Not really apologetic
This morning I watched Steve Job’s presentation of the new notebooks. The audience was subdued and quiet, almost morose. Steve didn’t show much enthusiasm either, and I was bored. Not that the stuff he presented was anything but brilliant, but there was nothing new or unexpected, since everything, down to the last trackpad and price tag, had been leaked on the net the days before the event.
Screw you, leakers and rumoursites, I want my Apple surprises intact! This isn’t fun anymore.
This falls in the category “neat tricks” and definitely under “DRY” (Don’t Repeat Yourself). When you have a list of constants that you need to save or retrieve, typically settings, you easily get into a situation where you have say 20 constant strings defining the names of your constants, and then a block of code going through the same 20 variables to retrieve or save them. When you add a constant, you’ve got at least three places to add code and then I’m not even counting the places where you actually use the settings value.
But using reflection in C#, you can easily make it so the system retrieves all your constants and their values into a dictionary at runtime and saves them back, using nothing but the declaration of the string constants.
This is an example of a declaration of the names of the values we want to save and restore:
And this is code that then gets the values of those constants and sticks them into a dictionary in runtime. The rest of the code is trivial and not worth reproducing here
After having read about the goddam awful handling of a student that hacked a university system, I’d felt that a little story could help tip these people off on how to handle students without necessarily breaking them and destroying their future.
Story Time
Kid sits in his dorm room, bored out of his skull trying to find any excuse to not cram for tomorrow’s exam. Starts fiddling with the student registration system (or whatever), finds a glaring hole, pulls up a mate’s records for kicks and prints them out. Writes a little email note to the IT admin, going something like:
“Hey, your SRS sucks. I can tell you that anyone can see anyone else’s data without even breaking a sweat. I can prove it if you like. Please fix.”
Reply from IT admin: “Kid, whatever you’re doing, stop it right now and get your ass down here to my office. Together, we’ll see if you’re right and if you are, we’ll do something about it. How’s that? We could have lunch afterwards, but on one condition: don’t touch it again in the meanwhile. Are we agreed?”
Kid: “Hey, Mr Simpson, sure thing! I’ll be there, no fail! And I promise not to touch a thing until then. What’s for lunch, btw?”
Next day.
Mr Simpson: “Ok, Kid, show me what you’ve got. Ummm…. ok, yes, that’s bad. Let’s see what we can do. I’ll try to find a fix for this, and I’ll get back to you when I’m done so we could go over this again together. Give me a week, and if you don’t hear from me, remind me, ok?”
Kid: “Yes, sir! I’d be glad to help.”
Mr Simpson: “One more thing, kid. You already saw some information you’re not supposed to see. You have to promise me to destroy it and forget it. On your mother’s head. Will you?”
Kid: “What info? I’ve already forgotten.”
Mr Simpson: “That’s my boy. The second thing is that you actually went too far and I’m going to turn a blind eye to that. The next time you suspect something’s amiss, you come to me first, and we’ll hack the system together. I can do that without having the SWAT team circle the building, but you can’t. You were lucky this time, but who knows about next time, right?”
Kid: “Yes, Mr Simpson, I think you’re right.” A bit of cold sweat enters into the picture.
A couple of days pass. Mr Simpson asks for Kid to come down to the IT office again.
Mr Simpson: “Can we go through what I did to the system and see if you see anything wrong with it? But you have to promise (or sign an NDA or whatever) that you’ll keep whatever you see to yourself. Ok?”
They go through what has been fixed and what has not. Then Mr Simpson delivers an exit sermon:
“Kid, this time you were lucky. You did actually trespass into the systems. Yes, I know you meant well, but this is really dangerous. Not so much to the system, it’s crap anyway, but to your future. Places like this university is full of mean, lazy, bozos that would much rather call the cops on you than listen to what you have to say. So, this is my advice to you in the future, in and out of university: if you see some potential security problem with a system, stop exploring it as soon as you have a decent suspicion, long before you have proof. Contact whoever is in charge of the system and if they’re cooperative, do as we just did. If they’re not, view them as a direct threat to your career, don’t touch another thing, don’t make yourself a suspect in the breaks of that system that will inevitably occur. Just step away quietly and save yourself for another battle. Enjoy the show from a distance when that system goes under.”
Kid: “But I didn’t know how to handle it, I was sure you people wouldn’t want to listen. Couldn’t you put up a policy about this somewere?”
Mr Simpson: “You’re a bright lad, Kid, I’ll get right on it.”
And so he did, he formulated a policy that popped up whenever a student accessed the system, and it went something like this:
“If you have concerns regarding the security of this system, please contact Mr Simpson at IT support. Please don’t hack us. Please don’t make us call in the cops. Let us work out these things together, for our sake, for your sake, and for the good name of the university.”
And they lived happily ever after.
PS: Mr Kid went on to become a CIS and had a similar policy introduced in his multinational. He then went on to win the Nobel Peace Prize in 2016. He also became famous for having introduced a new, highly secure, layered and tokenbased database access method that changed database security programming forever.
Today I helped a neighbor recover data from his laptop. It wouldn’t boot and it ran (or failed to run) Windows XP. Checking it with a low level utility showed that the MBR and partition table were shot.
Now, Windows repair didn’t find the drive. Fixmbr didn’t fix the MBR. Fixboot didn’t fix the boot. Knoppix couldn’t mount the drive. Nothing worked.
So I pulled the drive from the laptop, hooked it up to my old, crappy, Dell Optimus, Octopus, or whatever it’s called, since it had SATA. Got the FindPart utility package, and man does that thing work right! The instructions aren’t exactly clear, but you can figure it out with a little patience. That stuff rocks! Highly, highly recommended.
As I already mentioned, MSDN didn’t work. Talked to a “concierge” who told me it was an emergency maintenance gone wrong, that made downloads impossible. Now, I can’t even log on to the service. Funny, but if you try to go to the download areas, you start bouncing between msdn.microsoft.com and login.live.com. Back and forth, back and forth, until you get an error message. I made a little movie of the bouncing (yes, it’s Safari on OSX, but the same thing happens using IE on Windows.)
I’m not much impressed. Wonder when we’ll see MSDN alive again. BTW, shouldn’t MS use the “login.dead.com” service for things like this?
Had to install a Swedish XP under Parallels to test my product. I have MSDN Pro subscription, including operating systems, so I checked out my CDs and DVDs. No Swedish. Ok, so logon to MSDN Site for downloads. Um. The download link is greyed out for all products, with no explanation. All other links work. That’s under Safari on OSX, so I suddenly realize MS may not prefer to work anything under OSX and expecting them to tell you why it doesn’t work is probably too much asked. Ok, switched to an XP and sure, the links came alive.
Downloaded Swedish XP Pro with SP3. Tried installing under Parallels, but it ran into problems. Downloaded Swedish XP Pro, no SP, and installed it from a network share just fine. Tried to run update, got Windows Genuine Advantage (what a laugh), that couldn’t verify the legality of my totally legal copy and offered to sell me one. Or activate. Which, of course, it didn’t.
Tried to download just the SP3 to patch the XP locally, but meanwhile MSDN download services have stopped working for some f…ing reason. Couldn’t get it to work with any of my otherwise just fine XPs.
Erase. Write the Swedish XP Pro with SP3 to a real physical CD and installing from there, worked ok. Tried update. Windows Genuine Advantage. Could not verify I wasn’t a thief, assumed I was, told me to activate (even though I have a 60 day grace period on MSDN versions!), which, naturally, failed.
So I did what the thing recommends and started the phone activation procedure for the first time in my life. And, man, it’s gonna be the last one as well. Up pops a window with a phone number to call. Once there, you get to enter a code sequence using the phone keypad. Now, this is a little DECT phone with a little keypad and I’m asked to enter nine groups of six digits without fail. Yes, 54 digits… OMFG…
So I do. Guess what? My numbers can’t be verified. So I get a real human on the line. Thankfully I don’t have to enter everything again, the nice lady has the numbers already. Now she does some magic and hangs up, after which a robot reads out seven groups of six digits that I am to copy down then enter into the right fields.
For some inscrutable reason, this works.
Then I got a quiz, a “user satisfaction survey” which I couldn’t resist replying to. Questions like “Did you enjoy the activation procedure? (No!)”, “Was the customer representative nice? (Yes!)”, and more of that kind. The cutest one was: “How many times have you tried to activate, 1, 2-4, 5-10, more than 10? (5-10!)”, which shows a certain insight into how terrible this system is.
You’re supposed to answer with a 1 for terrible and a 9 for excellent, except they only say so right at the start and you’re expected to remember that. It’s entirely possible I got it backwards and thus expressed hate against the nice lady and unlimited adoration for the process itself. Too bad. Even though they’d never change the process because of customer dissatisfaction, the same may not be true for the representatives. (My apologies to the lady if I got it backwards.)
This entire process has cost me an hour. Now I need to do the same thing with a Norwegian copy and a Russian copy as well. And maybe even with Vista for the same three versions.
A few more validations like this, and I would have saved time by writing my own OS instead of using one from Microsoft. Productivity? Hah!
So I had this old office chair that’s been with me since 1982. It was expensive back then, which explains why it lasted this long, but lately it’s become wobbly. The back rest seems not to know exactly what’s vertical and what’s not. Parts and padding are falling off every now and then. It’s a German or Belgian make, forgot exactly which. Good stuff, for its time.
Looking around for a new chair, I couldn’t find much except IKEA, and their chairs aren’t really good quality. Don’t get me wrong, I buy a lot of stuff at IKEA, but I wouldn’t buy an office chair there. I didn’t find any other decent brands that I could test and experience, either. There are lots of brands and types, but it’s very hard to find a store where you can check them out, and I won’t buy an unknown chair sight unseen or seat unsat. About the only chair I would dare buy on reputation alone is the Aeron. It’s the chair a lot of programmers expect to get, just as they expect to get top end workstations. It’s a top end office chair. Just google it.
Now, price… in the US, you can find the Aeron for around $950, which isn’t exactly cheap but considering the current exchange rate, it comes out to around 6000 SEK (I’m in Sweden), which is only twice the price of most decent office chairs.
Checking out the official Aeron prices from the Swedish distributors is bound to make you sick; around 15000 SEK, plus tax. That is $2500 plus tax! Jeez… how the h… can they mark it up like that?
Second hand, you can find Aeron chairs in Sweden for around 7-9000 SEK, but then you have no guarantees. I found them on Blocket.
Next, I checked out prices in the USA and found Home Office Solutions. They’re selling it new for around $750 and free shipping within the USA. I called them and asked if they’d ship to Sweden and they told me they can’t sell new chairs to me, due to Herman Miller prohibiting them from selling outside the USA. Good old market protection in action. However, they can sell “Certified Refurbished” chairs anywhere they want, and these go for a little less, $718 plus $199 shipping (when I bought it), including a 12 year warranty. Yes, I ordered one, plus the casters for hard floors, around $30 extra. I expect to pay around 5% customs. The VAT will be added by Fedex, but I’ll get it back on the company VAT account, so it’s of no consequence. At the current exchange rate, this chair will cost me around 6000 SEK.
The chair arrived today (it took a week) in perfect condition. Even examining it in detail, I can find no sign it’s ever been used. I’m sitting in it right now and it’s simply great. Here are a couple of pictures of it, including my little son who I had a lot of problems convincing to let me use it.
I highly recommend buying this chair, and if you do to get it from Home Office Solutions. There may be other good places to get it, of course, I didn’t check them all.
Update 26 aug 2008: just got the invoice from Fedex, and I was only charged 100 SEK admin costs and VAT. No customs charge. So the grand total comes to around 5600 SEK plus VAT, just a whisker over a third of the Swedish internet mail order price for a new chair. And as I said, you can’t see the difference. What a deal.
Update 19 september 2008: this chair is heaven. It’s so good that I just want to go sit in it all the time, and while I’m there, I could just as well get some coding done. Developer managers out there, if you don’t get this kind of seat for your developers, you’re missing out on a great ROI opportunity. Payback time? I’d say a week, but I’ll claim less than a month, to be on the safe side. Ok, two or three months at the Swedish prices, but still. (No, I don’t have shares in Herman Miller or Home Office Solutions or anything related.)
The Swedish parliament just passed a bill that allows the Swedish military to monitor any communications over the net of anyone without a court order. It also allows building up maps of interrelationships using traffic info without any court order. It kind of beats anything the US administration did even at its worst. Except it’s actually a law, so the government here doesn’t need to break the law to do it. How convenient.
It has been said that it was created under pressure from our uncle in the west, since so much former-east-block traffic passes through Sweden. I’m inclined to believe that, but I see no reason why our government can’t decide for themselves, so the responsibility for being pussies is all on the Swedish government.
I can see only one upside to the whole thing: anonymous proxies like Relakks, new methods of hiding traffic information, message encryption, etc, will get a real boost. This is a country of contrarians and inventors, so my hopes are high. Even some regular good citizens start asking me how to make life difficult for the buggers. That’s a very good sign.
I think, or rather hope, that this was a crucial mistake by the “who needs privacy” crowd, creating some real legimate reason to start fighting government initiatives like this. Sweden has no 9/11 to use as an excuse. Sweden has no “boys in Iraq” to support. There is very little unconditional patriotism or flag waving. There’s not even any terrorism here to defend against. IOW, there is very little emotional argument to quiet the crowd with, if the crowd gets upset.
OTOH, to get Swedes visibly upset about anything is pretty hard to do, so we’ll have to wait to see if this particular leather boot does the trick or not.
See http://www.thelocal.se/12514.html (english)
Update: another excellent article about it in The Intelligence Daily.
The worst just happened. The Windows XP instance I use for development, the one with VS 2008 on it, just bluescreened, then did disk repair, then went into a bluescreen cycle. Can’t break out of it even with safe boot. This is the one instance I have my development source in, and the one instance I updated to SP3. I can hear you snicker already. I’ll try to shoot a movie of the rebooting so you can enjoy it fully. Plus it may give me a chance to see what the error code actually is. Click the image for the movie.
If you watch really closely, you’ll see the error message “the windows logon process system process terminated unexpectedly” (you also see it in the screenshot above, of course). Using “the Google”, I found an article on MS Support that seems to describe what’s happening. I really don’t want to go through the recommended steps in that article and since I presumably have a pretty good backup, I’ll try my backup first.
My Mac Pro came with an ATI 2600 XT card, which turns out to be not so great. We’re having a heat wave in Sweden right now, and that card is definitely getting the vapors. The symptom is that the machine freezes and has to be hard booted to snap out of it. The most reproducible way of getting there is to run World of Warcraft in full screen. And you’re not going to tell me that I can’t run WoW during the summer holidays. That’s ridiculous.
