate volume and then WHAM this loud gaim notification comes through.
Setting gaim to be softer and music to be louder isn’t immediately obvious and is easy to get wrong. It’d be great if the Volume Control applet could tweak it all from one place (and there was a way to change what the drop down volume applet controlled).
Doctor != Hacker
Thoughts on manadotry registration of IT professionals.
Having the argument for this and comparing to “we have it for doctors” doesn’t fly. If you start playing doctor on random people, you can kill them.
Writing code and whacking it up on the net can in no way directly cause harm to someone the same way as DIY heart surgery could.
Anybody who goes and grabs random code out in the wild and runs a system on it on which human life depends gets everything they deserve. They’re the bad guys here – not those writing and sharing code.
So how do you make sure this person constructing a system on which life depends is competant? The same way you do for everybody you hire – check their resume, talk to them, have appropriate checks and balances in place.
Just because somebody has a sheet of paper means nothing about their actual ability. Remember those crappy teachers from your school years? They all had teaching degrees. Rember how the university student tutor you had was a lot better than the teacher? Hrrm… that teaching degree obviously means a lot when it comes to ability then.
I certainly wouldn’t hire at least 80% of my past fellew undergrad students – even though they have the same sheet of paper as me.
Please, everybody go read The Daily WTF and see how much even experts with certifications can get it so, so, so wrong.
Cows earn more than humans
Cows in Europe are subsidised to about $2/day.
Quote from Hack:
“So if you’re a cow in Europe you’re doing better than 2 billion people in the world today.”
Interesting set of priorities we have.
Saturn comes back around…
For certain evil purposes last week, I assembled the old Saturn with a hard disk I found when cleaning a little while ago (I have that kind of tech stuff – you clean up and find 40GB disks – I’m pretty sure I have an 8.4 bumming around somewhere too).
I ended up being able to do the evil I needed to, but I could tell that the room was a bit warmer due to the extra box being alive. I was also lazy and couldn’t be bothered going downstairs for the D200, so this was shot with my old and trusty Coolpix 4500.
I used the box to be able to get remote access to a customers’ test setup to do some diagnosis on a bug (that’s notoriously hard to reproduce). I think I have a fair idea of what it is now though (timing related – not fun).
Remember kids, threads are evil.
Also, an interesting thing to note is that there is, in fact, a limit to not the number of fds you can pass to the select(2) system call, but to the actual number (on my Ubuntu box here, passing a fd of, say 2000 is probably going to lead to trouble). This has nothing to do with the previously mentioned bug, but an interesting point.
and the morning annoyance award goes to….
goes to VMware. Honestly, why every time i go and upgrade a kernel or version of the free (as in beer) VM it asks me about serial numbers.
They also get a “annoyance award” for not listing Victoria as a state that could be in Australia on their web site. They do list other Australian states though (e.g. Westeren Australia and the Australian Capital Territory) yet not one of the most populous.
Or it should really go to Solaris. What a pain in the arse to get to the point of being able to compile $random_free_software_project. Look at Ubuntu/Debian: install system, apt-get build-dep $project, grab source, build. No fucking around with PATH or some strange application to do security updates (which I don’t know how on earth I figured out – I know that somebody else I work with hasn’t been able to easily find it). Why oh why is it so hard? Can’t there be an easy way? Please, somebody enlighten me!
WRT54GL client mode OpenWRT fun!
the wireless USB dongle I had running on my MythTV box had drivers that weren’t always reliable. I have recently totally decided that if I haven’t had time to debug them and fix the problems by now, I won’t in the near future.
Today a courier arrived with two of the Linksys WRT54GL for me. yay! My aim is to put OpenWRT on them and use them in client mode (one for me, one for mum) to get around unstable wireless drivers.
I just set mine up and it works! MythTV box now much more reliably on the network!
Although, I did hit one snag – the MAC address on the sticker on my unit was NOT the actual MAC address of the router. Really annoying when setting up MAC filtering. Grr….
(i really should set up better wireless security here)
SQLyog on WINE
SQLyog is now free software and seems to run under WINE on my Ubuntu box okay (i think i’m running stock wine from dapper….)
So those of you addicted to SQLyog (i hear there’s a couple), you can use it on linux okay too (and probably other systems that WINE supports)
Twinhan USB DTV dongle not working :(
so after doing some researching (read: using search engines with linux + product name), I came to the conclusion that a Twinhan USB2.0 DVB dongle would be the dongle for me. Yes – it’s small, compact and does digital tv without requiring a non-existant free PCI slot in my Shuttle MythTV box.
Having had great success with my last bit of new hardware (a really cheap Logitech QuickCam Express or something) – plug it in and it “just works”. Oh Linux how you are better than Microsoft Windows for hardware usability!
But this was not to be. It uses a vp7045 chipset, which has drivers both in Ubuntu 6.06 “Dapper” and in the latest v4l-dvb hg tree.
But for the life of me I couldn’t get it to tune into any TV stations (for those of you who like using hardware and not just having expensive boxes around, you will appreciate how tuning into a TV station is rather important functionality for a TV card). So I started having a look around the interweb for possible answers.
The best I could come up with was “are you sure you have all the cables plugged in” – yes, I was.
So seeing as this is the first digital TV dongle in this house, I wondered if the signal just wasn’t getting here. I got a friend to bring around a spare digital set top box. It worked fine. Brilliantly in fact – it even worked with the shitty small antenna that came with the dongle. So it wasn’t an ability to receive.
I then came across this post to the linux-dvb list titled “New VP7045 with TDA10046 instead of MT352 (was: VP7045 tuner doesn’t work)”. Which really does hint at the problem!
I could be one of the lucky ones with a new revision that uses the TDA10046 instead of the MT352! (after getting some debug info from the card out of the driver – it was reporting itself as v1.02, so quite possible).
Maybe time to hack the dvb driver for it? Things seem pretty modular, so it couldn’t be too hard, right?
Well, the vp7045-fe.c file is the front end (well, what it assumes is the front end) for the vp7045.c dongle. So all I really need to do is to get it to use the tda10046 frontend (under frontends/tda1004x.c) instead of the vp7045-fe.c fe code.
Well, it seems as though the tda10046 is an i2c device while the vp7045-fe isn’t. Hrrm… I’ve never really done much with i2c, so this’ll be fun!
I’ve currently managed to hack the driver so that we do some things to do with the tda chip – although i haven’t gotten in detecting the i2c adapter – which means we’re never going to get a front end! (in fact, when you plug in the device with my modified driver you get a “no frontend detected” message from the kernel).
i’ve tried poking on the #linuxtv channel on freenode to no avail – so it seems like i’m on my own for a bit.
A good way to spend midnight until 3am though :)
I’ll probably end up doing the same tonight. Why? Because it’s just so much fun.
Oh, and if anybody has any pointers – it would be appreciated.
I am, of course, assuming the hardware itself isn’t faulty. I have no MS Windows system around to test on.
dosbox
I showed kit dosbox. She’s now playing alleycat (sorry, ALLEYCAT.EXE) on it and we’ve all forgotten that we were actually hungry.
Of course, I did have to play a bit of Hugo’s House of Horrors – sorry, HHH.EXE.
Oh old DOS games, how awesome you are.
Since I’ve been back…
Saw Augie March live and have gotten Tool tickets. awesome.
Storing Passwords (securly) in MySQL
Frank talks about Storing Passwords in MySQL. He does, however, miss something that’s really, really important. I’m talking about the salting of passwords.
If I want to find out what 5d41402abc4b2a76b9719d911017c592 or 015f28b9df1bdd36427dd976fb73b29d MD5s mean, the first thing I’m going to try is a dictionary attack (especially if i’ve seen a table with only user and password columns). Guess what? A list of words and their MD5SUMS can be used to very quickly find what these hashes represent.
I’ll probably have this dictionary in a MySQL database with an index as well. Try it yourself – you’ll probably find a dictionary with the words “hello” and “fire” in it to help. In fact, do this:
mysql> create table words (word varchar(100));
Query OK, 0 rows affected (0.13 sec)
mysql> load data local infile ‘/usr/share/dict/words’ into table words;
Query OK, 98326 rows affected (0.85 sec)
Records: 98326Â Deleted: 0Â Skipped: 0Â Warnings: 0
mysql> alter table words add column md5hash char(32);
Query OK, 98326 rows affected (0.39 sec)
Records: 98326Â Duplicates: 0Â Warnings: 0
mysql> update words set md5hash=md5(word);
Query OK, 98326 rows affected (3.19 sec)
Rows matched: 98326Â Changed: 98326Â Warnings: 0
mysql> alter table words add index md5_idx (md5hash);
Query OK, 98326 rows affected (2.86 sec)
Records: 98326Â Duplicates: 0Â Warnings: 0
mysql> select * from words where md5hash=’5d41402abc4b2a76b9719d911017c592′;
+——-+———————————-+
| word | md5hash                         |
+——-+———————————-+
| hello | 5d41402abc4b2a76b9719d911017c592 |
+——-+———————————-+
1 row in set (0.11 sec)
mysql> select * from words where md5hash=’015f28b9df1bdd36427dd976fb73b29d’;
+——+———————————-+
| word | md5hash                         |
+——+———————————-+
| fire | 015f28b9df1bdd36427dd976fb73b29d |
+——+———————————-+
1 row in set (0.00 sec)
$EXCLAMATION I hear you go.
Yes, this is not a good way to “secure” passwords. Oddly enough, people have known about this for a long time and there’s a real easy solution. It’s called salting.
Salting is prepending a random string to the start of the password when you store it (and when you check it).
So, let’s look at how our new password table may look:
mysql> select * from passwords;
+——+——–+———————————-+
| user | salt  | md5pass                         |
+——+——–+———————————-+
| u1Â Â | ntuk24 | ce6ac665c753714cb3df2aa525943a12 |
| u2Â Â | drc,3Â | 7f573abbb9e086ccc4a85d8b66731ac8 |
+——+——–+———————————-+
2 rows in set (0.00 sec)
As you can see, the MD5s are different than before. If we search these up in our dictionary, we won’t find a match.
mysql> select * from words where md5hash=’ce6ac665c753714cb3df2aa525943a12′;
Empty set (0.01 sec)
instead, we’d have to get the salt and do an md5 of the salt and the dictionary word and see if the md5 matches. Guess what, no index for that! and with all the possible values for salt, we’ve substantially increased the problem space to construct a dictionary (i won’t go into the maths here).
mysql> create view v as select word, md5(CONCAT(‘ntuk24′,word)) as salted from words;
Query OK, 0 rows affected (0.05 sec)
mysql> select * from v where salted=’ce6ac665c753714cb3df2aa525943a12’;
+——-+———————————-+
| word | salted                          |
+——-+———————————-+
| hello | ce6ac665c753714cb3df2aa525943a12 |
+——-+———————————-+
1 row in set (2.04 sec)
mysql> create or replace view v as select word, md5(CONCAT(‘drc,3′,word)) as salted from words;
Query OK, 0 rows affected (0.00 sec)
mysql> select * from v where salted=’7f573abbb9e086ccc4a85d8b66731ac8’; +——+———————————-+
| word | salted                          |
+——+———————————-+
| fire | 7f573abbb9e086ccc4a85d8b66731ac8 |
+——+———————————-+
1 row in set (2.12 sec)
So we’ve gone from essentially instantaneous retreival, to now taking about 2 seconds. Even if I assume that one of your users is going to be stupid enough to have a dictionary password, It’s going to take me 2 seconds to check each user – as the salt is different for each user! So it could take me hours just to find that user. Think about how many users are in your user table – with 1000 users, it’s over 1/2hr. For larger systems, it’s going to be hours.
Flickr: macplusg3’s photos tagged with beijing
Flickr: macplusg3’s photos tagged with beijing
There’s some photos I’ve taken around Beijing up there. Will be posting more over the next few days (and until I leave – on the 16th). Enjoy.
Tapioca VoIP happiness
and specifically, the Landell front end as it supports the use of a http proxy.
I’ve been able to call Kit and chat while I’ve been on the road this time. Means we get to avoid nasty GSM roaming charges (or any charges) and even though there’s some lag (like a second or so) and the voice quality isn’t brilliant – using Landell/Tapioca and Google Talk on her end means we get to stay in touch without feeling guilty about massive phone bills.
I totally heart free software.
Welcome to Beijing (Day 2)
I am somewhere around here.
Welcome to Beijing (day 1)
I’ve just come back from lunch. I’ve managed to eat Chinese food, in China, with chopsticks and not totally embarass myself. Ate some new food, new vegetables and a seemingly different type of seaweed than I have eaten before. It tasted good though. I even think Kit would have liked some of it (once she got over the fact that it looked different and some things were green things).
I arrived safely after a flight that was fine (except for getting up rather early to get to Sydney to then take a sane timed flight). Beijing seems to be a bit like the firefly world, except with less flying cars. You’ve got heaps of stuff in English and Chinese. It could be really interesting to live here and experience things.
There’s a national English language newspaper which is fairly up to date on world events – the fact that our dear Mr Howard is going to go to the election seems to be news here! It’s not packed with local news, which would be interesting to read (although I think I’ll have to learn to read first).
The hotel is a short walk from the office (down the street, across the road). Oh, the roads are at least 7 lanes – they’re big!
Hotel is pretty nice, probably about half the price of what I’d expect to pay back home. Breakfast was good – some totally delicious watermelon. Honestly thinking of just having watermelon for breakfast tomorrow :)
Although it’s rather obvious that the hotel is aimed at western visitors. At breakfast you could only really tell you’re in China by: looking out the front window at all the Chinese writing or looking at the waiters and waitresses and noticing they all a) spoke Chinese to each other and b) were Chinese. About 5 languages before my first coffee – what a way to start the day!
At some point I’m going to have to have some Chinese tea – it seems like a real obvious must-do. Although maybe I should give in at some point and buy coffee from starbucks as well….
Uninviting a Vampire
Brian “Krow” Aker’s Idle Thoughts – Know your rights
Brian muses on if you can uninvite a vampire and thinks this wasn’t addressed in Buffy or Angel.
Angel was uninvited in Season 2 (in the episode Passion).
I’m pretty sure Dracula was uninvited too, but I think I have to rewatch the episode (shock!)
Spike was uninvited and couldn’t enter Buffy’s house in Season 5.
So at least in the Buffyverse, you can uninvite a vampire.
Beware Digital Rights Traps
I’ve added the “Beware Digital Rights Traps” buttons to both my blog page and the main page of flamingspork.com.
I’ve also taken a photo I took ages ago and used it as a header image thingy. doesn’t look to bad on the front page… not 100% happy with the wordpress theme integration atm.
What kind of person googles for this?
“cut finger pictures”
one of the most disturbing search queries that got somebody to my site. really, really disturbing.
At what point in your life do you go out and desire pictures of cut fingers?