Older blog entries for berend (starting at number 167)

After more than a year, a new official release for xplain2sql, version 2.0. Even better output for Xplain constructs, stored procedure support, XML output, Oracle. Quite pleased.

But there's of course a lot more to do. Would like to have support for assertions, indexes on extends, refactor the code, etc. Perhaps cascade support. Never ending.

Yesterday wrote a small tool with Python. Needed to copy data from some tables in a SQL Server database to another. Had never written a real Python program before. Great stuff! I think the number of examples helped of course. There is so much stuff, that if you know exactly what you want, you can find a piece of code that does it. Just copy and paste. Python will become my script language of choice, that's for sure.

Last days spend time on trying to get FreeCraft 1.18 to work on BeOS. It's a complete waste of time, since the project has discontinued. Apparently the owners of the WarCraft name objected to the current name. The FreeCraft developers stopped working on the project Instead of simply renaming it. Probably a good idea, trying to rename a project on SourceForge is probably impossible. You can get better devote your time on something else. As should I. Porting an obsolete game to an obsolete OS ranks high in 100 ways to waste your time I assume. Moreover, I'm hampered by the fact that I barely know C and no C++ at all. The application starts allright, but when I actually want to start a game, its a segv. I discovered and used the Be Debugger for a segv at startup, so I hope it's going to help me for this one as well. This time I get a "SDL Parachute deployed". The last one was just a segv and the debugger halted at the proper location.

A motiviation to do this is that the kids like the game. They still play the last version I ported. Let's see I can overcome the hurdles. I assume the game should work, it's just some variables that are not properly initialized or so.

Next time I'm in Kalifornia, I'll get a drivers license. Anyone can get one. Quite useful as you can do a lot with it. Like buying a fire arm. But perhaps I should stay out of America for a while now, because they have a bit of trouble distinguishing between tourists and terrorists. That America has been free of terror attacks for the last two years, something nobody would have predicted on 9/11, is probably due to Bush. But perhaps Kalifornia gets someone who terminates this nonsense.

hadess wrote:

I guess firearms control actually does some good.

And he went on to quote some statistics about England: 8.1 homicides per million (these statistics are incorrect, see below) I would be the first one to ban guns. If that actually worked. Is England the example that shows that gun control works?

Forbidding things works of course. We forbid stealing and we have no more thiefs. We forbid lying, and nobody lies. We forbid killing and nobody is murdered: Thou shalt not steal, thou shalt not kill, thou shalt not bear false witness against thy neighbour. Problem solved. Well, that didn't work, did it?

We forbid guns, and suddenly we don't have homicides. Or at least, we should expect a drop in homicides, isn't it? We think that locking our door helps against thiefs. We have contracts to guard against liars. Might guns not help against would-be killers? Even criminals possess some logic: if this house has a lock, I might as well go to the next house which doesn't. If this guy has a gun, I might as well go to the neighbour who hasn't.

Let's look at England. In the 90s, England introduced the most draconian gun laws ever. Did it help? According to a UN survey end 2002, England and Wales now have the highest crime rate of the world's 20 leading nations. Mark Steyn writes:

Since the Government's "total ban" five years ago, there are more and more guns being used by more and more criminals in more and more crimes. Now, in the wake of Birmingham's New Year bloodbath, there are calls for the total ban to be made even more total: if the gangs refuse to obey the existing laws, we'll just pass more laws for them not to obey.

And he ends his article with:

Meanwhile, America's traditionally high and England and Wales's traditionally low murder rates are remorselessly converging. In 1981, the US rate was nine times higher than the English. By 1995, it was six times. Last year, it was down to 3.5. ... New York has just recorded the lowest murder rate since the 19th century. I'll bet that in the next two years London's murder rate overtakes it.

According to the link hadess provided, the actual figure is 15.5 per million (table 4.1). I'm not sure where he got his 8.1 from. But crime is rising in the UK, while it is dropping in the US. Do we know why? I'm not aware of a single, all-explaining answer. Guns? No guns? I really don't know. But the UK does not proof that gun control works.

I don't know why hadess added his last link. That guy says:

As we gun rights watchers know, Canada, the UK and Australia have taken extraordinary steps to impede the rights of their citizens to possess firearms. What are these poor countries to do? It seems that in response to the continual rise in crime rates, those countries only tighten the noose around the legal gun owner even more. I wonder, though, what's going to happen when no one, except police and the military, can legally possess a firearm? What else can they take?

I still don't know if Michael Moore was in search of a question for the answer "Americans are Nuts" or that he tried to answer some question. Presumably that question was something like "Why do Americans kill each other so much more than others do? I can imagine he got lost, because this question is so vague that it cannot be answered. What does he mean with "Americans" in this question? People who live there? People who were born there? People who somehow have American genes??

And what is killing actually? Seeing the film killing seems to be shooting. So the question becomes: "Why do humans who live in America shoot each other so much more than in any other country?"

What Michael Moore does, is stating a fact in the question, namely that there is much more killing in America than in other countries. Let's assume that's true for a moment. But does he try to answer that question? And what is the answer exactly?

1. It isn't guns. In Canada they have as much or even more guns and there are less killings.

2. Michael Moore mentions an interesting thing about a small village: crime went down, but gun ownership went up. The "but" is his. He found that strange? Why would people buy guns when crime went down? I would suggest that crime went down, because people bought guns.

3. So it isn't the NRA's fault I suppose. Michael Moore is even a life-long member. So why is the NRA in this movie? Why is he chasing Charles Heston? Why does he need to distort his speeches or make it appear that the NRA holds rallies immediately after shootings, while in fact it didn't?

4. Who exactly is shooting who? Michael Moore doesn't tell. We know that black Americans do more than 50% of the killing, while being just 13% of the population. That still doesn't tell us a lot, because why are they shooting? But if we don't know who is shooting and why, how can we ask a question seriously?

5. Is it just gang members killing other gang members? If so, I'm not sure if ordinary citizens are going to be very concerned about that.

6. Do Americans shoot more now than in the past? Michael Moore doesn't tell. But it seems crime in America is dropping, for the past thirty years.

7. Drugs? Hard rock? Michael Moore mentions a long list, but doesn't give any of them serious attention.

8. A Canadian woman suggests that Americans are paranoid and trigger happy: you're on my property, boom. Are Americans just killing thieves?

9. It seems that, in the end, Michael Moore believes its the news media. They report about violence, especially about black people committing violence. White Americans get paranoid about that, and therefore are buying guns and pulling triggers. Is that supported by statistics? Do white Americans shoot black people predominantly? Michael Moore doesn't tell.

No, I don't believe this DVD was trying to be serious. It was trying to make a point: white Americans are nuts. That was all there is.

But the question remains. Why do Americans shoot each other so much? That is still a very important question. First the question if it is really true. Crime in America is dropping. Second, the nine states, bordering with Canada, have a comparable crime rate as Canada: 22 homicides per 1,000,000 people compared to Canada's 18 per million.

There is a very interesting statistic, which Michael Moore omits completely: crime is strongly correlated to population density. Canada has about 3.3 persons per square kilometer; the U.S. about 29.1. Canada has only four cities with population over a million. Look at North Dacota: North Dakota, with a population density almost identical to that of Canada (3.5/sq. km.), had a homicide rate of 1.1, lower than that of Canada.

Some cities might be special: most of New York's homicides occur in the urbanized southeast part of the State. If we look at the four New York counties which border on Canada (Clinton, Franklin, St. Lawrence and Jefferson), we find that in 2001 three counties had no homicides at all, and Jefferson County had one. Two of the counties also reported not a single theft that year.

The question if guns are dangerous, if Americans kill more people, and why do people kill other people, are not only interesting but very important. It's sad that Michael Moore hasn't taken them more seriously.

But if you ask me if you should see this DVD, I would suggest you do. But don't rent or buy it. Try to borrow it for free so you don't lend even more money in Michael Moore's pockets.

Good thinking rkroll! I tried to avoid that kind of attack, but I wasn't successfull. I think I'll post a message to comp.mail.misc to see if such a thing not already exists.

In other news it was revealed that just a third if the Dutch are content with what the government is doing. Perhaps they finally wake up? But they still expect all their salvation from them, so there is still a long way to go before they affirm their own responsibility.

And I'm watching "Bowling for Columbine" now. It is funnier than I had expected. Just a shame to know that it is so much fictition. So one won't gain much insight into the why.

Oops, edit. Forgot one thing I'm really excited about: the Face header in emails. That's a 48x48 picture, less than 750 bytes, stuffed in an email header. I'm not sure how many mail readers besides Gnus can use it, but it's absolutely cool to get email with a picture of the person.

Software that automatically replies to an email has the potential to be used for a denial-of-service attack. Examples are software that tells me I have a virus. Or that a user's mailbox is over its size limit. Or that a user does not exist. The problem with such messages is, that such software assumed I sent the email. Well, frankly I didn't. It's those spammers that are using my email address. So I want every piece of auto-reply software to stop trusting the email address that's present in a message.

Yesterday I made a suggestion about how a public server might help. But after thinking it over, I'm confident there is an easier and more scalable solution. Every piece of software that sends a reply in response to a message, must do the following:

1. Contact a key server running on a computer associated with the domain. So in my case, it should contact pobox.com, in other cases it might be hotmail.com, etc.
2. It should send the email address that it wants to send a reply to.
3. If the server knows the email address, it responds with the public key(s) associated with that email address.
4. The auto-responder software checks if the email was signed with one of the received public keys. If not, the email is faked. The auto-responder may not send send a reply in this case. It could even discard the received email, but that is optional.
5. If one of the public keys match, the auto-responder should make sure the mail is signed correctly. If not, it should not send a reply. It might even want to discard the received email.

In case the domain does not have an email address validator or in case the user is unknown or does not care that his email address might be faked, the auto-responders behave like they do today.

This scheme has the advantage that it is easy to set up. When the server is not present or the auto-responder does not implement it, the system behaves like it does now. For people who care to run such a key server, it has the advantage that they don't have to disregard auto-responses. Else they will have no choice, but to black list such mails. If enough people do that, automated responses will loose their usefulness.

The key server can be used for more ambitious scenarios, but I think it is already quite useful for its intended purpose. The idea is so simple that I'm sure it must already have been discussed or implemented. Time to do some searching perhaps.

It seems a lot of spammers and viruses are using my email address as the reply address... Got swamped by messages saying I have a virus. I therefore decided it was time to start signing my mail seriously. Upgraded to the latest GNU Privacy Guard (GPG), and the latest mailcrypt. Uncommented the lines in my .emacs and my mail is signed from now on. Put a URL in my signature to my public key. There does not seem to be a field in a message header for it.

Software that replies when it thinks I sent a virus will probably be disabled pretty soon. As well as the replies that an email address does not exist, or that the mailbox is over its size limit. Sigh. The end of email is near I'm afraid.

We really should have a server were people can send their email address and public key too. When a mail server receives a message claiming to have a reply address from someone, it should check with that server to see if that email address exists. Next it should validate the public key for the message. That would make it impossible to forge email addresses, if that server is reliable. To make sure the email addresses on that public server are reliable, we need to employ some trust. I.e. you can only store an email address and public key if another person, or two, can vouch for you. Perhaps use the existing public key servers and trust rings??

Lately, I have become pessimistic about antispam techniques. I no longer believe Paul Graham's approach to fight spam is going to work. Bayesian filtering is pretty easy to defeat if people start to use it seriously. If I was a spammer I just would hire a few hackers to distribute a few viruses that allow me to sent email all over the world. Next I would use the infected machines for some serious spamming: just send serious messages to everyone in the world. Take messages from mailing lists at SourceForge or Yahoo Groups. If people start to move those messages to their spam archives, they will slowly but surely decrease the effectiveness of their Bayesian utilities. And just by the sheer volume they can guarantee that messages get through, as long as they're varied enough. My spamfilter might block things about gardens or popmusic, but sure doesn't block messages about Eiffel yet.

Bayesian tools might have worked, if not for Microsoft and basically for the entire computer profession. It's all sloppy coding and use of sloppy languages that can't even guarantee you don't have a buffer overflow. Writing secure code is already hard enough even if you don't have to worry about mistakes with some pointer or a statically allocated array. We have so many infected computers now, that Bayesian filters simply can be spammed to death. Berend's law: what can happen, will happen.

Follower, have noticed the effect as well.

And I saw it. At 21:51 (9:51pm as the locals say here), I was outside. Woke up the two kids that had expressed an interest. The little girl liked it, but after a while she began giggling continuously until I put her to bed. And the next day that little girl was very angry that daddy hadn't woken her up. She had to believe us when we told her that sure we had done so. But it was very hard for her. She didn't remember a thing anymore. It does not seem likely she will get a chance to see it again in her lifetime.

This must be the most ridiculous headline of the Mars frenzy: Mars visible with naked eye (Dutch news site). You must be a journalist to write such a headline without any alarm going off in your head. Sure one of the lowest points in journalism, the profession where writing about things you know nothing about is ok. Where has this guy been living for the last 5,000 years?

In other Dutch news: Dyke breaks in driest year on record. You wonder what will happen there when they really get some water. I suggest people evacuate while they can!

ARC Ratepayers Rebellion website now has its own domain. And I detected that redirecting can be done properly with Apache. No wonder its the highest ranking web server. Thanks a lot to the Apache team.