Recently I read a proposal for a NSFW (not safe for work) tag, and I liked the idea for a few minutes but I’ve disliked it ever since. The most-discussed problem with a <nsfw> tag is the cultural specificity of what’s safe and unsafe for your work environment, for example could you watch South Park.

I really see the biggest problem as where the NSFW bit should live, in the link or in the content. Probably everything on www.dirtynastypicturesofhorriblethings.com is unsafe for work, so it’d be easiest to send a X-NSFW header to every http request, and the browser could display an “Are you sure you want to see nsfw content?” prompt before showing the page. However the cultural question is much easier, if you consider it to mean “This link is considerably less work safe than the content around it.” In that a link to fark.com might be nsfw if it’s coming from the Wall Street Journal, and then a link from fark.com could itself be nsfw if it linked to nudity.

Generally though, I think it’s the wrong solution. I really want an attribute on links to say “this link opens a PDF,” because in so many environments, starting Adobe Reader is tantamount to crashing the machine, but the correct solution is for the browser to warn me and handle it correctly (which is what my machines do). And that is even easier in that compliance wouldn’t be voluntary, a nsfw tag would still leave you victim to pranksters and lazy posters (which judging by the sheer number of lolcats is just about all of us). Worst of all, the scenario this proposal is trying to solve is “I want to browse the web at work and not get in trouble,” so I don’t really see any buy-in from corporations since it’s a pretty tough sell as a new “feature”.

There is a lot of opportunity to enrich the machine understanding of web communications, but I really think this problem is probably best addressed with some kind of clever browser plugin — most search engines sensor their results, a starting point might be to show a warning if your link wouldn’t show up in censored results.

Edit: An obvious (but the kind of clever obvious that you miss) pair of points from reddit:

• From jamt9000, this can already be done on a website level, by just using a class=”nsfw”, if it catches on, browsers will support it without any new standards.
• And naner points out that much of the actual nsfw images are advertisements (probably since they need to attract attention) which would break any voluntary proposal

While comments were on, this blog received 43000 spam comments, and 2 real ones.

Now that Ultrasaur is part of the BizSpark program, I have a fully legal copy of Quickbasic 4.5 realizing the dreams of my 10 year old self.

History (and Karl Rove) have judged him, and it seems George Bush’s legacy will be one of too little action and too much reading. According to an article in yesterday’s Wall Street Journal, the 43rd president reads an average of over 500 hours every year (that’s 12-13 weeks of 9-5 full time reading, more if you have a paid lunch).

Apart from reading “Team of Rivals” back in 2005 (before it was cool), in 2006 he breezed through the two-and-a-half pound “A History of the English Speaking Peoples Since 1900″ before some light Camus in the bathtub. Assuming that Karl Rove and the Wall Street Journal are to be trusted and that 2006 through 2008 weren’t wildly atypical years, over his presidency, Bush read approximately:

• 496 books (62 a year, 99.8% of which were not written by family members)
• 246,000 pages (roughly 31,000 a year)
• over 4,100 hours (assuming that a Yalie reads at about 1 page a minute)
• over 100 work weeks

So next time you’re upset that Bush is only “glanc[ing] at the headlines just to kind of a flavor for what’s moving”, cut the man some slack. Who else is going to read eleven-hundred page definitive histories of the Spanish Civil War? John Bolton? Sarah Palin?

Note: All numbers are available in this spreadsheet, please point out any errors. All page counts are from Amazon.com. Note that I haven’t included any numbers for “each year, the president also read the Bible from cover to cover” which could add as much as 16,000 pages to the total.

Note to self, Google Chart API is awesome.

The Government of Ontario runs a fantastic service to monitor the state of traffic jams on the 401: COMPASS Freeway Traffic Management System. So the obvious question becomes, when should I drive home?

Step 1: Get some data

First I ran a cronjob on the server hosting ultrasaur.us, that basically recorded the state of the various stretches of road. It’s been running a few days now, and after 14000 readings, there seem to be the following states for a stretch of road (with counts):

• Express and collector moving slowly (423)
• Express and Collector moving well (7055)
• Express and collector very slow (85)
• Express moving slowly. Collector moving well (205)
• Express moving slowly. Collector N/A (49)
• Express moving slowly. Collector very slow (138)
• Express moving well.  Collector N/A (1236)
• Express moving well. Collector moving slowly (435)
• Express moving well. Collector N/A (271)
• Express moving well. Collector very slow (48)
• Express N/A.  Collector moving well. (1241)
• Express N/A. Collector moving slowly (129)
• Express N/A. Collector moving well (421)
• Express N/A. Collector very slow (43)
• Express very slow. Collector moving slowly (45)
• Express very slow. Collector moving well (14)
• Express very slow. Collector N/A (75)
• Moving slowly (122)
• Moving well (795)
• N/A (1198)

Notice that there are some near duplicates with double spaces after a period — I’ll convert multiple spaces into singles.

Next I needed to give all of these a value, based on my back of the envelop calculations well means 80+, slowly means 50-80 and very slow means 0 to 50.

Caveats and thoughts:

• the values can’t be exactly calculated, so I’m not going to try,
• one important thing that I want to do is map each status to a unique value so that I don’t lose any data. The key is that the values be in order
• you can see that I’m biased towards the expressway

So values represent the proportional time it takes to travel over a stretch of road (ie higher is worse):

• 100: Moving well
• 101: Express and Collector moving well
• 130: Express N/A. Collector moving well
• 150: Express moving well. Collector moving slowly
• 160: Express moving well. Collector N/A
• 170: Express moving slowly. Collector moving well
• 180: Express moving well. Collector very slow
• 200: Moving slowly
• 201: Express and collector moving slowly
• 210: Express N/A. Collector moving slowly
• 250: Express moving slowly. Collector N/A
• 380: Express moving slowly. Collector very slow
• 410: Express very slow. Collector moving well
• 460: Express very slow. Collector moving slowly
• 501: Express very slow. Collector N/A
• 500: Express and collector very slow
• 510: Express N/A. Collector very slow
• null: N/A (I’m willing to extrapolate a guess at the other N/A’s, but not here)

So this gives me the first chance to make a graph, just over my first 14000 points, here’s the average state of the 401 Westbound over the 24 hours in a day (over a Monday-Wednesday):

The worst time to drive is 4-5pm, but the three hours from 3pm to 6pm seem to be the worst. That’s not much of a surprise (although it’s an hour or so sooner than I expected rush hour to start), but that evening rush hour is so much worse than morning rush hour is a bit of a shock. That 1pm is such a slow time is curious too, I wonder if that bump will go away with more data.

(Data is available to anyone who contacts me, it’ll eventually be available for download)

Disclaimer: Any of the security articles on this site, no matter how juicy the titles, are about white-hat work. If anyone learns anything useful for attacking servers from me, it’s because they are really, really bad at googling.

I’m not a paranoid person, I rarely lock my doors. Even with computers, many of my passwords are “password” and I believe in backups not preventative security for 90% of my personal files. Still, I’m passionate about *being able* to secure systems.

Computer security is hard. It’s hard enough to write software that works 100% of the time for users who desperately want it to work, malicious users are another kettle of fish. It’s far too easy to just claim to be “concerned” about security, and then do nothing but hope for the best.

The attackers are machines. Back in college I had a machine exposed to the internet for a few days and it was turned into an FTP server for pirated movies in under a week. There was nothing special about my machine, the pirates were likely just constantly cycling through IP addresses looking for an unprotected machine. The idea that there are evil machines on the internet who spend 24 hours a day trying exploits against every server they can find is 2 parts scary and 3 parts science-fiction-style-creepy.

Long odds aren’t a defense Every so often, I’ll figure out an attack that’ll require an annoyingly specific set of circumstances. It really takes the thunder out of it to explain that if you were running IE6 on Windows 98 on Tuesday in the rain, I could totally sniff your passwords. It’s tempting to think that if only one in a thousand machines is vulnerable to an attack, no-one will bother. Just like how the low response rate to spam emails means that no-one bothers sending them.

I’m often asked what anti-virus software I use. It’s always hard to answer the question, I really have a two-part system:

• Good backups — so the worst that can happen is I have to re-build a computer.
• A complete list of every virus that I’ve ever caught and why it’ll never happen again. I occasionally check my Windows machines with anti-virus programs (I like ClamWin) to verify, but generally you know when you have a virus the same way you know if there’s sugar in the gas tank. For anyone keeping score
  • I had to share files regularly with a computer in China, and every time I plugged my USB drive in, the computer used to copy over a viral EXE, and once I hit enter instead of delete
  • In university I foolishly connected an unprotected Win98 system directly to the internet and it was taken over by a warez group (not quite a virus, but similiar enough).
  • I actually got the Michelangelo virus back in the late twentieth century.

I don’t think I’m all that unique, the last “is it a virus” I was asked to take a look at was just a really bad HP printer driver. I may be unique in having spent more time dealing with problems caused by Norton antivirus than viruses, but I still suspect that if you practice safe computing, the threat from viruses is overstated.

At least compared to backing up.

Notable if only for the size: TSA agent steals $200K worth of gear, resells it on eBay

…one agent had single-handedly absconded with over $200,000 worth of travelers’ belongings, primarily cameras and laptops… travelers have no real means of protection when it comes to guarding against inside job thievery like this.

I’m going to assume that the amount stolen by a given TSA agent is a poisson distribution, so though I expect this agent is an outlier in terms of magnitude, he reflects a general laxity towards employing criminals in the TSA. To be fair, security is hard, and a job riffling through other people’s things with near immunity is going to attract thieves.

But to be clear, there’s something deeply disturbing about being treated like criminals by the TSA every time you fly through the USA, when the TSA employs criminals.

/grumpy.

Update (Nov 20): A helpful reader writes in to point out that air marshals are worse.

I drag my laptop between different environments pretty often, and it’s a hassle to remember that what was appropriate in the hotel room isn’t always on the plane — you can get your head out of the gutter, I’m mostly concerned that I left music or a movie playing.

Solution:
I created a task (This is all in Vista, but I’ll be upgrading to XP anydaynow, so I’ll verify that it works there) that is triggered on log-on, start-up, lock and unlock that runs “NirCmd mutesysvolume 1″. NirCmd is a little 29kb app that can change things from the command line (the software seems safe after a causal googling, although it’s sometimes included in viruses because it’s useful).

Making a new task is so straightforward I won’t go through it in detail:

1. Launch Task Scheduler, if you can’t find it, just run “%SystemRoot%\system32\taskschd.msc /s”
2. Make a new task (Mine lives in the Microsoft folder since I had trouble making a new folder) that triggers on “log-on, start-up, lock and unlock” those are probably your best options
3. Make an action that “Starts a program” point it to NirCmd with the arguments “mutesysvolume 1″
4. Save it and you’re good to go.

I was going to include the exported XML of the task, but importing is almost as complex as making it yourself, the paths are hard coded and it also runs my really simple logging batch file for testing “LogSomething mute muting.txt”.

Addendum: LogSomething.bat

@rem Syntax: LogSomething Event File
@echo off
echo %1: ------- >> %2
date /t >> %2
time /t >> %2
echo ----------- >> %2


Here’s something I wanted to see exist. Rather than yet another Guitar Hero clone, this is a guitar emulator… sort of.

Start it up with your USB Guitar Hero controller plugged in (as the only Joystick), and there you go: from guitar hero to guitar poser.

• Strumming causes a note (obviously)
• Pressing a single key gets you regular notes, A, B, D, E and G. Pressing several keys at a time gets you some chords, chosen pretty much at random from the ones available at the freesound project
• The whammy bar controls how quickly notes fade out once you’ve unstrum
• The volume is controlled but how vertical the neck is

Check out those wicked graphics! Seriously though, try it out.

The samples are huge so the ZIP is 27megs: GuitarPoser.zip.