Bookmarks for January 23rd through January 30th

These are my links for January 23rd through January 30th:

  • Leonardo da Vinci’s Resume Explains Why He’s The Renaissance Man For the Job – Davinci – Gizmodo – At one time in history, even da Vinci himself had to pen a resume to explain why he was a qualified applicant. Here's a translation of his letter to the Duke of Milan, delineating his many talents and abilities. "Most Illustrious Lord, Having now sufficiently considered the specimens of all those who proclaim themselves skilled contrivers of instruments of war, and that the invention and operation of the said instruments are nothing different from those in common use: I shall endeavor, without prejudice to any one else, to explain myself to your Excellency, showing your Lordship my secret, and then offering them to your best pleasure and approbation to work with effect at opportune moments on all those things which, in part, shall be briefly noted below..The document, written when da Vinci was 30, is actually more of a cover letter than a resume; he leaves out many of his artistic achievements and instead focuses on what he can provide for the Duke in technologies of war.
  • jsMath: jsMath Home Page – The jsMath package provides a method of including mathematics in HTML pages that works across multiple browsers under Windows, Macintosh OS X, Linux and other flavors of unix. It overcomes a number of the shortcomings of the traditional method of using images to represent mathematics: jsMath uses native fonts, so they resize when you change the size of the text in your browser, they print at the full resolution of your printer, and you don't have to wait for dozens of images to be downloaded in order to see the mathematics in a web page. There are also advantages for web-page authors, as there is no need to preprocess your web pages to generate any images, and the mathematics is entered in TeX form, so it is easy to create and maintain your web pages. Although it works best with the TeX fonts installed, jsMath will fall back on a collection of image-based fonts (which can still be scaled or printed at high resolution) or unicode fonts when the TeX fonts are not available.
  • Josh on the Web » Blog Archive » Abusing the Cache: Tracking Users without Cookies – To track a user I make use of three URLs: the container, which can be any website; a shim file, which contains a unique code; and a tracking page, which stores (and in this case displays) requests. The trick lies in making the browser cache the shim file indefinitely. When the file is requested for the first – and only – time a unique identifier is embedded in the page. The shim embeds the tracking page, passing it the unique ID every time it is loaded. See the source code.

    One neat thing about this method is that JavaScript is not strictly required. It is only used to pass the message and referrer to the tracker. It would probably be possible to replace the iframes with CSS and images to gain JS-free HTTP referrer logging but would lose the ability to store messages so easily.

  • Panopticlick – Your browser fingerprint appears to be unique among the 342,943 tested so far.

    Currently, we estimate that your browser has a fingerprint that conveys at least 18.39 bits of identifying information.

    The measurements we used to obtain this result are listed below. You can read more about the methodology here, and about some defenses against fingerprinting here

  • Benlog » Don’t Hash Secrets – If I tell you that SHA1(foo) is X, then it turns out in a lot of cases to be quite easy for you to determine what SHA1(foo || bar) is. You don’t need to know what foo is. because SHA1 is iterative and works block by block, if you know the hash of foo, then you can extend the computation to determine the hash of foo || bar

    That means that if you know SHA1(secret || message), you can compute SHA1(secret || message || ANYTHING), which is a valid signature for message || ANYTHING. So to break this system, you just need to see one signature from SuperAnnoyingPoke, then you can impersonate SuperAnnoyingPoke for lots of other messages.

    What you should be using is HMAC: Hash-function Message Authentication Code. You don’t need to know exactly how it works, just need to know that HMAC is specifically built for message authentication codes and the use case of SuperAnnoyingPoke/MyFace. Under the hood, what’s approximately going on is two hashes, with the secret combined after the first hash

  • Data.gov – Featured Datasets: Open Government Directive Agency – Datasets required under the Open Government Directive through the end of the day, January 22, 2010. Freedom of Information Act request logs, Treasury TARP and derivative activity logs, crime, income, agriculture datasets.

Bookmarks for May 21st from 06:07 to 22:34

These are my links for May 21st from 06:07 to 22:34:

Bookmarks for April 30th through May 2nd

These are my links for April 30th through May 2nd:

  • FusionCharts Free – Animated Flash Charts and Graphs for ASP, PHP, ASP.NET, JSP, RoR and other web applications – Flash charting component that can be used to render data-driven & animated charts for your web applications and presentations. It is a cross-browser and cross-platform solution that can be used with PHP, Python, Ruby on Rails, ASP, ASP.NET, JSP, ColdFusion, simple HTML pages or even PowerPoint Presentations to deliver interactive and powerful flash charts. You do NOT need to know anything about Flash to use FusionCharts. All you need to know is the language you're programming in.
  • Raphaël—JavaScript Library – Raphaël is a small JavaScript library that should simplify your work with vector graphics on the web. If you want to create your own specific chart or image crop and rotate widget, for example, you can achieve it simply and easily with this library. Raphaël uses the SVG W3C Recommendation and VML as a base for creating graphics. This means every graphical object you create is also a DOM object, so you can attach JavaScript event handlers or modify them later. Raphaël’s goal is to provide an adapter that will make drawing vector art compatible cross-browser and easy.
  • A Really Gentle Introduction to Data Mining | Regular Geek – List of data mining blogs and related resources.
  • BlackBerry SSH Tutorial: Connect to Unix Server using MidpSSH for Mobile Devices – Notes on using MidpSSH on Blackberry for remote access to servers. Seems to work, although big network lag on my BlackBerry Bold / AT&T.
  • Country Reports on Terrorism 2008 – U.S. law requires the Secretary of State to provide Congress, by April 30 of each year, a full and complete report on terrorism with regard to those countries and groups meeting criteria set forth in the legislation. This annual report is entitled Country Reports on Terrorism. Beginning with the report for 2004, it replaced the previously published Patterns of Global Terrorism.
  • DIY: How To Find Authoritative Twitter Users Plus 100 To Get You Started | Ignite Social Media – Some comments on recommendation metrics for Twitter, trying to use "favorites" mark as an indicator.
  • SIGUSR2 > The Power That is GNU Emacs – "If you've never been convinced before that Emacs is the text editor in which dreams are made from, or that inside Emacs there are unicorns manipulating your text, don't expect me to convince you."

Bookmarks for April 28th from 05:35 to 14:24

These are my links for April 28th from 05:35 to 14:24:

  • Official Google Blog: Adding search power to public data – Interesting. Wonder if the underlying public data sets will eventually become available on Google App Engine as well, sort of like the public data sets available for use with Amazon EC2 applications.
  • MySQL And Search At Craigslist – Jeremy Zawodny's slides on MySQL, Sphinx, and free text search implementation at Craigslist, from last week's MySQL conference.
  • Skew, The Frontend Engineer’s Misery @ Irrational Exuberance – For mashups and the like, the distinction between a FE engineer and web dev is rather small in terms of technical skills; they are both using the same skillset, they are both interacting with APIs, and so on. However, there are important distinctions between the two: 1. web developers tend to move in small groups or as individuals, whereas fe engineers work in larger groups, 2. web developers tend to design a product on top of an existing backend service (api, etc), while fe engineers are usually working in parallel with the backend being developed.
  • Study: Twitter Audience Does Not Have A Return Policy – Over 60 percent of people who sign up to use the popular (and tremendously discussed) micro-blogging platform do not return to using it the following month, according to new data released by Nielsen Online. In other words, Twitter currently has just a 40 percent retention rate, up from just 30 percent in previous months–indicating an “I don’t get it factor” among new users that is reminiscent of the similarly-over hyped Second Life from a few years ago.
  • Hey Americans, Appreciate Your Freedom Of Speech : NPR – Firoozeh Dumas on the underappreciated freedoms of speech and expression we have in the US vs journalists and bloggers in Iran.

Bookmarks for March 12th through March 16th

These are my links for March 12th through March 16th:

Bookmarks for March 9th through March 12th

These are my links for March 9th through March 12th:

Bookmarks for March 3rd from 05:48 to 12:10

These are my links for March 3rd from 05:48 to 12:10:

Bookmarks for February 28th through March 1st

These are my links for February 28th through March 1st:

  • Community Data – Swivel – User contributed datasets, for visualization and graphs with Swivel
  • Obamameter – Map visualization of economic stimulus outlays. "Keep tabs on the the US economy, the global economy and the stimulus through our dashboard for the economy."
  • recovery.gov.pdf – Slide presentation on data sources and construction of initial Recover.gov site in Jan 2009, from talk at Transparency Camp.
  • Virtual Hoff : DoxPara Research – Slides from Dan Kaminsky's talk at CloudCamp Seattle on network and application security issues in cloud and virtualized computing environments.
  • Can You Buy a Silicon Valley? Maybe. – from Paul Graham – "If you could get startups to stick to your town for a million apiece, then for a billion dollars you could bring in a thousand startups. That probably wouldn't push you past Silicon Valley itself, but it might get you second place. For the price of a football stadium, any town that was decent to live in could make itself one of the biggest startup hubs in the world."
  • Berkshire Hathaway 2008 shareholders letter (PDF) – Warren Buffet reviews the state of the financial markets, his worst year ever, and the outlook for 2009.
  • White House 2: Where YOU set the nation’s priorities – Not the actual White House, but an interesting experiment in collaborative input for setting government agenda.
  • Python for Lisp Programmers – Peter Norvig examines Python. "(Although it wasn't my intent, Python programers have told me this page has helped them learn Lisp.) Basically, Python can be seen as a dialect of Lisp with "traditional" syntax (what Lisp people call "infix" or "m-lisp" syntax). One message on comp.lang.python said "I never understood why LISP was a good idea until I started playing with python." Python supports all of Lisp's essential features except macros, and you don't miss macros all that much because it does have eval, and operator overloading, and regular expression parsing, so you can create custom languages that way. "

Bookmarks for February 18th through February 19th

These are my links for February 18th through February 19th:

Bookmarks for February 14th through February 15th

These are my links for February 14th through February 15th:

Hey, remind me again, who’s the Fed Chair?


Fed chair Ben Bernanke appeared before the House Budget Committee this morning, giving a prepared statement, then taking questions from the panel members. Aside from the content of his comments (growth is slowing, we’re not in a recession, some quick economic stimulus would be good), I always find it unsettling to see and hear the questions from our elected officials on the budget committee, as they tend to make speeches posing as questions, that sometimes border on the absurd. Basically, they pretend to ask questions, and the Fed Chair pretends to give answers.

One congresswoman had Ben Bernanke confused with Hank Paulsen, (former head of Goldman Sachs, now Treasury Secretary) in a prepared question asking if the bankers who caused the credit market problems would repay their bonuses and salaries to the American people. You’d think at least her staff would be able to keep track of who was at Treasury and Fed. Ben probably wishes he had the bonuses she wanted him to repay.

The short term trading question tonight is whether we see the widely-expected “surprise” rate cut premarket tomorrow to ambush the index option traders before the open, like the discount window cut before the August 17 options expiration. Unlike equity options, US index options mostly settle based on the opening trades on expiration day. Futures are creeping up overnight, in case. But they already pulled that trick once, and everyone is watching for it, which means that even if they do it again, it won’t work as well as last time.

2008 so far: S&P down 9.2%, DJ -8.33%, Nas -11.51%

Update 01-19-2008 09:15 PT – The confused congresswoman is Marcy Kaptur currently on her 13th (!) term as US Representative from Ohio.

“CEO of the Princeton Economics Department”. At least he has a sense of humor.

See where your tax money went


The Budget Graph poster is a visual depiction of the United States Budget. The online pan-and-zoom browser is fun too. If you want a general sense of where the money goes, this totally beats plowing through the official federal budget documents.

Hello India, we’re still here…

…but other sites are apparently blocked.

There are a fair number of readers here from India, where some ISPs have started blocking many blogs, including all of Typepad, Blogspot, Geocities. So you might have thought this site was also blocked if you came by yesterday, since you would have gotten something like “Connection refused” or a similar error message.

Fortunately / unfortunately, it’s just Dreamhost having some hardware and network problems, which took down many of their clients for several hours yesterday, and is still behaving badly today.

UN WGIG final report

Joi Ito notes the release of the final report of the UN Working Group on Internet Governance.

The WGIG is a group of experts tasked by the United Nations to think about and come up with a report about Internet governance. Many people were concerned because the meeting was kicked off by the Secretary General of the International Telecommunications Union (ITU) saying that this was about questioning ICANN. The comments gave me the sense that the ITU was trying to take over ICANN’s role and wanted a report to justify this. In fact, the group of experts represented a broad range of opinions and have produced an interesting report.

He also notes a handy set of resources, including illustrations of the 4 governance scenarios proposed in the report, available here.

I just skimmed through the report, and aside from the usual grumbling about the US having too much control over the DNS root servers, and the root server operators not being formally under anyone’s (government) control, there is a good list of policy issues that are hard to get at on a national basis and really do call for a broader international agreement (unclear that this needs to be at the UN or ITU, though).

Some of the policy issues enumerated in the report:

  • Internet security and stability – lack of multilateral mechanisms, multijurisdictional criminal prevention and prosecution
  • Spam
  • Allocation of domain names, gTLDs
  • Intellectual property rights
  • Freedom of expression
  • Data protection and privacy rights
  • Consumer rights

I’m generally skeptical that the UN can make any useful contribution on the technology planning and administrative side of the internet. But it might be a place to get some government agreements on how to deal with spammers and hackers originating traffic from, say Brazil or China against targets elsewhere. Not that making it explicitly illegal would necessarily stop the problem, but it would be a step in the right direction.

Rough consensus and running code among dedicated people has taken us pretty far, but running a badly behaving network used to draw the criticism of your peers, and might lead to having your network unplugged. These days it’s not so practical, especially if the uncooperative network is an entire country.