comments suggest edit

Props to any,one who can tell me the song and artist that my subject line refers to.

Sunday afternoon I flew to NYC, stayed at the W on Lexington (nice), had a Long Island Ice Tea (to commemorate), woke up the next morning, caught a train to Long Island for a meeting, found out our approach to a big project was all wrong (the product guys on their side love it, but the keeper of the tech gates changed his mind), caught a plane back to L.A. (business class upgrade. Loved it), and am now back to work.

One night business trips across the country suck. I didn’t have time to hang with my buddy Dave out there. I called him when I got in. It was only midnight, you would think he’d still be working. Slacker.

comments suggest edit

CAPTCHAAs if to punctuate my post entitled Image Based CAPTCHA is Fast Losing it’s Appeal, Casey outlines his .NET code used to beat the CAPTCHA employed by many blogs using a Neural Network approach.

Neuron This is a beautiful attack on CAPTCHA (as it is currently often implemented) and only shows that there is no “ONE” solution to rule them all. The attacks against rel=”nofollow” as ineffective against spam now apply to CAPTCHA. Blocking automated spam in all its forms will be a continuous iterated process encapsulating multiple combined defenses (such as rel=”nofollow”).

And to the haters that are pissed that Casey published this, get over yourself. You need to realize that his post shows that CAPTCHA (as it is currently implemented) is a wall of sand. If it was this easy for him to beat CAPTCHA, a black hat out there probably already has a similar solution. Ignorance is no substitute for security. Now you know it can be beat quite easily, go fix it and quit whining.

Thanks to Scott Reynolds for pointing out Casey’s approach.

comments suggest edit

Received this comment on my “Blogging Is Pure Vanity” Post.

I’ve always thought blogging was the product of excessive self-indulgence. When one of my particularly vain coworkers started a particularly insipid blog, it was time to strike back. So I started blogging the news of his life. Then I told everyone else at work about it except him. He still doesn’t know about it and we’ve been laughing at him for a week now.

Now that’s funny. I’ve been searching, but I haven’t found anyone blogging about my life due to my particularly insipid blog.

comments suggest edit

Every Friday the company buys lunch. Today we all received an email with the list of choices from a Thai restaurant. I replied with “Orange Chicken”. Soon afterwards one of my coworkers thanks me for letting him know I’m having Orange Chicken. Huh?

Then I get this email from another coworker:

You know… for a second there I thought we would all be held in suspense while we tried to guess what you were going to have for lunch. \ \ I feel so much better knowing you plan on eating the orange chicken tomorrow; seriously it takes a lot off my mind…

Ahh, I’ve made the rookie AOLer mistake of hitting “Reply To All”. I swear this is my first time.

I responded that

I’m a trend setter and it’s my duty to inform the wannabes, losers, and biters of my choices so they have ample opportunity to jump on the bandwagon.

Besides, it’s good to let the President of the company know that I’m an up and comer. Orange Chicken is the choice for an individual who deserves a very large raise. I work with a bunch of wise-asses.

UPDATE:It gets worse. After some good natured ribbing, I send out the following to the “everyone” list.

Hi All,\ \ I accidentally hit the “Reply To All” button earlier when indicating my choice for the savory options we have lined up for this Friday. I apologize for spamming you with my choice, which happened to be, and remains, Orange Chicken.\ \ I just wanted to make it clear that the company neither endorses nor supports the choice of Orange Chicken. The company takes no official position on your choice of Thai food other than to pick from the choices given. The choice of Orange Chicken is a personal choice and should not influence you in your own decision relating to fine Thai cuisine.\ \ Therefore, if you should choose to go with Garlic and Pepper Beef, for example, feel free to make such a fine and tasty choice (though I would suggest you consider Orange Chicken as it is quite delicious).\ \ Phil

After hitting “SEND” I notice that there’s a few emails in my inbox where another coworker had been sending puzzles to the everyone list and received a reprimand from our HR person, let’s call her Bonnie.

This email address sends to everyone in {COMPANY} and should be used ONLY for business purposes. While I appreciate the heart of it is to share fun, addressing it to everyone is extremely inappropriate.

So my “extremely inappropriate” email arrives in everyone’s inbox AFTER this one and my coworkers think I’m both hilarious and a dead man for my “response” to Bonnie. I have some ‘splaining to do.

comments suggest edit

Colin has a nice little quiz about enumeration on his blog. Basically he asks, how would you implement a class to enumerate through all the letters of the alphabet. Below is my “cute” response.

using System;
using System.Collections;
 
public class Alphabet : IEnumerable
{
  public IEnumerator GetEnumerator()
  {
    return "abcdefghijklmnopqrstuvwxyz".GetEnumerator();
  }
}

Now if you compile my answer and run it, it seems to answer the question correctly (for an academic quiz), but it’s completely wrong for a real world developer. The right answer is “Well, which alphabet or alphabets must I support? Does it need to be localizable based on the current locale?”.

Yes my friends, the answer is to gather more requirements. Make sure you really understand the problem domain. This is why software isn’t as easy as “well I want it to do this so just do it.” This quiz asks what seems to be a very straightforward question. If you as a developer gave me the solution I wrote above, I’d be pretty pissed as a client if I was ready to deploy this to Korea.

sql comments suggest edit

Found this interesting article via Hassan Voyeau that details the performance penalty when naming your stored procedure with an sp_ prefix in a database other than the master database.

Personally, I hate adding extraneous and unecessary prefixes and suffixes to names. Sometimes they’re useful and necessary, like when programming in Fortran 77. But I hate naming tables with a tbl prefix and stored procs with an sp prefix (I’m forced to at my current position). Sql Enterprise Manager does a nice job of separating tables from stored procedures when they are being displayed. I’m never going to get the fact confused that that square looking thing on my database diagram is a table and not a user defined function.

Anyways, Hassan, how’s the weather in Trinidad?

comments suggest edit

If you’re a fan of good music (I mean objectively, not subjectively) I plan to recommend a few songs here and there in this blog. Never mind the fact that if you end up purchasing the songs via my site, I get paid. I give you my word, a vow, that I will never lead you musically astray. I may lead you astray in other ways, but not in music.

Having said that, let me introduce you to this new single by The Chemical Brothers.

I’m a big fan of Metropolis on KCRW. If you live in the Los Angeles area and are a fan of good music then you’re probably familiar with this radio show hosted by Jason Bentley. It’s a great place for discovering new music as Jason really does have his finger on the pulse of electronica and world music.

It’s on this show that I first heard the song Galvanize, which contains the catchy hook that is the subject of this post, “My finger is on the button”. I purchased it on Galvanize today and am totally digging the violin action mixed in with the funky beats. The image on the left is a deep link into the iTunes music store. If you’re not an iTunes user, you can click on the Amazon.com link.

[Listening to: Galvanize - The Chemical Brothers - Push the Button (6:33)]

comments suggest edit

Given that I’ve written much of the documentation for RSS Bandit on the documentation site and have spent a lot of time in the code making a few contributions here and there, I feel a bit sheepish that I didn’t know about this particular feature.

After reading this post (which is one of many discussing how to create one click subscription links) from Phil Ringnalda I discovered that a common way to subscribe to an RSS (or ATOM) feed is to merely drag the link into your aggregator.

I hadn’t seen that described before so I thought I’d try it out with RSS Bandit and sure enough it works. Sweet! I’ll have to add that to the docs.

comments suggest edit

Being married to a Japanese woman, I’ve cultivated a love of tea. Although Koreans have great tea as well, it doesn’t figure as highly in the culture as it does for the Japanese.

My favorite tea is a type of Green Tea called Gyokuro. It’s hard to describe the taste as it has a lot of character and almost a silky texture that just spreads across the tongue when you drink it.

So to make a long story, the point of this post is to try to earn some green tea from Adagio teas as part of their link rewards program. Yes I can be bought with a cup of tea.

[via Opiniated Geek via Scobleizer].

comments suggest edit

Today marks the completion of my thirtieth trip around the sun. And it’s been a scenic ride. Much love and thanks to my lovely wife for putting together a little shindig for me and a few of our closest friends. Great food and drink were consumed and a good time was had by all.

sql comments suggest edit

What will the last two lines print. Will they be the same?

DECLARE @test VARCHAR(2)
DECLARE @first VARCHAR(4)
DECLARE @second< VARCHAR(4)

SELECT @first = ISNULL(@test, 'test')
SELECT @second = COALESCE(@test, 'test')

PRINT @first
PRINT @second

What do you think?

comments suggest edit

One complaint about rel=”nofollow” is that you just might want to reward people who post related and constructive links in the comments section of your blog.

My answer to that is to implement reverse comment moderation. As far as I’m concerned, I’d like comments to appear immediately on my site. However, I don’t want them getting Google juice. Call me vindictive if you will. I know it won’t stop comment spam. But I do think it’s a fine complement to other methods that do attempt to stop Spam

Instead, I’d be happy to go in and remove rel=”nofollow” for all links within a post. Ideally there’d be a really nice interface for it. A simple checklist of the day or week’s comments and I could check them off and post it.

Then again, I don’t really care that much. If you really post a comment with something worthwhile, I’ll just mention it in my next blog entry sprinkling a tiny bit of Google juice on your link. (And I do mean tiny. I’m part of that long tail Chris Anderson talks about).

code comments suggest edit

There’s a debate going on about how effective the rel=”nofollow” solution really is. Some believe that Google is flattering itself by thinking that the primary motivation for comment spam is Google juice.

I do not believe that rel=”nofollow” will stop comment spam as I’ve stated before (though I’ve applied it myself). Getting their links out there may be motivation enough. However I think it will have a bigger impact than some people think.

In terms of sheer economies of scale, I don’t think comment spam is like regular email spam. Sending an email to millions of users is very easy both technically and costwise. Buy a list and start sending. Comment spamming millions of websites takes a lot more work.

The primary benefit to comment spam was that a sites page rank increased. Think of it this way, if I spam 100 sites, that might increase my exposure a little, say 10,000 people come via those sites. But suppose those 100 sites increases my page rank and now scores of users are finding my site via Google. That’s where the big financial impact comes in. Those 100 sites might now bring in 1,000,000 users. (I’m pulling these numbers out of my ass but I’m probably not too far out there).

Removing the Google juice increases the comment spammer’s work by a factor of 10 or even 100 to get the same financial impact. This might not stop the comment spammer, but it will hopefully put a damper on their activities in the long run.

comments suggest edit

From now on, no person, whether an individual or a body corporate, shall look directly upon my person nor speak of me without my written permission. I was inspired to enact this notice by this tidbit from Raymen Chen.

Maybe they don’t want people to find them.

The copyright notice for the web site of Hutchison Whampoa Limited states,

Copyright Hutchison Whampoa Limited. 2003. All rights reserved.

No person, whether an individual or a body corporate, shall create or establish a hyperlink to the HWL Corporate Website by hypertext reference or imaging without the written permission of Hutchison.

I can’t create a hyperlink so you’ll have to find it yourself.

This isn’t an issue of deep linking; they are banning even links to their home page.

[Via The Old New Thing]

comments suggest edit

A Dr. at Cardiff University has created a scientific formula to prove that January 24th will be the worst day of the year.

The formula for the day of misery reads 1/8W+(D-d) 3/8xTQ MxNA. Where W is weather, D is debt - minus the money (d) due on January’s pay day

  • and T is the time since Christmas. Q is the period since the failure to quit a bad habit, M stands for general motivational levels and NA is the need to take action and do something about it.

Well I could have told him that without this fancy formula. January 24 is the day after my 30th birthday. It’s all downhill from there. ;)

comments suggest edit

MonkeyHello y’all. In case you haven’t noticed, links in my comments now have a rel=”nofollow” attribute attached. That means no more Google juice when you post a list of links in the comments section of my site. So you can stop now. No really. Move along. No point in comment spamming here.

Ok, since you’re still here, you’ve apparently noticed, this hasn’t placed a magical barrier around comment spamming. You’ve forced me to unveil my next weapon against comment spam. When posting a comment, my server will obtain your IP address and location and unleash a legion of angry lonely Ninjas to dispatch anyone found at the address. Not to mention that my server will start streaming Yanni’s greatest hits to your browser. If you make me really angry, I’ll send Yanni himself. But only in rare occasions as his hourly rate burns a hole in my wallet.

Besides, your comments will be removed from my site expediently. I have a crack team of monkeys in Nigeria who are highly trained to identify and remove comment spam from my site. For one banana a month, comment spam is cleansed from my site. (Sorry to American monkeys for offshoring, but I really couldn’t afford the standard five banana rate).

captcha comments suggest edit

I read an article recently that talked about how ticket scalpers have a 10% success rate against TicketMaster’s CAPTCHA controls. That might not seem like a very good rate, but when you have an automated process attacking it, 10% is plenty good.

NSF

CAPTCHA for the uninitiated stands for Computer Aided Program to Tell Humans and Computers Apart. It’s a method or program used to distinguish between a computer and a human.. The most popular type out there is the letter or word warping kind you often see when signing up for a web based email account.

It turns out that character recognition programs are getting better by the second. As cool as these type of controls are, I think a simple text based semantic approach might prove stronger. For example, asking a simple question such as “RGB Stands for Red Green and what color?”. If you can’t answer that question, I probably don’t mind the fact that you’re not commenting on my blog. ;)

The one problem with this question approach is that you can’t generate these questions automatically. You’d have to create a decently sized database of questions. However, the benefit is that language recognition is still very difficult for a computer. Especially when dealing with mispellings.

What is the nomber after foure?\ Waht is the nmuber aeftr fuor?”

You can probably answer that easily. A computer is going to have a much more difficult time.

 

In any case, rel=”nofollow” and CAPTCHA aren’t going to be the final solution. At some point, our blog engines will have to learn to tell the difference like a human would. One approach is to enlist the concept of trust. If you’ve been subscribed to my blog a while or I’m subscribed to yours, I’ll let your comments in no problem. Otherwise your comment will have to pass a series of heuristics to get in the door.

Humans, feel free to comment…

UPDATE: It’s worth noting that Bayesian Spam Filtering is not a silver bullet. Spammers have gotten smart and are now employing a tactic called Bayesian Filter Poisoning. By including random legitimate words along with their message, they either get their message through, or cause you to teach your filter to regard legitimate words as suspect.

I’ve seen a particularly tricky approach via email where they used a font in the same color as the background. Check out the following quote. Highlight it with your mouse and see what it says.

This looks does like Spam to the human naked eye. BuyecheapodrugssandtimprovesyourasexOlife. But it doesn’t to the computer

comments suggest edit

My neighbor Chris is working for the Army Corps of Engineers on several construction projects in Iraq to help rebuild their infrastructure. While they’ve enjoyed some success, they also have their fair share of setbacks.

Infrastructure also provides the insurgents with an attractive target. Around Basra, they regularly blow the oil pipelines that run to the port of Umm Qasr. If you stand out at the army base for awhile in the evening, you can usually spot a billowing cloud of smoke in the distance marking the most recent hit.

Read the whole post here.