Now take a look at this: Mike Davey built a Turing Machine. And what a beauty it is… What? Don’t know what a Turing machine is? And you don’t know who Alan Turing is? Well no one special: he just happened to kickstart automated computing by formalizing algorithms , computability and programmable machines as we know it today. That’s all. Jeez what’s wrong with you?

]

Here are some more videos of different programs the Turing Machine is executing.

Well as many developers already know: security is a concept, not a product! You can’t just throw “some security” at a piece of software. Security considerations must be part of the original design and development of software. The Pwn2Own hacking contest shows –once again– that there is too little security awareness in current software design. Look at these embarrassing results: all major browsers took a fall: Internet Explorer,  Firefox and Safari. Most browser are compromised by popular plugins like acrobat reader

These OS’s took a fall: Windows 7, Windows XP, Mac OS X snow leopard. The only OS that is still standing is Linux. Because Linux is indefinitely more secure? Well maybe but there’s also something else: Linux is an open source OS where highly skilled developers are coding. Changes are reviewed by others before they are merged into the main kernel tree. In other words: security is part of Linux. Another thing is that people who run linux are people who are aware of abuse. These are –in general– not the people who would click on the ‘cute-kitten-movie.exe‘ attachment. So Linux is just not that interesting to Black Hat Hackers. True: Mac OS X is build on an open source OS as well: FreeBSD but the presentation layer and Safari is proprietary code from Apple (except for the WebKit on which it is build).

Microsoft currently runs the Security Development Lifecycle (SDL) model. This should make security an integral part of the development lifecycle. Well to be honest when budgets are getting tight and deadlines are running out: documentation and code quality are the first areas that take the fall. So really I don’t expect much from SDL. Especially since MS is trying to develop a ‘catch all’ (silver bullet) security measure inside the kernel… I’m not saying these measures aren’t worthwhile, they are (Linux has them for ages now), it’s just not enough.

The phrase ‘security is a concept, not a product‘ proves its point when you look at the measures current OS’s are implementing to prevent ‘arbitrary code execution’. Windows XP, Windows Vista (still in use?) and Windows 7 has DEP (Data Execution Prevention) and ASLR (Address Space Layout Randomization). Both ‘techniques’ should prevent (or make it harder) to execute arbitrary code… but they don’t. Dutch security researcher Peter Vreugdenhil showed an impressive circumvention of DEP and ASLR in windows 7. See: security is not a product…

The good thing is that the hackers are not just updating the vendors on the leaks they found. Instead they tell the vendors how to find the leaks themselves in an attempt to raise awareness.

Oooh I know, you don’t have to put it in the comments: i’m a tremendous nerd but I couldn’t help myself. Today my (combined) incoming mailbox hit a magical number… check this:

See? 6502 messages… 6502!! The MOS technology 6502 CPU… The CPU of my first actual computer I got way back in 1982 1983. The amazing Oric-1. Oh whow.. that brings back some sweet memories. And ofcourse my bible, the holy book called “Programming the 6502″ by Rodnay Zaks… Oh those were the days.. anyway.. I better start reading some mail now….

In the meanwhile feast your eyes on some 6502 floating point assembly routines written by Steve Wozniak (of Apple fame).

En weer valt een goede vriend van mij, dit keer Emiel van Rooijen, in de prijzen. Voor het schrijven van een recensie/review over de Eclipse Ganymede release behaalde Emiel de 2e prijs, een eclipse jacket. Het artikel van Emiel gaat over DTP (Data Tools Platform) een platform voor database development.

Gefeliciteerd Emiel!

Ik vertrouw erop dat je ons binnenkort de ogen uit komt steken met je flashy, 100%-man wear, eclipse jack. Een eclipse jack wordt omschreven in de Hitchhiker’s Guide to the Galaxy als het op één na meest bruikbare voorwerp in het sterrenstelsel. Niet alleen wordt het jack op iedere planeet als modieus en stoer kledingstuk beschouwd tevens dient de drager gezien te worden als een man waar rekening mee gehouden dient te worden. Daarnaast is het jack een open-uitnodiging voor alle feesten die er her en der in het sterrenstelsel gehouden worden. Het meest bruikbare voorwerp blijft natuurlijk, onbetwist, de handdoek.

Ik heb nog nooit wat gewonnen, geen prijzen, geen awards… behalve dan de award van Wowbagger die me uitriep tot meest domme wezen in het sterrenstelsel dat rondloopt op twee benen. Ik overweeg sindsdien amputatie van één van mijn twee benen. Uw eigen wowbagger belediging krijgt u hier.

Worried about where MySQL is heading? Do your applications rely on a fast, easy and low-footprint database? Then maybe, just maybe, drizzle is the thing for you. Drizzle is about building a database designed for the typical Web usage patterns for a database. It is being designed for massive concurrency on modern multi-cpu/core architecture. The code is originally derived from MySQL. Checkout the WIKI. Drizzle is the shizzle, fo shizzle ma nizzle.

Richard Stallman, founder of the Free Software Foundation (FSF), has been known for his controversial and sometimes radical statements. So in many cases I don’t (fully) agree with Richard but in this article I like the gest of his article regarding proprietary software and the stranglehold it keeps on its users.

In the article Stallman calls copying software for neighbours a neighbourly thing to do. I feel that if the software is targeted at home users (with acceptable pricing) you should not copy the software. License a copy for a few bucks. However when software is targeted for business-use I don’t think home users should have to pay up. If I were Microsoft, only business/professional use of MS Office would require a license. Home use of MS Office would be free. Does Microsoft really believe that an eight year old who writes a letter to grandma should pay hunderds of dollars for an office license? I don’t think this is very realistic. I would like to see a business plan that projects expected revenue from eight year olds writing letters to grandma. Get out of here!

Read the view of Stallman on Microsoft, Bill Gates and proprietary software in general in his article. Stallman refers to an “infamous open letter” in his article which I reprinted below for your convenience.

(more…)

Here’s a remarkable report on a bug that has been living in BSD for over 25 years. At one time, BSD-hero, Kirk McKusick implemented the dir* library in BSD to prevent applications from having to implement the directory oriented functions themselves. Afterwards he changed 22 programs that were using direct directory handling to using the operating system functions. The bug could prolong itself for 25 years because it manifests itself in a particular (rare) case:

This code will not work as expected when seeking to the second entry of a block where the first has been deleted: seekdir() calls readdir() which happily skips the first entry (it has inode set to zero), and advance to the second entry. When the user now calls readdir() to read the directory entry to which he just seekdir()ed, he does not get the second entry but the third.

Even OSX has the same problem since it has BSD under the hood. The good news is that BSD now even got better and a small consolation for all coders out there: even Kirk McKusick slips one in every now and then. Happy coding.

Today is the 44th birthday of the first BASIC interpreter. At Dartmouth college two professors, John G. Kemeny and Thomas E. Kurtz, ran the first program in their new computer programming language BASIC (Beginner’s All-purpose Symbolic Instruction Code). They created BASIC to provide access for non-science students to computers. At 04:00 (AM) on May 1st 1964 the General Electric GE-225 mainframe of Dartmouth college started running a BASIC interpreter. This made the power of computing available to students and staff members who could not program Algol or Fortran.

BASIC was so simple that it became the language of choice for virtual all homecomputers albeit each had its own dialect. Exchanging programs always required considerable porting effort. However the computer industry owes Kemeny and Kurtz a lot. BASIC allowed the computer to enter the homes of millions of users and was one of the factors that made people accept and embrace computers.

BASIC has since evolved into a “serious” object oriented language. The rise of the BASIC compiler made it a viable alternative to develop production code in BASIC. For a long time BASIC was the scripting or ‘automation’ language in a lot of Microsoft products (VBA). I learned to program BASIC when I was 12 and abandoned it a few years later in favor of 6502 assembly. Maybe today is a good day to program a “hello world” in BASIC. You can do that online, have fun.

Now this is a remarkable piece of technology. Ksplice allows you to patch a running Linux kernel without the need to reboot your system. Of course there are restrictions. The patch should not introduce semantic changes to kernel datastructures. Now this is not really a restriction since most security patches won’t change the kernel datastructures and this technique is typically used to apply security patches to running systems. ZDnet also reports on Ksplice.

When I have the time I will definitely play around with this software.

Yes! A Webby award nomination. No! Not for this stupid blog of course. My good buddy Sander is winning prizes with his Rube Goldberg viral animation. Now the viral is nominated for a Webby. The nomination in itself is a recognition for his work. But let’s help Sander to win the Webby we all know he deserves. Voting can be done here. We keep our fingers crossed. Good luck Sander!

True, true, I don’t like Python all that much. I don’t like programming languages where whitespace matters. Give me brackets, lots of brackets. Anyway this demo is very cool. Recently Google launched Google App Engine. An application hosting engine where everyone can create and upload their application. Here’s a small demo of how simple it is to use Google App Engine. Brett Slatkin uses Python to quickly create a small web application for shouting out messages (twitter anyone?). Nice to watch and makes you want to program something, really just anything. Where’s my editor?

Since a couple of days I integrated twitter status updates in my blog. Just for the fun of it. Now I need something easy to post new status messages to twitter. Sure there is the twitter website that you can use to do that but it requires me to logon and then type the status etc. I get tired of just thinking about all that. To ease the pain I added SMS as a channel and added twitter to my instant messenger program. So instead of chatting to a person I can send an update to twitter. This is already much better but I’m really lazy. Basically I want just a small commandline tool that sends the argument I specify as status message to twitter.

Due to the twitter API this is really easy using wget (or you could use curl if you more into that). The script is basically a one-liner that posts the message to twitter. Put the script below in a file (I put it in a file called ‘twitter’). Replace USER with your twitter username and replace PW with your password. Make the file executable and you are ready to go. Here it is:

#!/bin/sh
wget --post-data="status=$@" -q -O - \
"http://USER:PW@twitter.com/statuses/update.json"

Now you can post a message to twitter using:

./twitter "Just bought the new Joe Jackson CD"

Have fun!

Sometimes you have to make room for new books. I usually take the books I don’t use or read anymore and put them in the back of the closet. In this case I came across the book “Practical C Programming” by Steve Oualline 3rd edition of 1997. I don’t know how I got the book, I definitely didn’t bought it myself. Maybe I used it for a training or something. Anyway I went through the introduction about the history of C and other computer programming languages. Here’s a beautiful quote about Java as a programming language:

One of the newest languages, Java, is based on C++. Java was
designed to be “C++ with the bugs fixed.” At the time of this writing,
Java has limited use despite being heavily marketed by Sun
Microsystems and others.

Ok. Thank you. This book can be moved to the back of the closet…