Category Archives: Blog

Your arguments are invalid.

Because it’s enough to have just one. See, thanks to scope and something called currying, any multi-argument function can be rewritten as a unary chained function. A simple example is this Javascript function to add two arguments:

1
2
3
function add(x, y) {
   return x + y;
}

it’s easy to see what that function would do, you pass in two arguments and they get added:

1
var sum = add(2, 3); // 5

now, in a functional world, you want to have unary functions that take only one argument. How can you achieve a simple add function if you’re not allowed to take more than one argument? This can be done by currying (and it requires scope)

1
2
3
4
5
function add(x) {
   return function (y) {
      return x + y;
   }
}

now the call to this method would be different because it just takes one argument. Thanks to the scope, the inner function can see the x, so you call this method like so:

1
var sum = add(2)(3); // 5

And that’s how you can decompose a multi-argument function into many, nested unary functions.

You are more likely to be killed by an asteroid than by a terrorist.

Though what happened in Berlin today is still ‘most likely’ an attack (by a lone wolf, not by an army of asylum seekers) we can’t generalise and blame this on asylum seekers in general. That’s just what our nationalistic leaders want, what the news papers want because it sells more papers.
 
By these rules of generalisation, all men are rapists, all fathers are incestuous, all mothers are whores, all white people trade slaves and basically all human beings are monsters. You cannot blame anything like this on entire groups of people. The fact is that only one person was driving that truck. Not a nation, not a group, not anyone else but that guy.
 
The chances that you are going to be killed in the next ‘terror attack’ are much smaller than the chances that you are getting killed by a drunk driver, by crossing a road, by actually driving a car and for some reason, in the USA, by having your toddler grab your gun from your purse.
 
The media loves to make these things bigger than they are, because this kind of fear makes their sales go up. The chances of you dying in a terrorist attack are pretty slim if you are living in a western society like most of Europe, the USA and here in Australia. It’s practically non-existent.
 
You are about 10 times more likely to die from SUICIDE than from murder. You are about 5 times more likely to die from DIABETES than from a traffic accident. You stand a better chance at winning the lottery than getting killed in a terror attack.
 
Let’s look at a quote from one of the sources below:
 
“The chances of being killed in a terrorist attack are about 1 in 20 million. A person is as likely to be killed by his or her own furniture, and more likely to die in a car accident, drown in a bathtub, or in a building fire than from a terrorist attack.”
 
ok, 1:20,000,000, should be able to handle that. Let’s compare it to something else:
 
“The chances a person will be killed by an asteroid are 1 in 200,000, which is much higher than the odds of being killed by hail, which is 1 in 734,400,000.”
 
Let that sink in people. You run a 100x (a hundred times) bigger chance to be hit by an asteroid than be killed in a terrorist attack!!! Why the fuck aren’t we walking around with titanium umbrellas!?
 
for crying out loud, let’s stop giving the media what they want: attention. Let’s stop giving away our privacy over this bloated sense of insecurity. And the great thing with ‘terror’ is, if you show a complete disregard of the effects, it’s not terrifying at all. They’re just what they really are: sorry excuses for living beings.
  
just some of the sources below.
 
 
 

Security and safety

Recently people who use Mac computers have asked me about security. Good question. I’d say they are pretty secure. They didn’t ask me about safety. That is a different question. I will try to explain why:

The only safe operating system is the one that is turned off, disconnected and preferably locked in a safe. And even then, it only takes one human to breach that security. As long as it is not turned on, or plugged into a network, it is still secure, but not safe.

Now, if you understand those rules, you can maneuver pretty safe and secure on the internet.

To do so, there are some simple rules you can follow:

Choose an operating system that is released as open source (why? because everything is transparent, every single bit of your operating system is out there, people know about it, good hackers and bad hackers the like, history has proven this, you are more vulnerable with a Microsoft (closed source) OS than with any obscure linux variant out there). Apple is turning towards the Microsoft side, but is at least based on a BSD unix variant, so, as long as you don’t give out your password to install the next .dmg you download, you are pretty safe (even if history has proven that Mac users are the least computer savvy users out there, you just got lucky that it’s in essence a unix machine)

Choose an operating system that is maintained (what does that mean? simply, the more people that are working on it, the more people who know a lot more than you do about operating systems are working on it) If more people are working on it, it does not mean it is not ready yet, it actually most often means that those good hackers are quite fond of it (pick any popular linux or freebsd version, it’s free and people are actively working on it to make it the most secure system they can think of)

Third, be a user when you can, only change into an administrator if you need to be. The way the unix (and alike) operating systems were designed was about giving users power to do things, but not to disrupt other users. I personally change into my root clothes when I think it’s time to delete a user account that has been compromised, or at least leans towards it or when I’m simply done with it. And since I have the power to become root, I can always create a new user.

Finally, and absolutely not the least, don’t be lazy, don’t reuse that password on website nr1 you used for website nr2, unless you don’t care about either of these (this is a rule I break often, I start out with using a weak password until I think I really want to keep that account).

Don’t use that service name in your password. Cryptology is only as smart as you are. You can have all your keys encoded in (who cares) 8 gigabyte keys, but if you use “-facebook” for facebook and “-twitter” for twitter, the other party already has 50% of your password decoded.

No matter how many bits you use to encrypt it, if they know half the message, it’s pretty useless because knowing what you are looking for makes it easy. (Really don’t want to go into details here, but you can understand that looking for “Hi Mom!” in a decrypt is easier if you are sure it contains “Hi Mom!” then if you don’t know that it should contain that)

A password like ‘IchHateMeinFuckingFriendDieZesBlocksDownWoont’ (normal words, but 3 different languages) is far more effective than the not so random ‘qwerty123’, especially if you, as a hacker, already know that the password is going to end in the plaintext ‘-facebook’. (and it is easy to remember). As with anything, but especially in cryptoanalysis, if you already know what you are looking for, it is easier to find it.

Coming back to the 3 language 10 words password, it is 46 characters, let’s assume we only use lowercase, that would be 26^42 combinations. Being able to use uppercase makes it 52^42, include numbers, 62^42, giving a resolution of 1.9074403212938070052188251342723e+75 possible combinations.

With this I’d also advice to look at how the password is used. Yes, the iphone number password is actually quite safe, BUT ONLY if you turned on the feature to wipe the phone after 10 misses. If you don’t, it’s just 10000 tries in which case brute force works. And quickly too. Even the hardware of the iphone you are trying to crack is much faster in 0-10000 than you are. Don’t forget, the computing power in your pocket supersedes in many magnitudes the computing power that was used to put a man on the moon.

Don’t underestimate brute force, as a rule, it takes only 1/2 to crack it. Either they get it right at ‘A’ or at the end at ‘ZZZZZZZZZZZ’, on average it is half and brute force is actually one of the ‘cracking algorithms’ that is 100% sure to crack any code, unless it is accompanied by a total wipeout, as the iphone offers. Use it. Objects that completely lock after X tries are much safer than object that use whatever amount of gigabytes for keys. Imagine what luck you need to crack a safe if you have the previously amount of options (1.9074403212938070052188251342723e+75) with only 10 tries. Brute force is completely useless against systems that lock.

But, it’s not completely useless. If it’s a digital safe? it can be copied. You may lock after 10 tries, but if I can make 1.9074403212938070052188251342723e+75 copies, I only need to try 1 combination per copy. So what do you learn from this? If someone wants to crack you, and if they have enough resources, they can and will. The safest place to keep really private information is still locked in your brain. You will never be secure if your brain is not safe.

As per today, 25/04/2012, they haven’t found a way to secure anything that was saved in your brain and as long as you keep it there, it can’t be protected by security

T is for Telecom, where communication goes wrong…

It’s a wonderful day in the world of telecommunications… First, the 3G service on my phone went dead (it still showed wonderful connection, but as soon as you tried anything it said I didn’t have cellular data). Since I recently moved from Vodafone to Virgin Mobile who uses Optus, I thought, how bad can it be. But hey, after a few tests with luckily another phone at hand, it obviously showed that there is probably one flag not set correctly at their end. We can only hope that the morning crew is able to set the flag.

So that one is still on-going. The other problem I have is with Telstra (the fourth telco to mention in this post, however, the biggest here). Anyway, I updated my subscription with them, because, well, hey, after 2 years, times change, you can probably get a better deal. So I first started to use the DIY way via the website.

Since that quickly enough proved not viable, due to the exact combination of switches I wanted, I followed the advice and started a chat session. I really had some fun with a great guy on the other hand and after about 30 minutes we arrived at a new package for the bundle (phone, internet, tv). I would be called the next morning to arrange for the installation guy to do the physical part of the deal (installing the HD box and moving the non-HD box to the second room).

So I waited about a week. Obviously, nobody called. But since there is a store for anything, there are also stores for Telstra. The next week (last week) I go to the T-store and apparently, my previous order could not be found. I think, well, while I’m here, lets do it again. This time however, I also get a T-hub (Telstra’s take on a tablet, connected to your base station etc) thrown in the deal. Who am I to say no to a better deal, so I go home, thinking to have the same order, just this time with some new gadgets for the home.

After installing the T-hub, the base-station and 2 handsets, I start to play around with the new toys and decide to enable sms. Why not. However, to enable that, I first had to enable something else, which I couldn’t enable since it was already enabled (let’s call it voicemail). So, as the device instructed me, I called the helpdesk. Again, easy-peasy, no problemo and the issue was quickly resolved. Except for the fact that the activation code was expired. But, there was a link in the activation email that would allow me to generate a new activation code at any time.

Today I tried to generate that activation code (as my evening was already ruined because of the trouble with the 3G on the mobile phone), I click that link to find that the website is not exactly working as it should. Actually, somewhere halfway, the process advised me to call the corresponding helpdesk (Telstra has many).

Calling the T-Hub helpdesk is not so bad, apparently, not many people do that, so I got connected quickly enough (around 8.45pm). During the conversation, I was asked to install LogMeIn and even though I do know better in most of the cases, I was easy going and a nice customer, so I let them control my Mac for a while, until they discovered that a certain part of the website was not working. (Yes, the same link to get a new activation code)

That kind of brought the nice lady at the other end of the line to the end of her flowchart and the incident was logged and over the next few days, someone will contact me to activate the sms service on the T-Hub (I hope, but I should know better). However, to log the incident, she needed the serial number on the T-hub, which is conveniently stored inside the battery compartment. (note to reader: store this in mind, it will come back later…). So I remove the batter, read the serial number (quite long, but hey, we got through it) and that was about it.

“Anything else I can help you with”, she asks. Sure, why not, while we’re here (9.15pm), I kind of ordered something with you guys about 2 weeks ago, and again a week ago and I was to be contacted within 24 hours, but hey, they kind of didn’t. But, since she was the T-hub helpdesk, no can do. I get put back in hold, this time for the Billing helpdesk.

Billing is a bigger problem as it took a tad bit longer to finally get put through. Yay! I explain my quest (2 weeks ago via chat, last week via the store, no confirmation, no contact, no email, no nothing). She starts up the system after I’ve identified myself (again) and she can see both orders. However, she sees differences in the packages created by both colleagues (who both came to the same final price though, so how that happens, you tell me).

Since I now clearly know what I want and what it will cost me, we can go quickly through the changes and she decides that it is probably best to cancel both previous orders (sure, but, wouldn’t it be nice to just let one go through and keep me, well, informed?) and we create a new one (again, exact same price, but totally different bundle with the same components, really…). Only one thing, she can’t finalise it as that is just something the Bundle Team can do. Incident report number 2, reference number whatever, I’ll get a call on Friday.

“Anything else I can do for you?”. (9.45pm) Well, apparently, when I removed the battery from the T-hub, as your colleague asked me to do, the touch screen on the T-hub has become unresponsive (I noticed this because, well, you have to do something during the time you are put on hold). “Let me just connect you to our T-hub helpdesk”

And so, an hour later, I was back full circle with the T-hub helpdesk. Again, the personal details, my phone number, name, age, first 4 digits of my pin and the ccv code, the works, I am identified (ok, that about the pin and ccv is not true, but come on, 3 times during 1 phone call from a landline supplied by Telstra themselves? really?)

Anyway, after first chewing away the legendary question: “Have you tried turning it off and on again” we again get to the point where I have to remove the battery and read out the serial number. (again, remember this!) Reinsert the battery, try again, the works. At some point during this conversation her flowchart also ended and the T-hub is going to be replaced.

To do so, they also need the serial number that is on the base station as well as on the handset that came with it. So I start with the number on the base station and after 3 digits I get this strange feeling that I know this number. With only one exception. Where the T-Hub had a T, the base station has a convenient B. Where the base station had the B, the handset had a C.

Curious as I am, I ask the nice lady: “Wouldn’t it have been easier for me, instead of removing the battery from the T-hub, simply to lift up the base station and read that serial number?”. “Yes, they are the same, except that T stands for T-hub, B for base station and C for Communicator”…

“So, basically, strictly hypothetical, since it is too late anyway, I could have told the first person the serial number, which is printed on the outside of the base station and she could have concluded the serial number of the T-hub without me having to remove the battery and consequently ruining the device’s touchscreen?”

“Yes, when we replace them, we have to replace all 3”. Anyway, I now have a 3rd incident number and they will send me a replacement set. (it’s now 10.15pm). But, since I got here, I’m not done yet…

“How about the contact list I have stored in the device? I just had all my contacts in there?” (this is not entirely true, I just had my mobile number in there just to test stuff, we didn’t get around to actually transfer any of our other contacts in the system, but hey, at this point, you got to ask).

“I can give you the number of our technical support team who will help you with that”. I thanked the lady. I’ll go a long way playing innocent customer, but I sure won’t spend another 30 minutes on the phone with the next person to explain to me that I can use the extra handset to store the numbers and transmit them to the new base station, as I had already read the manual.

Let’s just wait and see what Friday brings. It can only get better from here I guess…

 

Jack of all trades

One of the first things I noticed when applying for a job Down Under was that where in Europe they recruit specialists, down here, they primarily recruit the ‘jacks of all trade’

Probably because there is a huge lack of really good software engineers (they are here, but there’s not enough of them). Where in Europe, the roles ‘analyst’, ‘developer’ and ‘tester’ are strictly different roles.

Think of it like  the ‘Trias Politica’, where you differ between the power that defines law (politicians), the power that upholds law (police) and the power that checks if the other two are operating within the law (judges).

The same actually does go for software development projects. You’ve got (business) analyst (they who describe what is to be made), the developers (they who make what is described) and testers (they who check if what has been described is actually made).

As a developer in Europe, I’ve fought many battles with the analysts. Mostly about the ‘why’. I’ve fought many battles with the testers, mostly about the ‘how’. Although, we all agreed on the ‘what’, in my opinion, it’s great to work with a team that separates these powers.

Down here the rules seem to be completely different, if you are a ‘software specialist’, you are analyst, developer and tester in one. I can see the market value of a jack of all trades, but let me give you some examples why this isn’t working.

Analyst can go on forever. It’s in their job description to never stop wondering about the why, analyse it, break it down into measurable entities. These generally are people with a huge fear of failure. If they didn’t capture it, millions of lives will be dependant. That’s why analysts want to capture each and every aspect of anything, all the time.

Developers are inherently lazy, well, not all of them, but the better ones are. Developers love to cut corners, to do in one line what others do in 20, their laziness defines their efficiency. You do things once, maybe twice, but if you have to do them a third time? You write a program to do it for you. You never know when you have to do it a fourth time.

Testers are nitpicking bastards, developers are confronted with each and every corner they cut, but the testers caught them. It’s an ever ongoing war between the ‘can do’ mind of the developer and the ‘but you missed this’ mindset of the tester. Actually, there are no more roles so cut out for each other than testers and developers. The tester has to sign off what the developer made. Developers hate testers, but good developers hate not having testers even more. They are their conscience. I personally love testers who are capable of detecting my latest mischievous hack. And in the end, when developers age, with all their experience, they probably become the testers. But right now, they are probably too creative to even think about that fate.

As a developer, I hate analysts because they specify things I can’t build, I hate testers because they interpret the analysis in a different way. I love the analysts because they translate what the business needs, and I love the testers because they provide the security that I actually wrote what the users wants. And if it is a good team, we understand that we need each other. They probably hate me for seeing things too binary (‘it either is or isn’t damnit! there is no magic in computers!’)

Hence the Trias Politica, each working in a team, to obtain the same goals, but looking at the project with different angles. Where things start going wrong is where management thinks either of these roles can be performed by the other. Developers doing analysis or testing, or testers doing analysis. And beware of the day analysts start development.

Sadly enough, down here, it seems more common than I’ve been used to. There seems to be a common feeling that ‘everything with a computer’ can be done by ‘someone who does stuff with computers’. It’s like your parents asking you where the button for ‘bold’ is, because ‘you design chips, so you know everything about computers’

How do you tell them that knowing everything about bits and accumulators and registers doesn’t make you the same guy that knows how to underline or how to use italics in their word processor? Some of us may know how to do 2048 bits encryption, but we just may lack the knowledge of how to add 1 and 1 in an excel sheet.

There simply is no Jack of all Trades, and there never will be. In a computer science world, that has been a station passed. I can only hope that one day I will convince the people down here that you really need the 3 of us and that there simply isn’t one that is all 3.

The Meta-Question

I think I’ve been using Google as a search engine from the day Google emerged as a search engine. Which, of course, was there sole business when they did. It was the fastest, most accurate and the least gruesome of all search engines of it’s time. Just this textbox and two buttons (at least, I can’t remember the day the ‘I feel lucky’ button was introduced, to me, it seems like it’s always been there)

So there it was, this mostly white page, with nothing more than that colorful logo just shouting at you ‘let me find what you want!’. Back in those days, I didn’t even think of the Meta-Question. I just typed and found. Even back then, I wondered what good a Search Engine would be if it didn’t Find anything. To me, it was the ultimate Find Engine.

Many years have passed and still today, it’s my Find Engine of choice. If I can’t find in on Google, I’m sure as hell not going to Find it on Yahoo, Bing, Just Jeeves or Ask.com. If Google can’t find it, it simply becomes a question to which there is no answer. I know it told me the meaning of life.

Without Google, my IQ drops at least 20 points. I’ve always said that knowing where to find the answer is as valuable as actually knowing the answer. It no longer falls back on the answer, but how you state the Question. Just asking ‘I need pussy’, doesn’t really get you laid. It however, might get you a kitten though.

But I’ve never asked the engine the Meta-Question: ‘Where can I find it’. Today I asked the mother of all search engines that question. The number one pick as about a celebrity style website. Nah, that wasn’t what I was looking for. So I asked Yahoo. Guess you can find it at Totally Toddler. So I asked Bing. I seem to find it at Find. Except from advertising, I can’t enter what I’d like to find at all.

Concluding, none of the mayor ‘search engines’ actually find themselves. A simple question remains unanswered. Where can I find it leads to dead links and outskirts of the internet. There is simply no answer to that simple Meta-Question.

And if you ask ‘What can I find’, the biggest hit is the wayback machine. So, if you ask the internet what it is you can find, it will point you to the biggest archive of all stuff ever found but never searched for. The question where you can actually find stuff remains unanswered.

I guess that’s why they still call them ‘Search Engines’. It’s about time someone invented a ‘Find Engine’. I know I’m done Searching.

Blog

I’ve been thinking about this a long time. Years ago, I started a blog to document and sometimes contemplate my and my families move to Australia. You can find it at http://www.kemna.eu. In the beginning I’d just put up some new post about where in the process we were, how the kids were doing etc. It was a family blog.

However, more and more colleagues asked me to write about my work life as well. I resisted every attempt by pointing out that most of the people blogging do not really care about what they are saying, they care about how many people actually take notice of their exhibitionism.

I can remember, years ago, years before wordpress, blogger, facebook and others made it easy to blog, there was a guy who wrote a piece called ‘why I hate weblogs’. The original post is long gone but I tried to find it today and I’m pretty sure I found the correct content, but it’s just put into… a blog…

Actually, people have copied it to their blogs, threw it on facebook, it’s mentioned in a weblog about blogging, oh wait, this post is becoming just that. Stop!

Anyway, thankfully the internet has more memory than I have and the original can still be found at the Wayback Machine, the original post at October 13, 2002 up until it’s deletion in June 2008, and even the funny test can be taken, but the outcome will forever be gone…

I guess I’ll never know, and who’s going to read it anyway 🙂

Cheers!

Digital Inhabitant

I acknowledge the fact that I’ve been born a tv-native (I’ve never wondered about a tv-less world) but my children are what they call ‘digital natives’. Think of it, the communicator we’d love to have from Star-Trek, is what they call an iPhone, blackberry or if you are really hip, an android phone.

We got the technology Star Trek dreamt about delivered at our doorstep. To my son, there is no difference between the tv-remote and my iPhone, just because I was that stupid to install some application that allowed me to control my tv through my iPhone. But when he grows up, there really isn’t a difference.

I’m called Gen-X, the generation next to the BabyBoomers, just before GenY, the digitally adaptees, and so far away from GenZ, the digitally natives. My children will grow up in a world where tv-screens are a thing of the past, where social interaction, the day after a programme, will be cut short in YouTube fragments.

What both the babyboomers and GenY seem to misunderstand, is that GenX made it happen. Where would Facebook be, without cheap data plans on your mobile? Without internet reaching every single home? We grew up with the fear that one day, we’d be out of ip4 internet addresses, but we’re also the generation that thought of IPv6. We’ve put our parents on the internet and we’re giving that same internet to our children.

GenX may be silent and silly to most of you, we made the world you’re experiencing right now. We did see the potential, we just didn’t want to make money of something that should have been available to everyone when we were young. So, not only did we get our parent online, we shared the online world with our children.

Gen Y blames us for not having it ready way before they came, but I happen to think that if Gen X had the digital platform we now have, we probably wouldn’t be bothered with producing Gen Y at all. I know I’m still waiting for a massive online Grand Theft Auto 😉 Oh shoot, I just gave away yet another idea some GenY’er will make a fortune…

But really, the best digital inhabitant today probably is the 30-40 year old. These are the people that had to live without and learned to live with all the opportunities offered. We’re probably the last generation that actually had to go somewhere in the flesh to meet a partner. We know how to operate those communicators, as we’ve invented them… But we also know what it means to interact with real people in real life.

hell, we’re probably the last generation that knows the meaning of the acronym IRL 😉