Wednesday, December 12, 2007

Tab is Fab

Sometimes you just gotta tell it like it is: Red Bull Sucks.

It tastes like the Ox Bile it was named after. That's where the "bull" comes from: synthesized taurine.

All those so-called energy drinks are loaded with sugar. Sugar puts me to sleep. Red Bull, Monster, Fuze, Full-throttle, SoBe, etc. Bleh. Plus they may cause seizures.

Tab Energy rocks. I don't care if it was made for women, I like the taste and it works. No "sugar", just sucralose (and some other cancer-causing agents). I ain't proud: I drink pink.

Thursday, December 6, 2007

All I want for Christmas

Well, shoot, I already got my two front teeth.

Other than World Peace, the Second Coming, and Daily Sanity what else would you want in the under $100 range?

Things under $100
Lost 3
Caps Tickets
Belgian Beer
Shirts (16.5/33), Ties (no stripes!)
Racquetball Glove (large)
...surprise me!

Attila the Hun (de Wohl)
Throne of the World (might be same as Atilla the Hun)
David of Jerusalem: A Novel
THE EMPRESS HELENA (might be same as The Living Wood ; I have that.)
Imperial Renegade

DS Games

Hotel Dusk
Phoenix Wright: Trials and Tribulations
Metroid Prime: Hunters

Things definitely NOT under $100
24" iMac
Final Cut Express
Awesome digital cameras
Camcorders (The land of awesome: Canon HV20)
Sherlock Holmes
More Sherlock Holmes

Sunday, December 2, 2007

Grocery Olympics

You'd never think that groceries could be a subject of competition. You'd never think that -- but then you're probably not in my family either. Then again, given its size, maybe you are.

With the larder dangerously low, comments like these are not out of place in my house: "I would never have thought of putting those two foods together". So, OK, already, I get the hint. Time to go shopping.

I like food shopping as a creative outlet. My wife just wants biscotti. My sister-in-law has crowned me King of Useless Foods. Or something like that. I just like to try new things to tantalize my palette. Hey, just because a food stinks, it's not automatically bad.

Just getting staples for a family in the plus six range can add up fast. So with cart brimming over with foodstuffs and falling out on the floor I pull up into what must be my private line. On the extreme left is the "Express" lane (15-items or less), in the middle we have the Regulars, and to the right of that is the Olympic line. The checkout clerk was a little goggle-eyed at the sheer volume of stuff I managed to jam into a single wobbly-wheeled wire-frame chariot.

Clerk: "Christmas shopping?"
Me: (confused) "No, regular."

I got a little appreciative look for that one.

Clerk: "We need more customers like you!"
Me: "Just doing my bit for the economy."

I could have used two carts I suppose, but that's when you know you need to stop shopping -- no more room in the cart. When the kids hit their teens, that will no longer be optional.

Not to be outdone, my sibs reminded me that Mom had a train of four carts on a regular basis.
Says she, "I spent $500 a trip back when that was a lot of money".
News flash: it still ain't chump change.

Friday, November 23, 2007

New Encyclical

Rumor has it: Benedict's second encyclical, Spe Salvi ("Saved In Hope"), has a definite release date set for next Friday, November 30.

Read It And Think

Posted recently on

Really this should speak for itself. It's a metaphor, people.

Tuesday, November 13, 2007

Perl of Wisdom

This is for the spiritual geek in all of us: a copy of the Lord's Prayer that compiles in Perl.

#perl of_wisdom

open(Matthew6,$0); {print <Matthew6>;}

our %father; $who = "in heaven";
bless \$thy[name];

for ($earth .. $heaven) {
$thy[kingdom] + $come;
$thy[will] = $done;

sub mit { our $bread = localtime(today);

foreach $sin (@us) {
undef my $sin
if my $forgive;

return if $temptation or $evil; }}

for ( $thine = $kingdom and $power and $glory) {
for ($ever and $ever) {}; }

Monday, November 12, 2007

MySQL Binary upload

All the best evidence says: don't put binary objects in a MySQL database because it is horribly inefficient. You will inevitably be labeled a "noob" with much eye rolling if you even ask this question.

The plain fact is, you may want to be able to do this anyway, even if in the grand scheme of things this is a Bad Idea(tm).

So stop telling me NOT TO, and start telling me HOW.

The basic problem is this: the single best and fastest way to get ANYTHING into a MySQL database is to use the LOAD DATA LOCAL INFILE method, which does a mass import into the selected database. This is even better if it is multiple records in a delimited format. The problem with this approach is that it simply inserts the data into the next auto-incremented slot. You cannot control WHICH record it will insert into.

The other proposed method is to read a file into a $variable and do a simple INSERT INTO ROW VALUES ($variable). Using this method you can control WHERE this will get inserted. The fatal flaw with this method is that $variable is interpreted by your scripting language BEFORE it is inserted. This is really ugly and usually ends up breaking the INSERT syntax due to ticks, quotes, interpreted commands, and sheer length.

So how to fix? The simple solution is to perform a READ of MAXLENGTH BYTES inside a loop and sequentially update the record(s) of choice.

UPDATE ROW with VALUES (val1, val2, BYTES)

This avoids MAXLENGTH problems in both the MySQL client and server. What you end up with is chunks of your binary in multiple records that you control. To reconstitute the file, you add code to your script to track the chunks and download them in order.

Thanks to gmax at perlmonks org for this great code snippet called:

Handling huge BLOB fields with DBI and MySQL

open FILE, "< $fname" or die "can't open $fname\n";
my $maxlen = getmaxlen();
# gets the value of max_allowed_packet

my $bytes=$maxlen;
$fname =~ s{.*/}{}; # removes the path from the file name

my $sth = $dbh->prepare(qq{
INSERT INTO software_repos
(name, vers, bin, description, filename, username, updated)
VALUES ( ?, ?, ?, ?, ?, user(), NULL)});

# now we read the file and upload it piece by piece
while ($bytes) {
read FILE, $bytes,$maxlen;
$sth->execute( $sname, $vers, $bytes, $descr, $fname)
if $bytes;

close FILE;

Wednesday, October 31, 2007

Super Catholic Heroes

Everybody should have a theme song.

The feast of All Saints is all about Super Catholic Heroes.

A co-worker of mine once dubbed me a Super Catholic. I think he just never actually met a practicing Catholic. (And why do we call it practice? ... So we can keep trying until we get it right). At first I didn't particularly like the moniker, given the implications, but I learned to roll with it. Been there, done that, got the t-shirt. No really, I got the t-shirt.

One day I told him I had to stop by the local Catholic Shop after work.
He responded,
"Why? Are you low on Catholic?".

(Hmm, maybe; see parenthetical #1).

So where do you go when you're low on Catholic? Aside from a good sacrament or two, may I suggest some free Catholic music? Check out the Catholic Rockers podcast or perhaps a quick shot of That Catholic Show on SQPN.

And since it is All Hallows Eve ...
the story of Jack, the Depressed Pumpkin.

Thursday, October 25, 2007

Maslow et al

It's amazing sometimes how tippy the top of a triangle can be.

Ask Maslow.

Wikipedia says:


This diagram shows Maslow's hierarchy of needs, represented as a pyramid with the more primitive needs at the bottom.
This diagram shows Maslow's hierarchy of needs, represented as a pyramid with the more primitive needs at the bottom.

Maslow's hierarchy of needs is often depicted as a pyramid consisting of five levels: the four lower levels are grouped together as deficiency needs associated with physiological needs, while the top level is termed growth needs associated with psychological needs. Deficiency needs must be met first. Once these are met, seeking to satisfy growth needs drives personal growth. The higher needs in this hierarchy only come into focus when the lower needs in the pyramid are satisfied. Once an individual has moved upwards to the next level, needs in the lower level will no longer be prioritized.

However, if a lower set of needs is no longer being met, the individual will temporarily re-prioritize those needs by focusing attention on the unfulfilled needs. The individual never regresses from one level to a lower one, however. An example of this fact may be a businessman at the esteem level who is diagnosed with cancer. He will spend a great deal of time concentrating on his health (Physiological needs) but would still value his work performance (esteem needs) and is likely to return to work during periods of remission.

Tuesday, October 23, 2007

Liturgical Referee

Saw this on Curt Jester and just couldn't help myself.

Example Liturgical Signals
No Crucifix in sanctuary.
Liturgical dance detected.
Member of laity giving homily - to be evicted from lectern.
Incomplete or no consecration. Occurs when illicit matter is used, wrong formula used, only one of the two elements of bread or wine is not properly consecrated, or no validly ordained male priest/bishop is present. In case where only one element is consecrated a replay is called for.
Illegal use of hands. Normally called when the celebrant has left the sanctuary to shake everybody's hands.
Questionable or just downright heretical theology used in homily. When detected the Liturgical Ref pulls on his lips in a downward direction.
The "What the heck am my hearing" signal is one of the most common signals and indicates syrupy banal liturgical music or the inappropriate use of secular music such as show tunes and popular music (especially from the seventies).
Disregarding the prescribed text of the Order of Mass. This is another common liturgical penalty despite the fact that no other person, even if he be a priest, may add, remove, or change anything in the liturgy on his own authority. (Constitution on the Sacred Liturgy)
Illicit Posture. Usually called when you are being asked to stand instead of kneel or any other poster adaptation not specified by the GIRM or set by your bishop's conference or licitly specified by your local ordinary.
Illicit purification of sacred vessels. This is called when the purification of the sacred vessels is done by an Extraordinary Minister of Holy Communion despite the fact the the Pope revoked the indult in the U.S. for this permission.
Illicit Participation. Called when too many people are in the sanctuary. For example occurs when EMHC arrive before the fraction rite or when some members of the congregation are invited into the sanctuary to pray with the priest during the consecration.
Un-Christian Like Conduct. Can be called when elements of other religions contrary to Christianity are introduced such as new age beliefs. Un-Christian Like Conduct is also often called in the parking lot after Mass.
Illegal Pass. The celebrant is simply not allowed to make a pass at anybody.
Stole Infraction. Normally occurs when the celebrant wears his stole on top of the chasuble. Another penalty can be added if the celebrant does this and the stole is also horrendously ugly or has an seventies themes.
Illegal Receiver of Holy Communion. Those who are excommunicated or interdicted after the imposition or declaration of the penalty and others who obstinately persist in manifest grave sin are not to be admitted to Holy Communion.
Clowns in the sanctuary - run for your life.
Excessive use of inclusive language. Penalty is thrown when grammatical awkwardness is detected in avoiding male pronouns and every other sentence begins brothers and sisters.

Tooth Fairy Trials

My oldest daughter, C., is at that age where her baby teeth are starting to fall out.
This rite of passage inevitably brings up hidden child rearing issues such as:
What To Do About The Tooth Fairy

Now many people don't give our popular myths a second thought and happily pass them on to the next generation. I, of course, have to think about the deep weighty implications of everything before I do it.


Should I go along with it or not? On the one hand, it just ain't so and why fib to the kids? What about teaching them The Truth without mixing in cultural silliness? On the other hand, it is kinda fun (don't tell my family), my parents did it to me, and I'm no worse off for it.

What I settled for was this:

C: Daddy, we have to put my tooth under the pillow so the Tooth Fairy will come.

Me: Hm. I don't know that there is a Tooth Fairy ...

C: Oh, yes, Daddy, there is. They told me that at school.

Me: Really?

C: Yes, Daddy. I know. The Tooth Fairy is real.

Me: Oh. I don't know if I believe in the Tooth Fairy.

C: I believe, Daddy. The Tooth Fairy is real.

Me: Ok honey. Well, we'll see ...

... She got a quarter.

J.R.R Tolkien would tell me to lighten up about the faeries.

  • "First, he suggests that fairy stories allow the reader to review his or her own world from the "perspective" of a different world. This concept, which shares much in common with phenomenology, Tolkien calls "recovery," in the sense that one's unquestioned assumptions might be recovered and changed by an outside perspective.
  • Second, he defends fairy stories as offering escapist pleasure to the reader.
  • And third, Tolkien suggests that fairy stories (can) provide moral or emotional consolation, through their happy ending, which he terms a "eucatastrophe.""
Ok. Cool. So what does the Tooth Fairy tell us about our Reality? I'm not sure, but I went ahead and knocked out a couple more of her teeth. ;-)

Me: More loose teeth. Hold still ...

C: Ow!

Me: Sorry, just a little bit more

C: (whimper)

Me: Sorry, honey

C: Ooh, oh, stop ...

Me: (wiggle, wiggle)

C: (whimper)

Me: There!

C: That was fun, Daddy.


Numbers 13

Went to our first NVDSA event at Numbers 13 Farm.

The people there are the friendliest people I have ever met. At first I was a little taken aback by some people's forward social advances. But then I realized that since everyone was there with the same purpose, we could do away with the awkward preambles.
Um, excuse me, does your child have DS? Oh, what a coincidence, so does mine ...

That, and the kids are going to do that to you, DS or no. So I didn't even blink when some random child came within 3 inches of my face to show me his horseback riding ribbon. He thought I looked too hot (I was sweating) so he "let" me wear his plastic fire engine hat.

Looking back on it: free food, music, horse rides, sack races, pumpkin picking, hay rides, and really, really neat people, it is already a fond memory.

I think I'll do it again.

Thursday, October 4, 2007

Distributed Cfengine & CVS

Here is a short article on one way to integrate cfengine and CVS.

Configuration management meets version control.

Tuesday, October 2, 2007

XML attacks

XML XDoS attacks
  • recursive payload
  • attribute explosion
  • dangling XML
The only thing we've run into are the DoS attacks, and those were resolved by coding in a timestamp

SOAP and XML Web services are liable to:
  • cross-site scripting vulnerabilities,
  • cookie poisoning attacks and
  • changes to URL parameters.
"XDoS attacks are DTD [document type definitions] external entity attacks," O'Neill said. "They rely on an XML parser supporting DTD. They're generally called SOAP bombs. They expand hugely."

XML can expose data contained in Web services messages, and attackers can use available inspection tools to their advantage

The modular nature of XML allows elements, like large attachments, to be embedded in Web services requests.

The WSDL itself may expose structure such as file directories or open ports of a server

Schema not reflecting business rules.
  • Integers that are not constrained to positive values when they logically should be
  • Sequence numbers that don't increment
  • Contamination of stored data or DOSes
  • No robust set of validations - usually "this node is a string", which is insufficient.
  • Adding additional nodes or the same node (YMMV as to *which* node will be selected in XPath queries for a given XML parser)
  • Insufficient validation, leads to inject bad strings with impunity (i.e. javascript)
  • Validation is rarely turned on, and even it is ... how many times has the DTD not been available to the XML processor?
Recursive definitions of elements are a security risk. This causes reduction of performance and complication in the implementation of validation runtimes, especially when implemented in hardware. Ability to restrict the recursion depth, either locally for a given element or globally could prevent potential security attacks.

Another issue is validating canonicalized version of XML messages, where the XML Schemas was written for the non-canonical form of the XML message.

In XML Schema 1.0, we cannot define or restrict the values of datatypes based on some condition. For example, attribute 'a' in element 'x' can have values &lt; 10 when element 'y' has and attribute 'b' = 3.

As schemas are auto generated, support for multiple targetNamespaces in a single schema, without using imports, could be a great addition. We always ran into the issue of applying a schema to a part of the message.

Most of the times, schemas do not define facets, such as maxLength, on the datatypes. This causes security concerns such as denial of service attacks. Users should be made aware of their benefits and the XML Schema could have support for parameters/policys for such facets that have global effects across all datatypes in a schema (even though proper usage of inheritance does address this).

In the grand security schematic, an external Web service call should enter through an XML security gateway for vetting, be passed to the Web services manager for policy adherence and distributed to the host system Web services via the agents provided by the management tool.

Powered by ScribeFire.

XML Solutions

Functionality of XML Schema was exploited to implement many features of the security module. Some of these features are:
  1. WSDL Based Validation
    Mechanism to prevent invalid and corrupt SOAP requests from reaching the server and limit messages to the once defined WSDLs. To achieve this, we developed an application that converted given WSDL into an XML Schema which when applied on the SOAP messages reports messages that do not conform to the WSDL definition.
  2. Web Services Access Control
    Limits a user's access to particular services or operations defined in the WSDL file. In addition converting WSDL into a XML Schema, our schema runtime had the ability to register callbacks on any element in the XML Schema. This was used to implement ACLs for operations in the WSDL.
  3. SQL and Command Injection Protection
    Detect and block command injection attacks, commonly hidden as valid parameters. XML Schema facets support for regular expressions was exploited to prevent SQL and Command injection.
  4. Schema Structural and Data-type Validation
    As performance is critical for network devices, we had to provide different levels of support for XML Schema. When validation XML messages against XML Schema, we provided options to do only structural validation or structural and data-type validation. This was useful as data-type validation was too much of a performance hit for some applications.

    The only thing we've run into are the DoS attacks, and those were resolved by coding in a timestamp

    XML hardware accelerators:

Powered by ScribeFire.


Related Posts with Thumbnails