Daley Ponderings

Khan Academy

jondaley — Sat, 09 Nov 2013 12:31:50 -0500

The boys (and Heather has enjoyed it too - I haven't gotten to it yet) have really been enjoying Khan Academy this last week. It is an educational tool, with lots of questions to test you on different skills. Jonathan is especially motivated by the reward badges it gives you when you do certain activities. It does a good job of remembering how well you have done on previous problems to decide whether you need more practice or not. It also has helpful videos to teach you new concepts.

Noah was working on some fraction problems (identifying the numerator and denominator). He had gotten three problems right and couldn't figure out why the fourth was wrong, and so I asked him if he had watched the video. He hadn't, but had just guessed, and the first three has asked him what the numerator was, and so he had picked the first number. He didn't notice the question changed on the fourth problem. I suggested that perhaps he should watch the video, although I think he didn't, but did see that the question was slightly different, and so then did the bottom number instead.... I guess we will see as time goes on whether this form of experimenting/learning is useful, or if it teaches you interesting things that end up not really working out.

Heather has really enjoyed the teacher interface, which lets you see exactly which problem the student got wrong, how much time they are taking for each problem, etc. In Jonathan's case, it listed he was "struggling" on a particular set of problems, but it turns out the "struggle" had to do with not reading the entire problem, and noticing whether it was a subtraction or addition problem.

Heather will probably want to write more about this, but I wanted to share one quote by Jonathan:

"Now that I was programming all day, I can see why you work so much."

If it isn't clear, what he meant was: it took him a long time to do some things that he considered easy, and was a lot of work to get it to work the way he wanted to. He has now been asking about more efficient computer languages; apparently, he remembers a comment I made about javascript being slow, though I can't remember what he is talking about. I suspect it might have been a comment about a certain programmer being inefficient, rather than the language itself. Or maybe he is remembering when John and I were talking about the Ruby guys who claim everything can be coded in 1/6th the time (and John's potential employer figured that he could be paid 1/6th the amount and the project should be completed in 1/6th the time, since Ruby made everything so easy).

They have a LOGO-type javascript interface where you can make different shapes, and program them to interact with the user.

Distributed Social Networks?

jondaley — Thu, 10 Nov 2011 18:00:25 -0500

I came across yet another version of a distributed social network, this one with hardware. FreedomBox Foundation is working on figuring out how to make tons of tiny little web servers that take out the centralized model. The New York Times has a decent article on explaining why Mark Zuckerburg having all of your information is a bad thing.

The introduction video on FreedomBox's site was a good non-technical description, and with graphics, for all of you who don't like to read that much... :)

It mentions diaspora, friendica and buddycloud. I'd heard of diaspora, and I have an account, but it doesn't interact with me very well. I glanced through buddycloud this morning, and didn't see anything particularly interesting. friendica emphasizes being able to interact with other current social networks, which is a good thing, since it is a hard thing to get people to switch.

I guess I should spend some time in figuring out how to install one of them and see if it is worth using. I've not been clear on how much you can customize the installations, and how hard it is to add features, etc. And how open the development really is, in terms of them wanting features from outside people, etc.

Mostly, I think the problem is that I want it just to work, and so I don't want to spend lots of my own time developing a system. Maybe I could work on figuring out if I could add plugins into LifeType to make it do some interesting things with the new social networks. LifeType 2.0 (if it ever comes out) started a couple years ago adding some social networking features, and so it might fit in well; I don' t know.

But, as facebook and google are increasingly unfriendly (Facebook announced they would no longer import notes, such as this one, starting in a couple weeks) I suppose their theory is that people will manually double post, or move to facebook only, or something like that. But, that is a pain, so I'll probably just stop posting to facebook.

Updated Pictures

jondaley — Mon, 21 Sep 2009 17:14:21 -0400

We are in the process of moving to a new filename format for our pictures, simpy using the timestamp from the camera, rather than manually typing in ordering numbers, etc. And that postponed the publishing of our pictures for a couple months, but I finally spent the time today to get it all setup. The RSS feed for our pictures was a little strange, so if you normally see our pictures that way, you may or may not have seen all of them appropriately.

You can click here to see the most recent pictures.

And I see that most of our Maggie P pictures are not in the RSS feed - not sure why that is - probably due to too many pictures. Probably the best way to not miss any pictures at this point is to check out the "all chronologically" folder.

Thinking In "Blog"? Nope. But Thinking In Code? Yes.

jondaley — Wed, 25 Feb 2009 12:35:25 -0500

Some people have been talking about whether they think in blogging, as in: "this is so much fun, I should blog about it", or, "look how cute the kids are being, I should grab a camera so I can post it on flickr", etc.

I didn't particularly relate to that, but this morning I re-discovered a cipher book I liked as a kid, and thought it would be fun to go through some of it. And then thought, I could write a script to do this for me, and then, maybe I should blog about that. hrm....

Isaac Lisa Faith Isaac Todd Heather Shirley Todd Jon Isaac Lisa Isaac Lisa Lisa Mary Jonathan Heather Shirley Jon Faith Mary Isaac Isaac Jon Noah Shirley Heather Todd Shirley Heather Jon Faith Shirley Lisa Noah Heather Jonathan Shirley Isaac Jon Jonathan Lisa Mary Isaac Mary Lisa Shirley Heather Jonathan Heather Jonathan Lisa Mary Faith Joe Lisa Jon Mary Faith Shirley Faith Isaac Todd Todd Jonathan Todd Faith Shirley Joe Isaac Joe Lisa Heather Joe Isaac Heather Joe Jonathan Todd Lisa Heather Jonathan Jon Noah Heather Heather Todd Heather Isaac Shirley Lisa Jon Mary Todd Isaac Faith Joe Todd Noah Faith Faith Isaac Todd Faith Joe Shirley Lisa Jonathan Noah Shirley Lisa Mary Isaac Heather Faith Isaac Faith Mary Heather Joe Joe Shirley Mary Todd Jonathan Mary Heather Noah Jonathan Todd Shirley Lisa Faith Faith Shirley Heather Jonathan Jon Shirley Isaac Faith Jonathan Faith Lisa Heather Joe Mary Mary Joe Joe Lisa Faith Isaac Jon Noah Mary Todd Noah Jon Lisa Noah Faith Jonathan Heather Heather Mary Heather Noah Todd Lisa Shirley Heather Jonathan Joe Isaac Noah Lisa Lisa Noah Todd Heather Heather Shirley Heather Joe Noah Mary Todd Mary Shirley Todd Shirley Lisa Noah Todd Heather Joe Faith Shirley Lisa Joe Lisa Shirley Jon Jon Jon Mary Isaac Noah Mary Heather Heather Shirley Mary Lisa Jon Heather Lisa Todd Shirley Lisa Isaac Shirley Noah Lisa Heather Todd Mary Shirley Lisa Mary Jon Noah Heather Joe Shirley Shirley Lisa Noah Jon Mary Joe Joe Jonathan Faith Mary Shirley Isaac Shirley Todd Shirley Heather Isaac Lisa Joe Jonathan Shirley Joe Faith Faith Faith Joe Todd Heather Isaac

Recovery Rebate Calculator (AKA, Will the IRS Give Me Any More Money?)

jondaley — Tue, 17 Feb 2009 13:41:51 -0500

The IRS hasn't published their calculator yet, and I have been reading about lots of people trying to figure out what to do with line 70 on their 1040 (ie. the famous RRC that is causing probably more time wasted than was worth the money that was sent out last year.

So, I wrote a calculator this morning. I went through a bunch of cases, so I think I got all of them, but of course, who knows, with all of the tax tricks, etc. if my understanding of the credit is how it actually works.

And if the IRS ever gets around to actually publishing their calculator, it will presumably be better than mine. Have fun.

Helper Shell Scripts for Worklog

jondaley — Mon, 08 Dec 2008 15:25:56 -0500

As I wrote earlier, I use worklog to keep track of my time. I use some other scripts to help manage worklog's output, and now that I made one of the scripts work even nicer today, I figured I should post them.

I use get-time to see where I spent time on a particular day. It defaults to today, but you can give it an argument like "yesterday", "-2 days", "last thursday", etc. Now that it runs without user interaction (courtesy of expect) I have added it as a cronjob to email me at midnight with the previous day's work.

I use get-all to show me all work done since I first started using worklog. Now that I have been running it for more than a year it might not be as useful as it once was, since the average is probably different from the max and min, which might be more interesting (and maybe a future shell scripting project)

get-summary isn't intended to be run by itself, though I suppose there might be some use for it - showing you how much work you have done this month, or something like that. (Oh - I just realized that I might be using worklog differently than some people - I make a new directory for each month, and move the files at the end of the month -- and now that I have this handy expect script, I could probably automate the whole thing, and email it to Heather, so she wouldn't have to ask me to do it any more...)

Note, to get worklog to run in a cron job, you'll need to add a TERM=dumb bit, otherwise worklog won't output its time.log file at all - something to do with cron's tty not being set. Quite frustrating to figure out after spending an hour with a script that worked from the command line, but not from the cron.

Scripts: get-time get-all get-summary

Software Development

jondaley — Fri, 14 Nov 2008 09:46:19 -0500

I have been quite behind in my magazine reading, and this morning I caught up to August (2008 - at some points, it has been necessary to specify the year when saying how far behind I am).

There is an interesting article in Dr. Dobbs, by Scott Ambler, regarding methods of estimating costs of software development, and whether the typical, fixed price model is even ethical.

"fixed price refers to a project where the cost, schedule and scope are set early in the lifecycle."

His examples include very large numbers (at least compared to my current projects), which I found distracting, but the percentages are useful. I liked this quote, which is the reason for this post:

Traditionally, we've wanted to believe in the concept that "software engineering" is 80 percent science and 20 percent art, but in practice development has proven to closer to 20 percent science and 80 percent art. Or perhaps the 20 percent of software engineering that is art is simply 16 times harder than the 80 percent that is science.

I have a meeting in two weeks where I'll meet a potential customer for the first time, and they'll likely expect a fixed-price quote, though they did say they have enough money for the project, so hopefully, it won't be too hard to figure out what the project should cost. I just saw another quote from a related article on the online version of th e magazine, where the author quoted someone else saying that customers expect vendors to provide a "five 9's" estimate on "one 9" of requirements. I think that's pretty accurate.

SSH Login Attempts

jondaley — Tue, 08 Jul 2008 23:40:22 -0400

I think I have written before about DenyHosts, but this evening, it prevented somewhere around twenty thousand individual hosts trying to login to one of my servers. The hackers have gotten smarter - that they used to just try from one host, which was trivially blockable, even manually. But, thanks to denyhosts (and the fairly easily trackable behavior by the hackers), they think they get a couple chances to guess a password before being blocked. Note, that I say "think", because they actually don't get any, due to the way they are doing it.

But now, they are trying to be trickier, by only trying five times, and then using a global network, switching to a different machine in a different country, and trying five times from that computer.

Fortunately, DenyHosts has a blacklist that I can contribute to, and my system sends all of the IP addresses that attempt to login into mine, and so as long as someone is using denyhosts, they'll benefit from my logging, and perhaps the hacker won't even get a single chance to login to someone else's server, since they'll already be blacklisted.

I am not sure what the hackers think they are going to achieve on my servers - seems like it would be better to spend time elsewhere. They have figured out I use denyhosts, or a similar application, so seems like they should go to an easier target.

Perhaps their goal is some sort of denial of service, but I don't think that is particularly possible in this case, or at least, not in the way they are going about doing it. I don't know if the hosts.deny file has a practical limit to the number of entries - I don't notice any lag time when logging in, ie. the parsing of the file doesn't seem to take that long.

Maybe the goal is to get so many IP addresses in the database that people can't use it, and maybe if the case of dynamic IP addressing, one of my customers could end up with a blacklisted IP. So far, so good though, so we'll see how it goes.

VMWare 1.0.5 Server patch for 2.6.25 kernel

jondaley — Fri, 18 Apr 2008 00:28:25 -0400

I had the privilege of installing VMWare 1.0.5 on a brand new 2.6.25 kernel. I downloaded the 2.6.XX patch for vmware 1.0.4, applied the one change from asm to linux in vcpuset.h. That had worked for me before when using 1.0.5 on a 2.6.24 kernel, but today I downloaded a 2.6.25 kernel for someone and of course, someone changed something slightly, causing the vmware module (vmnet) to no longer compile. Fortunately for me, a small bit of hacking fixed it, and now I can go to bed.The function that is missing in the 2.6.26 kernel is sock_valbool_flag, which was recently made inline, so it causes a "implicit declaration of function" error when running the standard vmware-config.pl script. I saw that the function still exists in the kernel sources, but was made a static function, and moved to sock.c. So, after taking a look at the function, I figured it wouldn't hurt to simply copy it from sock.c into vmware's bridge.c and off I went. tada!

LifeType 1.2.7 released

jondaley — Sun, 30 Mar 2008 20:38:10 -0400

After a slightly hectic day yesterday, when I noticed some strange behavior on one of my servers, we released a new version of LifeType. While I am not impressed that the bug existed in the first place, I think it is pretty neat that a development fixed was released within 4 hours of the bug being discovered, and an official release within 36 hours. The last time we had a security issue, we released the fix in less than 24 hours, but it is harder on a Sunday.

The security issue itself wasn't all that interesting - we were checking a blacklist in a case-sensitive manner, and so filename.PHP was incorrectly allowed to be uploaded, and filename.php was correctly blocked.

What was interesting was what the Iranian hacker was doing once he uploaded the script. It turns out he actually uploaded the script a month ago, modified my customer's home page (just added a link to his own site) and then came back now to actually do his "real" work. My theory is that perhaps there are people who get paid $5 for every web site they figure out how to hack into, and give the URL to the payer. Then, they payer gets around to actually logging (manually) and setting up his attack. In this case, they used my customer's account to try to crash another bulletin board. They weren't trying to actually get access to it, just bring it down to be annoying. I forgot to save the name of the site they were trying to bring down, so I can't contact them to see how they fared, but like the previous spammer code I looked at, this one was also quite nifty. Some Russians distribute some PHP code that is fairly obfuscated (I almost gave up trying to figure out how it worked, but managed to finally get it unobfuscated) that prints a handy web page that allows an attacker to view information about the server, check /etc/passwd for insecure accounts, run whatever program he wants (and download the source and compile if needed), auto-update the software from the Russian site if there is an upgrade, email logs of the progress, etc.