Christopher Warner

You either like him or hate him but Daniel J. Bernstein is hilarious in his bluntness, and exploring his website is like reading through a trove of golden comedy nuggets. It’s been a while since I hit his site, but having to read some information on Bernstein vs the United States I found myself laughing hysterically. So, before I hit the pool tables and then get back to Plone/Krang work, lets cover some of this:

2007.03.20 ~23:00 GMT?: My mail server is actively disabled by the idiots at the UIC computer center.

2007.09.29 ~04:00 GMT: Another multiple-hour power outage at UIC. The explanation, which you’re not supposed to laugh at, was finally given on 3 October: “There are two ComEd grids that feed the UIC campus. One of the grids went down causing a power glitch for 2.5 minutes. As a result, many building level breakers tripped resulting in the loss of power on a building basis that lasted until the UIC electricians could reset the building equipment.” You’re also not supposed to laugh at the fact that, several hours after the outage, the computer center still wasn’t aware that there had been an outage.

2008.05.05: One of my servers is actively disabled by the idiots at the UIC computer center.

The love for UIC continues, in what is obviously a tale of woe that I hope to never experience. DJB loses his health insurance. What would normally be a somber and generally tough, upsetting even angering read is actually quite compelling. Choice quote:

How many months are in September October November December 2000, September October November December 2006, all the months of 2007, and January February 2008? Is that 24 months? No: it’s 4 + 4 + 12 + 2 = 22 months. Say hello to UIC arithmetic!

Man the University of Illinois at Chicago really, really sucks.. This specific thread is great reading! Then you get brilliant ideas like this list. The Soap Saver dish idea is awesome! Why is it brilliant? Just ask yourself how many times you’ve gone to pickup smushy soap?! There you go.. The coin-operated elevator wouldn’t be as useful though; the problem is elevators are seen as a utility. Maybe in a private apartment building where you get an elevator straight to your door but then if you can afford that it’d be odd putting quarters into the elevator. The Internet Bus Locator?? Awesomeness, but take it to the next level!! Mass Transit Authority locator. Buses, Trains, Trams, Service Buses all of that!. Ahhh well, Ms. Tarzian probably just deleted all of these. Let me state that I don’t know one way or another what happened with those ideas. I’ll have to send an email I guess, he may even respond  within a few months. Hey, that sounds funny, but trust me if I let my email go for two days without checking it I may as well prepare for a day of reading and responding to email. I don’t even bother responding to people on the phone unless I like you

Next up random but interesting articles like this one on Sleep and why too much may actually be bad for you.  Why wine may prevent Alzheimer’s and why drinking more coffee may reduce the most common form of diabetes.

Then I go back to the UIC mismanagement section; for some ignoring of sponsor rules because, well, it’s great stuff and the levels of incompetence I’ve had to deal with in my lifetime pale in comparison. Actually, I wouldn’t even call it incompetence. It seems the UIC management realize all of the sham and shenanigans they are employing and DJB is just the only one to actually call them on it. When he does, they try to ignore him, then he gets external parties involved who may or may not have the authority to make them tow the line. Subsequently, they do try their best to make him comply. It’s just we gotta get the outcomes of this stuff! 

Here’s a nice section on the 2007.12.03 standard workstation which is actually a decent machine.

Anyway.. good reading over at cr.yp.to.. I’ll send djb some email on some of the incidents linked to find out what the general outcomes are.

In reponse to my last post; Cross-Site Dom Form Element Modification here is some background via Wikipedia called the Same Origin Policy. Again, this simply doesn’t prevent attacks and the dom is still not safe. Some well informed individuals linked me to The FAQ_SOP for Google’s Web Toolkit where it states “While very necessary, this policy also has the side effect of making web developers’ lives difficult”. I agree with the latter piece of that statement, the preceding “While very necessary” is what I disagree with. So, for instance, lets say I have a form that takes one line of input, being a name. In that form input; I expect a name that can consists of numbers, letters, extended chars and symbols.

No matter what happens; that input box is hijackable. No matter where you try to prevent input into that box from a remote party; so long as it’s on the web. That specific input box is prone to attack. I don’t care what you do; deny dom access remotely; fine! Just wait for a local attack. Write stuff to a temporary cookie that is read and deleted? Attacker just has to know the cookies name and continuous poll’n. No matter what you do to try and protect the dom you can’t because of the very nature of the web. Access control mechanisms work to an extent but it just changes the vector only slightly. What would be better is a way to deny/allow access to the dom based on the HTML itself so one could deny dom access for specific elements!

After the last two days my options are fragment id’s, setting up some dns/virtual host workaround or dropping data into a temp cookie to be read on javascript event. Programming for the web sucks ass, this is horse shit! All of this to transfer one 1 line of text between forms because cwarner.dev.nymag.biz:80 and cwarner.dev.nymag.biz:8025 throw up the SOP flag.. It’s fucking stupid retarded.