Recently I read a proposal for a NSFW (not safe for work) tag, and I liked the idea for a few minutes but I’ve disliked it ever since. The most-discussed problem with a <nsfw> tag is the cultural specificity of what’s safe and unsafe for your work environment, for example could you watch South Park.
I really see the biggest problem as where the NSFW bit should live, in the link or in the content. Probably everything on www.dirtynastypicturesofhorriblethings.com is unsafe for work, so it’d be easiest to send a X-NSFW header to every http request, and the browser could display an “Are you sure you want to see nsfw content?” prompt before showing the page. However the cultural question is much easier, if you consider it to mean “This link is considerably less work safe than the content around it.” In that a link to fark.com might be nsfw if it’s coming from the Wall Street Journal, and then a link from fark.com could itself be nsfw if it linked to nudity.
Generally though, I think it’s the wrong solution. I really want an attribute on links to say “this link opens a PDF,” because in so many environments, starting Adobe Reader is tantamount to crashing the machine, but the correct solution is for the browser to warn me and handle it correctly (which is what my machines do). And that is even easier in that compliance wouldn’t be voluntary, a nsfw tag would still leave you victim to pranksters and lazy posters (which judging by the sheer number of lolcats is just about all of us). Worst of all, the scenario this proposal is trying to solve is “I want to browse the web at work and not get in trouble,” so I don’t really see any buy-in from corporations since it’s a pretty tough sell as a new “feature”.
There is a lot of opportunity to enrich the machine understanding of web communications, but I really think this problem is probably best addressed with some kind of clever browser plugin — most search engines sensor their results, a starting point might be to show a warning if your link wouldn’t show up in censored results.
Edit: An obvious (but the kind of clever obvious that you miss) pair of points from reddit:
From jamt9000, this can already be done on a website level, by just using a class=”nsfw”, if it catches on, browsers will support it without any new standards.
And naner points out that much of the actual nsfw images are advertisements (probably since they need to attract attention) which would break any voluntary proposal
Jeff Atwood and Ted Dzubia both hate Swoopo, so it’s roughly as bad as PHP. A quick overview: “auctions” start at $0.00 and each bid raises the price by pennies, the time remaining in the auction by 10 seconds and costs the bidder 75 cents to place.
If you can get the last bid in (and you only place a few), you can pick up a $1000 laptop for $30. I mostly ignored Swoopo until Joshua Stein tried to game it. He was thwarted by HTTP requests not being accurate to the sub-second (since Swoopo gives ties to the users who waste money on automatic bidding), and determined that bidding was indistinguishable from gambling.
But I’m not convinced it can’t be gamed, the key being that you want to game it with high probability rather than win any one auction.
Just as a first pass, I think you want to find auctions where:
Several are closing at the same time - so there’s less competition
At a particular time of the day - same reason
Only auctions for $500+ items selling for more than 90% off, so any accidental purchases can be safely sold at a profit (I don’t want to bother reselling DVDs)
So I used a greasemonkey script to download the last 10 000 winners into a spreadsheet.
Quick facts:
9904 auctions were won by 4217 distinct users (7 by phone)
The average savings (vs the suggested price) was %65, although in 35 users paid more than the suggested price
2853 auctions were open only to manual bidders, rather than the automatic bidbutler (the difference in savings %66 vs %66 isn’t significant).
Wins are spaced fairly evenly throughout the 24 hour clock
The average winner placed ~95 bids, thousands are not uncommon, one “winner” placed 2623 bids
Roughly one in ten auction winners placed only 1 or 2 bids.
Clearly the last point hints that it’s possible to win by sniping at the last minute.
Roughly 1 in 8 auctions was for items valued at more than $500, and won for less than 20% of the suggested price. “Winners” used an average of 311 bids — that doesn’t look good.
History (and Karl Rove) have judged him, and it seems George Bush’s legacy will be one of too little action and too much reading. According to an article in yesterday’s Wall Street Journal, the 43rd president reads an average of over 500 hours every year (that’s 12-13 weeks of 9-5 full time reading, more if you have a paid lunch).
Apart from reading “Team of Rivals” back in 2005 (before it was cool), in 2006 he breezed through the two-and-a-half pound “A History of the English Speaking Peoples Since 1900″ before some light Camus in the bathtub. Assuming that Karl Rove and the Wall Street Journal are to be trusted and that 2006 through 2008 weren’t wildly atypical years, over his presidency, Bush read approximately:
496 books (62 a year, 99.8% of which were not written by family members)
246,000 pages (roughly 31,000 a year)
over 4,100 hours (assuming that a Yalie reads at about 1 page a minute)
Note: All numbers are available in this spreadsheet, please point out any errors. All page counts are from Amazon.com. Note that I haven’t included any numbers for “each year, the president also read the Bible from cover to cover” which could add as much as 16,000 pages to the total.
The Government of Ontario runs a fantastic service to monitor the state of traffic jams on the 401: COMPASS Freeway Traffic Management System. So the obvious question becomes, when should I drive home?
Step 1: Get some data
First I ran a cronjob on the server hosting ultrasaur.us, that basically recorded the state of the various stretches of road. It’s been running a few days now, and after 14000 readings, there seem to be the following states for a stretch of road (with counts):
Express and collector moving slowly (423)
Express and Collector moving well (7055)
Express and collector very slow (85)
Express moving slowly. Collector moving well (205)
Notice that there are some near duplicates with double spaces after a period — I’ll convert multiple spaces into singles.
Next I needed to give all of these a value, based on my back of the envelop calculations well means 80+, slowly means 50-80 and very slow means 0 to 50.
Caveats and thoughts:
the values can’t be exactly calculated, so I’m not going to try,
one important thing that I want to do is map each status to a unique value so that I don’t lose any data. The key is that the values be in order
you can see that I’m biased towards the expressway
So values represent the proportional time it takes to travel over a stretch of road (ie higher is worse):
100: Moving well
101: Express and Collector moving well
130: Express N/A. Collector moving well
150: Express moving well. Collector moving slowly
160: Express moving well. Collector N/A
170: Express moving slowly. Collector moving well
180: Express moving well. Collector very slow
200: Moving slowly
201: Express and collector moving slowly
210: Express N/A. Collector moving slowly
250: Express moving slowly. Collector N/A
380: Express moving slowly. Collector very slow
410: Express very slow. Collector moving well
460: Express very slow. Collector moving slowly
501: Express very slow. Collector N/A
500: Express and collector very slow
510: Express N/A. Collector very slow
null: N/A (I’m willing to extrapolate a guess at the other N/A’s, but not here)
So this gives me the first chance to make a graph, just over my first 14000 points, here’s the average state of the 401 Westbound over the 24 hours in a day (over a Monday-Wednesday):
The worst time to drive is 4-5pm, but the three hours from 3pm to 6pm seem to be the worst. That’s not much of a surprise (although it’s an hour or so sooner than I expected rush hour to start), but that evening rush hour is so much worse than morning rush hour is a bit of a shock. That 1pm is such a slow time is curious too, I wonder if that bump will go away with more data.
(Data is available to anyone who contacts me, it’ll eventually be available for download)
Disclaimer: Any of the security articles on this site, no matter how juicy the titles, are about white-hat work. If anyone learns anything useful for attacking servers from me, it’s because they are really, really bad at googling.
I’m not a paranoid person, I rarely lock my doors. Even with computers, many of my passwords are “password” and I believe in backups not preventative security for 90% of my personal files. Still, I’m passionate about *being able* to secure systems.
Computer security is hard. It’s hard enough to write software that works 100% of the time for users who desperately want it to work, malicious users are another kettle of fish. It’s far too easy to just claim to be “concerned” about security, and then do nothing but hope for the best.
The attackers are machines. Back in college I had a machine exposed to the internet for a few days and it was turned into an FTP server for pirated movies in under a week. There was nothing special about my machine, the pirates were likely just constantly cycling through IP addresses looking for an unprotected machine. The idea that there are evil machines on the internet who spend 24 hours a day trying exploits against every server they can find is 2 parts scary and 3 parts science-fiction-style-creepy.
Long odds aren’t a defense Every so often, I’ll figure out an attack that’ll require an annoyingly specific set of circumstances. It really takes the thunder out of it to explain that if you were running IE6 on Windows 98 on Tuesday in the rain, I could totally sniff your passwords. It’s tempting to think that if only one in a thousand machines is vulnerable to an attack, no-one will bother. Just like how the low response rate to spam emails means that no-one bothers sending them.
I’m often asked what anti-virus software I use. It’s always hard to answer the question, I really have a two-part system:
Good backups — so the worst that can happen is I have to re-build a computer.
A complete list of every virus that I’ve ever caught and why it’ll never happen again. I occasionally check my Windows machines with anti-virus programs (I like ClamWin) to verify, but generally you know when you have a virus the same way you know if there’s sugar in the gas tank. For anyone keeping score
I had to share files regularly with a computer in China, and every time I plugged my USB drive in, the computer used to copy over a viral EXE, and once I hit enter instead of delete
In university I foolishly connected an unprotected Win98 system directly to the internet and it was taken over by a warez group (not quite a virus, but similiar enough).
I actually got the Michelangelo virus back in the late twentieth century.
I don’t think I’m all that unique, the last “is it a virus” I was asked to take a look at was just a really bad HP printer driver. I may be unique in having spent more time dealing with problems caused by Norton antivirus than viruses, but I still suspect that if you practice safe computing, the threat from viruses is overstated.
