paraliteracy has its perks
Well, the inevitable happened. I upgraded to a D200, which is (as far as I can tell, anyway) pretty much the best sub-$2k camera on the planet right now. Other models have more features, or more megapixels, or whatever, but no one can talk smack about the image, build, or ergonomic quality of this beastie.
From an excellent article about his new mod_atom Apache 2 handler:
I’m assuming that one of these days someone I respect will explain to me why libtool & friends are a good idea and how to use them properly; until then I’m going to ignore them and hope they’re replaced. This technique allowed me to avoid ever learning either imake or C++.
This story, which I found through BoingBoing, got me thinking about how market forces can drive change in policy amongst academic institutions, much as they do with private corporations.
Colleges and universities exist in a very competitive market. Almost any institution, especially at the undergraduate level, is only one of a number of entirely reasonable and desirable choices for most students. Decisions about which school to attend are made largely on the basis of cost (including aid packages), prestige, and culture.
If the administration of a school is perceived by students as siding with corporate interests over its own student body, that takes a toll on both the second and third items above. Given time, that will inevitably put a downward pressure on the value students place on education at said institution, which will force more aid and recruitment dollars to be spent to capture the same number of students.
Will those costs eventually outweigh the savings from potential litigation, lobbying, and education of students provided by simply “toeing the party line” and being transparent to the RIAA’s pseudo-legal attacks? Only time will tell.
I for one think that the cost in prestige to school that fail to defend their students to the best of their ability will be larger and much more persistent that the current insanity that is the RIAA/MPAA witch hunt, but IANAL.
The Mt. Tabor race series is a great scene — lots of bike-y folks having picnics and sort of half-watching the races. Since the course is so short, you get to see the field pass your spot along the course at least a handful of times, which is quite different from the longer races, where you might wait an hour or more between sightings of any riders.
Warning: gearhead rambling ahead! My little D40 just isn’t up to the task of AF against targets moving that fast, though; my hit rate was probably less than one in ten, which really makes the D80 vs. D200 decision I’m currently going through a lot harder. Talking with friends who shoot Pentax and Canon doesn’t help, either — it seems to be getting harder and harder to find a Nikon partisan in this town, and I’m having a hard time motivating myself to care which logo is on the camera. I just don’t relish the prospect of having to re-sell all my well-used Nikon stuff, which I really would have to do in order to afford a brand switch.
S’cuse me, folks, but this just makes me feel like punching the air and smiling a lot:
That’s a geen-yoo-eine `A’ right there, earned by yours truly in a graduate-level CS class. I wish I could track down the joker who failed me out of that community-college C++ programming course, and mail him a transcript…
You can’t take politics too seriously. Well, scratch that. You should take politics very seriously. But, that doesn’t mean you can’t have fun with it. So, when I was getting all dolled up for the Bus Project Gala, “The Wheelies”, I decided to go with something a little different from my usual quarterly head-shaving, and leave a bit of a mohawk up top.
As you can see, the results were…interesting. I don’t think I’m going to rock the ‘hawk as a general rule, but it was fun to see people’s reactions to rather-pedestrian-looking old me suddenly turned “weird”.
Thanks to Toto Vo for doing a bang-up job of photography at the show. Check out the Bus photo gallery for more.
My parents have had their house on the market for quite a while now. It’s a gorgeous Victorian down in McMinnville, which will be absolutely perfect for some well-off wine lover (translation: yuppie with a soft spot for Pinot and irises) as a second home, retirement home, etc.
Of course, like everyone else with a house on the market right now, they’re pretty well stuck while everyone figures out just how far down the market is going to head. It’s a bummer, though, ’cause they really want to move into Portland, and be closed to me and my brother. I’d love to have ‘em in town…so someone stumbling across this blog should really snap the place up.
M’kay? That’d be great…
The project I’m currently working on at work is in about its third iteration currently, and very close to a feature-complete alpha at this point. It’s nothing sexy: just a self-service password reset tool, to allow folks using Kerberos on campus to answer some security questions and pick a new password in case they forgot their old one.
All the interesting bits are in the underlying design. I’m trying to use the Translucent Databases approach, so all user records are stored with one-way hashing used on their record IDs. Theoretically, it means that even if someone “bad” got their hands on our entire database, they would need multiple pieces of information about each user before they could even look up the user’s records.
In practical terms, this means that you get something like the following in place of a simple lookup-by-username:
user_rec_hash = OpenSSL::Digests::SHA256.hexdigest(username + private_ident + SECRET_APP_KEY) user_info = ResetDB.find(user_rec_hash)
Without knowing that private_ident and SECRET_APP_KEY, the would-be cracker can’t really find much of use in the database.
On top of that, the web front-end is a completely separate process from the “trusted” reset daemon, which means that the reset policy is enforced somewhere other than a process listening on port 80. Again, this is a worst-case survival policy: if someone pwns the web server, they still can’t do anything more nefarious than sniff other people’s sessions, which are of course strictly limited so that only one client host can request a new password per day.
It remains to be seen if the system as implemented will actually be all that secure, but it’s been a fun exercise working through all of these possible attack scenarios with my coworkers, and then designing security features to protect against them.
I think that Drupal might fit into the category of tools which simply make it too easy to dump a few thousand words of poorly-organized crap onto the Interwebs. I mean, here I am with like four different major content modules, and nothing to fill them.
Job one: import my old content (though unless I can rewrite the URLs to match the original, it may not matter). Job two: tweak the L&F here until I find something that looks less like, well, a stock template.
Recent Comments