Friday, April 22, 2005

The Glamor of Travel



Click here for AmazonTed Neward, who I discovered through Pete's blog has an exceptional description of the true glory of business travel. Ted is a hardcore trainer in the enterprise OO area (i.e., J2EE and .NET) and therefore has a tough, yet rewarding (on multiple levels), road to hoe.

Ted Neward: The Glamor of Travel
 

The Daily Worker: Kos



Click here for AmazonThe Daily Kos site (no link, intentionally) is the premier home of the anti-American, left bank moonbats. In a delicious irony, Kos is not only the leading paid blogging panderer for the Democratic party but also has a stunning "oh-fer" record. Every single candidate he raised funds for lost their elections... some in absolute landslides. Candidates would probably be better off paying Kos for his non-support... or perhaps his endorsement of an opponent.

And if you think I'm being a tad harsh with the "anti-American" sentiment, rest assured I'm not. Nearly every instance of death in Iraq is highlighted on his site and, in some cases, glorified while news of any victories for the Iraqi people is not-so-mysteriously suppressed. Oh, and Kos pays lip-service to our troops... while villifying them indirectly.

Charles Johnson at LGF has been playing close attention to Kos' behavior. His history of censorship and information suppression... changing links and content... are the classic tools of socialists, communists and/or leftists the world over. Kos is no different, one must assume from his behavior.

Markos Moulitsas Zuniga of Daily Kos has done his best to make it hard to find the comment he posted on April 1, 2004, about the Americans who were torn apart and hung from a bridge in Fallujah. He erased it from the Google cache and the Internet Archive, and redirects the “permalink” on the page to an unrelated page at his site, but I managed to find a URL that still works—until the Daily Koward notices our referrals: Daily Kos: Corpses on the Cover.

Every death should be on the front page (2.70 / 40)

Let the people see what war is like. This isn’t an Xbox game. There are real repercussions to Bush’s folly.

That said, I feel nothing over the death of merceneries [sic]. They aren’t in Iraq because of orders, or because they are there trying to help the people make Iraq a better place. They are there to wage war for profit. Screw them.

by kos on Thu Apr 1st, 2004 at 12:08:56 PDT


UPDATE at 4/21/05 10:06:04 pm:

To see Kos’s back-room machinations at work, click the date next to his name at the bottom of the post, which is supposed to be the permalink to his comment, and see where you end up.


Daily Kos' Elusive "Screw Them" Comment
 

Thursday, April 21, 2005

You can't coach height



Click here for AmazonHow about a 7 feet, 9 inch center? Despite his immense physical size, Sun is definitely no lock for an NBA roster slot. Just being able to look down on Shaquille O'Neal... or even Manute Bol... isn't enough in the premier league of hyper-athletes.

Sun Ming Ming, whose head measures above most door frames, follows Keith Gatlin into Fitness by Design for a late morning workout.

Ball in hand, Sun, 21, muscles his 350-pound frame into training partner Dshamal Schoetz, a 7-footer who played at Greensboro College who is nearly nine inches shorter. Sun pivots and places the ball firmly into the hoop. Swish.

Photo
Sun's grasp on a basketball resembles most people holding a softball. (Joseph Rodriguez)

Sun, who is from Harbin, China, is training in Greensboro for a shot at the NBA. His agent, Charles Bonsignore, paired the prospect up with former client and former professional basketball player Keith Gatlin. Gatlin, a managing partner with 334 Sports, a local firm that trains athletes, has worked with Sun for about five weeks.

"With his size, that intrigues everybody," Gatlin said. "He can really shoot the ball to be that size. The challenge for him now is to get mobile, to get up and down the court."

Sun also can handle the ball and has a sweet outside shot that swishes with the quick flick of his wrist. When it comes to dunking, he doesn't need to leave the ground.

Basketball, Gatlin will tell you, is not Sun's problem.

Sun's weakness is his flexibility and his lack of weight training. While playing for the Junior Olympic team and then Da Qing, his province's club squad, Sun never lifted weights and is just now building upper-body strength...


News & Record: Nearly 7-foot-9 player from China training for NBA in Greensboro
 

Wednesday, April 20, 2005

Enemy of Jihad



Click here for AmazonInteresting remarks regarding the new Pope by an LGF reader. And, no, once again the mainstream media doesn't have the story -- the blogosphere does.

From my conversations with him in the late 70s, when he was archbishop of Munich, I learned a few things about him:

1) That he hated the Nazis even during his short time in the Hitler Youth. He was a nominal member, but was exempted weeks after his compulsory joining because of his fragile health and studies in the Catholic seminary (many boys actually joined Catholic institutions to avoid service in the HJ.) His teen years had a lasting effect on him as he was able to see the difference between reality and what the Nazis taught. His love for truth and being truthful all the time stems from this early experience.

2) He was a progressive Catholic in his early year (played an important role at the 2nd Vaticanum), but the intolerance of 1968 made him change his mind. He abhorred communism and the carefree nihilist thinkings in these times and became a conservative, but not a reactionary, as many claim.

3) He saw the dangers of Islamic fanatism in the 70s already. Khomeini was a menetekel for him. At this time he didn't see Islam so much as a threat for Europe (yet), but for Asia and Africa.

4) He is more a friend of the Jews than most other Catholic priests. I remember him saying that Christians and Jews are on the same direction to salvation, just on different paths. Islam instead was an aberration that would lead humanity into a religious "dead end street" (Sackgasse was his exact word). He strongly favoured a rapprochement between the Catholic and Jewish faith, but didn't see any common ground between Christianity and Islam.

Latest proof of this was that he strongly supported John Paul II travel to Israel but did have a big headache about that voyage to Damascus. I doubt you'll see Benedict XVI visiting a mosque... ever. And he sees Turkey as a big religious threat to the judeochristian identity of Europe.

He may come across as the Great Inquisitor, but he has never refused discussion and arguments. He is firm on the "essentials" of the Catholic faith. The German Catholic professors he suspended clearly violated the essential principles of Catholicism. He is an extremely intelligent, bright personality... a bit shy with people though. He won't pretend to have the charisma of JPII.

And yes, I think, we'll see a few surprises from him in the next years. I had to chuckle when I heard the Chicoms demands today. Oh boy, they are messing with the wrong guy here.

Benedict of Nursia one restored the Christian faith in a devastated Europe. Commentators have focussed much on Benedict XV as the closest role model of Ratzinger. But I think he's much closer to Benedict XIV.

http://www.newadvent...

And yes, he loved the "Apfelmaultaschen" (pasta made with potato flour, filled with apples and powder sugar and cinnamon on top) my wife prepared for him :-)

They look like this:
http://www.donau.de/...

I guess you won't find this detail on CNN :-)


LGF Comments: Enemy of Jihad
 

Tuesday, April 19, 2005

Antiques Auction Gets Punk'd



Click here for AmazonIdea for Saturday Night Live skit:

Scene: Antiques Auction in Memphis, TN. Lester Stack is a Nashville resident visiting the convention center. He is in line, carrying a painting of Elvis Presley -- the bloated, druggy Elvis from his later years -- on black velvet in an inexpensive, seventies-style wood frame. Lester is wearing a partially tucked flannel shirt, ripped jeans, and a cowboy hat. His cheek is bulging with chaw.

He is called out of line by Marcus Whitby III, an elegantly dressed gentleman who represents St. Michael's Appraisals of Manhattan. Whitby is immaculate, from the folded blue silk kerchief tucked into his Yves St. Laurent suit, to his Bally shoes, and his Brioni tie.

After introductions are made, the filming of the Antiques Auction segment begins:

Whitby: Mr. Stack, could you tell me how you acquired this piece?

Stack: My pappy gave it to me when I moved out of the double-wide into my own trailer. He said I needed something to decorate the walls. It's my favorite piece.

Whitby: Did your father ever tell you how he came across this work?

Stack: He won it in a card game, I think. Either that or he wrestled Bobby Joe Milton for it.

Whitby: So you really don't know much about the provenance of the piece?

Stack (stumped): Uhm... I guess... not.

Whitby: Let me tell you what I can determine... (turns painting over) we can see from this label and marking that the piece was resold, probably in a pawn shop. Note the label is from "Cash's Pawn" in Corbin, Tennessee. However, if we turn the painting back over to the front, notice the faint initials of LK. This is what we, as appraisers, yearn for. The lost painting of Elvis by Lucas Krypsuwski.

You see, there have been credible rumors for decades that the genius, the master, Lucas Krypsuwski had painted a single work of Elvis in his later years on black velvet. But no one, until this point, had ever substantiated this claim. No such picture existed so far as we could tell.

But, you, sir have found something we have longed for, yearned for! The proof that the genius Krypsuwski actually created such a work before he died in the great Milan-to-Paris train wreck of 1968. Yes, Krypsuwski, who painted the unparalleled masterworks of the "Orphan Backpacker" and "Still Life with Gin & Tonic"... (pauses, almost beside himself with joy)... well, I'm flabbergasted to see this lost painting found... and in such stunning condition!

In any event, can you venture a guess as to how much you think this is worth?

Stack: Uh... a grand?

Whitby: I won't keep you in suspense. The last time a Krypsuwski came up for auction, we recommended starting the bidding at $150,000. By the time the Japanese collectors were finished fighting for it, it sold for $275,000. And that was not a special, absolutely unique work like this one.

If you were to have this insured, I would recommend that you do so for a figure of $750,000.

Stack (speechless, mouth ajar): Uh... wow, holy sh*t, I'm rich! I'm rich! I'm frickin' rich!! Hey, boss, get stuffed, I'm quittin' - I've always hated you! You suck! Take your job and shove it! And Emmie Lou... I been cheatin' on you for five years! I'm leavin' you and goin' to Vegas... gonna buy a Viper... move out of the trailer park forever... this is awesome!

(Suddenly Ashton Kutscher pops out from behind a large, nearby Armoire): Dude, Lester! See that camera? You just got punk'd! You're on MTV! Whitby, how much is this painting really worth?

Whitby: I'd recommend spending no more than five to seven dollars on it. It's absolutely, stunningly bad. Virtually worthless.

(Roll credits as shots ring out in background)
 

Why PHP and not JSP?



Click here for AmazonI found a couple of interesting articles on PHP development that I thought I'd pass on. The first, from Robert Peake's blog, relates to the justification (to the typical, corporate PHBs) a move to PHP from JSP.

An associate of mine recently asked for some metrics to help him back up their decision to move away from JSP and toward PHP. In a recent post, I looked at the fact that many major corporations are using PHP, yet we rarely hear about it. To help address some of the concerns about deploying PHP in the enterprise, this month's article in International PHP Magazine will focus on, "Enterprise PHP Coding Standards" you can enforce in your organization to ensure high-quality code...


Robert Peake: Why PHP and not JSP?

The second article comes from the consistently entertaining PHP Everywhere blog, authored by John Lim. In this post, John addresses Ian Bicking's assertion that Python "could have been" PHP. In other words, it could have been the industry's juggernaut success story... instead of PHP. John critiques that assessment (and rightfully so):

I have used Python since 1997, even before I knew PHP. I smile when Ian says that PHP 5 is barely catching up with the 1995 version of Python. That's irrelevant because what made PHP successful is not what PHP is lacking but the features that PHP has that are superior to Python. Also people continue to confuse simplicity with deficiency. Here are some of the areas where Python remains inferior, despite a 5-year headstart over PHP:

* Python is not a template language, in the sense that you cannot mix code and html easily. PHP is a wonderfully flexible in this respect.

* Python is a so-so string processing language. One reason being it treats strings as immutable. PHP has much better string processing facilities: embedded "$var in strings", mutable strings, auto-conversion of other data types to strings, output buffering, etc.

* PHP's documentation is cleaner and much easier to understand than Python's. Probably because PHP is a simpler language.

* PHP has tighter integration of a lot of web related stuff. For example, HTTP and SERVER variables...


John Lim: Python never had a chance against PHP
 

Oh, Those   Risks of Outsourcing, Part Deux



Click here for AmazonI can't even begin to speculate what would happen to the outsourcing trend if a disaster recovery center became the site of a real disaster. The Kashmir separatists know full well what's happening in Bangalore and intend to make it more of a mess than John Madden's hair.

Bangalore is starting to appear on the radar of militant groups, Indian police warned this weekend, after uncovering a terrorist plan to target IT companies in the city widely regarded as the country's technology hub.

Bangalore, which is in the southern part of India, had been considered safe from possible terror attacks by separatist groups, which so far have mostly struck in India's northern and western states. But last week, Delhi police seized evidence pointing to a possible attack on certain IT companies in Bangalore...

...Hewlett-Packard, IBM, Intel, Microsoft, Motorola and Texas Instruments. Additionally, America Online, Google and Yahoo opened centers in the city last year.


News.com: Bangalore Appears on Terror Radar
 

Monday, April 18, 2005

The Wisdom of Slate



Click here for AmazonIn reviewing my blog this evening, I noticed this intriquing Google ad on the right sidebar:

Today's Blogs
What Are The Bloggers Saying Today? The Latest Chatter in Cyberspace.
www.slate.com


Hmmm, I thought. That's pretty cool. Someone's tracking the chatter on the blogosphere. I clicked the ad and read the following:

today's blogs The latest chatter in cyberspace.

"Syria Out!"
By David Wallace-Wells
Posted Monday, Feb. 28, 2005, at 5:38 PM PT

"Syria out!": Lebanese Prime Minister Omar Karami resigned this morning, dissolving the nation's unpopular, pro-Syrian government in the face of nationalist protest that followed the assassination of former Prime Minister Rafik Hariri...


Any more timely and they'd have breaking news of the Lincoln assassination and the Russo-Japanese war. How pathetic is that?

After a bit of exploration, I happened to notice a banner ad on the clickthrough page that advertised, "Five million blogs in five minutes". Once I clicked on that link, I discovered the correct page. Pity the folks running the AdSense campaign couldn't get that right.
 

What really happened in Oklahoma City?



Click here for AmazonFoxNews is pursuing some interesting angles to the now decade-old Oklahoma City bombing. Was it strictly a case of domestic terrorism? What about Terry Nichols' phone records, indicating that multiple calls were placed to Star Glad Lumber in the Philippines. Star Glad is reportedly operated by a man whose brother and cousin were both well-known terrorists involved with groups tied to the Abu Sayyaf terror group.

On several occasions, Nichols also allegedly called a boarding house in Cebu City, which had been linked to the first WTC bombing in 1993 by Ramzi Yousef. Just to reconnect the dots, the same type of fertilizer-fuel bomb was used in that bombing and in Oklahoma City.

In a follow up to addressing the joust between CAIR’s Ibrahim Hooper and Rocky Mountain News columnist Vincent Carroll, additional evidence has been produced in regard to who else may have actually been involved in the 1995 bombing of the Murrah Federal Building in Oklahoma City.

http://religion.upi.com/view.php?StoryID=20050412-124811-1156r
http://www.rockymountainnews.com/drmn/news_columnists/article/0,1299,DRMN_86_3697983,00.html

Were Timothy McVeigh and Terry Nichols the only perpetrators of this atrocity? For years, that’s what we’ve been told. However, with the nation marking the ten-year anniversary of this cowardly act, new or at least newly publicized evidence points out that these two America-hating domestic terrorists had some very unsavory associations with those who are tied to Islamic terrorism.

http://www.foxnews.com/story/0,2933,153635,00.html

There’s also the issue of John Doe number two, the all-elusive accomplice that more than two dozen witnesses say they saw in the Ryder truck with McVeigh. He has never been captured. There were two composite drawings made of this individual.

http://www.foxnews.com/story/0,2933,153644,00.html

The first composite was that of a thuggish looking man with a dark complexion.

http://www.greatdreams.com/john-doe-2.htm

The second composite, which has proven to be nearly as elusive as John Doe number two himself, was said to have been that of a white man, and looked absolutely nothing like the thug in the first composite.

On June 14, 1995, the Justice Department announced that it had all been a big mistake. One of the witnesses, Eldon Elliot of Elliot’s Body shop, had been confused when he gave his description of John Doe Two. He had mixed him up with a completely innocent, burly army private who came to the office a day later.

Back to the first composite drawing -- which many have stated bears a strong resemblance to dirty bomb suspect and Muslim convert Jose "Ibrahim" Padilla.

http://www.rotten.com/library/bio/crime/terrorists/jose-padilla/
http://www.greatdreams.com/john-doe-2.htm

4/17/2005: Fox News ran a program involving the OKC bombing. The show detailed incriminating phone records, which included repeated calls from the home of Terry Nichols to a place called Star Glad Lumber in the Philippines.

Star Glad Lumber is operated by a man whose brother and cousin were both notorious terrorists, involved in "splinter groups of the Abu Sayyaf terror group in the Philippines."

Nichols also repeatedly called a boarding house in Cebu City, an establishment that has been linked to 1993 World Trade Center bombing mastermind Ramzi Yousef. For the record, the same kind of ANFO fertilizer fuel bomb was used in New York and in Oklahoma City.

This may or may not come as a shock: Mohammed Jamal Khalifa, a brother-in-law of Osama bin Laden, who has been named co-defendant in a class action lawsuit filed on behalf of over 500 families of the 9/11 victims, also founded the Philippines branch of the International Islamic Relief Organization (IIRO), which has been designated a terrorist financing organization by the United States and other countries. There have also been some formerly classified Philippines investigative documents that have provided the basis for almost all major media reports concerning Khalifa's ties to al Qaeda and Abu Sayyaf...


What really happened in Oklahoma City?
 

Protecting Customer Data, Part II



Click here for AmazonThe rumbling sound you hear -- after the identity theft debacles at ChoicePoint, LexisNexis, and Bank of America -- is Congress mobilizing to take some sort of legislative action to "protect consumers".

Don't get your hopes up, though. The firms involved are, if nothing else, deep-pocketed and possessed of legions of well-lubricated lobbyists. Any resulting legislation will almost certainly be watered down and likely won't pin financial responsibility for bogus identity transactions on the firms themselves.

And we're nowhere close to having a government-administered system (run by, say, DHS) that could serve as a central registrar for identity data -- and could broker merchant-specific IDs for each consumer that would mitigate the risk of theft.

Today's bottom line is that responsibility for protecting consumer data lies with each company holding that data. That said, what can companies do to better protect the data?

Process: processes for managing the data have to be explicitly documented and enforced. Who can create the data? Who can update it or delete it? Who can read it?

People: roles for data access and management must be mapped to the approved processes. For example, consider a hypothetical role called keymaster. The keymaster is responsible for generating, retaining, and monitoring key-pairs used to encrypt and decrypt the consumer data. In other words, a field like SSN is never stored in the clear. It is encrypted using a public-key provided by the keymaster.

Consider another role called application developer. The app-developer never has direct access to the private-keys needed to decrypt sensitive fields. The app-developer uses documented requests (e.g., APIs) to code provided by keymasters to enable an application to decrypt a sensitive field.

Further, a role called auditor could monitor the use of data provided by the keymaster and the app-developer. The auditor has no direct access to the data, but can closely monitor the detailed logs generated by the other roles. The auditor could use manual and automated techniques to discover misuse of data or anomalies in data access. Presumably an auditor would have discovered the anachronistic behavior of the fake vendors who plugged into ChoicePoint's systems.

Technology: Firewalls, intrusion detection, intrusion prevention, network monitoring: in other words, all of the standard mechanisms for network security. But the processes and people that configure and monitor that technology are equally important. Logs, tools, APIs, clear delineation and separation of roles... all come together to provide a synergistic approach to protecting sensitive data.

Tens or hundreds of millions of dollars in market capitalization hang in the balance.
 

Saturday, April 16, 2005

The Blauction  Concept



Click here for AmazonIn the vein of life-caching, which I discussed yesterday, how about my concept of blauctions? Yep, this is a word I just coined - a hybrid of blog and auction. This technology would support the operation of controlled auctions on blogs.

Let's say you have a blog. A simple control panel would give you the ability to publish your own auctions... or select from categories of auctions that you would like to promote on your blog. And say your blog covers Red Sox baseball. You could give precedent to auctions of baseball cards and baseball memorabilia.

Just like eBay, the blog owner would get a cut of every sale made on his or her site.
 

Friday, April 15, 2005

Protecting Customer Data



Click here for AmazonThe Internet age's security guru, Bruce Schneier, has weighed in with his take on the recent spate of identity theft debacles (think ChoicePoint, LexisNexis, Bank of America). These high-profile incidents have resulted in Congressional rumblings for new legislation to protect privacy. In Mitigating identity theft, Schneier's take is that simply protecting identity data won't work.

The problem is not identity theft per se -- since you can't really steal someone's identity -- it is the proliferation of transactions that allow one person to impersonate another.

Proposed fixes tend to concentrate on... making personal data harder to steal--whereas the real problem is [the ease with which a criminal can use personal data to commit fraud]. If we're ever going to manage the risks and effects of electronic impersonation, we must concentrate on preventing and detecting fraudulent transactions.

...Financial intuitions [sic] need to be liable for fraudulent transactions... Credit card companies simply don't worry about verifying the cardholder or putting requirements on what he does. They concentrate on verifying the transaction. ...once financial institutions are liable for losses due to these types of fraud, they will find solutions.

Right now, the economic incentives result in financial institutions that are so eager to allow transactions--new credit cards, cash transfers, whatever--that they're not paying enough attention to fraudulent transactions. They've pushed the costs for fraud onto the merchants. But if they're liable for losses and damages to legitimate users, they'll pay more attention. And they'll mitigate the risks.


As usual, Schneier is spot on. But I'll attach a caveat: companies must do more to protect critical customer data. Until the time comes that institutions are responsible for the financial consequences of impersonation (and don't hold your breath, given their lobbyists), you'll still want to protect your SSN.

I'll post some thoughts about what companies can do to better protect customer data and to validate the transactions that use that information. Until then, suckle at the teat of wisdom and read the whole thing:

News.com: Mitigating identity theft
 

Thursday, April 14, 2005

Life-Caching



Click here for AmazonTrendwatching.com has identified a trend called life caching. What is "life-caching"? It's the emerging capabilities for...

...collecting, storing and displaying one's entire life, for private use, or for friends, family, even the entire world to peruse. ...[it] owes much to bloggers... millions of people have taken to digitally indexing their thoughts, rants and God knows what else; all online, disclosing the virtual caches of their daily lives, exciting or boring. Next came moblogging, connecting camera phones to online diaries, allowing not only for more visuals to be added to blogs, but also for real-time, on the go postings of experiences and events. And that's still just the beginning.


Trendwatching notes services like Nokia's Lifeblog, which uses the Nokia 6620 as the hub of a collection service for notes, videos, high-res (1.1 Megapixel) still photos, sound clips, etc. and is capable of delivering the life-cache to an Internet blog site.

Think Gmail's 2+ gigabyte limit and miniatured high-density MP3 players that are worn on a lanyard (like the iPod Shuffle). Microsoft Research's Rick Rashid had a neat sound bite:

...you can store every conversation you've ever had in a terabyte. You can store every picture you've ever taken in another terabyte. And the Net Present Value of a terabyte is USD 200...


Three interesting ramifications to the life-caching trend that I see:

Security - if you're able to carry around a USB flash card that centralizes your music, photos, videos, documents, etc., then security will be a huge concern. You don't want to lose the equivalent of your entire life to a stranger. So... how can you protect your data?

Privacy - publishing an increasing percentage of your life-cache to the Internet raises a variety of privacy concerns. Will the bad guys (and it's difficult to even identify who the bad guys are these days) get hold of your data in such a way as to compromise your identity, subsume your credit or otherwise cause heartache? With life-caching, the ChoicePoints of the world aren't disclosing the data the bad guys require... you are.

Counter-googling - attendant with privacy issues is the one-to-one marketing trend called counter-googling, in which legitimate companies build up directories of useful information about customers and prospects based upon the public life-caches they've assembled. Companies will know more and more about you -- even without the ChoicePoints of the world -- and will use that data to target your whims, desires and weaknesses to extract additional dough from your wallet.
 

Wednesday, April 13, 2005

Firefox's SwitchProxy



Click here for AmazonNews.com reports that RoundTwo -- formerly known as MozSource -- has re-dedicated itself to building Firefox extensions. Their contention is that the same users flocking to Firefox in droves will also be looking for safe and reliable products to enhance the Firefox experience.

They are thinking of products like SwitchProxy, which allows you to select and choose from a list of a variety of web proxies. The proxies can provide (but certainly don't guarantee) a level of anonymity for surfers by adding a layer of indirection to your surfing. The web server you're visiting, for instance, will record the IP address of the proxy... and not your IP.

Ah, but where to find anonymous proxies? The MozMonkey Forum has a lengthy thread discussing this very topic. For your viewing pleasure, I've coalesced some of the lists mentioned.

In addition, there are tools like the ProxyTester, which will examine lists of proxies and let you know the ones that are still alive and kicking. And, of course there are tools to test the anonymity services provided by these proxies: ProxyJudge and Anonymizer's Privacy Tester may fit the bill.

In any event, use these lists at your own risk - they are culled from MozMonkey and have not been checked or examined in any depth. The onus is on you to determine suitability and applicability to your particular web surfing requirements. Nuff said.

http://www.stayinvisible.com/index.pl/proxy_list
http://www.steganos.com/?area=updateproxylist
http://abcdelasecurite.free.fr/html/modules.php?op=modload
http://www.geocities.com/nothing75487548/proxy.txt
http://www.geocities.com/switchproxylist/
http://www.aliveproxy.com/socks5-list/
http://free-proxy-servers.com/
http://anoniem-surfen.eigenstart.nl/
http://www.geocities.com/switchproxylist/massive.txt
http://www.multiproxy.org/anon_proxy.htm
http://www.i-hacked.com/.../Finding-and-Using-Anonymous-Proxies-9.html


News.com: Start-up wants to improve on Firefox
 

Tuesday, April 12, 2005

The Real  Die-In



Click here for AmazonMarc Fencil is a senior majoring in political science at Ohio University. He also happens to be -- at the moment -- a Marine serving in Iraq. His eloquent and powerful letter-to-the-editor was printed in Ohio University's Post Online. It was a response to the recent "die-in" sponsored by the Leftist moonbats so typical of academe.

Yes, a handful of coddled wankers, whose most recent hardship consisted of having to wait ten minutes for a lukewarm mocha latte at the corner coffee klatch, continue to demonstrate their staggering and profound ignorance while siding with the Zarqawis of the world. Arrayed against freedom, arrayed against the forces of good, arrayed against History itself - the Leftist moonbats orbit the provably false hypotheses of "WMD lies", war-for-oil, and Halliburton. That's the extent of their brilliance: rehashed movie magic from the Leni Reifenstahl of the twenty-first century. Perhaps the moonbats are actually orbiting Michael Moore himself. Goodness knows, he's big enough to have his own gravitational field.

Just read the whole thing.

It’s a shame that I’m here in Iraq with the Marines right now and not back at Ohio University completing my senior year and joining in blissful ignorance with the enlightened, war-seasoned protesters who participated in the recent “die-in” at College Gate. It would appear that all the action is back home, but why don’t we make sure? That’s right, this is an open invitation for you to cut your hair, take a shower, get in shape and come on over! If Michael Moore can shave and lose enough weight to fit into a pair of camouflage utilities, then he can come too!

Make sure you all say your goodbyes to your loved ones though, because you won’t be seeing them for at least the next nine months. You need to get here quick because I don’t want you to miss a thing. You missed last month’s discovery of a basement full of suicide vests from the former regime (I’m sure Saddam’s henchmen just wore them because they were trendy though). You weren’t here for the opening of a brand new school we built either. You might also notice women exercising their new freedom of walking to the market unaccompanied by their husbands.

There is a man here, we just call him al-Zarqawi, but we think he’d be delighted to sit down and give you some advice on how you can further disrespect the victims of Sept. 11 and the 1,600 of America’s bravest who have laid down their lives for a safer world. Of course he’ll still call you “infidel” but since you already agree that there is no real evil in the world, I see no reason for you to be afraid. Besides, didn’t you say that radical Islam is a religion of peace and tolerance?

I’m warning you though -it’s not going to be all fun and games over here. You might have bad dreams for the next several nights after you zip up the body bag over a friend’s disfigured face. I know you think that nothing, even a world free of terror for one’s children, is worth dying for, but bear with me here. We’re going to live in conditions you’ve never dreamt about. You should get here soon though, because the temperatures are going to be over 130 degrees very soon and we will be carrying full combat loads (we’re still going to work though). When it’s all over, I promise you can go back to your coffee houses and preach about social justice and peace while you continue to live outside of reality.

If you decide to decline my offer, then at least you should sleep well tonight knowing that men wearing black facemasks and carrying AK-47s yelling “Allahu Akbar” over here are proud of you and are forever indebted to you for advancing their cause of terror. While you ponder this, I’ll get back to the real “die-in” over here. I don’t mind.


LGF: Marc Fencil's Letter-to-the-Editor
 

Will LAMP Eclipse Java?



Click here for AmazonThe new software company ActiveGrid has introduced its application server, which is based upon LAMP technology. LAMP (Linux-Apache-MySQL-PHP/Perl/Python) is the open-source stack used so successfully by companies like Google and Yahoo to build massively scalable server-based applications. And, personally, I feel LAMP should be used in the majority of situations where Java/J2EE apps are used today: I've seen too many J2EE apps that went over-budget and too many similar LAMP budgets that went under-budget. And I'm comparing apples-to-apples, though corporate confidentiality agreements prevent me from elaborating upon project specifics.

All that being said, I'm highly skeptical about ActiveGrid's claims that J2EE app servers are no longer necessary. It's great marketing hype, but I would have to see how ActiveGrid stands up to true session-integrity requirements.

For example, consider when you're using your broker's website online. You're in the middle of specifying a stock transaction when the server on the back-end dies. Session-integrity would allow another server to pickup seamlessly where the other left, without losing any of the information entered in the session up to the point where the first server died. Now those are the kinds of systems J2EE was designed to handle.

An open-source software company called ActiveGrid is challenging the established thinking among builders of large-scale business applications.

The premise of ActiveGrid, which released an early version of its server software and tools on Monday, is that application servers based on the Java 2 Enterprise Edition (J2EE) specification are no longer required. Company Peter Yared was even handing out "No J2EE" pins at LinuxWorld earlier this year...

...In an essay, Yared argued that the day of powerful applications servers that centralize many functions, like database access and caching, are passé.

Instead, a distributed grid of back-end application servers will function more like a "text pump" moving text-based XML files around the network. And scripting languages, he says, are very good at handling text and easily building Web pages.


News.com: Will LAMP eclipse Java?
 

Monday, April 11, 2005

The Collaborators



Click here for AmazonThe consistently brilliant Power Line has followed up on the bizarre story of AP photographers who won the Pulitzer Prize. Some of the photos appear to have been taken in collaboration with terrorist insurgents.

New York Times photographer D. Gorton analyzed the photos and weighed in with his take on this photo:

Leaving aside the ethical specifics of this situation, if I knew that an event was about to occur that included possible violence, I would do exactly what it appears the photographer did in making this picture:

(1) I would choose an elevated mobile platform where I had an unobstructed view of the scene, and where I had maneuverability to observe as well as rapid exit...such as a pick up truck

(2) I would be at enough distance to be somewhat protected and inconspicuous

(3) I would choose a medium telephoto lens that could be hand held in a moving vehicle, yet give me large enough images to be clearly recognizable.

So, the assassination picture has all the earmarks of a planned image, indicating that the photographer had taken most of the considerations that I have written about above.


Power Line: The AP
 

Sunday, April 10, 2005

When Software Kills



Click here for AmazonThe Therac-25, a computer-based radiation therapy machine, massively overdosed patients at least six times between June 1985 and January 1987. Each overdose exposed a patient to several times the normal therapeutic dose and resulted in the patient's severe injury and, in some cases, death. The overdoses occurred primarily because of errors in the data validation routines contained within the Therac-25 software.

For example, a normal therapeutic dose of radiation might consist of exposure to around 200-rad. Physicists believe that the Therac-25 exposed patients to 15,000-rad... or more.

How could such a thing happen?



Poor design and implementation of a multi-tasking application was the primary culprit. If the operator of the Therac-25 performed data-entry under special circumstances, shared variables between the keyboard-handling routine and other tasks could become corrupted. These other tasks included verification that the machine's settings were correct.

The upper collimator, on the other hand, is set to the position dictated by the low-order byte of MEOS by another concurrently running task (Hand) and can therefore be inconsistent with the parameters set in accordance with the information in the high-order byte of MEOS. The software appears to include no checks to detect such an incompatibility.


Basically, aside from the poor design and implementation, there were no paranoia checks.

During machine setup, Set-Up Test will be executed several hundred times since it reschedules itself waiting for other events to occur. In the code, the Class3 variable is incremented by one in each pass through Set-Up Test. Since the Class3 variable is 1 byte, it can only contain a maximum value of 255 decimal. Thus, on every 256th pass through the Set-Up Test code, the variable overflows and has a zero value. That means that on every 256th pass through Set-Up Test, the upper collimator will not be checked and an upper collimator fault will not be detected.

The overexposure occurred when the operator hit the "set" button at the precise moment that Class3 rolled over to zero. Thus Chkcol was not executed, and F$mal was not set to indicate the upper collimator was still in field-light position. The software turned on the full 25 MeV without the target in place and without scanning.


Subsequent studies of the software and the processes around the events in question led to recommendations for basic "best practices". Most were obvious: documentation, processes, and standards should have been established - and never were. Even formal testing and rigorous stress tests never took place.

But one recommendation, in particular, is near and dear to my heart:

* Ways to get information about errors -- for example, software audit trails -- should be designed into the software from the beginning.


One of my personal heroes -- Dan Bricklin, the co-inventor of the spreadsheet -- made a similar point a while back. And I blogged about it last year. It's a point worth considering - again.

Because if you write software for a living, you have a responsibility to be dead serious about your code's quality. You never know when someone will borrow, reuse or transplant your code into another package, device, or system. And your code could end up in another system like a Therac-25, where lives hang in the balance.
 

Fortify Your Loops



Excel-web sharingThis is another post in a continuing, yet oddly sporadic, series of entries on building reliable software. Here's another outrageous tenet of my philosophy:

Ban the While Loop

Yes, that's right: ban the while loop. Get rid of any while loops in your code. Today. Here's why.

Consider the following, oh-so-typical code:

myQuery.FetchFirst();
while (!myQuery.IsEndOfFile()) {
    ... processing steps ...
    myQuery.FetchNext();
}


What's wrong with that? Nothing you say? Au contraire, mon frere. Consider the jamoke who comes after you and adds some additional logic, like so:

myQuery.FetchFirst();
while (!myQuery.IsEndOfFile()) {
    ... processing steps ...
    if (bSkipRecord) {
        continue;
    }

    ... processing steps ...
    myQuery.FetchNext();
}


Guess what? If the boolean bSkipRecord ever gets set, you're in infinite-loop-land and you might as well go out for coffee and a cigarettes -- indefinitely -- while this code runs and runs and runs... basically like the Energizer Bunny plugged into a 220-volt outlet.

So, what do we do in cases like this instead of a while loop? Basically, fortify all of your loops. Make them into for loops.

for (myQuery.FetchFirst(); !myQuery.IsEndOfFile(); myQuery.FetchNext()) {
    ... processing steps ...
    if (bSkipRecord) {
        continue;
    }

    ... processing steps ...
}


Now when Einstein adds his logic, we no longer have the catastrophic result of the system hanging (or an internal denial-of-service attack, as I like to call it).

Going a step further, we can fail-safe the loop. By "fail-safing", I mean assigning a maximum number of loop iterations and recording an error if we hit that maximum. This serves two purposes: to short-circuit a possible infinite loop and to detect the fact that the loop constraint did not work as intended.

for (ixCount = 0, myQuery.FetchFirst();
        !myQuery.IsEndOfFile() && ixCount < MAX_TBL_COUNT;
        myQuery.FetchNext(), ixCount++) {
    ... processing steps ...
    if (bSkipRecord) {
        continue;
    }
    ... processing steps ...
}
if (ixCount >= MAX_TBL_COUNT) {
    // Note that our loop did not work as intended!
}


So, I guess we can boil this lesson down to two tenets: (a) fortify your loops; and (b) fail-safe your loops.
 

Friday, April 08, 2005

Oh, Those  Perils of Outsourcing!



Click here for AmazonThe Times of India reports that call-center employees of MSource, a financial services outsourcing arm of MphasiS, ripped off about $350,000 from Citibank account holders:

They allegedly transferred a total of Rs 1.5 crore (US $3.5 lakh) from a multinational bank into their own accounts, opened under fictitious names. The money was used to splurge on luxuries like cars and mobile phones.

Twelve people, including the alleged mastermind, have been arrested. The police are trying to determine the extent of the scam and whether the accused committed such crimes earlier...

...Asked to divulge the name of the bank, the accounts of which have been hacked into, Dayal said he could not reveal names of the company’s clients as they had signed a non-disclosure agreement. But, according to sources, the bank is Citibank.

According to the police, Thomas, who worked in the callcentre for six months before quitting the job in December 2004, had the secret pincodes of the customers’ e-mail IDs, which were used to transfer money. In January, he roped in his friends and transferred money from four accounts of the bank’s New York-based customers into their own accounts, opened under fictitious names.

The money was transferred to the accounts on February 22, March 23 and March 31. The amount was later withdrawn by cheques drawn in their (accused’s) names or on the names of other people. The customers, from whose accounts the money had been withdrawn, alerted the bank officials in the US, after which the crime was traced to Pune...


In other words, it appears from this report that Citibank's security operation never detected the fraud: the account-holders apparently were the outer edge of the security perimeter. If this holds true, it's potentially a bigger story than trusting outsourced BPO vendors with key corporate secrets.

Forrester Research is predicting that this incident, in combination with incredibly high attrition rates, will serve to dampen the market for BPO outsourcing by as much as 30%.

A couple of take-aways:

1) MphasiS' Pune centre was both BS-7799 security-certified and CMM Level 5-certified. Certifications are no panacea.

2) Citibank needs to examine whether their account-holders detected the fraud before they did... and, if so, how their security organization dropped the ball.

Times of India: BPO staffers hack bank A/Cs, steal Rs 1.5 cr