Why I won't be using Microsoft.Bcl.Immutable package (despite much anticipation)

Looking at the newly released ImmutableCollection package, I see some confusing restrictions in it's licensing agreement (especially for something that must be redistributed with your application)

You may not ... work around any technical limitations in the software;

Does this mean it's illegal to use reflection to get at private bits of the library?

You may not ... use the software for commercial software hosting services.

This sounds quite scary. Does this mean I couldn't make a commercial website or SAS product using this library?

You may not ... modify or distribute the source code of any Distributable Code so that any part of it becomes subject to an Excluded License. An Excluded License is one that requires, as a condition of use, modification or distribution, that the code be disclosed or distributed in source code form; or others have the right to modify it.

Does this mean I can't use GPL licensed code with this library?

You may not ... distribute Distributable Code to run on a platform other than the Windows platform;

This looks rather obvious, but does this mean I couldn't make a website that ran on Mono and used this library, or does it only mean that I couldn't make something using Mono and then package the program and this library in a Linux debian package or something else? (ie, distribute, not just run)

This license worries me greatly about my ability to use this (much anticipated) library. These questions probably require a lawyer to fully resolve, and I'm not going to buy the time to ask one.. so, I just won't be using this library, as cool as it looks and as much as this has been anticipated for me.

Unless you have a legal team you can ask these questions, I wouldn't use this library either until Microsoft changes the license to something less hostile to developers

Also, if you want a version of this with a sane license, see the up and coming MIT-Licensed Project

Posted: 9/26/2013 4:18:27 PM

The great thing about mono and C#

So, it seems like a ton of programs I've been trying to use recently don't work with the latest version of their dependencies. For instance, Metasploit doesn't work with Ruby >= 2.0. I was using some other program that required Python 2.0 rather than 3. And we've all heard the horror stories about programs requiring specific versions of Java.

I never have this problem with C# though. In theory, it could happen.. but Microsoft really likes keeping things compatible, it's their business plan. And as an extension of that, Mono never seems to flat-out drop support for anything in their core software. I have never seen a program that requires a specific version of .Net or Mono.

This is awesome! The worst thing I have to do with Mono is compile it from git so that I get pre-release (good) support of portable class libraries. Now, let's break this down. Why exactly is it like this though?

  • C#/.Net uses compiled-to IL
    • This prevents that issue of deprecating or changing misleading language features. It's all IL after compilation, so it doesn't matter
  • There is a spec for .Net. In theory, if you abide by the ECMA spec, most things should work, logic-wise
  • It's easy to take my dependencies with me with .Net

Now let's step through why this isn't easy with Ruby/Python

  • The language is improving and getting better. This can cause old programs to break, but is unavoidable with scripting languages
  • There isn't a spec that the latest version will always implement. This is probably a good thing though
  • There is a huge emphasis on not taking your dependencies with you. This leads to breaking changes in gems and such breaking your program.

What about Java? Honestly, I have no idea why Java doesn't benefit more. In theory, they should be equally as capable as .Net.

Am I saying .Net is perfect? By all means, no. In fact, .Net has seen some breaking changes

  1. I've a JIT bug that only happens when using .Net 4.5's runtime, not .Net 2.0's
  2. In .Net 4.5, they changed marshaling to be more "strict", breaking at least one program I've seen (at my work)

And mono of course is (by design), not a complete copy of Microsoft's .Net. In fact, I've even seen a bug where .Net accepted a piece of IL, where Mono broke, due to Microsoft not being "strict" about the ECMA spec.

With all that being said though, this seems to be the major leg-up for compiled to bytecode languages. They'll probably work a very long time, despite the bytecode runner being updated.

This is also avoidable. I've seen some scripting language use a version number attribute, so that it can avoid this scenario. I'm sure there are other methods as well.

All I know is, I'm tired having python 2 and 3 installed on my system because not all my programs will run on just one or the other.

Posted: 6/3/2013 5:49:16 AM

Free Startup Idea: online yardsales

Go ahead and check out this page: Pittsburgh County Yard Sale

I'm not sure you'll be able to actually see the group without being in it or logged in on Facebook, so here is a summary:

yardsale

It's a group on Facebook with rules and you must be "accepted" to post to it. The moderator generally accepts anyone who asks though. There are over 10,000 people in this single group. This group targets a specific rural county in Oklahoma. According to the 2010 census, there are about 45,000 people in the county total. This means that roughly 1/4 of the county uses this group. ONE FOURTH of the county. That is HUGE!

How does it work? Basically, it's free-form. It has a few rules like "no business ads", but beyond that, it's just post stuff you want to buy or sell. So there are some posts with things like "selling Samsung Galaxy S $200 obo(or best offer)". Or there are people requesting to buy things "Looking for otter box defender camo for iPhone 4s".

People post these and then people who are interested comment. Usually it goes something like this:

  1. Bob: Looking to sell iPhone for $100
  2. Alice: I'll give $75. Call me at 555-1234
  3. Bob: Sold!

First thing you'll notice: Oh my god Facebook is horrible at managing such a thing!

Second thing you'll notice: How is this so freaking popular!?

Here's my analysis for why this Facebook group is so hugely popular(relatively):

  1. High signal to noise ratio (no spam, usually little pointless junk)
  2. It's easy. You're in Facebook and you can just click on it and click join group. Afterwards you have a simple topic sell stuff or offer to buy stuff.
  3. It's viral. All the time I see people posting stuff to this group, friends and otherwise.
  4. It's local. It's for southeastern Oklahoma in a rural county. You know there won't be anyone posting stuff you'll have to drive more than 30 miles for

Let's analyze this a bit more.

  1. The group is technically "closed" so that people can get kicked out. This moderation process weeds out the spam
  2. If you have a Facebook account, you can almost instantly join the group and sell or buy something
  3. There a huge amount of posts per day(you'll quickly lose where your post was after a few days). Facebook apparently has a loophole so that I end up seeing a good percentage of these
  4. Facebook is huge in that corner of Oklahoma. I didn't get a Twitter until moving to Cleveland, and I'm a programmer.

Why haven't other competing and arguably more suitable products win out? Frankly, there aren't any. The only semi good competitor is Craigslist. You can't post to Craigslist from within Facebook. Craigslist is (mostly) anonymous. On Facebook you can see the person's face your going to be meeting. This in itself instills a good amount of trust.

So, why shouldn't it just stay on Facebook's group thing?

  1. It's not possible to search the group AT ALL
  2. There is no way to monetize it for anyone other than Facebook
  3. Because it's so active it's extremely easy to "lose your post". This is when it gets to a point that you're scrolling several screens down but just can't find where your post is to check it's comments or comment on it
  4. There is no filter. If you're looking for electronics, the only thing you can do is skim through the feed manually

Free startup idea?

I've toyed with the idea of making a product to "fix" this and to let the idea easily expand to other counties (at first the plan was only Oklahoma). However, I can't stand developing against Facebook, because Facebook Integration is an absolute must. So, I give it to you, the community. If it sparks an idea and you go off to make a million dollars, awesome! (maybe you can send me a few thousand dollars as a gift :) )

Anyway, I wish this situation was better, but it's not. It sucks horribly. Hence this is why I'm putting the idea out there. Someone make the world suck less! Please!

Posted: 5/15/2013 4:35:45 AM

My first DDoS attack, kinda

Enter my home town: Wilburton, Oklahoma. A small town(~3000 people) you've probably never heard of, and probably won't again after this article. When you think Oklahoma you probably think back woods and redneck, not computers. You're usually correct, but I didn't quite fit that stereotype. This is how I came to be banned from using the computers at my high school for a semester.

How I got here

I figured out what programming was around 13 (7th grade). Instantly fell in love with it. So much so that I'd stay up til 3 AM on school nights learning more about it, leading to failing grades until some parental intervention stepped in.

So, I knew my way around a computer. I was young. Just the right kind of person to be a bit dangerous. Luckily I never enjoyed the hacking scene and never crossed over to the script kiddie stuff, but I knew the basics of vulnerabilities.

The day the internet broke

I was a junior the year this happened. It was sometime in the first semester. There is usually an inherit trait among programmers: curiosity. A yearning for wanting to know the consequences of a previously untried action. My lunch periods usually consisted of boredom. Recently the blocks at the school had been relaxed, so flash games could be played in the library. Hence, that was where me and my friends went to during our free time. Someone mentioned something about the command line and hacking. I don't quite remember what led up to it, but I ended up typing something like this:

ping -n 10000 -l 10000 1.2.3.4

The IP(1.2.3.4 is just a placeholder)) I used was the particular IP returned when content was blocked. They did block some content, but it wasn't horrible yet(at some point my own website got blocked for flash games. Ruthless!)

For the non-technical people reading: This is a command which basically says "send this huge message to a server and tell it to send back a huge reply". This command took me a tiny bit of research (using ping /?) to even know. I wasn't a black-hat by any means.

So, the technically minded out there are thinking "there is no way this would break anything"... Well, it didn't.. but then I ran it from 4 other consoles on the computer. At this point I started to hear "hey is the internet slow for you?" asked around the room. This is where I made the naive mistake of running with it. So, I opened like 10 command lines on this computer running this crude flood ping. Then, I went to the free computer beside me and did the same thing there. I think I did it on a total of 4 computers.

And then everything stopped working

I did not expect what came next. I had expected for there to be fairly strict controls on bandwidth. I thought I just maxed out the router in the library. Like the young naive teenager I was though, I left it running... on all 4 computers.

I was in 5th period when I started to realize what I had actually done. The teacher tried to load something on the internet and it wasn't working. "Connection timed out". I would later find out that I had brought the networks of the high school, middle school, elementary, and portions of the college to a stand still; as well as inflicting some damage on the IP address I used

About 30 minutes later it started working... another 5 minutes later, just before class was over, the principal knocks on the class' door. "I need to speak with Jordan".

"Ah shit."

So, we meet in the principal's office. My friend Joe is also there, and the IT guy. He starts saying that someone maliciously attacked the school network and their upstream provider for censorship. My friend Joe stares blankly and says "I have no idea what you're talking about." At this point, I know there is no point in not confessing, so I do. "Yea, he didn't have anything to do with it. I did it".

I can't remember of what follows but I was scared out of my mind. Not of police being called or whatever punishment they were going to arrange. The only thing on my mind was how much trouble I would be in when I got home. I got in-school-suspension before for some stupid thing. I was assigned 3 days of it... That was the worst month of my life though at home.

Anyway, so he sends me back to class and says he'll decide my punishment. Later he calls me back in and hands me my sentence "You can not touch a computer for the rest of the semester". Luckily, I didn't have a programming or typing course. I had both the next year.

Somehow, I manage to never have to tell my parents. They didn't find out until I was moved out.

It's hilarious looking back on it, but man was it scary when it was happening.

Unforeseen Consequences

This lead to interesting situations. The IT guy was usually not on premises, so I would literally get called out of classes to fix some teachers' computers. During this time, I had to walk them through what to do, since I couldn't touch the keyboard or mouse. That was annoying, at best.

The most awesome part of this story is that I landed my first programming job literally, without a doubt because of my fame from crashing the network. My first boss had a son who was a grade below me. He was complaining about how he can't find anyone who knows anything about computers in this small town. His son popped off that I do. This conversation took place in the drive through of McDonald's. I happened to be working drive through. So, I say "that'll be ..." and he proceeds to ask "Hey what programming languages do you know". Completely caught off guard I start saying the last language I used. "C++". He gave me his business card and we exchanged numbers. About 2 months later I graduated from high school and began working there gaining vital experience right out of the gate.

I had quite a bit of fun with other stuff in high school as well.

Other "hacks"

CD_Opener

I wrote a program called CD_Opener. It was my first real program to use threading and the Win32 API at the same time. It was a simple and stupid program. It did nothing but open a pop-up window with just an "OK" button. In one thread it would keep your CD drive open no matter what, in the other it told a story through these popup windows you clicked through. There were two versions, titled "ending" and "nonending" The nonending version told the story so that it fell into an infinite recursion along the lines of "and a dialog box opened on my comptuer... and do you know what it said?". There was no way to kill it other than to use task manager. The ending version was more polite and eventually the story did come to an end

After showing my friends this program(and how to run it), it was not uncommon to come in to the library to see 6 computers with their CD drives stuck open and a familiar popup dialog.

Getting around censors

At one point I built a small PHP script to dumbly download whatever files I told it to and give me a link to it hosted by my server. This was only effective though for flash games and other single-file things.

The unfinished senior prank

I found an absolutely brilliant vulnerability in the high school network my senior year. Basically, all the computers used a common "student" account. The student account was of course just a template. When a student logged in, it copied over the template. Changes in this way didn't persist.

However, the huge flaw with this design was that I found I way to put my own files into the template student account. I tested it with a small batch file and logged in with another computer and indeed, it did run on startup. I then proceeded to delete the batch file. I thought long and hard about writing a senior prank program that would run on almost every computer on the school at a certain time of day. Nothing harmful or distasteful, but not something one would forget either.

I ended up writing a stub program, but never finished it and as far as I can remember never exploited this vulnerability. I vaguely remember leaving a text file in some obscure folder, but I probably ended up deleting it after a while.

Many more vulnerabilities lie here, but I won't go into them here. Our IT guy didn't have the best knowledge of basic security.

Conclusion/Disclaimer

If you're under 18 and reading this, Please don't try to break your school's network. There are many more positive ways to get a reputation. My school was easy on me. I have read(as an adult) about similar (trivial) cases of such things where the school involves the police and the kid receives a record that'll stay with him for life.

Posted: 4/18/2013 3:45:49 AM

Networking Terms In Plain English

Extremely simplified. Do not assume these are perfect definitions. This is what I would use to describe a network to my parents or someone else that is only concerned about consumer use.

The goal of this is so that I can explain something to you, and you can at least get the gist of what I'm saying without me having to explain each and every technical term.

ISP

Internet Service Provider. AT&T, Comcast, etc. Usually provided by

  • DSL
  • Cable
  • Dial-up
  • Satellite
  • Cell towers(3G/4G/LTE)
  • Fiber

Infrastructure

This usually refers to your ISP's infrastructure from a location they own to your home. If you have DSL and a phone line got cut on the way to your house, you could say that's an infrastructure problem, kinda.

Public IP Address

This is basically your network's "address" to the world. Most ISPs provide you with one IP address for your network, though it's possible to have more than one.

TCP/IP/UDP Ports

A port is basically a "channel" that communications happen between two IP addresses. If your IP address is your "Address" on the internet, the port number they use is the "PO Box".

LAN

Local Area Network. This is your local network. The public internet can not see this network unless you explicitly share it with them.

WAN

Wide Area Network. This is the internet. A "WAN port" is a port which connects directly to the internet (ie, to your ISP's routers and other equipment)

Modem

A modem is a device which takes an encoded connection from an upstream provider(your ISP) and decodes it so you can easily communicate with it from your standard ethernet network. Most modern modems have built in routers so that you can have an "all-in-one" device that creates a usable network.

Router

A router is a lot of thing. It's primary purpose is to share your public IP address among more than one device with a method called NAT. Most routers also have a built in switch so that you can easily hook up more than one computer to the router, though technically a router could function with just a WAN and a LAN port. Routers usually handle NAT and firewalls.

NAT

NAT stands for Network Address Translation. This is the process used by routers to take your 1 public IP address and let as many computers as you want to use the internet behind it. Without NAT, you'd be limited to one device using the internet at a time without paying for more public IP addresses

Switch/Hub

A switch is basically the same as a hub, as far as you are probably concerned. A switch works as a "repeater" so that you can connect multiple devices to a single router. Without switches, your router could only connect to 1 computer. A switch is not a router. A router handles NAT and firewalls to allow you to share a single connection among different computers. A switch just makes it so that multiple computers can "connect" to that single core connection

Firewall

A firewall WILL NOT protect your computer from viruses, at least not with modern networks. A firewall prevents the internet from touching your private network(LAN). With NAT, a firewall is required because of how NAT works.

Port forwarding

Port forwarding is the process by which you selectively allow a certain device on your network to be reached from the internet. This is basically making a "pinhole" in your Firewall to allow the internet to go to a certain device using a certain port.

Wifi

This is a wireless technology which can replace traditional ethernet cables. If you have a modem and router(without wifi), to enable wifi on your network you must buy a wireless switch. It's just like a switch(lets multiple computers connect to your single connection), except for it's wireless instead of wired

802.11b

This is the early verion of Wifi. It's slow, but not usually slower than your internet connection. (it's usually not the bottleneck)

802.11g

This is not the newest version of Wifi, but it's not bad. It's fairly fast and it will be fairly rare that it is slower than your internet connection.

802.11n

This is the newest standard and is blazing fast. If you have an internet connection that is faster than this protocol allows, you probably don't need to be taught these terms

Wireless Speeds

This isn't a term, but wireless speed usually is limited by either your connecting device(ie, smartphone, laptop, etc) or your wireless modem/router/switch. If your have an 802.11n wireless switch, but your smartphone only supports 802.11g, they can still talk to each other, but it won't be at 802.11n speeds.

NAS

Network Attached Storage. This is a device such as a harddrive that is connected to your private network(LAN). This allows you to access this harddrive from any device on your network. These make great backup systems. If you have one of these and use Wifi, you'll want to use 802.11n when possible

DNS Server

Domain Name System Server. This is the server which looks up "names" on the internet. For instance, you type "google.com" in your browser, the internet doesn't know where "google.com" is, it only understands IP addresses. So, it asks a DNS server "who the hell is google.com?" and the DNS server replies with "here's google's IP address"

IPv4

This is the "old" IP address system. There are less than 4 billion addresses available, and we are approaching that limit. As such, IP addresses are getting scarce.

IPv6

This is a huge topic, but basically all you need to know is it's the "new" IP address system. We are currently running out of IPv4 addresses because there are less than 4 billion available for use. We obviously are approaching that many devices on the internet and as such, they are becoming scarce. IPv6 increases this number so that you can have multiple public IP addresses to your network. IPv6 and IPv4 can't really "talk" to each other though. If you have an IPv6-only device, it can't talk to a website served using only IPv4.

It's the future, but it's not here yet, so it's best to have both IPv4 and IPv6 support at this point.

Internet Backbone

This is the "core" of the internet and consists of very high capacity routers owned by powerful companies. The backbone of the internet is provided by (for the most part) very fast fiber

Hopefully, you know enough to keep up moderately (get the "gist" of) when someone explains something about your network/internet now.

Posted: 4/12/2013 2:43:43 AM

A Proposal For Spam-Free Writeable APIs

I've been having an interest in Bitcoin recently, but it would appear I'm too late to the party to make any money on mining. So, what's the next best thing? Taking their idea and using it elsewhere.

The idea behind Bitcoin is to make a particular thing a rare commodity. Now let's pretend we have a website like say http://stackoverflow.com We want to make a public API for it that is writable. Current options appear to be

  1. API keys which require a human to register
  2. ????

I'll throw a second option into the mix. "API Coins" which require a fair bit of computing power to create and are only good in a certain context.

Let's say you wanted to make an account at stackoverflow with a machine that didn't require any human interaction, or rather, didn't require a captcha, valid email, personal info, etc. In theory, a program could register it completely in an automated fashion.

My proposal to prevent masses of spam bots: make it expensive. Use a bitcoin like scheme. Instead of SHA256, I'd go for scrypt because it's so mostly better on CPUs rather than GPUs, and thus capable of executing from Javascript.

So, when you visit the register page I provide something like

  1. Conditions a hash must match (difficultly)
  2. The value hashed must contain a certain provided phrase (to prevent pre-mining of API coins)
  3. That's it!

You calculate a hash which matches and poof! You've got an API key. Ideally, this would be a process that would take no more than 5 minutes on the slowest of hardware. Now, when you need to perform an operation, there will be another hash request, but it won't be as intense as the creation of your API key... but if you're a bad boy, your API key will get banned and you'll have to generate a new one.

Now, how does our site know that API keys are "valid" without pre-mining risk? The key is to make the nonce phrase be random and unique, but slightly persistent. So, when the request is made to get the nonce, it is stored for say an hour. If the API key isn't "found" within an hour or two, it's considered invalid. This would prevent batching of API key creation.

To help to enforce these "hard" checkpoints, if a user, say wanted to post a comment, they'd be given a request like the API key request. A certain difficulty and a phrase to be contained within the pre-hash value. Ideally, this would be significantly easier than generation of an API key.. You could also enforce throttling at this phase by increasing the difficulty for their account as they post more and more things.

The other awesome part about this scheme? It's anonymous other than the IP address in the logs. You can be reasonably sure that it's a human posting while getting absolutely no personal information and storing absolutely no personal information. No passwords needed. You effectively have a sort of private key instead, stored in a cookie or some such.

This also enables awesomely easy registration for users of your API users. "What's an API key?" crops up plenty. Eliminate the need for it!

Some unsolved problems with this approach however:

  1. How to link accounts with it? Assuming you'd want multiple API keys to each API user?
  2. Password to facilitate linking accounts?
  3. What if you lose your key?
  4. What about those mystical FPGA scrypt machines I've heard rumors about?

I might throw together an extremely simple "micro-blog" thing(twitter clone) that uses this concept just to see how it turns out. The hardest thing would probably be implementing scrypt in Javascript

Note One last thing. This isn't to "stop" spam. It's rather to make your site so expensive to spam that it's not profitable. Sure, you can always rent out a few hundred EC2 VMs or some such and compute a few hundred API tokens, but how much is that going to cost? How much do you expect to make from spamming that site?

Posted: 3/31/2013 4:11:10 AM

The best way to have green beans

Yea yea, I know, I don't usually post recipes/food stuff, but this is amazing.

We all know green beans as the boring thing you put in a pot in boil. Well, my mom had an awesome idea when I was a kid and decided to put them in a skillet with a bit of oil and "fry" them. It's amazing. I've discovered a massive improvement on this.

Ingredients:

  1. Frozen or fresh green beans (don't use canned. Not nearly as good (though still bearable in a pinch)
  2. Garlic salt
  3. Pepper
  4. Ground ginger
  5. Soy sauce
  6. Vegetable or or canola oil (probably won't work with Olive oil)

First, put the oil in a skillet. You probably need a table spoon or two. Let that get fairly hot and then dump in the beans. As their cooking(on high/medium high), add in a good amount of garlic salt, pepper, and just a light sprinkling of ginger(probably about a teaspoon or two). Let them cook(stir them around every few minuteS) until a few of the green beans get a bit carmelized/brown. Don't worry, they're not burning. I have to taste them to know their done. It's when they get to the point where they're still firm, but not really crispy.

Anyway, when they're done, now add a little bit of soy sauce to the skillet. Probably about an 1/8th of a cup or so. Just enough to get a bit of the flavor onto the green beans. Then, remove them from the skillet and enjoy!

This is the best way to eat green beans. I'm sure it's not healthy at all, but it is SOOO good. It's also extremely easy. It's about a million times better than boiled green beans

Posted: 12/12/2012 1:32:41 AM

Reworked NVG510 Pages

I reworked the primary NVG510 page. It's not much more informative and should be considered the one stop page for everything contained on this blog about the NVG510 that is useful for people without soldering irons.

Also, this will be the last time I touch that content probably. I don't have U-Verse anymore, and thus don't have to put up with that crappy modem anymore. I still have a modem to test things out on, so if someone manages to make an alternative ROM or something for it, I might try it.. But, otherwise, those pages aren't going to be touched.

Also, of course, if you find out something useful not documented here about the NVG510, I'd love to either link to your site or publish it with credit to you. the DNS problem is the most pesky thing. If someone can fix that and tell me about it, you'd earn 20 internet cookies, from me personally.

If you know anything about the NVG510, shoot me a tweet, comment here, or send me an email (my email address is in the about me

Posted: 12/6/2012 3:58:58 AM

It's Alive!

Finally got this place updated! I forgot a post though back on the other server. I'll get that put on here soon enough.

Also still have to do a few other maintenance things like copy over links and whatnot

Posted: 12/1/2012 8:06:59 PM

Program All The Things!

I recently read a very informative and well written blog post titled How I learned To Program. I must say that my experience with programming very closely mirrors his and every word of what he wrote is exactly true!

Just had to give a random mention.

Posted: 9/27/2012 5:30:37 AM