Posts tagged ‘computers’

A new vulnerability in Java

Looking at Sun’s take on it and Secunia’s links, there’s a fun little exploit in Java’s calendar objects that can allow a remote user to obtain escalated privileges, allowing them to read, write, and execute any files on your computer that you have access to. The interesting thing about this bug is that it doesn’t depend on memory being set up a certain way, which means it works reliably on a whole bunch of versions of Java, and in Mac, Windows, and *nix environments. You should update to the most recent version of Java to avoid this (see the Resolution section in the link to Sun above). Also, if you don’t use Java applets on the web, you might consider disabling Java in your browser (for Firefox, it’s under Edit > Preferences in the Content tab), so you don’t need to worry about this (programs that you download and run manually are much less likely to have exploits than programs you might automatically start running from visiting the wrong website).

How to swap two integers in C++

Warning: this post got embarrassingly long. For the short version, read up through the paragraph that starts with “If you use.”

This is something that’s been bugging me for a while, and I’d like to lay it to rest. If you’ve done any work in C++, you’ve probably heard the riddle about how to swap two integers without using a temporary variable. The question is exactly what it sounds like: you have two integers (call them x and y), you want to swap their values, and you may or may not want to use a third, temporary variable while doing it. Here are some ways of swapping integers that I have actually seen in professional code written by professional coders:

Method Name Code
Method A
{  // Limit the scope of t
  int t = x;
  x = y;
  y = t;
Method B
x ^= y;
y ^= x;
x ^= y;
Method C
x ^= y ^= x ^= y;
Method D
x = x + y;
y = x - y;
x = x - y;
Method E
std::swap(x, y);

Which of these is the fastest way to swap integers? Which way is the fastest method that doesn’t require extra memory? When will you want to use a different method? What is the overall best method?


Try to come up with some answers before reading further.


When you’ve decided on your answers, let’s take a closer look. No, on second thought, this got really long. For those of you who don’t want to read all the way to the end, let me just get my main point out of the way. After that, we’ll take a closer look. If you don’t want to spoil the ending, skip the next paragraph.

If you use this link you will spoil the ending, so skip to the next paragraph after this one. →

Totally into Pokémon!

If you don’t get the reference in the title, go read XKCD for a while. Over Thanksgiving weekend, I finally got around to finishing the switch from Gentoo to Xubuntu (which is really just Ubuntu with XFCE on it). Yes, I realize I’ve been meaning to do this for months, but I’m lazy. A preliminary review of (X)Ubuntu →

Hardware support – heat issues

My computer has begun having heat issues. I haven’t noticed any preformance problems yet, but this evening it began to smell faintly of the magic smoke they put in computers (if ever this smoke leaves a chip, it smells bad and the chip stops working). I don’t think anything important broke, but I’d like to stop this problem before it gets worse. Currently, I have the side of the case off, and a desk fan blowing into it. What can I do as a more permanent solution? I removed the plastic curvy piece that directs the big cooling fan on the back to the CPU, so the desk fan can reach the CPU. Should I put that back? I could take out the parts I’m not using (floppy drive, firewire card, and 56k modem), but they don’t generate much heat (the main heat sources are the two GeForce2 video cards and the Pentium 4 CPU). I don’t want to install a cooling system that uses something besides air. I don’t want to buy a new case. I would be willing to install more fans, if someone can tell me where they should go and how to install them (I am comfortable soldering stuff if necessary). By removing the side of the case, have I made the airflow worse?

The case currently has 4 fans: one on the power supply, one in the back with the curvy plastic onto the CPU (which has another directly on top of it), and one on the heat sink on one of the GeForce2s.

My apartment does not have air conditioning, and when I’m not here I close and lock the doors (there are no windows in the main room; just 2 doors), so that when I come home it is uncomfortably hot and stuffy, even for me. I’d like to keep my computer running when I’m not home, because I sometimes SSH in to it to get files. Any help would be appreciated.

DEFCON summary

Coming back from DEFCON, I felt like Jack, coming down the beanstalk to announce that “there are giants in the sky! There are big, tall, terrible* giants in the sky!” I was introduced to a whole new world with new ways to look at everything. I had no idea most of that stuff was out there and accessible to me. Everyone seemed more knowledgable about every single topic, but it was exhilerating to see it all.

I met up with Matt, Dan, John, Eric, and two guys I hadn’t met (Chris and Andrew) in Vegas, and we all shared a room intended for 4 people. The first day, everything was delayed by 2 hours because the fire marshall forgot to approve our convention, or something. After that, however, there were talks running continuously from 10am until midnight (yes, you had to miss some talks if you wanted to eat meals). Although most of the stuff was about computer security (hex editors, phishing, the EFF, RFID spoofing, database rootkits, etc) there was a surprising amount of (non-computer) security stuff there too (lock picking, safe cracking, neurolinguistic programming, etc). There was also some (non-security) computer hacking stuff: hard drive repair, steganography, fuzzing, extreme programming, autonomous robotic BB-guns, the list goes on. Late at night, we went to the Hacker Jeopardy sessions. I’m now inclined to say that all game shows would be more interesting if they had strippers.

Here are some more highlights:

  • Dan Kaminsky (who is the hacker version of Judiciary Pag), gave an amazing talk about…um…everything. SSL, security problems with DNS, visual bindiffs, security problems with online banking. He’s incredibly relaxed, yet brilliant. His work is amazing, and he drinks beer throughout the talk. In fact, at the end during the question and answer part, he gave me a beer for suggesting the visual bindiff can be used to find duplications in your code! Usually I don’t like beer, but this one kind of tasted like victory. \/\/00T!
  • I got to talk to and shake hands with Cindy Cohn, director of the EFF. This was pretty special for me, because they’re one of the greatest organizations I can think of.
  • Lots of people were doing crazy hacking in the hotel: pay phones went missing. One of the elevators I rode in had the emergency phone open, and some guy karaoking Sinatra tunes out of it at us. Someone even managed to hack the Hacker Jeopardy display system during the game itself.
  • In theory, I learned how to pick locks (both normal picking and bump picking) at the Lockpicking Villiage. The weird thing was that they had a lockpicking contest, and apparently an 11 year old girl did rather well in it.
  • They have a Spot The Fed contest every year, where you try to find out which other conference-goers work for federal agencies (DoJ, FBI, USPS, Marines, Washington DC meter maids… any federal employee will do). This was pretty fun to see, but one story will always stick out: a woman brought a man up on stage and claimed he was a fed. She said she knew this because the night before, they hooked up, got drunk, had sex, and while he was asleep she went through his stuff and found his badge.
  • There were several games of a unique form of capture the flag going on: on the network was a computer with several security problems purposely put into it. The object of the game was for teams to hack into the box and then keep everyone else out. Not exciting to watch (just a bunch of people busily typing on their laptops), but a fun concept anyway.
  • I saw the wall of sheep, which is a computer with a packet sniffer and data mining system on it. It searched the network for unencrypted usernames and passwords, and then projected them up on the wall. A good reminder of how insecure most websites are.

So, DEFCON wasn’t as good as AAAI was, but I still had a great time and got my money’s worth. I’m not yet sure if I’ll be back next year, but I’m glad I went once. As the EFF panel mentioned, it’s really the only conference where the invited speakers can show up for the earliest talks at 10:00, unshaven, hung over, and still get a warm reception.

*Terrible: extreme in extent or degree; intense

Scrabble n’ such

Whee! Remember over the summer when I was so excited that I got my first 7-letter word? Well, in the past couple weeks, I have played two more games, and gotten two more words! Sara and I were playing, and Kenny and Rami were watching (I have no idea what they were doing in my room, but it was cool to hang out with them anyway). The 2nd turn of the game (that’s right – the second turn!), I built off of Sara’s “HONEY” to get a triple-word score:


That netted me a good 80 points. Weirdly enough, we tied at the end — 275 each. This was a bit humbling, because this was the first time I’d gotten a 7-letter word on her, and it was also the first time I didn’t beat her. hm… I guess part of it was that I didn’t get any of the high-scoring letters (she got the Q, Z, X, and J), but part of it was that I definitely didn’t box her in enough. She managed to put the X on a triple word, and put QUIZ on a double word. All in all, though, ’twas a good game.

Then, tonight, Robert, Kenny, Rachel and I played Scrabble. I had had a slight lead all evening, and then, just as we ran out of letters to draw, I pulled the perfect ending move. Earlier that game, I had placed BADE just above the bottom center triple word score, so that no one could possibly get it (JADED was right above it). However, I then managed to play BULLPEN like this:


Landing the B on a triple word score and ending the game in one fell swoop! 92 points that turn. We played that everyone else got one extra turn to try to get rid of letters, so Robert got rid of his Z, and Kenny even managed to run out of letters as well (though he only had 3 or 4 letters in his hand). My final score – 215. Kenny came in 2nd with 124, so I’m feeling pretty good about the game.

Alex stopped in to visit, which was nice. She seems to be doing well, and is certainly visiting much more this year than last. The two of us, Mac, Elisa, Kenny, and Amanda watched The Professional, which we all missed at FNMG this evening. It was… interesting. Certainly a very violent movie, but at the same time, it was rather emotional. I’m not sure I’d recommend it. And there were some really creepy parts, as when Natalie Portman (who was about 12 when this movie was made) tells Jean Reno (who is in his 30’s) that she loves him. Not a daughter-father love, but a have-sex-and-get-married love. ew… At the same time, I’d be interested in finding out what other directors have watched this, because some of the same sort of imagery shows up in things like Lock, Stock, and Two Smoking Barrels (hit-man raises a child, takes the child to kill people, yet makes sure the child doesn’t swear, smoke, or be rude), the new Ocean’s Eleven (the SWAT scenes), and in Road To Perdition (I won’t say anything about this, because I don’t want to give away the end to either movie). One thing I didn’t know before this evening that the director (who also played the bad guy) also directed the Fifth Element (where he again played the bad guy) and Nikita (don’t recall if he played the bad guy or not). So… yeah. Interesting movie, all in all.

Yesterday, I finally got DMA turned back on for my hard drive (I’m using ReiserFS for my main partition). Huzzah! I can now watch more episodes of Bullshit (Amanda, thanks for giving me new episodes), and my music doesn’t sound as crappy any more! At this point, my computer is pretty much back to where I left off, except for the 2nd monitor, which I can’t get to work for the life of me. It does just fine at 640×480 resolution, but that’s less than 1/4 of the resolution I should be getting (I know it works at 1024×760 at 60Hz). Damn it! Well, I’ll get it eventually.

In the meantime, it’s now a touch past 3:00 in the morning, so I’m going to bed.

So here’s an odd problem – the power button on my monitor is broken. At the moment, this is ok because it’s on and it displays things just fine; but I can’t turn it off. This will be a problem at the end of the year, however, because once I unplug it, I doubt it will turn back on without some tinkering. Well, it can’t be that hard to replace a switch. I guess the hard part will be making sure that the whole thing is grounded before I start (to a first approximation, CRTs are 45,000-volt power supplies that can store these huge charges for months at a time – learn about lifters). So… yeah. not a problem yet, but it will be eventually, and in the meantime, it’s weird. The monitor is about 10 years old, and it’s lasted pretty well (we got it with our Windows 3.1 machine), so I can’t really complain. and it will be fun to fix, once I get around to it.

In national news, electronic voting seems to have been thrust upon us. I think the article gives a fairly good treatment of the topic – electronic voting machines are going to be used all over the US in this election, and it is too late to change them for this election, despite numerous security problems and outcry from what seems like most of the educated populace. I fear this is only going to muddy up what I consider the most important election of the past 50 years. Well, we’ll see how bad things get.

On a happier note, California is going to vote on giving $3 billion to stem cell research. Unfortunately, I am not a registered voter in California (I am in Minnesota instead), so I can’t cast a ballot here. However, I really hope this goes through. I really don’t see how anyone who is informed on the issue could possibly be against stem cell research. Even assuming that pro-life people have a leg to stand on in the abortion issue (which I contest), that barely applies at all to stem cells. Blastocysts, which are where embryonic stem cells come from, are blobs of goo small enough that you can’t see them with the naked eye. They resemble algae much more closely than they resemble people. Cutting them up does cause them to lose the ability to become a person (though they need to be implanted in a surrogate mother before that could happen anyway, so it’s not like they are going to be people if left to their own devices). However, they have huge potential to help actual people. They are potential cures to Parkinson’s disease, Alzheimer’s, diabetes, amputations, blindness, psoriasis, and a slew of other diseases and disabilities.

As an anecdote about the potential of stem cells, there is a man in Germany who lost his lower jaw to cancer 9 years ago. Over the summer, doctors made a scaffold for a new jaw, and covered it with stem cells, bone marrow, and various chemicals to facilitate growing. This was surgically placed on the man’s shoulder, where it grew for two months. Then, it was taken off of his shoulder and attached to his head. He now has a new, working jaw, and can speak better and even chew soft things. Admittedly, they used adult stem cells (which, unlike embryonic stem cells, do not come from embryos). However, embryonic stem cells show even more promise than this, because the same line of cells can make any kind of tissue (adult stem cells, in contrast, can only make a few kinds of tissue, and are not nearly as resilient). The story about the German guy can be found on New Scientist.

Well, that’s about it for now. Much is going on in the world right now, and we should all try to stay informed. I’m tired, so I’m now going to bed. Good night!

This update is not for Cassie… :-)

So, you know how over the summer I spent a fair amount of time setting up Linux, and it was a lot of work, but once it was done it was great? Well, about a month ago I figured out what was wrong with emerge – there were 15 bad blocks on my hard drive, which I couldn’t get rid of for the life of me. And supposedly modern hard drives will swap them out automatically. Well, I called Best Buy, and they decided to come out and replace the hard drive entirely. That happened about a week ago. And the new one didn’t have any working operating system on it. It claimed to have Windows XP, but that would give me the much-beloved Blue Screen of Death as soon as I booted up (while some people are surely saying this is typical of Windows, XP has mostly been better at this, to be fair). Anywho, I’ve now got Gentoo back up, and most of my system is back on. I’m still missing sound, my 2nd monitor, and a bunch of little, unimportant things (Shockwave, for example), but it’ll come. I guess the biggest problem right now is that I can’t seem to get my 2nd monitor working. And I can’t find the specs for it online, which is a bit weird. Well, I’ll get it eventually. In the meantime, I should be back online semi-regularly now. Though there are still some weird things going on with my system – for some reason, I can’t turn on DMA on my hard drive (this loads stuff into memory fast enough to play music and movies without them skipping). Perhaps I forgot to build something into the kernel. I need to learn more about that. Oh! and whenever I try to shut down X, it hangs and I have to power cycle. This isn’t really a problem, since after my other monitor starts working I shouldn’t have to turn anything off for 9 months, but in the meantime it’s a little weird.

Um… oh! news from Bridge Club! At the Activities Fair, we got roughly 30 more people to sign up for bridge-club-l (our mailing list), which is just fantastic. And for those of you who I haven’t told yet, Unit 551, the local ACBL sanctioned bridge club, has lost their lease on their building, and will be moving to the LAC starting at the beginning of November! So it looks like Mondays and Wednesdays we’ll have competitive games, and Thursdays we’ll have fun, teaching/learning/screwing around days. It looks to be a good year for bridge club, all in all.

Classes are going ok, all in all. Systems is absolutely amazing (CS105 Systems, not E59 Stems). We’re learning how computers work. Really. The first week, we went over data representations (two’s complement arithmetic, etc), and we’re now tackling assembler for the IA32. However, we have been looking at other architectures as well (SPARC jumps to mind as a prominent alternative example). Anywho, it’s a lot of work, but absolutely fascinating! This is the stuff I’ve always wondered about. My other classes are going ok. Nothing great, but certainly no complaints, except that my CS81 (Logic and Computability) class seems like a review of CS60 but with a boring prof. Well, I’m sure it’ll get better soon.

I haven’t been paying attention to world news for a couple weeks, so I have nothing to post about right now (hopefully that’ll change). um… my world news is that many of my friends are going to be abroad this semester. Yeah. It’s a little weird, but neat to hear what they’re going to be doing.

Oh! and for a strange, nerdy time, read up on John Conways work concerning Surreal Numbers. The subject is just that. And since I am in a weird mood, I leave you with a quote from my History82 reading last week:

“Having been entertained with no new theory now for a long while, I am sinking into a mere practical farmer. I have not a single new thing at present, except one experiment I am making to convert moss into dung, by endeavouring to rot it in a dunghill, by mixing it with fresh horse-dung. I shall let you know the result. If I succeed I shall be able to multiply my manure greatly.” – Henry Home, in a letter to William Cullen, 1752.

I’m pretty glad I didn’t live back then.

Back in the midwest

Well, I’m now home in Minnesota. Research went OK. The last day was a lot of work though – Friday morning, we had a meeting to make sure that everything was ready and done. Then, Prof. Raugh decided to tell me that he had looked through my part of the report and had some changes for me to make. I spent all afternoon making changes, and getting the final copy ready. I put the entire thing in a .zip file (just over 3MB zipped – quite a large piece of work!), and I was about to mail it off! I decided to check my email just in case anything unusual had happened at the last minute, but forgot how to do that from the terminal room. So I skateboarded back to my room, and check my mail. Lo and behold, Sarah has also made some major changes to her part of the report, and could I add them to the final copy? Mind you, this was at 6:00. I was about to be done. So I save her changes and go back to the terminal room and put them in the final report, rezip the whole thing, and send it out. I also put a copy in the directory Claire made for this project so that we can all access it on the math computers. It’s now about 3.1 megs (we had a lot of changes, apparently!). I finish work up at 6:30. :-P But it’s now done.

It’s a little weird being back in Minnesota. Marc can now drive, and has a job lifeguarding. So he’s going to be taking the car a lot, I fear. He has also decided to put bumper stickers on the back. He got one of those stickers from WootWear, and one from the USA Fencing Organization. I don’t want my car covered in bumper stickers! Get those off there! Luckily, he hasn’t put the fencing one on there yet, and I’m hoping I can persuade him not to. hm…

Though my computer is at school, it is turned on and the SSH port is open, so I can continue to install programs on it while I’m here. This evening, I started building OpenOffice. We’ll see how that turns out. I also have a copy of Knoppix with me, and have been impressing my dad and brother with its little features (everyone is impressed with the “fuzzy” clock, and Marc really likes the ASCII movie player). Since I have X-forewarding turned on on my machine at school, I can also check my email from there. This is really nice, because I can continue to train the Bayesian spam filter, and keep all of my email in one place. Whee! :-D

In world news, the Darfur Conflict is finally getting some well-deserved attention. The New York Times (free registration required, or go to BugMeNot) has stuff on it here. It even made the local paper here (the Star Tribune), which barely has any news of import. I for one am glad that Darfur is finally getting some attention. I’ve been following the conflict for several weeks, and at first I was quite dismayed that the rest of the world didn’t seem to notice (though perhaps it merely appeared that way because I was living in the college bubble). Well, I just thought I’d try to increase awareness of the issue.

It’s late, so I’m now going to bed. Goodnight!

Well, the 2nd graphics card I got for the new monitor isn’t as great as I had hoped. I can see why the CS department was throwing it out. So this evening, I bought a new one, that should suit my purposes quite well. It’s a GeForce 2, so it’s by no means a bad card, though it’s far from good. But I’m not a high-end gamer, so I’m happy with it. It should arrive Monday-ish, and then I’ll finally have both monitors running at good resolution.

The 4th of July passed fairly uneventfully this year – there were fireworks in the evening, and that was fun, but not much else happened. I’m still slowly moving into the double. about half of the posters/other art is up, and almost all the big things are moved in. It’s really nice that I don’t have to move it all over 1 day, and that I can spread it out over a month. It’ll get done eventually.

Work has turned frustrating once again. I need to write 4 more FORTRAN subroutines, but these aren’t documented in the user manual (they’re mentioned in passing in a table). I have a sample file of what they might look like, but the comments are written in German. BabelFish has helped a bit, but not much, as it doesn’t do technical mathy words. And Prof. DePillis was out of the office, so I couldn’t ask her for help. Hopefully tomorrow. *sigh*…