Nerd Splaining Large Numbers

Holy shit — the Economist really outdid itself. What now? In this post, they explained why Gangnam Style will break YouTube’s view counter. They used 3726 characters and 612 words to explain that computer integers don’t go on forever. When the Gangnam Style counter reaches 2,147,483,647 it will stop counting. Why?

Integers are stored in a series of ones and zeroes. On a 32-bit platform, you can only store value in 32 consecutive ones or zeros. Go to this binary to decimal calculator and put 32 ones in the binary field. Press “Calculate” and you’ll get this answer: 4294967295.

But the Gangnam Style counter is maxed at half of that? How come? That’s because computers use positive and negative numbers. The range falls above and below zero, i.e., from -2,147,483,648 to 2,147,483,647. Gangnam Style is approaching the upper bound.

If YouTube switched to 64-bit architecture they could capture up to 9 quintilian views.

Remember kids, there are 10 kinds of people in this world. Those who understand binary numbers and those who don’t.

[Economist: Wordy Word Words on Computer Integers]

 

Posted in Programming, Tech Media, Technology | Leave a comment



In Praise of Default Values

Your JoeDog likes options. He feels that if a program takes a variable value, that value should be configuarable. A programmer can spend a great deal of time selecting the perfect socket timeout, but unless the user works in the same environment it’s not necessarily perfect for them.

On the occasions when Your JoeDog uses Windows, he finds himself struggling to make the software do his bidding. It takes time to add another text field to a Windows GUI, so developers tend to limit the number of configurable options.

At the same time, he hates complicated software. You shouldn’t need a computer science PhD in order to configure scheduling software. Yet it’s impossible to use Tivoli’s workload scheduler and not feel completely overwhelmed. It can take days to set up.

These notions don’t have to be mutually exclusive. Software can be extremely flexible and simple to use. Your JoeDog achieves this notion in his own software with a novel concept known as the “default value.” If you don’t set a value, you get the default. If you require more precision, you can change those settings.

Generally speaking, software users don’t care about every configurable value. They have a subset of values they want to change. If everything has a default that doesn’t need to be set for the software to function, then the documentation becomes less overwhelming. If all you want to do is change one setting, then you can search the docs for just that configuration.

Your JoeDog does enough GUI programming that he can speak to the notion he mentioned above. It takes time to add labels and text fields to a program. Those GUI elements also take valuable screen real estate. As a result, many programmers limit the flexibility of their programs.

Here’s a thought: why not make the program configurable with a combination of a GUI and a configuration file? You can place the frequently changed stuff inside the GUI and the more obscure features inside the file. Trust me, the users who really want to change something will discover how to do that if you let them.

Keep it simple but make it flexible and your users will be appreciative … until you blog about it.

 

 

Posted in Programming | Leave a comment



AI Reporting

Your JoeDog is a Big Fan of artificial intelligence. His pinochle game represents one foray into the field. The computer bids based on its results experience. Your JoeDog can’t predict how it will bid a particular hand. It looks for experiences that resemble its current hand and it bids accordingly. Unfortunately, it still plays programmatically. As such, it can never be better than this nerd-blogger.

CBS Sports and Yahoo are doing interesting things with AI. Their fantasy football sites use artificial intelligence to summarize millions of games each week. The software analyzes lots of data and composes articles much like a human reporter. They only fail the Turing Test due to a contemplation of scale: A rational person soon realizes there aren’t enough humans on earth to produce that many articles by Tuesday morning.

There’s a more personal reason why Your JoeDog likes these cyber reporters: they think highly of his coaching skill:

Tonzie Crushers benefited from smart coaching this week. Coach Fulmer left Chris Johnson and Justin Hunter on the bench in favor of Frank Gore and Robert Woods, who were both expected to score less.

These great decisions boosted Tonzie Crushers’ final score by 22.1 points, which just made the final result that much more embarrassing. Putting Gore in the staring lineup also gained more points than any other coaching move this week, making it the Volkswagen Start of the Week.

Well this week. Last week they thought he was a moran

 

Posted in Programming | Leave a comment



Check Your Inputs: SQL Injection Edition

Here’s a question which tends to make Your JoeDog cringe: “So, what do you do?”

It’s often asked when he has a drink in his hand. And when he has a drink in hand, he doesn’t want to talk about work. Sometimes the inquiring person hears the answer, parses “computers” and wants to know why their laptop is slow. Honestly, Your JoeDog has no idea. Occasionally, he meets another nerd who wants to talk shop.

Recently he met a web nerd, the kind of web nerd who suffers from illusory superiority because he lacks the skill to recognize his ineptitude. These guys often contain a conspiratorial streak. This guy was no exception. The conversation soon shifted to hacking and web security.

Web Nerd puked a word salad of vulnerabilities but his beloved PHP was exonerated. “You can’t inject SQL because the mysql libs don’t allow multiple statements,” he said.

Couple points. 1.) the PHP mysql_ functions are deprecated. Astute JoeDog readers use PDO or MySQLi. 2.) You can still do injection as long as you keep it in a single statement.

Let’s try that after the jump!

Continue reading “Check Your Inputs: SQL Injection Edition” »

Posted in Community, On The Job, PHP, Programming | 2 Comments



Memory Leaks

Your JoeDog loves C but he hates memory management. That’s why he writes objects in C. They make managing memory easier. Still, he’s been know to cause a memory leak or two … okay, maybe a few more than that.

Valgrind is supposed to help identify those fsckers. You run a program inside valgrind and it checks your memory utilization. Awesome! Except when it’s not.

Your JoeDog has had zero point zero luck with valgrind. He’s been working on a snippet that will be incorporated into Your Fido. Your JoeDog loves snippets. By reducing complexity they allow him to focus on the integrity of the new code. In this particular snippet, he placed the new functionality inside a loop to check its long-running performance. The damn thing leaked!

“How did you know it was leaking?”

“I watched its memory usage in top and it continued to expand.”

“Well that sucks.”

“Indeed.”

So Your JoeDog ran the program in valgrind like this:

valgrind -v --leak-check=full --tool=memcheck ./haha

After it completed its iterations, valgrind had this to say:

==21112== HEAP SUMMARY:
==21112== in use at exit: 0 bytes in 0 blocks
==21112== total heap usage: 0 allocs, 0 frees, 0 bytes allocated
==21112==
==21112== All heap blocks were freed -- no leaks are possible

What the hell? This thing was leaking all over the place. Now Your JoeDog may have done something stupid. Instead of memory leaks, he might have created memory hogs. “What are memory hogs?” They are allocated resources that are no longer used but with references that are still maintained. Valgrind won’t identify a memory hog as a memory leak. But this was a snippet and an audit was easy. There were no hogs; something was leaking.

After an extensive audit, Your JoeDog identified the leak. It wasn’t in the snippet. He was using a dynamic array from array.c Here’s the offending code:

ARRAY
array_destroy(ARRAY this) 
{
  int i;

  for (i = 0; i < this->length; i++) {
    xfree(this->data[i]);  
  } 
  xfree(this->data);
  this = NULL;
  return this; 
}

Your JoeDog freed everything but the array object itself. Here’s the fix:

ARRAY
array_destroy(ARRAY this) 
{
  int i;

  for (i = 0; i < this->length; i++) {
    xfree(this->data[i]);  
  } 
  xfree(this->data);
  xfree(this);
  this = NULL;
  return this; 
}

It’s not clear why valgrind didn’t identify that. Any thoughts?

 

Posted in C, Programming | Leave a comment



So Are You Vulnerable To Shell-shock?

Here’s a quick command line test to see if you’re vulnerable to shell-shock, the bash vulnerability that everyone — I mean everyone — is talking about:

$ env x='() { :;}; echo 1. env' bash -c "echo 2. bash"

If your bash is vulnerable, it will execute the echo command inside the environment, if it’s not vulnerable, then it will only execute the stuff after -c

A vulnerable system prints this:

$ env x='() { :;}; echo 1. env' bash -c "echo 2. bash"
1. env
2. bash

A non-vulnerable system prints this:

$ env x='() { :;}; echo 1. env' bash -c "echo 2. bash"
2. bash

On the vulnerable system, the echo command that is set in the environment is executed by bash when the shell is invoked:

env x='() { :;}; echo 1. env' bash -c "echo 2. bash"

The stuff in red should NOT be executed. That’s a bug; it needs to be fixed.

NOTE: The second command was run on the server that hosts this blog entry. You guys can quit trying, mmmkay?

 

Posted in Applications, Security, sh | Leave a comment



Dunning–Kruger Effect

the dumbest man on the internetsYour JoeDog once worked with a programmer who couldn’t program. Now you’re probably thinking, isn’t programming an important qualification for that position? Not in a large corporation. To succeed in that environment, you need buzzwords and cliches. If you have them, managers just  assume you know what you’re talking about.

This particular non-programmer — or Ouch! as we liked to call him — was hired to build a Intranet site. It took him a year and a half to construct something that looked like your eight-year old nephew slapped together in a weekend. It was slow, poorly marked-up but at least it had a confusing layout and design.  Ouch had a parry for its shortcomings: Microsoft. “IE is a horrible web browser. It violates standards and ActiveX has a mind of its own.”

An appropriate response would have been, “If that’s true, how come all these non-Ouch sites look fine and work well in IE?” Instead, he received an award.

Because Ouch could steal someone else’s files and alter their markup to render the company’s text and images, we concede that he had some skill.  Armed with a comprehensive understanding of his craft, Ouch would have also known: 1.) How to work around a browser’s weaknesses by 2.) Stealing  the javascript, too, as it probably fixed those weaknesses but then he would have known too much and realized 3.) He was in the wrong profession.

While Ouch was laboring over his Intranet and ankle-deep in Cold Fusion, we were building an enterprise site with J2EE. And while Ouch didn’t know much, he did know this: in nerd hierarchy, Cold Fusion falls way below java.

So Ouch told everyone — and I mean everyone, his peers, his managers, the cleaning crew that he should be programming in java. To prove his point, he got the java logo tattooed on his bicep … which he showed to everyone.

Here’s the thing: Ouch wasn’t smart enough to know he couldn’t program in java. And management wasn’t smart enough to know he couldn’t program in java. The next thing you know, Ouch was stealing O’Reilly code — including the copyright notice — and attempting to implement the usecase. As far as I can tell, in one year in that position he didn’t release a thing that wasn’t immediately rewritten by somebody else.

Eventually Ouch was sacked but not for incompetence, he called his immediate supervisor the c-word. Management never considered him anything but a fine programmer. The buzzwords he used matched the ones they read in trade rags. How could he be anything but brilliant?

I didn’t realize it at the time but Ouch and the managers who considered him competent all suffered from the Dunning–Kruger Effect.

 

Posted in On The Job, Programming | 1 Comment



Shellshocked

Wired provides an interesting angle on the bash shell bug that has all your panties in a bind

[Brian] Fox drove those tapes to California and went back to work on Bash, other engineers started using the software and even helped build it. And as UNIX gave rise to GNU and Linux—the OS that drives so much of the modern internet—Bash found its way onto tens of thousands of machines. But somewhere along the way, in about 1992, one engineer typed a bug into the code. Last week, more then twenty years later, security researchers finally noticed this flaw in Fox’s ancient program. They called it Shellshock, and they warned it could allow hackers to wreak havoc on the modern internet.

[Wired: The Internet Is Broken]

 

Posted in Applications, Programming, sh | Leave a comment



How To Eliminate Unused Variable Warnings In GCC

Your JoeDog uses gcc v4.8.2 on his snazzy System 76 laptop. By default, that version uses this flag: -Wunused-but-set-variable If you’d like to see a lot of compiler warnings, then I suggest you use it, too.

Inside fido’s src directory you can find GNUs regex. The file names were changed to ereg.c, ereg.h and  ereg2.h to avoid potential naming collisions. Well, sir, that .c file cries like a whiney two-year-old when it’s compiled with -Wunused-but-set-variable. Here’s what you’ll see in the console:

gcc -DHAVE_CONFIG_H -I. -I. -I../include -W -Wall -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS -g -O2 -c ereg.c
In file included from ereg.c:640:0:
ereg.c: In function ‘byte_re_match_2_internal’:
ereg.c:7145:27: warning: variable ‘sdummy’ set but not used [-Wunused-but-set-variable]
const CHAR_T *sdummy = NULL;
^
ereg.c:7144:22: warning: variable ‘pdummy’ set but not used [-Wunused-but-set-variable]
UCHAR_T *pdummy = NULL;

Let’s see the offending code, shall we?

UCHAR_T *pdummy = NULL;
const CHAR_T *sdummy = NULL;

POP_FAILURE_POINT (sdummy, pdummy, dummy_low_reg, dummy_high_reg, 
                   reg_dummy, reg_dummy, reg_info_dummy);

I don’t know about you, but Your JoeDog thinks those variables are pretty much used. POP_FAILURE_POINT is a macro but that shouldn’t matter. Since he doesn’t maintain this code, Your Nerdblogger decided to put a bandaid on the wound rather than stop its bleeding.

The Internets are loaded with bandaids! Here’s one from a discussion on this exact topic:

#define UNUSED(expr) do { (void)(expr); } while (0)

To silence that warning, pass the offending variables to the macro and “Presto!” no more bitching….

UNUSED(sdummy);
UNUSED(pdummy)
Posted in C, Programming | Leave a comment



A Three-Column CSS Layout

Your JoeDog has a new look and feel!

The theme remains the same but we’re rocking a better architecture. The previous version was close to six years old and I made a poor design decision. What was that? I used HTML tables instead of CSS. It was a bad decision then but it’s inexcusable now. Don’t use HTML tables …. ever!

Why’s that?

CSS has numerous advantages over HTML.

  1. It eliminates the need for a clipboard. If somebody refers to you as a copy-and-paste programmer, that’s not a compliment. Redundant code is hard to maintain. CSS allows you to manage pages with a single file.
  2. HTML tables contain large amounts of markup. With CSS, you can reduce much of that, lower your site’s overhead and create faster loading pages.
  3. Site redesign is so much more efficient with CSS because it decouples content from its presentation.
  4. CSS is better for SEO because it boosts your content to code ratio and it better enables you to signal which items you want to emphasize.
  5. And the biggest reason CSS is superior to HTML: NO SPACER.GIFs

Now Your JoeDog is no CSS design expert but he knows what he likes: a header and three columns — one for navigation, one for content and one for ads. You’re not blocking his ads, are you? They help pay the bills.

Fortunately, Matthew James Taylor is a CSS expert. To create this new design, Your JoeDog incorporated his Three-column Holy Grail. Taylor achieves cross platform compatibility and SEO friendliness without resorting to hacks, images or javascript. The design uses 2-1-3 column ordering. So while you’re viewing these words in column number two, search bots are viewing them in column number one. Clever!

I highly recommend his templates. If you’re having difficulty implementing them, feel free to steal code and ideas from this website. (In particular, look for the .main #content tag. Your JoeDog used that to prevent Taylor’s floating blocks from crushing his margins and padding.

 

 

Posted in CSS | Leave a comment



Recent Comments

  • Tim: For those who enjoy playing at home and are extra OCD … they’ll spot something wrong with this....
  • roshni: Hi jeff, I need your help regarding running urls in a file containing post directives. Could you please send...
  • Alle: In seige, what does the pink result mean?
  • Windows User: Nice collection of Perl modules. Thanks for sharing.
  • Jeff Fulmer: No idea. What do you see in the webserver’s logs?