False Positives , Ian Irving's Adventures in Tech, Toronto (and HK), Sci and SciFi

Friday, August 29, 2003

Top medical acronyms

from this BBC article on Doctor slang is a dying art. And you thought geek slang was insulting! Here are a few choice terms:


CTD - Circling the Drain (A patient expected to die soon)
GLM - Good looking Mum
GPO - Good for Parts Only
TEETH - Tried Everything Else, Try Homeopathy
UBI - Unexplained Beer Injury
TTFO - an expletive expression roughly translated as "Told To Go Away"

LOBNH (Lights On But Nobody Home),
CNS-QNS (Central Nervous System - Quantity Not Sufficient),
Pumpkin Positive - which refers to the implication that a penlight shone into the patient's mouth would encounter a brain so small that the whole head would light up.

Digging for Worms - varicose vein surgery
Departure lounge - geriatric ward
Handbag positive - confused patient (usually elderly lady) lying on hospital bed clutching handbag
Woolworth's Test - Anaesthetic term (if you can imagine patient shopping in Woolies, it's safe to give a general anaesthetic)

Freud Squad" are psychiatrists, and "Gassers" and "Slashers" are anaesthetists and general surgeons respectively.

Wednesday, August 27, 2003

HTTP Monitor, Throttling, Reverse Proxy as Web App debugging tool (No that's NOT my new nickname!)


Tech-Weblog by Christoph C. Cemper pointed me to Charles which is Java shareware app ($50 paypay after 10 days) with the the following list o' features:

  • Cookies are shown in the HTTP headers, so you can see exactly what cookies you are sending and receiving.

  • Every request and response is recorded in Charles. Redirects that are often too quick to see when
    testing with a web browser can be seen in Charles. Requests from applications other than your web browser
    (such as Flash movies) can also be seen.

  • Request and response sizes are shown in Charles, so you can see how big each request was.

  • Assets loaded from an HTML page are recorded so that you can see how many images etc are loaded by a page, and where from.

  • All files can be viewed, including JavaScript files, CSS files, HTML files etc.

  • Mirror all responses to disk, recording your session.


  • Blacklist sites so that requests are blocked.

  • See the results of caching by seeing cached responses (304 Not Modified), and requests containing
    last modified dates (IfModifiedSince).

  • Disable caching by removing cache related headers from requests and responses as they pass through Charles,
    ensuring that you are always requesting the latest file.

  • See whether a cache has served your request by looking for cache-hit HTTP headers.

  • View the encrypted HTTPS communications.


  • Reveal unexpected requests, such as typos and 404s.

  • View requested images.

  • Throttle your web connection to a specified bytes/second speed, and millisecond latency. This
    enables you to simulate modem conditions on a high speed internet connection

  • Spoof DNS name to ip mappings so that you can test a domain name before it has gone live. Very useful for testing your virtual hosting.

  • Export to CSV all of the summary data captured by Charles for analysis and reporting in Excel


  • Reverse proxy creates ports on the localhost that act as regular HTTP servers, but forward all requests to a specified web server.

  • SSL debugging enables you to view requests and responses in plain text even when communicating with an SSL secured web server.

  • HTTP/1.1 support - understands some HTTP/1.1 specific responses, and forces no keep-alives


I can think of lots of times when I wanted to see just what was going on between the app (or broswer) and the server, and the Throttle could be used to test "What if I only had a dial up line rather that this 10 Terabit Ethernet connection" scenario testing. Lot's of geeky goodness here.

Monday, August 25, 2003

What they really mean...

from Valley of the Geeks - NEW: Management Speak (Dilbert would be very proud)

The product is going to ship in Q4....we just don't know what year.

No serious bugs have been reported....since we don't have any actual users yet.

We're totally committed to training and education....you'll learn on the spot or we'll fire you.

We're big on open source software....and anything else you can download free.

I don't want to point fingers....but you definitely screwed up!

It's an aggressive schedule....that assumes infinite resources.

We only hire the best and the brightest....from the local high school.

There's a significant upside in revenues....we haven't sold anything yet!

We need to push the envelope on this one....and if you get caught, I will deny all knowledge.

We want to hire a real risk taker....who won't look too carefully at the books.

The CEO is a real up-and-comer....and he's never been convicted.

We're at least 24 months ahead of the competition....and at most six months from bankruptcy.

We've got a major deal we're about to announce....if we can ever get the software to work.

Sunday, August 24, 2003

Microsoft was told about ECL (Execution Control Lists) 12 years ago and still doesn't get it!

Aug 24 / 03 column from I, Cringely | The Pulpit
"To answer your reader’s question," says my buddy, who was once one of Microsoft's larger customers, "one of the basic functions of an operating system is to run programs. There is a RUN API and the command line interpreter is simply an interface to the RUN API. Many viruses are sent through e-mail because it is easy to access the RUN API from an e-mail attachment. Our first suggestion was within e-mail to restrict the ability to run applications and interact with the e-mail system (post office, address book, etc). Only the e-mail client should be able to interact with the e-mail system. Only programs that have registered and authenticated user IDs [ought to be able to] independently interact with the e-mail system. There should be a way to manage and control the RUN API's control by e-mail attachments.”
...
"Our second suggestion was at that point to improve the security of the RUN API. The operating system internals would also be registered as users. Legitimate OS functions could use the RUN API. The user could use the RUN API. Any registered and authenticated applications (no longer limited to e-mail) could use the RUN API. Anything else that attempted to use the RUN API would have to ask the user for permission, or would be prevented from working altogether.”

PCMag.  Nice list of files that you run into when running firewalls (like ZoneAlarm). via John Robb's Weblog