Older blog entries for forrest (starting at number 64)

18 Oct 2003 (updated 18 Oct 2003 at 05:12 UTC) »

Alarming Privacy Violation

I'm sure I must not be the only one here who invests in Vanguard Funds; they have a reputation for low overhead.

Their website is clearly geared towards IE, the only browser they guarantee to work. Mozilla under Linux usually works though, and that's what I usually do. To do a buy transaction you're shepherded through a series of scrollbar-less windows. They offer you the option to print a record of the final transaction, but you're not supposed to save the html, as evidenced by this bit of javascript:

document.onmousedown=noRight;
document.onmouseup=noRight;

function noRight(e) { if (event.button > 1) { alert("Sorry, the right click has been disabled for this application."); return false; } }

Of course, I saved the html: I wanted to store a record on my computer and the above code presented no restriction to me.

Just now I was looking at the html source so I could enter my data into Gnucash, when I saw something that made a chill run up my spine:

	<div class="gh"><img SRC="https://ad.doubleclick.net/activity;src=9999;type=vangu99;cat=mfbuy9999;qty=1;
cost=999;ord=99999999999;u=99999|Individual|prd;tran=9999999999?" WIDTH=1 HEIGHT=1 BORDER=0></div>

I changed all the numbers to random strings of 9s to obscure my personal financial information (and added a newline to make the formatting less obnoxious), but from the original content it's clear that information about my transaction was sent. To ad.doubleclick.net.

I feel violated. I'd feel really violated if ad.doubleclick.net didn't resolve to 127.0.0.1 on my system.

I guess I'd better go re-read their privacy policy with a fine-tooth comb.

P.S. I know I've read some things before about why Doubleclick in particular is a very dubious entity to trust with one's personal information. I know I can google for it, but if anyone can help me out by pointing me to the best articles to reference in my upcoming complaint to Vanguard, that'd be great.

A Math Question

I have this idea to create a musical composition which consists of richly modulated overtones of a single note. (Hmmm ... wish I could describe that better ... )

I wrote a C program using libsndfile to do simple additive synthesis. I use a base frequency around 50 to 60 Hz and am adding harmonics from around the 7th to the 16th with different amplitude envelopes.

My plan is to create a melody with those harmonics, and calculate amplitude envelopes such that the note that is "played" reaches a defined peak amplitude at that time.

Here's the tricky part. When a note is not being "played", I still want the amplitude envelope for that harmonic to have a rich texture. I'd like it to stay below a certain threshold which I define, but it needs to be there, sinusoidally varying.

So, the question is, how do I get the Fourier composition of a curve defined by the location of various maxima and a threshold which the rest of the curve must not exceed? I guess I also need a parameter somehow controlling how quickly the curve must jump up above the threshold for a maximum and get back down.

My intuition tells me that if I get the formula right, the curve with the fewest sinusoidal components meeting my conditions will also have the richest variation in those regions of the curve which are beneath the threshold, and thus the richest sound texture.

Is this just senseless blathering to all of you? I wish I could make myself clearer.

6 Sep 2003 (updated 6 Sep 2003 at 23:39 UTC) »

A Tale of Digressions

So, I have this code at work that talks to a secure web server pretending to be a browser. For various reasons, we'd like to make the code use HTTP/1.1 and persistent connections. The current code is in perl and invokes a subprocess for each request.

I say, "I know, I'll rewrite it in java, and use The Jakarta Commons HttpClient!". That gives me a chance to get more up-to-speed in java (another work requirement) and use what looks to be a featureful and dependable http client library. There are also more java people than perl people around there to look after the code.

This is kinda hot, so I'm working on it at home over the weekend. First I decide I need to set up SSL on my testing webserver to have something to test against. That way I can also learn something about setting up SSL on Apache 2.x -- what I have installed here on my Debian box -- and that's not exactly a waste of time.

So, to figure out this SSL stuff, I go to the manual, I have apache2-doc installed, so there's a link on my main webpage which takes me to http://localhost/manual, where I see

URI: index.html.de
Content-Language: de
Content-type: text/html; charset=ISO-8859-1

URI: index.html.en Content-Language: en Content-type: text/html; charset=ISO-8859-1

URI: index.html.fr Content-Language: fr Content-type: text/html; charset=ISO-8859-1

URI: index.html.ja.jis Content-Language: ja Content-type: text/html; charset=ISO-2022-JP

URI: index.html.ko.euc-kr Content-Language: ko Content-type: text/html; charset=EUC-KR

... at least with "view source" thats what I see. Rendered as html, it's all run together.

Hmm, it appears that there's some problem with the language negotiation. I should have done then what I did just now: found the existing bug report and let it go, but instead I poked around in my configuration files and read up on mod_negotiation trying to figure out what's up.

Then I decide I should try this from a different browser to see if that has anything to do with it, so I go over to my wife's win2k box (which I normally dread to touch) and point it my apache 2 manual. Same result. I decide to check the manual on the official apache website to see how that behaves and make a wrong guess at the URL ...

My God! Some evil slimeware program has hijacked the 404s to take IE to their scummy advertising "search engine"!!! Now, my wife's not as paranoid as I am, but she is definitely an intelligent and aware computer user, so there's no way she installed anything "cute" or something. This scumware had to come totally stealthily, just as a side-effect of browsing. I am totally amazed that people can even use Windows, when evil marketing assholes compromising your computer is a typical everyday occurance. I'm sure it must cause many non-technical people to give up on the internet altogther.

Now, I know I can just run AdAware and get rid of this crap, but I was so amazed by this evil attack on my wife's computer that I expended some energy (fruitlessly) trying to figure out what happened.

... then the next day I had to post on advogato about all that. Ok, about that http client program I need to write ...

Addendum: A bold scam e-mail

Ok, I really should get back to work, but I got a scam e-mail pretending to be from eBay, and attempting to get me to fill in my personal information at http://211.217.224.102:4901/stats/. Internet criminals are getting bolder and bolder these days! I've seen some of these for e-gold before, but no one uses e-gold, so that doesn't matter. Everyone uses eBay. I guess I'd better report this to the FTC -- I'm sure someone else will, but what if everyone just said that?

MAILER-DAEMON spam

I get a lot of bogus MAILER-DAEMON messages these days, either from unsuccessful spam attempts which used my domain in the From address, or as a clever trick to send me spam. That led me to have this great idea (drumroll, please):

Why can't my mailserver remember what mails it actually sent, and figure out which bounce messages are legit? Bogus MAILER-DAEMON messages would get dropped on the floor. Optionally, three bogus ones from the same address could cause that address to be blocked.

Seems straightforward enough to me ... what would be the problems with doing that?

Trying to figure out IIIMF

I have installed the iiimf-htt-server and iiimf-htt-le-newpy packages, which are parts of the Internet/Intranet Input Method Framework. I want a Simplified Chinese input method which will allow me to send mail from Mozilla, and these packages ... hmmm ... are somehow related? I've been looking all over for documentation, though, and I can't figure out what the heck I need to do. It's possible I need to use a Chinese locale to get use the Chinese input method, but I certainly don't want to do that.

Does anyone know anything about this stuff?

Flaky Linux

Damn! My linux box is hosing up, and it's hard to know where the problem actually is. I am running Debian "unstable", but I've run unstable for many years, and I've never had this sort of problem.

Sometimes, when I've been away from my computer for a long time, it just locks up -- the screensaver is frozen, the keyboard and mouse unresponsive. I can ping it from another machine, and sometimes (not always) I'm able to ssh into it, but I haven't been able to do anything but reboot to get my mouse/keyboard/screen back.

I have an LCD screen which sometimes shifts to the left, and then I have to do all sorts of finagling to get it to render correctly. Recently I got a KVM switchbox, and it seems that switching that will usually correct the problem. That's the first of my difficulties, but there's more ...

I used to run fvwm, but now I'm running the GNOME desktop because this screen-shifting problem is much worse when I use fvwm. But fvwm never locked up on me the way I just described, but GNOME does.

I think it's probably got something to do with the fact I have an SMP box; this is the first one I've had and the first time I've had these sorts of major problems. Hell, a recent flavor of MS Windows wouldn't have any of these problems! Why oh why am I suddenly having these problems, when I've been running rock-solid GNU/Linux boxen since 1995?

I'm embarrassed to think of the impression a non-Linux person might get when they see my machine flaking out.

Kind of makes this not-so-minor annoyance pale in comparison.

Soundfonts

I'm getting somewhere with music on Linux. One of my problems was that I apparently didn't have /dev/sequencer defined; a reinstall of ALSA (in the Debian standard make_kpkg modules_image manner) resolved that. I found some soundfonts at http://www.personalcopy.com/, some of which are decompressed for Linux use (most are self-extracting Windows executables). My SoundBlaster Audigy can load soundfonts with sfxload, so I don't need a softsynth.

So, I'm getting somewhere. But there are a lot of bugs in Rosegarden 4, or perhaps it's just the Debian-packaged version. So, I will be doing bug reports soon, if not looking at the code myself, before I can seriously use that tool. But that's ok; all software has bugs, it's just that I can actively participate in fixing these.

My frustration has at least temporarily abated, and I no longer feel any inclination to run out and buy a Mac.

15 Jun 2003 (updated 15 Jun 2003 at 03:25 UTC) »

Frustration

Ok, I'm just beginning to get the feeling I've heard so many others express, a desire for a computer that "just works". Linux has been satisfactory for me so far because of the limited nature of what I've been doing: using the web, writing plain text, gnucash (good app!) and coding.

Now, I'm trying to set up a working musical composition environment, and I'm up against the wall. I've installed Rosegarden 4, which looks great (especially because it reminds me of the package I used to use on the Amiga, Music X), but I can't get it to make a sound. What I've gathered from perusing the net is that I need to install a "softsynth" -- a program which will read MIDI signals and generate sounds from my soundcard (Soundblaster Audigy), and then I'll need one or more "soundfonts" -- uhh, samples for the different MIDI instruments. Alternatively (but somewhat less desirable), I have a Yamaha TG-55 MIDI sound module sitting right by my computer here, and I could send MIDI output to it.

I don't mind digging around on the web for information, but I still haven't found out how to do this. I guess I'll be digging around hard this weekend, searching and grovelling, burning incense and waving chickens, trying to get my Debian box here to make a musical sound. (Any hints would be greatly appreciated!)

Last week sometime, my wife said "do you think we could get one of those digital camcorders and make movies on our computer?" Now I'm starting to think, damnit, why not just get a Mac OS X box and be done with it? I've heard about iMovie, and I bet I could get the sound stuff to "just work", and many other things. Doing real video editing from a digital camcorder on linux sounds like a pipe dream.

(small) frustration solved

One of the things that has annoyed me about Debian is that the only way I know of to see what packages are installed on my system, dpkg --list, truncates long package names. It's especially annoying when you want to uninstall a package and you can't get the name right. I've surfed the web about this from time to time and found no clue, but today I decided to look at the source code.

I found out that dpkg looks for the environment variable COLUMNS to determine the width of the terminal window, which it divides up proportionally. I have no idea where COLUMNS is supposed to come from; it certainly isn't set by xterm. In my five or so years of using Debian, I've always just had to put up with this annoyance. Now, with export COLUMNS=150 (or whatever) I can finally see the full package names. Yay!

I guess I'll be looking at source code more often, but it's unfortunate that should be required.

Long time, no post. Well, I haven't been doing any more with free software in all that time, either. Something about being married has changed the way I allocate my time.

SARS

My wife's parents made one attempt to get visitor's visas before SARS; they were summarily dismissed (damn INS!). Now, no new visas are being issued at all.

It's easier for us to travel to China to visit them, but I'm very worried about SARS. Two of the three times I went to China, I got sick ... the flight is just too long, and I can't sleep on the plane. I don't want to travel there until SARS is really under control, but even though the Chinese government has declared a new policy of admitting reality about the state of SARS, I'm skeptical of everything I hear.

Li really misses her parents, too.

Grad School?

I started to go to Grad School in Computer Science here at the University of Minnesota back in 1991 or so, but I became discouraged and never finished. Worse, my final quarter left me with a couple of Fs because I just bailed. I was just working at kinko's at the time and I couldn't see the connection between school and getting good work, plus I was personally unhappy due to a condition which I suspect might be well-known to some others here: the feeling that no one really understood me; that my only option for "fitting in" was self-effacement and robotic conformity.

Well, in time that all changed, and my disposition is quite good. My wife wants me to go back to grad school now. She has a grand plan in which I could have my Master's by the time she gets her undergraduate degree, and then we could move somewhere warmer and closer to my family in Georgia (without being too close). Although we have yet to see it, she's enamoured of the idea of going to the Research Triangle Park area ... which sounds to me like it could be a good thing. I wasn't going to go back to school because I thought it would be hard to pick up the pieces from where I left off. But my wife is really encouraging me, and my current situation at work -- although I think the particular issue I'm facing may be temporary -- is pushing me in the direction of needing something more.

Monkey Coding

I recently got involved with another development group at work, who are working on the "new system" which is running in parallel to, and may replace, the "old system" which I have been maintaining for years. The "new system" folks have never talked with the "old system" folks, and that's just weird. I've got a few minor tasks in their latest rev of the "new system" and I saw that it was haphazardly put together and could never do everything the "old system" does.

I made some comments about what they would absolutely have to do if they were ever to match the functionality of the old system, and that was labeled an "interesting academic digression" and told that I was coming in late on their release schedule where we just have to make what they have work.

So now I am making things work around this bad design, "monkey coding" I call it because not too much thinking is allowed at this point, knowing full well that the code I'm writing now will be thrown away soon ... or worse, I may be called on to maintain it.

Kind of makes one look at their options again ...

(Sorry for the long post, it's just been such a long time since the last one, I had to catch up.)

This essay by Senator Byrd of West Virginia is really striking in its clarity, and speaks for me completely.

I wonder if Byrd will run for President? I'd vote for him.

Congratulations, raph, on your arrest.

Hey folks.

I found something which really upset me, and I wanted to rant about it, but as it has nothing to do with free software, this wouldn't be the appropriate place.

Instead, I decided to post my first K5 diary entry. Take a look.

55 older entries...

New Advogato Features

New HTML Parser: The long-awaited libxml2 based HTML parser code is live. It needs further work but already handles most markup better than the original parser.

Keep up with the latest Advogato features by reading the Advogato status blog.

If you're a C programmer with some spare time, take a look at the mod_virgule project page and help us with one of the tasks on the ToDo list!