comments edit

Be aware that there is a PayPal scam going around. I received the following email which had a forged from address of “DoNotReply@PayPal.com”. There’s a reason they don’t want you to reply, because it exposes the scam. They’d rather have you run the attached program. DO NOT DO IT! This is a scam. It is easy to forge the headers of an email. It didn’t come from PayPal.

Dear PayPal member,\ \ PayPal would like to inform you about some important information regarding your PayPal account. This account, which is associated with the email address\ \ phil@sequoiasoft.com\ \ will be expiring within five business days. We apologize for any inconvenience that this may cause, but this is occurring because all of our customers are required to update their account settings with their personal information.\ \ We are taking these actions because we are implementing a new security policy on our website to insure everyone’s absolute privacy. To avoid any interruption in PayPal services then you will need to run the application that we have sent with this email (see attachment) and follow the instructions. Please do not send your personal information through email, as it will not be as secure.\ \ IMPORTANT! If you do not update your information with our secure application within the next five business days then we will be forced to deactivate your account and you will not be able to use your PayPal account any longer. It is strongly recommended that you take a few minutes out of your busy day and complete this now.\ \ DO NOT REPLY TO THIS MESSAGE VIA EMAIL! This mail is sent by an automated message system and the reply will not be received.\ \ Thank you for using PayPal.\ \ uiaumzem

code, tdd comments edit

Test First Development, the process of writing unit tests to test the code you are about to write, is one of my favorite software practices that has an impact on producing better written code. However, it’s no a panacea. It is true that I use the debugger much less often because of TDD, but there are still occasions where it’s important to manually step through code line by line.

Personally, I use NCover as my first line of defense. It highlights the lines of code that haven’t been executed by my unit tests. A lot of these turn out to be non-issues such as the last “}” in a method or an assertion that this line should never happen (for example in the default: section of a switch statement when I believe the default should never be reached).

There are those times, however, when you don’t have time to write a unit test to excercise a particular line of code. Stepping through it is a wise idea.

Also, unit tests won’t uncover errors of omission. Stepping through your code will often jog your memory and remind you that, Hey, I forgot to make the code jump rope here AND I forgot the jump rope test fixture.

comments edit

Google Logo with Burning
Man

Sergey and Larry have moved up a couple of notches of coolness in my book. They’re burners! They attended Burning Man in the summer of 1999. The logo above is what they put on the Google site while they were out of town. In commemoration of the upcoming Burning Man, I’ll put up some picks later from 2002 when we went.

comments edit

ThreadTypically when you spawn a new thread, you want to give it a name to facilitate debugging. For example:

using System.Threading; //.. other stuff.... Thread thread = new Thread(new ThreadStart(DoSomething); thread.Name = "DoingSomething"; threat.Start();

The code in the method DoSomething (not shown) will run on a thread named “DoingSomething.”

Now suppose you’re writing a socket server using the asynchronous programming model. You might write something that looks like the following:

using System.Net.Sockets; using System.Threading; ManualResetEvent allDone = new ManualResetEvent(false); public static void Main() {     Socket socket = new Socket(...); //you get the idea     while(true)     {         allDone.Reset();         socket.BeginAccept(new AsyncCallback(OnSocketAccept), socket);         allDone.WaitOne();     } } public void OnSocketAccept() {     Thread.CurrentThread.Name = "SocketAccepted";     allDone.Set();     // Some socket operation. }

In the example above, we’re setting up a socket to call the method OnSocketAccept asynchronously when a new connection occurs.

When you run this, it may work just fine for a while. It might even pass all your unit tests. Don’t you just feel all warm and fuzzy when the green bar appears? Put this in production, however, and that warm and fuzziness may turn into cold dread as you’re guaranteed to run into anInvalidOperationException.

Why is that? Underneath the hood, when the OnSocketAccept method is called, the CLR rips a thread from from the CLR’s thread pool. When the method completes, the thread happily returns to the pool to finish its Pina Colada. Eventually, that thread will resurface, and that’s where the problem arises.

You can change the name of a thread, but you can only change it once.If you try to change it again, you’re greeted with an InvalidOperationException. When a thread is returned to the thread pool, it holds onto its name. Its happy to have a sense of identity and will hold onto it even when it resurfaces to execute another method. To protect from this, always check the name of a thread before setting it like so:

if(Thread.CurrentThread.Name == null)     Thread.CurrentThread.Name = "MyNameIsBob";

Your threads will thank you for it.

comments edit

This is one of the funniest tech support stories I’ve heard in a long time. Even you non-geeks can appreciate this…

We sold a computer to an elderly lady who took it home. We had tested it, and it worked great at the store. But, when she got it home, she could not get it to turn on. I work on the phone with her for an hour. \ \ “Is everything plugged into the power strip, maam?”\ “Yes, everything is.”\ \ So, I was sent to her home. Sure enough, everything was plugged into the power strip … including the power strip.

[Via The Daily WTF]

comments edit

Guess he should have remembered to take out the trash… Oh wait, he tried.

WESTON, Conn. – Max Miesel didn’t get very far with his prom date – who’s a porn star. \ \ Max won a date with adult film actress Tyler Faith on Howard Stern’s show Friday. Max is a student at Connecticut’s Weston High School. The Advocate of Stamford, Conn., reported school officials and Max’s parents stepped in before Saturday’s prom…

[via http://www.channelcincinnati.com/education/3389768/detail.html]

comments edit

Thanks to the help of the very talented Joel Bernarte, I have a nice new look to the site. He created the logo you see at top. I then spent a bunch of time trying to modify the layout and Css to do the logo justice.

If you’re viewing this in an aggregator, you’ll actually have to take a second outside of the aggregator to look at my site haacked.com using that antiquated piece of technology that used to rule your life called a Web Browser (which might just be integrated in your aggregator). Thanks. Now back to the new technology that’s ruling your life…

comments edit

See, this is exactly the type of comment spam I’m hoping to avoid.

Harrrrrr… shoulder of pork and ham!!! $4 dollars at the quickie-mart! I am a prince from Niger, please give me the keys to your Mercedes Benz. I love men who aren’t afraid to blog!

Only in this case, I’m afraid I know this guy.

;)

By the way, the ASP.NET Resource Kit has a free version of the SAX human verification component. That ought to help combat automated spam.

comments edit

Another option is to simply remove the web interface for comments and only allow comments via the Comment API.

I have a hunch that most of the comment spam comes from people who stumble on my site via the web. Most people who post via the CommentAPI are using an aggregator and are thus subscribed to my site, or were referred by another subscriber.

UPDATE: I may be confusing Comment Spam with Comment Graffiti. As far as I can tell, I do not have any comments from any automated sources, nor comments advertising products on my site. The “spam” I have seems to merely be comments by random people who occasionally write offensive comments.

comments edit

In an email to Ian Griffiths I mentioned that I wished he had a comments section because some of his posts are so intriguing I have to reply. ;) His reply relayed a common angst regarding enabling comments on a blog, comment spam

Looking around, I see this is a common problem as evidenced by the following posts by Roy Osherove who wants to turn comments off, Chris Anderson who threatens to turn them off, and John Lam who did turn them off.

This is disheartening because comments can be a vital part of a blog encouraging lively and insightful conversation. But then again, not if your constantly getting these type of comments

Noticed on a dirty white van, letters made by hand: \ “I Wish My Wife Was As Dirty As This.” \ Underneath, different style: \ “She Is!”

Funny? Maybe. But off-topic. Unlike the garden variety email spam, the bulk of comment spam tends not to be automated. If it were, it’d be plenty easy to stop by requiring users to type in some text they see in an image.

Rather, much of the smelly meat is due to the fact Google is bringing droves and droves of visitors to blogs as bloggers all link to each other. Some of these unwashed masses decide to leave their mark on your site.

As John Lam pointed out, simple IP filtering isn’t enough. I’ve been thinking alot about how to leverage network effects to reduce comment spam. For example, in general I’ll trust people who have subscribed to my blog to make comments, and if they’ve been subscribed a while, I’ll trust those that subscribe to theirs.

I can imagine adding features to blogging back-ends such as .TEXT or DasBlog whereby trust relationships can be built by using something similar to the TrackBack API. Suppose I subscribe to your blog and you try to make a comment on my site. Since my blog knows that I am subscribed to yours (this will require aggregator integration), it automatically lets you comment. It then can go one step further. Perhaps it will ask you, “Any changes to your whitelist since we last exchanged data?”. We can then exchange whitelist info. Certain spam engines work in this manner.

The big problem with this approach is that identity is a tough nut to crack without requiring that commenters create a login and password and building in some sort of verification system.

comments edit

I’m trying out this sweet plug-in for the Windows version of iTunes. After installing this plug-in, you can click on the musical notes at the bottom of w.Bloggar and it will insert information about the currently playing song wherever your cursor is located. This page lists plugins for Winamp versions 2,3, and 5 as well as iTunes (the one I’m using).

Now you’ll all get to experience (from time to time) my awesome music collection. ;)

[Listening to: Nude Tempo One - 16 - Release - Miguel Migs - Nude Tempo One (3:26)]

comments edit

I received a lot of comments (a lot for me) on my post entitled “The Difficulties of Language Design”.

I wanted to follow up on one interesting comment by a reader named Jocelyn:

“Language changes shouldn’t break existing code…“Well, yes or: \ \

  • obsolete features (like the lock keyword) could be flagged\
  • tools could be developped to update existing source code\
  • the language could be versionned:\ #version 1.1\ #version 2.0\

That’s why I qualified my statement with “…Too Much.”. There are certainly cases where you have to take the plunge and risk breaking existing code. The things she mentioned are certainly great ways to mitigate the impact of changes, but they aren’t enough.

I think the real difficulty is when you slightly change the behavior of a language feature such as a keyword. This change won’t show up when you recompile your code because you aren’t marking the feature as obsolete. Likewise, it can be quite hard for code analysis tools to check to see if the semantics of your code relies on the old behavior (though in some cases this might be possible) and would have problems with the new behavior. The best it could do is flag the keyword and say “Hey! The behavior of this keyword has changed.” This might be helpful in some cases, but imagine if the behavior of the lock statement changed slightly. That’s a lot of places you’re going to have to check by hand.

The end result is that you recompile your code using the newer language and everything looks hunky dory. But days, maybe weeks, later you find a subtle problem with your code that is difficult to track down. In the end, it may be the end result of a chain of events that started at the point where your code relied on a certain behavior of the language and that behavior changed. The point here is that the error might not occur at the point where you rely on the faulty behavior, but somewhere down the line.

I’m not advocating that the behavior of language features should never change, especially if the behavior is wrong to begin with. I’m merely pointing out the risks and hazards of doing so. It’s a heavy cost and the benefit sure as hell better be worth it. I think this is why you see so few breaking changes.

comments edit

Congo MapApparently I’m not the only one who’s been contacted by the son of the late Democratic Republic of Congo President Laurent Desire Kabila. I’ve also been contacted by several other members of royalty or political dissidents who are fleeing the Congo.

Each of these people need MY help in transferring insane amounts of money. I’m talking barrels and barrels of cashola. Apparently, nearly everyone I know has been contacted by someone from the Congo wishing to transfer money. Congo must be a very very rich country. These guys are smuggling enough cash to make Bill Gates look homeless.

comments edit

Found this out in the blogosphere:

Apparently, Time has obtained an internal pentagon emailthat links Dick Cheney directly to the no-bid contract that Haliburton received for rebuilding Iraq’s oil infrastructure. Sadly, people most likely won’t hear about this, and it will die with all the other smoking guns that practically scream out and demand some independent investigation into this administration. Clinton got one for getting a hummer from an intern, but the current administration, flagrantly flaunting its corruption, slips by over and over again. [via the ever-great, wish-he-blogged-more Marc Goodner] \


This weblog is brought to you by the color Orange and the sesame street character, Bert.

[Via Corey’s Ramblings]

comments edit

Unreal Tournament 2004 Cover I have a confession to make. While at Tech-Ed, I did some bad things. Please look upon me not with a judging eye, but try to have a forgiving stance.

While at Tech-Ed, I missed several sessions I had planned to attend…in order to…*gasp* play Unreal Tournament 2004.

I know. I know. I’m supposed to be at Tech-Ed to learn the latest and greatest Microsoft technologies, not to waste my time manning the guns on a Leviathan, or sniping suckers with the lightning gun. But I just couldn’t help it! My boys (and girls, but mostly boys) out there needed me! I couldn’t just ditch my team as the other team was encroaching on the main base now could I? What did you expect me to do in the face of such temptation as a setup consisting of 32 networked AMD 64 bit servers with flat panel displays?

In any case, I’ve checked myself into Dennis Fong Clinic for 1st person shooter addicts. I’ll get the help I need at the DFC. Hmmm… DFC… Sounds like a new weapon in UT… Wonder how I get that…