Interesting Stuff

Today’s nerdtacular tip is brought to you by the letter π and the number e: if you telnet into port 80 of a webserver, you can write your HTTP requests by hand. I haven’t quite figured out how to use this to my advantage yet, but I’m pretty sure it’s there somewhere… I can now fill in my own custom values when submitting forms, without bothering to download and edit the source for the page with the form on it, if nothing else (though I’d still need to look at the source to see what parameters the form contains).
A quick example →

Εὕρηκα! I have found it: final and conclusive proof that I am not the biggest nerd in the world!

This past weekend, Emily surprised me by coming down to visit. We went to the 3rd Street Promenade and had sushi (her first time eating real sushi). We also went to Venice beach and watched this dude catch a flounder. We tried to go see Grauman’s Chinese Theater, but they were opening The Fountain, and we couldn’t get through the throngs of Hugh Jackman fans. So instead, we drove up into the foothills and found some excellent views of the city. I introduced her to Jeeves and Wooster and Penn & Teller’s Bullshit. A good time was had by all.

I’ve been making some really stupid mistakes at work. Hopefully I can put a stop to them and get back to doing stuff correctly.

and I know I need to post news soon…

1. My can of soup says to put in a bowl, cover loosely, microwave, and then let stand for a minute. I do all of this in a plastic bowl with a flimsy plastic lid that can be sealed shut (but I don’t seal it). When I take the soup out of the microwave, the lid is not only sealed on, but bowed in from lack of pressure (lack of atmosphere?) inside the bowl. The soup is still hot (I don’t think it has cooled much). What’s going on?
2. My shower has a smooth, clear, glass door. When I shower, the water covers it with a smooth, even layer, so I can still see out pretty clearly. When I touch my finger to the glass, the water “runs away” from my finger and leaves the glass nearly dry in the vicinity. This is so strong that the water will actually flow up to “escape” my finger’s vicinity. New drops of water that hit the glass while my finger is touching it also move away (though at a slower pace, since they can’t flow as easily without more water around). When I remove my finger, the film of water returns to the way it was before. This isn’t dependent on something I’ve put on my finger; it works with all 10 fingers/thumbs, both elbows, my tongue, and at least one toe. I don’t have a water softener. What is happening?
3. Galileo showed that all objects fall at the same rate, no matter how much they weigh. I have a bowl full of Cheerios and put some raisins on top. The Cheerios and raisins are about the same size, but the raisins are denser. I put my hand over the top of the bowl and shake it. I would expect all objects in the bowl to fall at the same rate when I shake, and keep the raisins on top. Instead, they gradually migrate towards the bottom. What’s going on?
4. There is a doorway with the sun shining through it onto a wall (with the shadow of the doorframe on the wall). I stand several feet in front of the door so that the side of my shadow nearly touches the side of the door’s shadow. The part of my shadow closest to the door’s is mirrored, so it appears that the side of my arm is coming out of the doorframe. This occurs even if I move around slightly (it appears as though the door’s arm is moving in the opposite direction). The shadows need to be within a couple inches of each other to get this to work. What is going on?

The world is a strange and fascinating place.

I wrote an integer factorisation program (Java bytecode also available for those without a compiler) using an algorithm I just made up, and it works surprisingly well (significantly better than brute force, not nearly as good as the best-known algorithms out there today). Yes, it still has exponential running time, but I thought it was a neat idea.

A summary of the algorithm →

…is Bruce Schneier, the world-renowned security guru. From the website, a list of my favorites →

My name, written in Hindi, written in Unicode:

ऐलन डेिवडसन

Yeah, that’s right—real programmers code in binary (or hexadecimal, if they get lazy). The coolest thing about this is that if I had been more confident, I could have done it without getting help from the Internet. but I wasn’t, so I double checked stuff online. I’m still not entirely sure I got it right, so if you or someone you know is familiar with the Devanagari alphabet, please double check my spelling. I have written this so that people who don’t have Hindi vowel-rendering turned on (which I suspect is the majority of my readers) will see this correctly, while anyone who actually has a computer set up to read Hindi/Sanskrit/&c will think the ि and व should be swapped. I’m aware of the problem, but can’t fix it for everyone.

Unicode is surprisingly intricate: like x86 machine code, UTF-8 (the most common encoding of Unicode, since it’s backwards compatible with ASCII) and UTF-16 use a variable-length encoding for characters, so that common character sets like ASCII take up less room than uncommon ones like Braille (which is not as widespread on the Internet as it is elsewhere). Unicode text files typically start off with a Byte-Order Mark, which describes the basic unit size of characters along with the endianness of the machine on which it was encoded; these BOMs are partly why it’s such a universal encoding system. Unicode actually raises some pretty challenging questions in terms of “alphabetical” sorting and accent placement, and even presents some security problems by opening the way for homograph phishing attacks (for instance, see this Shmoo article on IDN attacks, which mentions that www.pаypal.com can be registered with a Cyrillic first ‘а’ and could be full of scams. Yes, I have written both the URL and the ‘а’ with the actual Cyrillic letter).

Yes, it’s totally dorky to learn about Unicode, but it’s actually kinda cool at the same time.

Whoops! When I wrote about voting last week, I mistakenly said the election was on November 9. It’s actually on November 7. Sorry for the confusion, and please remember to vote!

This evening, I had dinner with 5 other Googlers at a wonderful Indian restaurant. We all work on separate projects, have no directly work-related interaction, and each of us met at least 2 of the others just this evening. However, we had a surprising amount in common:

• 3 work at the Irvine office (the other 3 work in Santa Monica)
• 3 were born in the eastern hemisphere
• 3 have cooked in a tandoori oven (only one of which can claim any semblance of Indian heritage/past)
• 3 have lived in Boulder, Colorado
• 3 have bumped into the same Romanian dude up in the Mountain View office (1000+ employees), even though none of us have been there for more than a week at a time
• 3 were Mudders (classes of ’85, ’99, and ’06, respectively)

All of this came up in normal conversation, without purposely trying to find weird stuff we have in common. How cool is that!?

Another interesting tidbit from tonight: “tikka masala” means “spiced patty,” and is typically a vegetarian dish. The chicken variety, despite its popularity, is unlike any traditional tikka masala, and was invented less than 50 years ago.

It’s worth noting that China has frozen Korean money transfers in protest over North Korea’s recent missile tests. I’m a bit surprised that China is willing to take such a strong action against what I thought was a close ally.

The more interesting news is that more chinks in the Bush administration’s monolithic confidence over Iraq are beginning to emerge. October, despite the observance of Ramadan, is already the most deadly month in Iraq for US troops since April. Most importantly, American diplomat Alberto Fernandez told al-Jazeera that the US acted with “arrogance and stupidity” in Iraq, and is now in a nigh unwinnable position. He was later forced to retract his position. The White House seems to be claiming that his statement was a mistranslation, despite the fact that Fernandez is fluent in Arabic (and presumably English, too).

Finally, I give you a history of Arial and Helvetica fonts, including a reason to like Helvetica and dislike Arial (Helvetica:Arial::Java:Javascript, one might say). I also include a guide to spotting the differences between the two. This was brought to my attention on the tex_latex community. I feel weird saying this, but it’s kinda fun being a typesetting snob and noticing the papers that lack ligatures and do paragraph/page spacing wrong.

I’m sure all the CS people reading this (and maybe even some of the non-CS types!) are familiar with buffer overflow attacks, and know how to both protect against them and exploit them in other people’s code, or at least have a vague idea about how to do it. However, fewer people have heard of format string attacks. Here’s a fairly detailed explanation, but I’ll summarize:

If, in your C or C++ code, you write printf(foo) (where foo is typically a const char*), it will just print foo to the screen. The one exception here is when foo contains the percent sign, in which case it prints corresponding things from the stack. If there are more %’s in the string than there are other things in the stack frame, it will begin printing out previous parts of foo itself. If foo was defined as input from a clever yet malicious user, they can craft strings that do nasty things to your program. Most importantly, they can read from (using %08x) and even write to (using %n) arbitrary locations in memory. Given that, they can pretty much do anything they want on your machine. Nifty!

The simple and obvious way to avoid this attack is to change all instances of printf(foo) in your code to printf("%s", foo) instead. The less obvious but much better solution is to not code in C or C++ ever again, and instead use a modern, high-level language like Python or Java (or if you’re Michael and worry about the speed of your program, use an actual low-level language like Assembly).