For His Royal Highness Bill…

Bike Furniture Design


September 18, 2006

For those of you playing along at home, I have updated several recent articles with the correct categories. They may show up as new again for you. My apologies.


September 15, 2006

Well, I didn’t realize that not only were comments being held in a moderation queue but that I wasn’t getting email if the comments was in the queue!  That has (hopefully) been rectified and the comments in the queue have been published.

badbillyz, I don’t know where your comment went originally but I’ve added it.  Just saying.

Reading today at web application security lab, I was intrigued by RSnake’s comments about internet security:

I’ve never been a fearmonger, but for the first time in my life I’ve found myself telling people, “I don’t know a company I couldn’t break into.” Every system I’ve found has vulnerabilities. There was something Bruce Schneier wrote a number of years back (and I’m paraphrasing here) that said that for every man hour it takes to build security it takes n+1 to break it. That is, if there are vibration mics in the ground it will take exactly n+1 the time it took to place them and test them and get them working properly as it would to break in.

On Mythbusters episode 59 the other night the crew cracked into several physical devices like fingerprint scanners, and walked past various versions of motion detection devices (with something as simple as a pane of glass). The point being here are always way around security, physical or otherwise. In the case of JavaScript port scanning it is similar to a Trojan horse. The idea is to sneak something otherwise normall and innocuous into an internal interface.

JavaScript seemed the most likely candidate, so we tackled that first. Yes, that means nearly every company on earth is vulnerable to that. Is that the only weapon in the arsenal? No way. Are there ways to fix it? We’re already working on them. Will that solve things? No way. It will just shift the problem elsewhere at best, and at worst, it will continue to be an esoteric attack vector that is only used by the few people who really get it’s consequences.

What really struck me is the concept that every system has vulnerabilities. William Gibson wrote about computers, networks and cracking those networks in Neuromancer,Count Zero, and Mona Lisa Overdrive, a wonderful trilogy that started me out with a healthy skepticism and love of networks and computers. I love what you can do with a computer and linking them together but I have no illusions that anything created with and/or stored on a computer is anything more than 1s and 0s and can be altered or deleted with a moment’s notice. I’ve got a rather decent network set up at my home and neighborhood, wired and wireless, that neighbors are free to use (hopefully with permission) and a beefy firewall between me and that semi-public network and another one between the semi-public network and the internet at large. I know that all of these can be cracked; my only hope is in making it difficult enough that someone else is a more attractive target than I am.

If you haven’t read the above trilogy then hop, skip and jump down to your local library and get them, all three, at once. Trust me; they are quite entertaining. You might even learn something.

As a postscript, I still find it amazing that William Gibson published those stories between 1984 and 1988, long before the World Wide Web came into existence and the internet as we now perceive it was conceived of, let alone implemented. Even more amazing is that at the time, the world was experiencing the beginning of the personal computer with the IBM PC beginning its invasion and the Apple Macintosh nipping at its heels. I started college at Utah State University in 1984 and as a student had access to a rather advanced VAX/VMS mainframe computer. We did our homework on it, chatted with students at other universities in real time, sent email, even played text games that stretched the limits of that system (ASCII version of Star Trek rocked! Still one of the most fun games I’ve ever played). Twenty years has me typing this on a laptop that would dwarf that VAX System with a PocketPC sitting in its cradle, ready to go where I want to and still connect to any local network.

I can’t imagine what computers and networks will be like in the next twenty years – but I’ll bet William Gibson has.

Comment spam…

May 24, 2006

For the first time in a very, very long time, a comment spam got through my comment filter. I don’t usually realize just how much I rely on that filter to allow people to comment as they see fit.

Here’s to another year without one getting through!

Google Calendar

April 12, 2006

Google Calendar

Yep, that’s right – it appears to be finally available! I’m keen on this; it has been a very long few months waiting for it to be ready.

Now, to explore!

So, I’ve tried three different web log posting tools for the Pocket PC over the last couple of days. Rather poor showing so far.

First, the parameters I set for myself is that it needed to be a native Pocket PC application. No web page synchronization like AvantGo. I’ve used AvantGo before, I’ve designed applications around it and while it does well at its intended purpose, it isn’t what I need. I basically want a local application that can:

  • connect to the XMLRPC API on my WordPress weblog and get the categories and previous posts and download to the local device.
  • Then, it needs to allow me to create a new post, using those categories already downloaded.
  • I need to be able to save as a draft for later posting.
  • It needs to be network aware
  • It needs to allow offline posting. For example, if I post a message and it is unable to connect to the server it should queue that post for later delivery when the network is connected.
  • It needs to show decent error messages. One of the ones I’ve tried (Blog in Hand) just displays ‘The server returned an error while attempting to submit the new post.’ Pardon me, but that is as bad as a Microsoft error message! If it returned an error, tell me what the blasted error is!
  • It needs to allow me to bold, italicize, insert a URL, etc. without having to write HTML code. I can write code; I’m looking for a tool that does that simple task for me.

I’m sure there are more features I’d want, if I gave it some thought.

Looking at the list, I think I’m writing a design document for myself… perhaps it is time to start thinking in those terms…

Update: I forgot to list the ones I’ve tried so far: Diarist, Blog in Hand, and … drat, I can’t remember the other since I already deleted it. I guess I’ll update again when I remember.

One of the reasons I don’t post more often is that I spend most of the time in front of the computer at work for my employer. Either that, or I’m playing Sudoku, to which I’m happily addicted.

To that end, I’ve thought about using my Pocket Pc to post. As a software engineer I was going to write my own. Being inheriently lazy. I decided to try out some free or open source software first.

So, expect to see more posts here and my spelling may get worse as I use the Transcriber as my data entry tool.

MoeMore later after I’ve worked more with it.

XML Schema Part 0: Primer Second Edition

In general, an element is required to appear when the value of minOccurs is 1 or more. The maximum number of times an element may appear is determined by the value of a maxOccurs attribute in its declaration. This value may be a positive integer such as 41, or the term unbounded to indicate there is no maximum number of occurrences. The default value for both the minOccurs and the maxOccurs attributes is 1. Thus, when an element such as comment is declared without a maxOccurs attribute, the element may not occur more than once. Be sure that if you specify a value for only the minOccurs attribute, it is less than or equal to the default value of maxOccurs, i.e. it is 0 or 1. Similarly, if you specify a value for only the maxOccurs attribute, it must be greater than or equal to the default value of minOccurs, i.e. 1 or more. If both attributes are omitted, the element must appear exactly once.

Basically, if it is missing it is assumed to be a value of 1 for both minOccurs and maxOccurs. So, a definition of

<xsd:element ref=”Keys” />

Would be interpreted as

<xsd:element ref=”Keys” minOccurs=”1″ maxOccurs=”1″ />

Just in case you were wondering.

(note: this entry was updated several times to get the code formatting to appear correctly for me in FireFox. I didn’t try IE.)

The new (digital) campfire

February 8, 2006

So, I bought my reason-for-living a new mobile phone. Her previous phone had, well, issues, and we had replaced the phone on Verizon’s dime three or four times. It wasn’t the best experience for either side, I’m sure.

Having gone the route with Verizon where they will replace the faulty phone with the design that leads to failure with THE EXACT SAME PHONE, I was looking for a different way to buy a phone with some confidence that the vendor would provide some value. Being a very long time patron of our local Costco (I’ve been going there since 1982 and had a card of my own since 1984) I stopped by the in-store kiosk to ask some questions.

Sweet. Costco offers to refund the cost of the phone, even if I don’t like it anymore, for the life of the phone. Far better than the 15 days offered by Verizon. Even better, Costco only sells phones with a low return rate… so, I splurged. I got her the LG VX 8100 phone, which satisfies the geek in me and it feels good and you can set an alarm which satisfies most of her concerns.

Fast forward a week or so and I’ve just got a MiniSD card, since the phone has a MiniSD card slot. A bit of experimentation with some free software called SUPER (Simplified Universal Player Encoder and Renderer at and I had a couple of episodes of The Muppet Show and an album of MP3s on her phone.

So where does the digital campfire come in?

I’m trying to get the boy ready for bed, but he is … reluctant. So, I pull out the missus’ phone and show him the Danny Kaye episode of The Muppet Show and he is hooked. I curl around so I can watch over his shoulder and we veg out to Miss Piggy and Kermie. After a few minutes, I realize that the missus is behind me also watching. So, we all are watching a TV show that we could have watched on the TV across the room but instead are watching on a little, tiny screen at a horrible resolution.

And we loved it.