I really see the biggest problem as where the NSFW bit should live, in the link or in the content. Probably everything on www.dirtynastypicturesofhorriblethings.com is unsafe for work, so it’d be easiest to send a X-NSFW header to every http request, and the browser could display an “Are you sure you want to see nsfw content?” prompt before showing the page. However the cultural question is much easier, if you consider it to mean “This link is considerably less work safe than the content around it.” In that a link to fark.com might be nsfw if it’s coming from the Wall Street Journal, and then a link from fark.com could itself be nsfw if it linked to nudity.

Generally though, I think it’s the wrong solution. I really want an attribute on links to say “this link opens a PDF,” because in so many environments, starting Adobe Reader is tantamount to crashing the machine, but the correct solution is for the browser to warn me and handle it correctly (which is what my machines do). And that is even easier in that compliance wouldn’t be voluntary, a nsfw tag would still leave you victim to pranksters and lazy posters (which judging by the sheer number of lolcats is just about all of us). Worst of all, the scenario this proposal is trying to solve is “I want to browse the web at work and not get in trouble,” so I don’t really see any buy-in from corporations since it’s a pretty tough sell as a new “feature”.

There is a lot of opportunity to enrich the machine understanding of web communications, but I really think this problem is probably best addressed with some kind of clever browser plugin — most search engines sensor their results, a starting point might be to show a warning if your link wouldn’t show up in censored results.

Edit: An obvious (but the kind of clever obvious that you miss) pair of points from reddit:

• From jamt9000, this can already be done on a website level, by just using a class=”nsfw”, if it catches on, browsers will support it without any new standards.
• And naner points out that much of the actual nsfw images are advertisements (probably since they need to attract attention) which would break any voluntary proposal

Casinos love guys with systems.

Jeff Atwood and Ted Dzubia both hate Swoopo, so it’s roughly as bad as PHP. A quick overview: “auctions” start at $0.00 and each bid raises the price by pennies, the time remaining in the auction by 10 seconds and costs the bidder 75 cents to place.

If you can get the last bid in (and you only place a few), you can pick up a $1000 laptop for $30. I mostly ignored Swoopo until Joshua Stein tried to game it. He was thwarted by HTTP requests not being accurate to the sub-second (since Swoopo gives ties to the users who waste money on automatic bidding), and determined that bidding was indistinguishable from gambling.

But I’m not convinced it can’t be gamed, the key being that you want to game it with high probability rather than win any one auction.

Just as a first pass, I think you want to find auctions where:

• Several are closing at the same time - so there’s less competition
• At a particular time of the day - same reason
• Only auctions for $500+ items selling for more than 90% off, so any accidental purchases can be safely sold at a profit (I don’t want to bother reselling DVDs)

So I used a greasemonkey script to download the last 10 000 winners into a spreadsheet.

Quick facts:

• 9904 auctions were won by 4217 distinct users (7 by phone)
• The average savings (vs the suggested price) was %65, although in 35 users paid more than the suggested price
• 2853 auctions were open only to manual bidders, rather than the automatic bidbutler (the difference in savings %66 vs %66 isn’t significant).
• Wins are spaced fairly evenly throughout the 24 hour clock
• The average winner placed ~95 bids, thousands are not uncommon, one “winner” placed 2623 bids
• Roughly one in ten auction winners placed only 1 or 2 bids.

Clearly the last point hints that it’s possible to win by sniping at the last minute.

Roughly 1 in 8 auctions was for items valued at more than $500, and won for less than 20% of the suggested price. “Winners” used an average of 311 bids — that doesn’t look good.

Next step, crack out the R.

Source: Swoopo dataset 3

Now that Ultrasaur is part of the BizSpark program, I have a fully legal copy of Quickbasic 4.5 realizing the dreams of my 10 year old self.

Apart from reading “Team of Rivals” back in 2005 (before it was cool), in 2006 he breezed through the two-and-a-half pound “A History of the English Speaking Peoples Since 1900″ before some light Camus in the bathtub. Assuming that Karl Rove and the Wall Street Journal are to be trusted and that 2006 through 2008 weren’t wildly atypical years, over his presidency, Bush read approximately:

• 496 books (62 a year, 99.8% of which were not written by family members)
• 246,000 pages (roughly 31,000 a year)
• over 4,100 hours (assuming that a Yalie reads at about 1 page a minute)
• over 100 work weeks

So next time you’re upset that Bush is only “glanc[ing] at the headlines just to kind of a flavor for what’s moving”, cut the man some slack. Who else is going to read eleven-hundred page definitive histories of the Spanish Civil War? John Bolton? Sarah Palin?

Note: All numbers are available in this spreadsheet, please point out any errors. All page counts are from Amazon.com. Note that I haven’t included any numbers for “each year, the president also read the Bible from cover to cover” which could add as much as 16,000 pages to the total.

Step 1: Get some data

First I ran a cronjob on the server hosting ultrasaur.us, that basically recorded the state of the various stretches of road. It’s been running a few days now, and after 14000 readings, there seem to be the following states for a stretch of road (with counts):

• Express and collector moving slowly (423)
• Express and Collector moving well (7055)
• Express and collector very slow (85)
• Express moving slowly. Collector moving well (205)
• Express moving slowly. Collector N/A (49)
• Express moving slowly. Collector very slow (138)
• Express moving well.  Collector N/A (1236)
• Express moving well. Collector moving slowly (435)
• Express moving well. Collector N/A (271)
• Express moving well. Collector very slow (48)
• Express N/A.  Collector moving well. (1241)
• Express N/A. Collector moving slowly (129)
• Express N/A. Collector moving well (421)
• Express N/A. Collector very slow (43)
• Express very slow. Collector moving slowly (45)
• Express very slow. Collector moving well (14)
• Express very slow. Collector N/A (75)
• Moving slowly (122)
• Moving well (795)
• N/A (1198)

Notice that there are some near duplicates with double spaces after a period — I’ll convert multiple spaces into singles.

Next I needed to give all of these a value, based on my back of the envelop calculations well means 80+, slowly means 50-80 and very slow means 0 to 50.

Caveats and thoughts:

• the values can’t be exactly calculated, so I’m not going to try,
• one important thing that I want to do is map each status to a unique value so that I don’t lose any data. The key is that the values be in order
• you can see that I’m biased towards the expressway

So values represent the proportional time it takes to travel over a stretch of road (ie higher is worse):

• 100: Moving well
• 101: Express and Collector moving well
• 130: Express N/A. Collector moving well
• 150: Express moving well. Collector moving slowly
• 160: Express moving well. Collector N/A
• 170: Express moving slowly. Collector moving well
• 180: Express moving well. Collector very slow
• 200: Moving slowly
• 201: Express and collector moving slowly
• 210: Express N/A. Collector moving slowly
• 250: Express moving slowly. Collector N/A
• 380: Express moving slowly. Collector very slow
• 410: Express very slow. Collector moving well
• 460: Express very slow. Collector moving slowly
• 501: Express very slow. Collector N/A
• 500: Express and collector very slow
• 510: Express N/A. Collector very slow
• null: N/A (I’m willing to extrapolate a guess at the other N/A’s, but not here)

So this gives me the first chance to make a graph, just over my first 14000 points, here’s the average state of the 401 Westbound over the 24 hours in a day (over a Monday-Wednesday):

The worst time to drive is 4-5pm, but the three hours from 3pm to 6pm seem to be the worst. That’s not much of a surprise (although it’s an hour or so sooner than I expected rush hour to start), but that evening rush hour is so much worse than morning rush hour is a bit of a shock. That 1pm is such a slow time is curious too, I wonder if that bump will go away with more data.

(Data is available to anyone who contacts me, it’ll eventually be available for download)

I’m not a paranoid person, I rarely lock my doors. Even with computers, many of my passwords are “password” and I believe in backups not preventative security for 90% of my personal files. Still, I’m passionate about *being able* to secure systems.

Computer security is hard. It’s hard enough to write software that works 100% of the time for users who desperately want it to work, malicious users are another kettle of fish. It’s far too easy to just claim to be “concerned” about security, and then do nothing but hope for the best.

The attackers are machines. Back in college I had a machine exposed to the internet for a few days and it was turned into an FTP server for pirated movies in under a week. There was nothing special about my machine, the pirates were likely just constantly cycling through IP addresses looking for an unprotected machine. The idea that there are evil machines on the internet who spend 24 hours a day trying exploits against every server they can find is 2 parts scary and 3 parts science-fiction-style-creepy.

Long odds aren’t a defense Every so often, I’ll figure out an attack that’ll require an annoyingly specific set of circumstances. It really takes the thunder out of it to explain that if you were running IE6 on Windows 98 on Tuesday in the rain, I could totally sniff your passwords. It’s tempting to think that if only one in a thousand machines is vulnerable to an attack, no-one will bother. Just like how the low response rate to spam emails means that no-one bothers sending them.