Older blog entries for berend (starting at number 170)

24 Sep 2003 (updated 24 Sep 2003 at 09:36 UTC) »

mrorganic, COM with Delphi is also easy. Writing Corba stuff in the early years required 100 lines of C++ or so per routine (forgot). That was before they even had the notion of a unified client interface. But that wasn't exactly the point I think of the rant. The rant confused a lot of things: the essential simplicity of COM, the sometimes confusing interfaces built on top of it, and the hard problems COM tries to solve. What are you going to do if you have a single-threaded component in a multi-threaded application? Forbid that? Make the multi-threaded application single-threaded? Such things work with COM. That's not bad. Transparant access over the network? Works as well. And used by a lot of people. There is always room for improvement. And I haven't seen any alternative with a significant following.

mx assumes that all good interfaces are text based. Supposedly the founders of the Internet new all about this. What about DNS? It's binary. NFS? Binary RPC. NTP? Binary as well. I also like text interfaces, but the Internet is not build on it exclusively.

And on another front, I still have to reply to a private reaction I got with regards to a post about causes of gun killings in relation to Michael Moore's "Bowling for Columbine". The following points were raised in that email:

  1. The population density metric doesn't give any more conclusive answers, because it isn't true for Japan.
    I don't know a lot about Japan, but their society could be quite different. It is true for The Netherlands for example. But I don't think a single cause is the answer. And population density only has a correlation with crime, I'm not aware of research showing conclusive causal effects. Except interesting (science) fiction that is.
  2. Moore is only raising questions. That's the point.
    But why the "or are we nuts" subtitle at the beginning? Why making a joke of the word documentary by staging buying a gun at a bank, faking Charles Heston speeches, alleging that a factory that makes space rockets has something to do with atomic weapons? 11,127 homicides by gun in the US? According to the FBI it's around 8500 deads by gun.
  3. It might be the media, because that way you don't think about DMCA, Patriot Act, Homeland Security Dept., FCC & broadcasting & ownership rights, ...
    I don't believe the media in the US is controlled by the government. They certainly have an agenda, and as most journalist vote Democrats, its your guess what agenda that might be.

  4. Did anyone of the stories of the past months about viruses and worms mention that you're only vulnerable if you use Microsoft software? Did they mention there are alternatives?
    Good point. Media is biased. I agree with that.
  5. Because he gets you to react, it engaged you. That's what good storytelling is about.
    Maybe. But I know that I always resent it deeply when I thought when something was true, because I had seen it on TV, and later on it was a deeply skewed documentary, leaving out most of the really interesting facts.

On this subject, let me refer to and quote Theodore Dalrymple's 1998 essay on New Zealand crime. This great UK humanitarian, Doctor and advocate for the emancipation of the underclass from destructive liberal theories, injects more sense into each paragraph than Michael Moore in all its documentaries and books (quoted freely from NZPundit:

Such a society--prosperous, democratic, egalitarian--should be virtually free of crime, if the commonplace liberal explanations of criminality were true. But they aren't, and New Zealand is now almost as crime-ridden as its mother country, itself the most crime-ridden nation in western Europe (along with prosperous, democratic, egalitarian Holland). Indeed, in the ever-upward trend in the crime figures, New Zealand is only a handful of years behind Britain and, in point of homicide, a few years in advance of it. This fact is of great theoretical interest, or ought to be: it is an overwhelming refutation of the standard liberal explanations of crime.

Wow, more than 3500 Swen emails when I came back to work on monday. I'm lucky my IMAP Bayesian filter, emc filters them out automatically, but this is bloddy annoying. Server in the US is also being hit hard:

/home/berend$ w
  8:27pm  up 131 days,  4:28,  1 user,  load average: 6.44, 11.14, 19.09
USER     TTY      FROM              LOGIN@   IDLE   JCPU   PCPU  WHAT
berend   pts/0    smtp.xsol.co.nz   7:26pm  2.00s  0.07s  0.01s  w

On another front: mikehearn rants, while being mostly clueless. Try to write a Corba client in C++ mike. And have a little bit more respect for the issues Microsoft tried to resolve and has resolved. COM is and was a pretty good technology. And that certain things are hard, has more to do with the really difficult issues one tries to solve than with COM. And of course when everyone has a 1GB network, 10GHz processors and 2GB of RAM, things can and will be designed a lot differently.

diablod3 corrected me by pointing out that FreeCraft wasn't that, but had resumed under the name Stratagus. That's good news. I had visited that site, but wasn't really sure it they planned to continue FreeCraft or not, or that this was a continuation. Well, I checked out the sources, and this looks good.

And the FreeCraft 1.18 port for BeOS is now finished. Thanks to some pointers from jim4 at #stratagus I found out that the gzseek function on BeOS didn't work. That's unbelievable really. Luckily there was a function ready for an earlier release of zlib that didn't have gzseek. That function worked fine. I didn't have the energy to poor over the zlib sources to fix the bug there. Sorry.

After more than a year, a new official release for xplain2sql, version 2.0. Even better output for Xplain constructs, stored procedure support, XML output, Oracle. Quite pleased.

But there's of course a lot more to do. Would like to have support for assertions, indexes on extends, refactor the code, etc. Perhaps cascade support. Never ending.

Yesterday wrote a small tool with Python. Needed to copy data from some tables in a SQL Server database to another. Had never written a real Python program before. Great stuff! I think the number of examples helped of course. There is so much stuff, that if you know exactly what you want, you can find a piece of code that does it. Just copy and paste. Python will become my script language of choice, that's for sure.

Last days spend time on trying to get FreeCraft 1.18 to work on BeOS. It's a complete waste of time, since the project has discontinued. Apparently the owners of the WarCraft name objected to the current name. The FreeCraft developers stopped working on the project Instead of simply renaming it. Probably a good idea, trying to rename a project on SourceForge is probably impossible. You can get better devote your time on something else. As should I. Porting an obsolete game to an obsolete OS ranks high in 100 ways to waste your time I assume. Moreover, I'm hampered by the fact that I barely know C and no C++ at all. The application starts allright, but when I actually want to start a game, its a segv. I discovered and used the Be Debugger for a segv at startup, so I hope it's going to help me for this one as well. This time I get a "SDL Parachute deployed". The last one was just a segv and the debugger halted at the proper location.

A motiviation to do this is that the kids like the game. They still play the last version I ported. Let's see I can overcome the hurdles. I assume the game should work, it's just some variables that are not properly initialized or so.

Next time I'm in Kalifornia, I'll get a drivers license. Anyone can get one. Quite useful as you can do a lot with it. Like buying a fire arm. But perhaps I should stay out of America for a while now, because they have a bit of trouble distinguishing between tourists and terrorists. That America has been free of terror attacks for the last two years, something nobody would have predicted on 9/11, is probably due to Bush. But perhaps Kalifornia gets someone who terminates this nonsense.

10 Sep 2003 (updated 10 Sep 2003 at 07:04 UTC) »

hadess wrote:

I guess firearms control actually does some good.

And he went on to quote some statistics about England: 8.1 homicides per million (these statistics are incorrect, see below) I would be the first one to ban guns. If that actually worked. Is England the example that shows that gun control works?

Forbidding things works of course. We forbid stealing and we have no more thiefs. We forbid lying, and nobody lies. We forbid killing and nobody is murdered: Thou shalt not steal, thou shalt not kill, thou shalt not bear false witness against thy neighbour. Problem solved. Well, that didn't work, did it?

We forbid guns, and suddenly we don't have homicides. Or at least, we should expect a drop in homicides, isn't it? We think that locking our door helps against thiefs. We have contracts to guard against liars. Might guns not help against would-be killers? Even criminals possess some logic: if this house has a lock, I might as well go to the next house which doesn't. If this guy has a gun, I might as well go to the neighbour who hasn't.

Let's look at England. In the 90s, England introduced the most draconian gun laws ever. Did it help? According to a UN survey end 2002, England and Wales now have the highest crime rate of the world's 20 leading nations. Mark Steyn writes:

Since the Government's "total ban" five years ago, there are more and more guns being used by more and more criminals in more and more crimes. Now, in the wake of Birmingham's New Year bloodbath, there are calls for the total ban to be made even more total: if the gangs refuse to obey the existing laws, we'll just pass more laws for them not to obey.

And he ends his article with:

Meanwhile, America's traditionally high and England and Wales's traditionally low murder rates are remorselessly converging. In 1981, the US rate was nine times higher than the English. By 1995, it was six times. Last year, it was down to 3.5. ... New York has just recorded the lowest murder rate since the 19th century. I'll bet that in the next two years London's murder rate overtakes it.

According to the link hadess provided, the actual figure is 15.5 per million (table 4.1). I'm not sure where he got his 8.1 from. But crime is rising in the UK, while it is dropping in the US. Do we know why? I'm not aware of a single, all-explaining answer. Guns? No guns? I really don't know. But the UK does not proof that gun control works.

I don't know why hadess added his last link. That guy says:

As we gun rights watchers know, Canada, the UK and Australia have taken extraordinary steps to impede the rights of their citizens to possess firearms. What are these poor countries to do? It seems that in response to the continual rise in crime rates, those countries only tighten the noose around the legal gun owner even more. I wonder, though, what's going to happen when no one, except police and the military, can legally possess a firearm? What else can they take?

I still don't know if Michael Moore was in search of a question for the answer "Americans are Nuts" or that he tried to answer some question. Presumably that question was something like "Why do Americans kill each other so much more than others do? I can imagine he got lost, because this question is so vague that it cannot be answered. What does he mean with "Americans" in this question? People who live there? People who were born there? People who somehow have American genes??

And what is killing actually? Seeing the film killing seems to be shooting. So the question becomes: "Why do humans who live in America shoot each other so much more than in any other country?"

What Michael Moore does, is stating a fact in the question, namely that there is much more killing in America than in other countries. Let's assume that's true for a moment. But does he try to answer that question? And what is the answer exactly?

  1. It isn't guns. In Canada they have as much or even more guns and there are less killings.

  2. Michael Moore mentions an interesting thing about a small village: crime went down, but gun ownership went up. The "but" is his. He found that strange? Why would people buy guns when crime went down? I would suggest that crime went down, because people bought guns.

  3. So it isn't the NRA's fault I suppose. Michael Moore is even a life-long member. So why is the NRA in this movie? Why is he chasing Charles Heston? Why does he need to distort his speeches or make it appear that the NRA holds rallies immediately after shootings, while in fact it didn't?

  4. Who exactly is shooting who? Michael Moore doesn't tell. We know that black Americans do more than 50% of the killing, while being just 13% of the population. That still doesn't tell us a lot, because why are they shooting? But if we don't know who is shooting and why, how can we ask a question seriously?

  5. Is it just gang members killing other gang members? If so, I'm not sure if ordinary citizens are going to be very concerned about that.

  6. Do Americans shoot more now than in the past? Michael Moore doesn't tell. But it seems crime in America is dropping, for the past thirty years.

  7. Drugs? Hard rock? Michael Moore mentions a long list, but doesn't give any of them serious attention.

  8. A Canadian woman suggests that Americans are paranoid and trigger happy: you're on my property, boom. Are Americans just killing thieves?

  9. It seems that, in the end, Michael Moore believes its the news media. They report about violence, especially about black people committing violence. White Americans get paranoid about that, and therefore are buying guns and pulling triggers. Is that supported by statistics? Do white Americans shoot black people predominantly? Michael Moore doesn't tell.

No, I don't believe this DVD was trying to be serious. It was trying to make a point: white Americans are nuts. That was all there is.

But the question remains. Why do Americans shoot each other so much? That is still a very important question. First the question if it is really true. Crime in America is dropping. Second, the nine states, bordering with Canada, have a comparable crime rate as Canada: 22 homicides per 1,000,000 people compared to Canada's 18 per million.

There is a very interesting statistic, which Michael Moore omits completely: crime is strongly correlated to population density. Canada has about 3.3 persons per square kilometer; the U.S. about 29.1. Canada has only four cities with population over a million. Look at North Dacota: North Dakota, with a population density almost identical to that of Canada (3.5/sq. km.), had a homicide rate of 1.1, lower than that of Canada.

Some cities might be special: most of New York's homicides occur in the urbanized southeast part of the State. If we look at the four New York counties which border on Canada (Clinton, Franklin, St. Lawrence and Jefferson), we find that in 2001 three counties had no homicides at all, and Jefferson County had one. Two of the counties also reported not a single theft that year.

The question if guns are dangerous, if Americans kill more people, and why do people kill other people, are not only interesting but very important. It's sad that Michael Moore hasn't taken them more seriously.

But if you ask me if you should see this DVD, I would suggest you do. But don't rent or buy it. Try to borrow it for free so you don't lend even more money in Michael Moore's pockets.

4 Sep 2003 (updated 6 Sep 2003 at 08:21 UTC) »

Good thinking rkroll! I tried to avoid that kind of attack, but I wasn't successfull. I think I'll post a message to comp.mail.misc to see if such a thing not already exists.

In other news it was revealed that just a third if the Dutch are content with what the government is doing. Perhaps they finally wake up? But they still expect all their salvation from them, so there is still a long way to go before they affirm their own responsibility.

And I'm watching "Bowling for Columbine" now. It is funnier than I had expected. Just a shame to know that it is so much fictition. So one won't gain much insight into the why.

Oops, edit. Forgot one thing I'm really excited about: the Face header in emails. That's a 48x48 picture, less than 750 bytes, stuffed in an email header. I'm not sure how many mail readers besides Gnus can use it, but it's absolutely cool to get email with a picture of the person.

Software that automatically replies to an email has the potential to be used for a denial-of-service attack. Examples are software that tells me I have a virus. Or that a user's mailbox is over its size limit. Or that a user does not exist. The problem with such messages is, that such software assumed I sent the email. Well, frankly I didn't. It's those spammers that are using my email address. So I want every piece of auto-reply software to stop trusting the email address that's present in a message.

Yesterday I made a suggestion about how a public server might help. But after thinking it over, I'm confident there is an easier and more scalable solution. Every piece of software that sends a reply in response to a message, must do the following:

  1. Contact a key server running on a computer associated with the domain. So in my case, it should contact pobox.com, in other cases it might be hotmail.com, etc.
  2. It should send the email address that it wants to send a reply to.
  3. If the server knows the email address, it responds with the public key(s) associated with that email address.
  4. The auto-responder software checks if the email was signed with one of the received public keys. If not, the email is faked. The auto-responder may not send send a reply in this case. It could even discard the received email, but that is optional.
  5. If one of the public keys match, the auto-responder should make sure the mail is signed correctly. If not, it should not send a reply. It might even want to discard the received email.

In case the domain does not have an email address validator or in case the user is unknown or does not care that his email address might be faked, the auto-responders behave like they do today.

This scheme has the advantage that it is easy to set up. When the server is not present or the auto-responder does not implement it, the system behaves like it does now. For people who care to run such a key server, it has the advantage that they don't have to disregard auto-responses. Else they will have no choice, but to black list such mails. If enough people do that, automated responses will loose their usefulness.

The key server can be used for more ambitious scenarios, but I think it is already quite useful for its intended purpose. The idea is so simple that I'm sure it must already have been discussed or implemented. Time to do some searching perhaps.

It seems a lot of spammers and viruses are using my email address as the reply address... Got swamped by messages saying I have a virus. I therefore decided it was time to start signing my mail seriously. Upgraded to the latest GNU Privacy Guard (GPG), and the latest mailcrypt. Uncommented the lines in my .emacs and my mail is signed from now on. Put a URL in my signature to my public key. There does not seem to be a field in a message header for it.

Software that replies when it thinks I sent a virus will probably be disabled pretty soon. As well as the replies that an email address does not exist, or that the mailbox is over its size limit. Sigh. The end of email is near I'm afraid.

We really should have a server were people can send their email address and public key too. When a mail server receives a message claiming to have a reply address from someone, it should check with that server to see if that email address exists. Next it should validate the public key for the message. That would make it impossible to forge email addresses, if that server is reliable. To make sure the email addresses on that public server are reliable, we need to employ some trust. I.e. you can only store an email address and public key if another person, or two, can vouch for you. Perhaps use the existing public key servers and trust rings??

Lately, I have become pessimistic about antispam techniques. I no longer believe Paul Graham's approach to fight spam is going to work. Bayesian filtering is pretty easy to defeat if people start to use it seriously. If I was a spammer I just would hire a few hackers to distribute a few viruses that allow me to sent email all over the world. Next I would use the infected machines for some serious spamming: just send serious messages to everyone in the world. Take messages from mailing lists at SourceForge or Yahoo Groups. If people start to move those messages to their spam archives, they will slowly but surely decrease the effectiveness of their Bayesian utilities. And just by the sheer volume they can guarantee that messages get through, as long as they're varied enough. My spamfilter might block things about gardens or popmusic, but sure doesn't block messages about Eiffel yet.

Bayesian tools might have worked, if not for Microsoft and basically for the entire computer profession. It's all sloppy coding and use of sloppy languages that can't even guarantee you don't have a buffer overflow. Writing secure code is already hard enough even if you don't have to worry about mistakes with some pointer or a statically allocated array. We have so many infected computers now, that Bayesian filters simply can be spammed to death. Berend's law: what can happen, will happen.

161 older entries...

New Advogato Features

New HTML Parser: The long-awaited libxml2 based HTML parser code is live. It needs further work but already handles most markup better than the original parser.

Keep up with the latest Advogato features by reading the Advogato status blog.

If you're a C programmer with some spare time, take a look at the mod_virgule project page and help us with one of the tasks on the ToDo list!