This Blog has moved to http://www.falsepositives.com/

False Positives Adventures in Technology, SciFi and Culture from Toronto

Friday, August 29, 2003

Top medical acronyms

Via the BBC: Doctor slang is a dying art. And you thought geek slang was insulting! Here are a few choice terms:


CTD - Circling the Drain (A patient expected to die soon)
GLM - Good looking Mum
GPO - Good for Parts Only
TEETH - Tried Everything Else, Try Homeopathy
UBI - Unexplained Beer Injury
TTFO - an expletive expression roughly translated as "Told To Go Away"

LOBNH (Lights On But Nobody Home),
CNS-QNS (Central Nervous System - Quantity Not Sufficient),
Pumpkin Positive - which refers to the implication that a penlight shone into the patient's mouth would encounter a brain so small that the whole head would light up.

Digging for Worms - varicose vein surgery
Departure lounge - geriatric ward
Handbag positive - confused patient (usually elderly lady) lying on hospital bed clutching handbag
Woolworth's Test - Anaesthetic term (if you can imagine patient shopping in Woolies, it's safe to give a general anaesthetic)

Freud Squad" are psychiatrists, and "Gassers" and "Slashers" are anaesthetists and general surgeons respectively.

Category"Humour

Wednesday, August 27, 2003

HTTP Monitor, Throttling, Reverse Proxy as Web App debugging tool (No that's NOT my new nickname!)


Tech-Weblog by Christoph C. Cemper pointed me to Charles which is Java shareware app ($50 paypay after 10 days) with the the following list o' features:

  • Cookies are shown in the HTTP headers, so you can see exactly what cookies you are sending and receiving.

  • Every request and response is recorded in Charles. Redirects that are often too quick to see when
    testing with a web browser can be seen in Charles. Requests from applications other than your web browser
    (such as Flash movies) can also be seen.

  • Request and response sizes are shown in Charles, so you can see how big each request was.

  • Assets loaded from an HTML page are recorded so that you can see how many images etc are loaded by a page, and where from.

  • All files can be viewed, including JavaScript files, CSS files, HTML files etc.

  • Mirror all responses to disk, recording your session.


  • Blacklist sites so that requests are blocked.

  • See the results of caching by seeing cached responses (304 Not Modified), and requests containing
    last modified dates (IfModifiedSince).

  • Disable caching by removing cache related headers from requests and responses as they pass through Charles,
    ensuring that you are always requesting the latest file.

  • See whether a cache has served your request by looking for cache-hit HTTP headers.

  • View the encrypted HTTPS communications.


  • Reveal unexpected requests, such as typos and 404s.

  • View requested images.

  • Throttle your web connection to a specified bytes/second speed, and millisecond latency. This
    enables you to simulate modem conditions on a high speed internet connection

  • Spoof DNS name to ip mappings so that you can test a domain name before it has gone live. Very useful for testing your virtual hosting.

  • Export to CSV all of the summary data captured by Charles for analysis and reporting in Excel


  • Reverse proxy creates ports on the localhost that act as regular HTTP servers, but forward all requests to a specified web server.

  • SSL debugging enables you to view requests and responses in plain text even when communicating with an SSL secured web server.

  • HTTP/1.1 support - understands some HTTP/1.1 specific responses, and forces no keep-alives


I can think of lots of times when I wanted to see just what was going on between the app (or broswer) and the server, and the Throttle could be used to test "What if I only had a dial up line rather that this 10 Terabit Ethernet connection" scenario testing. Lot's of geeky goodness here.

Monday, August 25, 2003

What they really mean...

from Valley of the Geeks - NEW: Management Speak (Dilbert would be very proud)

The product is going to ship in Q4....we just don't know what year.

No serious bugs have been reported....since we don't have any actual users yet.

We're totally committed to training and education....you'll learn on the spot or we'll fire you.

We're big on open source software....and anything else you can download free.

I don't want to point fingers....but you definitely screwed up!

It's an aggressive schedule....that assumes infinite resources.

We only hire the best and the brightest....from the local high school.

There's a significant upside in revenues....we haven't sold anything yet!

We need to push the envelope on this one....and if you get caught, I will deny all knowledge.

We want to hire a real risk taker....who won't look too carefully at the books.

The CEO is a real up-and-comer....and he's never been convicted.

We're at least 24 months ahead of the competition....and at most six months from bankruptcy.

We've got a major deal we're about to announce....if we can ever get the software to work.

Sunday, August 24, 2003

Microsoft was told about ECL (Execution Control Lists) 12 years ago and still doesn't get it!

Aug 24 / 03 column from I, Cringely | The Pulpit
"To answer your reader’s question," says my buddy, who was once one of Microsoft's larger customers, "one of the basic functions of an operating system is to run programs. There is a RUN API and the command line interpreter is simply an interface to the RUN API. Many viruses are sent through e-mail because it is easy to access the RUN API from an e-mail attachment. Our first suggestion was within e-mail to restrict the ability to run applications and interact with the e-mail system (post office, address book, etc). Only the e-mail client should be able to interact with the e-mail system. Only programs that have registered and authenticated user IDs [ought to be able to] independently interact with the e-mail system. There should be a way to manage and control the RUN API's control by e-mail attachments.”
...
"Our second suggestion was at that point to improve the security of the RUN API. The operating system internals would also be registered as users. Legitimate OS functions could use the RUN API. The user could use the RUN API. Any registered and authenticated applications (no longer limited to e-mail) could use the RUN API. Anything else that attempted to use the RUN API would have to ask the user for permission, or would be prevented from working altogether.”

PCMag.  Nice list of files that you run into when running firewalls (like ZoneAlarm). via John Robb's Weblog

Thursday, August 21, 2003

One Week Latter

Still watching our power use, baking in our home/office with low/no air con, raging at the juice pigs who don't get it, hoping the grid will stay up. It wasn't the end of the world ( one false positive ), but it's still unclear if the new normal is going to be power conservation, decentralized gird (build more like the internet), and micro or home generation.

Monday, August 18, 2003

This Guy REALLY Doesn't like using a Mac

Mac Editor (uses flash)

The Spiders Part 3 - alternate history of the Afghan War by Patrick Farley

at http://www.e-sheep.com/spiders/ Amazing Web based graphic novel. Love the mesh net, internet driven RPV spider bots.

Mr Farley's blog is Patrick Farley Exposes His Ignorance.

Another favorite at e-sheep inculdes : Delta thrives > the blog of delta aziza nguyen / kepler sphere / equatorial necklace / earth

Sunday, August 17, 2003

WTF! Since When did Books get Trailers?

From SlashDork : Doug Chiang's studio has released a trailer for his upcoming book. The book is a collaboration with Sci-Fi author Orson Scott Card of Ender's Game fame, and will include 75 pieces of Chiang's artwork. Chiang is the Concept Art Director at Industrial Light and Magic (and thus the concept art guy for the Star Wars prequels).

The Second teaser is very vivid and compelling. Also, is this the furture of book marketing?

Friday, August 15, 2003

Blackout of '03, a delayed Y2K experience

Blackout of '03, a delayed Y2K experience

Around 4:15 Thursday afternoon in Toronto, the power abruptly went out. Okay, what did I do? I hadn't turned on anything. The air con wasn't running. Wasn't me. Must be a local outage. Called Elicia, and they were down at her office too. I still figured it was local and we would be back in a couple of hours, worst-case scenario. I was about to run a errand, so I told Elicia that and I'd call her on my cell phone later. Elicia and her co-workers walked downstairs to the Bymark bar to relax before the power came back and they could wrap up (Thursday was an important date for bond numbers or such).

I popped into the car, turned on the radio (CBC 99.1 FM) and headed out. By the time I hit the first intersection it was obvious this was going to be a long day. First a large minority of drivers were NOT treating the out of commission signal as a four way stop but as an excess to ram ahead (Out of my Way! Very Important Person coming though....", assholes!), and the radio started to report just how large an area was effected. All of Toronto, London, Ottawa then reports of New York, Boston. OH MY GOD. Thankfully not as a result of terrorism, just an ordinary, extraordinary, cascading outage. By the time I made it to the next major intersection (Jane & Dundas) I saw my first voluntary traffic warden (Thank You!), which helped. Shortly after I decided my trip was non-essential (and pointless) so I turned around. By the time I got home it was half an hour later, a trip that would usually only talk 5 minutes there and back.

The radio at home had no batteries, so I bought what I needed at the corner store, and now I was able to continue listening to the reassuring sound of the radio broadcast. Cell phones didn't work so I couldn't get in tough with Elicia. Decided to eat an perishable food item. Got out flashlights. Upstairs phone ran, not the answer machine phone! Strange? It was Stella, Elicia's sister, at her mothers. Confirmed that Mom-in-law was okay and told Stella what I knew of the scope and circumstances. Later our neighbors called offering tea (they have a gas stove). I thanked them but instead fired up the BBQ and had a hamburger (another perishable food item). Then Elicia called. I had been worried (silly me). She'd been enjoying herself and wondered what was going on. We made plans to meet at her sister Tam's place (Kensington Market), and I got back into my chariot.

It was now after eight. Driving down the streets in the setting sun was very strange. Less traffic than before, more volunteer traffic warden's, a few official ones. Elicia, Tam and Ted were eating by candle light in the back. I had brought my portable radio and brought them up to speed. After a couple of hours we drove back home in the now pitch back streets. If you didn't know where the lights were supposed to be, it was easy to find yourself driving though them.

Shouldn't lights be painted with reflective paint, like stop signs? That would make it safer.

So we got home safely, and looked at all the stars that you only see in the countryside, before going to bed. Light came back to our area around 3:30.
People were very well behaved and patience. Thank you to all those brave volunteer traffic warden's who stepped in and made the road safer. Thank you to all our Emergency Services Personal (I've heard that the Fire Crews normally respond to 200 call in a night, went out on 1200 calls). 50 Million people had a delayed Y2K experience, and handled it very well.

It was shocking to learn how dependent we are on the electricity flowing: bank machines and debit cards were down, it was a cash and carry economy; we had water but some people didn't; Gas stations with no power to pump, oh the irony; No TV or Internet, but radio; Fancy phones did not work but the old ones did.

It was like going back to the 19th century for a few hours. I wonder if we can learn any thing for this. About decentralized power generation and distribution? About Light pollution? About life? Nah.....

Thursday, August 14, 2003

Get ready for More MSBlast worm

After cashing or slowing down the networks and computer of many organizations (large and small), new variants of the Blaster worm have already been reported. Since Microsoft had issued an alert July 16 about the vulnerability that Blaster exploits, they (at least the larger org's) have no one to blame but themselves for not a) testing the patch, b) deploying the patch c) running a MS OS on a net facing system, d) not running Linux/unix on their net facing systems.

Zone Alarm seems to have handled things okay. All laptops or PC's (corporate or personal) should be running something like this as well as anti-virus systems.

Meanwhile so many people (who should know better) have been trying to figure out what the RPC stands for (the worm exploits an RPC DCOM hole in windows) are doing a Google search on 'RPC' and driving up the traffic to the XML-RPC site (in order to explain to their PHB's?) (RPC = Remote Procedure Call)


Here's what TechWeb News says about correcting the problem :

Advice For Prevention, Cleansing Of MSBlast Worm By Gregg Keizer, TechWeb News

Experts from all quarters are offering advice on ways to prevent MSBlast worm infection, and how to remove it if it gains a foothold.

Vulnerable Windows systems, which include those running Windows NT 4.0, 2000, XP, and Server 2003, should be patched immediately,
Microsoft urged on the home page of its Web site. The patch can be obtained here.

The Redmond, Wash.-based developer also provided a link to instructions on how to set up Windows XP's Internet Connection Firewall to prevent the worm from spreading to users' PCs, as well as a toll-free number that users can call (866-727-2338) for help removing the worm from infected systems.

The CERT Coordination Center posted advice that included recommendations for enterprises to block
and/or monitor a slew of ports, including TCP and UDP ports 135, UDP port 69, and TCP port 4444.

Anti-virus vendors have updated their definition files to take MSBlast into account, and urge their users to update their anti-virus software immediately.

Several have also made available removal tools to cleanse infected systems, or placed step-by-step instructions for manually removing MSBlast on their Web sites.

Symantec, for example, offered an automated removal tool on its site that users can download for free. F-Secure provided a similar tool for downloading, as well as a separate text document that contains instructions on its use.

Internet Security Systems did not provide a hands-off cleanser, but did offer instructions for removing MSBlast manually. They can be found on
ISS' web site toward the end of this document. It requires editing of the Windows Registry.

Saturday, August 09, 2003

Using RSS in JSP

Java Net has an interesting piece on Using RSS in JSP which lead me to Informa, a RSS (Rich Site Summary) library for Java. Worth a look for learning and use in a furture revision of my Lotus Notes News Reader.

Friday, August 08, 2003

What is Fahrner Image Replacement technique, and why you should care

Russell Beattie talks about the huge increase in power behind the combination of XHTML+CSS (I agree), with links to an article In Defense of Fahrner Image Replacement (FIR is a CSS-based background image replacement technique, i didn't know that either!) by Vancouver's Dave Shea of www.mezzoblue.com fame.

A a demo of what is possible look at css Zen Garden a demonstration of what can be accomplished visually through CSS–based design, by selecting any style sheet from the list to load it into this page. Quite stunning

Friday, August 01, 2003

What's important about XP

Extreme Programming can be a radical and threating changes for anyone, even managment! ONLamp.com: Five Lessons You Should Learn from Extreme Programming [Jul. 31, 2003] focus's more on the Why before mentioning the What (or even the WHT!)
  1. Code for Maintainability
  2. Know Your Status
  3. Communicate Early and Often
  4. Do Things That Matter
  5. Fix Your Most Important Problem First
Ask your Boss if these 5 things are important. When she agrees, then together look for ways to get there. XP by stealth! Hmm.. Then only question is when do you make your Boss aware of Extreme Programing (or Agile Development, if you prefer)?