• New Year’s Resolution: Full Disk Encryption on Every Computer You Own
  The EFF has a great suggestion for a New Year’s resolution.
• My Favorite Strange Number: Ω
  Yeah for obscure math.
• Richard Stallman Was Right All Along
  It’s not often enough that one reads something positive about RMS, which frankly speaking is a shame.
• Zukunft in Selbstverwaltung
  People in Venezuela’s capital are organising themselves in order to take care of things the state fails to provide (in German).
• Uncloaking a Slumlord Conspiracy with Social Network Analysis
  Using social network analysis for social justice.
• U.S. Government Calls to Censor Twitter Threaten Free Speech
  Yes, that’s 2 articles by the EFF in one issue of the Information Overload. It’s not my fault they write so much sensible stuff…
• Learning From The Masters: Level Design In The Legend Of Zelda
  See this as a kind of follow-up to another Zelda related article I posted not so long ago.
• Mathematicians Solve Minimum Sudoku Problem
  Unfortunately this was proven by using a computer to brute force the problem space, much like the Four Color Theorem. A “proper” proof would be nice and I’m sure it would make for an interesting read.
• An Optimistic History of the Next 40 Years
  That’s certainly a more optimistic guess than anything I can come up with. Unfortunately I’m afraid this will stay the stuff for SciFi novels…
• David Lynch: Why brutality makes me laugh
  An interview with David Lynch about his latest musical project.

The Information Overload series started in August 2010 and I’m surprised that I really managed to keep it going on a weekly basis (I only skipped a couple of issues because of traveling). So here we go for the first post of 2012.

As for accountability of teachers and administrators, Sahlberg shrugs. “There’s no word for accountability in Finnish,” he later told an audience at the Teachers College of Columbia University. “Accountability is something that is left when responsibility has been subtracted.”

• Time to end the war on drugs
  Richard Branson. Founder of Virgin Group, speaks out against the war on drugs.
• „Wo war mei Leistung?“
  If you are not from Austria but can read German, this is a good summary of the rampant corruption in our country.
• A Few of Kim’s Favorite Things
  Foreign Policy published this article on Kim Jong-Il’s special tastes.
• The Facebook Resisters
  Some people live fine without Facebook, who’d have thought?
• How India is winning the future with solar energy
  A summary of India’s plan to generate lots of solar power by 2020, including links to the source articles for further reading.
• President Obama Signs Indefinite Detention Into Law
  Not the best news to start a new year with.
• What Americans Keep Ignoring About Finland’s School Success
  Not only Americans keep ignoring this…
• An Introduction to Programming C-64 Demos
  The C-64 is the first computer I programed on, and since I just saw an awesome presentation about writing demos for it, I’m getting a bit sentimental.
• 2011: The Year Intellectual Property Trumped Civil Liberties
  Unfortunately this is a trend that can be seen world-wide, not only in the US.
• Grief and fear
  Some thoughts on Korea after Kim Jong-Il’s death.

China, the only power with much influence over the country, is less troubled by the long-term grinding suffering of the North Koreans than by the prospect of a leadership vacuum leading suddenly to economic collapse and a flood of refugees. Such a prospect threatens to cause wider instability.

• Antiforensik
  How to work against forensics. Nothing revolutionary, but a solid talk.
• bup: Git for backups
  An interesting backup project using git, this is open source and still needs help in case you are looking for something to work on.
• The engineering part of social engineering
  I wasn’t entirely convinced by this talk. While there were some interesting points, the speaker was quite full of himself and frankly the talk wasn’t so different from other SE talks that I’ve seen before.
• Smart Hacking For Privacy
  This started off rather bad when one of the 2 speakers couldn’t get over this nervousness, but ended up being a really funny and interesting talk, which was later joined by the CEO of the company whose product got hacked.

• Security Log Visualization with a Correlation Engine
  Nothing too special, but still rather interesting, especially since I need this for work at the moment.
• Bitcoin - An Analysis
  This was a great talk about the current state of Bitcoin, highly recommended if you have any interest in the topic.
• Cellular protocol stacks for Internet
  Harald Welte’s talks on mobile related stuff are usually great, but I didn’t get much out of this one, which felt a bit like acronym bullshit bingo (which is not Harald’s fault of course).
• Print Me If You Dare
  One of my favorite talks of this year’s congress, you definitely want to watch this. Update your printer firmware first though ;-)
• Behind the scenes of a C64 demo
  The C64 is the reason I became a software developer, so obviously I really enjoyed this talk. The demo is really good too!
• Fnord-Jahresrückblick
  Fun as always.

• Don’t scan, just ask
  This sounded a lot more interesting than it actually was, especially since the tool that was introduced is not publicly available (as far as I know that is).
• Effective Denial of Service attacks against web application platforms
  Great talk, solid presentation, this is the type of talk you want to download the video for.
• The Science of Insecurity
  Another great presentation, another definite recommendation.
• How governments have tried to block Tor
  An inspiring and insightful presentation about government surveillance and Tor.
• Apple vs. Google Client Platforms
  A security comparison of iOS and Android and the repective vendor’s app markets.
• Quantified-Self and OpenBCI Neurofeedback Mind-Hacking
  One big WTF and I definitely would have left, but unfortunately one of the 2 speakers had to borrow my ThinkPad power supply so I was stuck in this talk until the bitter end.
• Hacker Jeopardy
  Fun as always, but this year’s questions seemed a lot easier than the ones I remember from previous years.

A list of the books I read in 2011, sorted by finishing date (oldest to newest). According to Goodreads that’s roughly 16.2k pages, less than the last few years. I also have a couple of unfinished books, read several papers and a couple of chapters of a book on Ruby and MongoDB that I’m the technical reviewer for.

Terry Pratchett: Hogfather
Michael Köhlmeier: Sunrise
Terry Pratchett: Eric
Audrey Niffenegger: Her Fearful Symmetry
Conrad Barski: Land of Lisp
Arthur Nersesian: The Fuck-Up
Ryszard Kapuściński: The Shadow of the Sun
Jacqueline Rayner: Doctor Who: The Sontaran Games
Gregory Brown: Ruby Best Practices
L. Frank Baum: The Wonderful Wizard of Oz
Paolo Bacigalupi: The Windup Girl
Cory Doctorow: Eastern Standard Tribe
Canol Gökel: Computer Programming using GNU Smalltalk
Jeremy Leipzig: Data Mashups with R
Lana Citron: Transit
Suzanne Skublics: Smalltalk With Style
Russ Olsen: Eloquent Ruby
Dennis Lehane: Shutter Island
Terrance Dicks: Doctor Who: Made of Steel
Christian Bök: Eunoia
Chuck Palahniuk: Invisible Monsters
Radek Knapp: Franio
Michael Fogus: The Joy of Clojure
Terry Pratchett: Mort
Dan Cederholm: Handcrafted CSS: More Bulletproof Web Design
Paolo Perrotta: Metaprogramming Ruby
Mark Bowden: Killing Pablo: The Hunt for the World’s Greatest Outlaw
Cormac McCarthy: The Road
Charles Stross: Accelerando
Gautam Malkani: Londonstani
Armin Risi: Vegetarisch leben - Die Vorteile einer fleischlosen Ernährung
Miran Lipovača: Learn You a Haskell for Great Good!: A Guide for Beginners
Robert J. Chassell: An Introduction to Programming in Emacs Lisp
Hunter S. Thompson: Hell’s Angels
Lauren Beukes: Moxyland
Raphael Selbourne: Beauty
Zed A. Shaw: Learn Python The Hard Way
David Kennedy: Metasploit: The Penetration Tester’s Guide
Paolo Bacigalupi: Pump Six
Michael Moorcock: The Nomad of Time
Russ Olsen: Design Patterns in Ruby
David Mark: Beginning iPhone 4 Development: Exploring the iOS SDK
Reijo Mäki: Tango Negro
David Sedaris: Me Talk Pretty One Day
Kurt Vonnegut: Breakfast of Champions
Mario Vargas Llosa: Der Geschichtenerzähler
Kyle Banker: MongoDB in Action
Scott Kenemore: Zombie, Ohio: A Tale of the Undead
Leopold Kohr: The Breakdown of Nations
Carlos Bueno: Lauren Ipsum
Henning Mankell: Mannen på stranden
Garrison Keillor: Was ist eigentlich Anarchie?
Thomas Pynchon: Gravity’s Rainbow
Norman Matloff: The Art of R Programming
Stéphane Hessel: Empört Euch!
Fabian Kruse: Beyond Rules
Dario Tonani: Cardanica (A Steampunk Nightmare)
Ryū Murakami: In The Miso Soup
Kaaron Warren: The Grinding House

Just a quick summary of the talks I saw on day 1 (powered by Flora Power, since I already started this year’s congress with a lack of sleep).

• Marriage From Hell
  Authoritarian governments using surveillance technologies provided by Western companies is not exactly news. Not a bad talk, although it was a bit from the “No shit, Sherlock” department. Not worthy of a keynote in my opinion.
• The Atari 2006 Video Computer System
  Since I love hearing about old hardware and its limitations, this was an awesome talk. The speaker definitely knew what he was talking about and the presentation was very solid.
• Can trains be hacked?
  Another good talk, but understandably there was no information on actually hacking the train system. If you want more info on this topic, listen to Chaos Radio Express #171 from December last year.
• SCADA and PLC Vulnerabilities in Correctional Facilities
  Since I wanted to charge my notebook, I watched this one as a stream. This of course led to web surfing and IRC, so I didn’t pay as much attention as this talk would have deserved.
• Almighty DNA?
  Why collecting DNA is also a form of data retention. If you’ve been to similar talks before you probable knew most of the stories they told, if not the video and Chaos Radio Express #143 should be good resources to catch up.
• What is in a name?
  The history of names and identity regimes from 1500 until today. Pretty interesting, but unfortunately I was in a bit of a post-dinner food coma.
• Defending mobile phones
  This talk was really full and unfortunately the stream didn’t work either, so I ended up watching the second half of Macro dragnets: Why trawl the river when you can do the whole ocean which had some interesting info on avoiding face recognition and other things.
  
• String Oriented Programming
  A talk about evading ASLR, DEP and other security measures with printf exploits.

They’ve reminded us that politics is not a matter of choosing among what we’re offered but of fighting for what we and others actually need, not to mention what we hope for.

• MIT launches online learning initiative
  After Stanford’s successful online courses, the MIT also develops a new online platform on top of the already cool OCW. I always welcome more good and free learning resources.
• How to Learn About Everything
  As you can see from the subtitle of this blog, this is something I’m also trying to do, with a comparable method.
• Sleep Deficit: The Performance Killer
  As someone who sometimes suffers from bouts of insomnia, I can attest to the bad effects lack of sleep can have. You may believe that you got used to it, but really, you don’t.
• Thank You, Anarchists
  I know The Nation is a left-wing magazine, but it’s still nice to see a positive article about anarchism somewhere.
• One teachers approach to preventing gender bullying in a classroom
  There should be more teachers like this.
• Which reads faster, Chinese or English?
  Once again a language related article. The comments are also quite interesting by the way.
• An Extraordinary Interview with Former Guantánamo Child Prisoner Mohammed El-Gharani
  Some bits of this interview seem a bit odd to me, but you can judge that for yourself.
• The Zelda Test (or Why no Zelda Clones?)
  I don’t spend much time on playing video games anymore, but it’s still good to read something like this by a real gaming nerd.
• Über das Leben eines Heterojungen mit schwulen Eltern
  An Austrian exchange student describes his experience staying with a gay couple (in German).
• Why We Haven’t Met Any Aliens
  While the overall gist of the article doesn’t really strike home with me, I still find it an interesting thought experiment.

The business of humanity has become entertainment, and entertainment is the business of feeding fake fitness cues to our brains.

About 2 weeks ago I finally started looking into Lua, a language that’s been on my radar for a while but that I never really got around to play with so far. Then I realized that the Nmap Scripting Engine uses Lua scripts, so I had an excuse to hack on this stuff for work. Here’s my first small nmap script, which will extract the contents of the generator meta tag if there is one. It’s nothing funky, but it shows how easy it is to write custom scripts for nmap thanks to the provided libraries like http and shortport.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33

description = [[
Displays the contents of the "generator" meta tag if there is one.
]]

author = "Michael Kohl"
license = "Same as Nmap--See http://nmap.org/book/man-legal.html"
categories = {"discovery", "safe"}

-- documentation skipped

require('http')
require('shortport')

portrule = shortport.http

action = function(host, port)
   local response, loc, generator

   response = http.get(host, port, '/')

   -- deal with redirects
   while response['status-line']:lower():match("^http/1.1 30[12]") do
      loc = response.header['location']
      response = http.get_url(loc)
   end

   for line in response.body:gmatch("[^\r\n]+") do
      generator = line:match('<meta name="generator" content="(.*)" />')
      if generator then
         return generator
      end
   end
end

Update: Here’s the version that’s now part of nmap, it even made it to the default category.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48

description = [[
Displays the contents of the "generator" meta tag if there is one.
]]

author = "Michael Kohl"
license = "Same as Nmap--See http://nmap.org/book/man-legal.html"
categories = {"default", "discovery", "safe"}

-- documentation skipped

require('http')
require('shortport')
require('stdnse')

-- helper function
local follow_redirects = function(host, port, path, n)
   local pattern = "^[hH][tT][tT][pP]/1.[01] 30[12]"
   local response = http.get(host, port, path)

   while response['status-line']:match(pattern) and n > 0 do
      n = n - 1
      loc = response.header['location']
      response = http.get_url(loc)
   end

   return response
end

portrule = shortport.http

action = function(host, port)
   local response, loc, generator
   local path = stdnse.get_script_args('http-generator.path') or '/'
   local redirects = tonumber(stdnse.get_script_args('http-generator.redirects')) or 3

   -- Worst case: <meta name=Generator content="Microsoft Word 11">
   local pattern = '<meta name="?generator"? content="([^\"]*)" ?/?>'

   -- make pattern case-insensitive
   pattern = pattern:gsub("%a", function (c)
               return string.format("[%s%s]", string.lower(c),
                                              string.upper(c))
             end)

   response = follow_redirects(host, port, path, redirects)
   return response.body:match(pattern)

end

Disclaimer: Once again No Starch Press were kind enough to provide me with a review copy of a book, but this does not influence my reviews.

Time for another book review, this time The Art of R Programming by Norman Matloff. First things first, this book really lives up to its name! It’s a thorough introduction to programming in R, aimed at software developers. This is not the book for you if you want to learn about the statistics side of R or how to make prettier plots, there are plenty of books about that anyway.

What I really like is that the author never tries to “sell” R to the reader. This is rather refreshing, because I always get turned off when books start with a sales pitch for something I already clearly showed interest in by purchasing the book. R is a rather specialized language and chances are that you know why you want to solve a given problem in it, and if you don’t, this might not yet be the book you should be reading anyway. The first few chapters cover the language’s basic data structures like vectors, matrices, arrays, lists and tables, before chapter 7 introduces various flow control structures. What follows is a chapter on doing math and simulations in R, which is not overly long but gives some good examples of what the language is useful for. The next chapter is very interesting, it deals with R’s object oriented features and describes the differences between S3 and S4 classes as well as their respective up and down sides. After this the author covers input/output, dealing with strings and R’s graphing capabilities. He never gets lost in detail, but provides you with enough info to be able to explore these areas on your own. What really makes the book special though are the last few chapters, where Matloff covers debugging (a topic he also wrote an entire book about), performance tradeoffs, interfacing R with other programming languages (using functions written in C/C++ from R, as well as using R in Python) and various approaches to parallelizing R. While none of this may sound super exciting at first — apart from parallelism maybe — these are important issues in the daily lives of software developers and way too many books only gloss over them.

Now for some criticism: personally I don’t find the author’s style very engaging, it’s rather dry and boring at times. Since it’s clear that Matloff is an absolute authority on the topic of R this doesn’t way too heavily, but still deserves a mention. Also for my personal taste there are slightly too many forward references in the text, although that’s hard to avoid if you want to properly cover a language. I also found it rather odd that at one point the author mentions that explicit return statements aren’t exactly idiomatic in R, but that he will keep using them for the benefit of readers unaccustomed to the language. Given that this was a few chapters in, it would have been a perfect spot to switch to the more idiomatic style from then on, but maybe that’s just me being nitpicky. I also noticed several little typos and misspellings, something I’m not really used to from No Starch Press.

All in all this is a very solid book, which you definitely should pick up if you want to learn programming in R!