Twitter + Door = Door++

StudentRND has a new lock thanks to Adam Ryman! This new lock is awesome. And "awesome" is not a word I often use for locks. Our new lock opens when 12V is applied across its leads.

Naturally, I hooked it up to an Arduino. And I hooked that Arduino up to the internet.

So now we have a door lock which listens to @srnddoor on Twitter, and replies to requests from authorized users to open the door. (And, thanks to Twitter's streaming API, this is near real-time; it's literally less than a second from when I hit send on my phone to when the door opens.) Locked out no more, plus we have much better access control!

(Props for inspiration to Github's Hubot, which unlocked the door when asked on their Campfire.)

It's me! At a TEDx! On education and the internet!

Windows Phone 7 is pretty okay

Windows Phone 7 has the easiest-to-use SDK of anything I've seen. I got an HTC Arrive at 4pm yesterday, and had a full remote media player working by 12. Very nice work, Microsoft.

On the negative side, the only way to make it talk to iTunes at all is through the app I built; it won't sync with iTunes unless it's connected to a Mac. (???)

WordPress Image Credit

The line between blogs and media outlets is getting increasingly thin, and many major sites are now powered by WordPress. One of the major features needed by a news organization which WordPress lacks, however, is the ability to track image credit.

Well, no longer! Here's a quick WordPress plugin I wrote to add a Media Credit and URL to the media manager. When you insert an image tagged with credit information into a post you'll automatically get a credit block (for styling purposes, it has the classes "credit" and "image-credit", and the ID "image-credit-[IMAGE-ID]".

Download the plugin here!

Converting Between Prefix/Infix/Postfix

When it comes to notation, we're used to seeing things in the form of $<![CDATA[ x+y ]]>$, $<![CDATA[ 1*1 ]]>$, etc. This is an austere contrast to what, as programmers, we're used to working with: functions. In most languages, for example, we might invoke a function we've created to perform addition in some line resembling Add(a,b). Notice the difference yet?

An Introduction to Notation Differences

In everyday mathematics, we typically represent equations in a form called “infix notation”, a notation where the operator comes between its operands. An addition function in a language based on infix notation might be invoked as 1 ADD 2. If this looks odd to you, it is: few languages support this (haskell comes to mind), and even in those which do, few people use it. Infix notation is fundamentally difficult for a computer to use — in order to perform a function on arguments the computer, at some level, needs to push the arguments into a stack in memory before calling a function — and so whenever we write a mathematical equation in a programming language the computer is at some point converting this into a notation with the arguments and the function as two discrete groups.

Given that infix notation has the operator in the arguments, the other two notations are obvious: prefix notation — where the operator prefixes the arguments — and postfix notation — where the operator follows its operands. You may be more familiar with these two notations as Polish Notation and Reverse Polish Notation (or RPN), respectively. The equation $<![CDATA[ a+b*x ]]>$ in infix notation would be represented as $<![CDATA[ (+a (*b x)) ]]>$ in prefix notation, and $<![CDATA[ (a (b x*)+) ]]>$ in postfix notation.

Automating the Conversion

Because each standard mathematical operator (+, -, *, /, ^, %) has exactly two operands (we say that they have “arity” 2, more commonly known as binary), we can consider an equation as a binary abstract syntax tree. A simple equation, $<![CDATA[ a+b ]]>$, would be represented as such:

Similarly, $<![CDATA[ 2+\frac{3}{5}x*(4+\frac{3}{2})-1 ]]>$ would be:

Converting an equation to this form is easy in principal. Each operator applies to exactly two values: the one before and the one after. So, for a simple left-to-right mathematical system, we can think of the steps to convert to a tree as such:

1. Read the first operand, and store it as the left child of a new node $<![CDATA[ n_1 ]]>$.
2. Read the operator, and store it as the root of $<![CDATA[ n_1 ]]>$
3. Read the second operand, and store it as the right child of $<![CDATA[ n_1 ]]>$
4. Store this new node as the left child of the node $<![CDATA[ n_2 ]]>$
5. Repeat steps 2 and 3 for this new node.
6. Repeat 2-4 until you run out of equation to parse.

Here's an example of this in action:

BEDMAS

As we all know, math isn't read simply left-to-right — some terms are evaluated before others in an order defined by the precedence rule. In order to parse infix, we need to consider the problem in order of Brackets, Exponents, Division/Multiplication, and Addition/Subtraction. This rather complicates things.

The solution is something known as the shunting-yard algorythm, and it's unlikely that I could do a better job explaining it than the linked Wikipedia page. Without going into how it works, what we need to do is push the operators onto a stack, $<![CDATA[ S_{oper} ]]>$, as we read them. Likewise, we push our operands onto a stack we'll call $<![CDATA[ S_{node} ]]>$.

Whenever we encounter an operator which has a equal or lesser precedence than the top operator on $<![CDATA[ S_{oper} ]]>$, we pop the previous operator off the stack, and use it to generate a node with the previous two nodes from $<![CDATA[ S_{node} ]]>$. This new node then replaces these last two nodes in $<![CDATA[ S_{node} ]]>$. When we've processed the entire equation, we pop each remaining element off $<![CDATA[ S_{oper} ]]>$ and use it to form a node from the last two nodes on $<![CDATA[ S_{node} ]]>$.

For any well-formed equation we'll end up with exactly one node in $<![CDATA[ S_{node} ]]>$ which contains the entire tree.

Here's an example of how this works:

Brackets

The only remaining piece we haven't dealt with is brackets. You can think of the equation contained in the brackets as a separate equation. You can simply deal with this recursively, or simply pop $<![CDATA[ S_{oper} ]]>$ to form nodes until you reach the first open-bracket in $<![CDATA[ S_{oper} ]]>$.

From a Tree to a Form

Finally, we can go from a tree to a mathematical equation of any form recursively. To print out any given node:

• In prefix: print the operator, then the left child, then the right child
• In infix: print the left child, then the operator, then the right child
• In postfix: print the left child, then the right child, then the operator

Finally, as the base-case for this recursive function, when we reach a node which is only a variable or number we print that result.

Related Work

This post was inspired by an interview question at JustinTV, which contains a second part: to reduce the equation as much as possible. This is actually quite easy now that our equation is represented by a tree. I'll explore the methods of reducing a function in a later post.

StudentRND Talks

If you're in the Seattle area and interested in going to a TED-like event, check out StudentRND Talks, an event I'm putting on with a friend for StudentRND. We're looking for speakers and general attendees.

RFID Credential Provider

Anyone else here have a SparkFun RFID USB reader? I've been in love with this since I got it, but it's actually had fairly little uses: I built an experimental Facebook Presence client with facial tagging and, well, that's it, actually.

However, I've recently come up with one of the greatest uses for it yet — logging into Windows!

In Windows XP and below, allowing custom logins required writing a custom GINA module, which was tedious and had some major drawbacks, the most obvious of which was the limitation of one custom provider installed at a time. Thanks to the update to the login structure in Windows, it's fairly easy to use the LoginUI API (although a poorly documented one) to implement custom login providers.

Interested in trying this out yourself? You need the reader, of course (you might want to desolder the beeper if you're planning on using this on a regular basis), and one of the following downloads:

• Installer (32 and 64-bit; Windows Vista/7)
• Source Code

Note that you'll need to use the enrollment tool to register your credential. Due to limitations on Credential Providers, logins need to include the user's domain, username, and password. That means whenever you change your password you'll need to update it with the enrollment tool or RFID logins will fail. I understand this is a pain, especially in corporate environments where you may be required to change your password frequently, but there's nothing I can do about it. You can be confident, however, in that your passwords are stored in a safe manner; an attacker requires your credential and administrator access to the computer to decrypt them.

As usual, please don't modify and redistribute this project without attributing it to me. If you need support or want to donate a few dollars, I'm over at tyler@menez.es. If you just want to learn more about how to create your own, check out this article on Credential Providers in Windows Vista and above.

Additional images:

Trigger a BSOD when your process is closed

NtSetInformationProcess has a neat undocumented feature. If you pass 29 for the type key, and 1 for the value, your process is marked as essential to the system, and closing it triggers a Blue Screen of Death:

NtSetInformationProcess([Process Handle], 29, 1, 4)

Where the third parameter is an int* (technically a void*, but that's not relevant). The full code to mark a process essential in C#:

[DllImport("ntdll")]
static extern int NtSetInformationProcess(IntPtr p, int c, ref int i, int l);

void SetEssential()
{
int e = 1;
NtSetInformationProcess(Process.GetCurrentProcess().Handle, 29, ref e, 4);
}

void SetUnessential()
{
int e = 0;
NtSetInformationProcess(Process.GetCurrentProcess().Handle, 29, ref e, 4);
}

Note that calling Process.GetCurrentProcess().Kill() after calling SetEssential() is a quick way to immediately crash the system. (This might be of particular use to those who encrypt their entire drive. Hotkey this and you can secure your system in an instant.) To that extent, anything which closes your process will unless you put SetUnessential() in your destructor.

Lock Windows and Activate a Screensaver

I really like my screensaver, but I hate having it automatically activate — I watch a lot of streams online, and that gets old really quickly.

Because I've already gotten used to locking my computer when I walk away, all I really needed was a hotkey which let me activate the screensaver and lock the computer. However calling LockWorkStation() in user32.dll doesn't activate a screensaver, and all the posts I could find on activating the screensaver just execute the actual .scr file (which is a special form of executable, if you weren't aware), waiting for it to exit, and then locking the workstation. This seemed like a pretty big security hole, since the machine would be unlocked for an unspecified amount of time, dependent on your computer's speed.

After digging through the Windows API, I came up with the following code which locks the workstation and then activates the screensaver (the DLL imports are listed in case you're planning on implementing this as part of a larger managed project, but if you're just doing this there's no reason not to use C++):


[DllImport("user32.dll", EntryPoint = "GetDesktopWindow")]
private static extern IntPtr GetDesktopWindow();

[DllImport("user32.dll", EntryPoint = "SendMessage")]
private static extern IntPtr SendMessage(IntPtr hWnd, uint Msg, int wParam, int lParam);

[DllImport("user32.dll", EntryPoint = "LockWorkStation")]
private static extern IntPtr LockWorkStation();

LockWorkStation();
SendMessage(GetDesktopWindow(), 0x0112, 0xF140, 0);


Where 0x0112 is WM_SYSCOMMAND and 0xF140 is SC_SCREENSAVE. If you have a keyboard with macro keys, just compile this as-is and map it. If not, you'll have to write a hotkey listener.

WHAT IS THIS I DON'T EVEN

Has anyone actually looked at the code for Autonomous LAN Party Manager? It's terrible! Model/View/Controller? Hell, they only have one class: "global". You can customize themes with stylesheets which hold all the display-related code, except that they DON'T. All of everything is stored in a PHP config file, where it's written directly into the <body> tag as attributes. Because, as everyone knows, this is best practice.

As someone who hosts way too many LAN parties, this is more than a bit annoying. So, of course, I've taken it upon myself to re-write the codebase in a more reasonable way. Originally I was just going to try to hack the existing one into some reasonable state, but that was just about impossible. So, I'm starting from scratch. I've included some pseudo-wireframe sketches I drew on my desk, if anyone wants to suggest some different design practices or something. Of course, themes will be much easier to implement in this new version, so it's not really that critical, I s'ppose.

I'm going to some sort of drama thing for some reason tomorrow, and thanks to my new Android phone, I'll have access to the webnets the entire way there and back, so I should be able to get a significant portion done over the next few days. Stay tuned!

Also continuing the theme of "WTF", I wanted to share this video which I've watched some large number of times quickly approaching over 9000.

In some unrelated news, my good friend Cole from the good ole' days of ARSON Media started a blog where he covers various video-game related stuff in his usual unusual ways. Check him out over here.

Finally, I'm working on a new blog design. Rather than just going back to my old code and changing the background, like I did for a certain revision (which won't be mentioned specifically, but which is as current as, or more current than, the current revision), I'm actually writing some HTML. How strange a concept this is.

Internet Piracy

Seems everyone has an opinion on internet piracy recently. On one side we have people who claim that each downloaded of a pirated item is equivalent to theft: torrented the latest Menomena album? Might as well have walked into a record store, stuffed it in your bag, and walked out. On the other side you have a group of people saying that copying a file is essentially free, and so nothing of value is lost. I'm going to take a stab at the problem myself. The way I see it, the reality lies in the middle, as usual.

First Copy Costs and the High Cost of Production

One of the most common arguments from those for piracy is that companies don't need to pay anything for distribution, therefore they don't lose a thing from pirated material. Honestly, I'm not sure these people actually believe themselves: producing something definitely costs something. Even without the cost of producing physical media to contain the product, there's the initial cost of production. For a smaller application, this probably isn't a huge number, whereas for something larger - Creative Suite, for example - might cost something in the millions. The cost of a product is set to a level where the developer makes enough money from sales to justify the time spent in the creation phase.

On the other hand, the internet has undoubtedly made things cheaper. There's really no reason an e-book should be as expensive than it's hardcover equivalent. Likewise for music: albums purchased online should always cost less than the same set of songs purchased on a physical disk from a retail outlet.

Lost Sales

The huge argument against piracy is that each download is basically a lost sale. This is the basis for the "billions of dollars lost" statistic the recording industry loves, and it's the idea on which damages are calculated in court cases.

This argument, however, is fundamentally flawed. It assumes that everyone who downloads a product would otherwise have purchased it. Nearly everyone knows that's not the case, but I decided to collect my own statistics. All of the applications I've developed over the years have used an updated version of a registration management system I released a few years ago on CodeProject. Modified in the sense that it's better coded, translated into C#, and - most interestingly - detects the few keygens which have been put out for it over the years.

Rather than just refuse keys generated by these applications, however, I offer the user a free, legitimate license code if he fills out a short survey about why he pirated the application in the first place. I also asked a variety of people I know as to why they purchase software. I compiled some results into this fancy pie chart, showing why people decide to pirate my applications.

Yeah, it does seem to be quite clear: about 22% of these sales are definitely lost. However, it's unlikely the unavailability of my programs on sharing networks would convince many of these 22% to buy the program - a sizable fraction probably just don't think it's worth the money. And DMCA take-down notices are even less likely to convince 5% who pirate for moral reasons to buy it. Likewise, the 17% who don't have the money to pay aren't going to get a raise once the Pirate Bay shuts down. Software developers need to make a distinction between lost sales, and downloads, because there's not a 1:1 relationship between the two.

How I Do Copy Protection

• For those that can't afford it, they can have it. If you can't throw down $20 for something which makes your life easier, you have bigger problems. I'm not going to be able to sell anything to them, anyways, so why fight them. In fact, I've actually put out my own keygen for a few apps I've written just to save these people from the viruses they might get from the illegitimate ones. Generally these people don't know how to fix their own computer problems, and a $200 visit to the Geek Squad isn't going to be great for them, either.
• For those that are morally opposed to paying for software, there's again not much I can do. They aren't going to pay, so there's no point in trying to make them. I could, in effect, punish them by fighting their keygens, but I understand that my views on things aren't right or wrong, simply differing. I'm not helping them, but I'm not making it harder, either.
• For those who can pay but don't: This is where my registration program actually comes into play. Showing their name every time the program is launched helps to deter people a bit: it's awkward for some to explain to their friends why they seemingly used the pseudonym "cracks team!111!!11one!cos(0)!!" when paying for a license to a program. Showing a personal message and asking them to take a survey appeals to emotion and creates extra work, which seems to decrease this number slightly. Overall, though, there's still not a whole lot you can do, other than spend all your time fighting the crackers. Maybe that's fine for a giant organization like Adobe, but I just don't have the time.

*The number of people afraid of litigation seems abnormally high, until you realize that many people I surveyed bought applications for their office.

Now with 256-bits more Encryption!

For no specific reason other than it was cheap, I've upgraded this website to 256-bit TLS encryption. It really says something about the decline of quality in CAs when I can get a certificate in two hours for $3. Maybe everyone's betting on Extended Validation certificates, which usually run around $300, to add a layer of protection, since increasingly less is being done to validate the ownership of domains. Prices on these are coming down, too, though - they used to cost around $2000, a significant drop in just a few years.

Regardless, enjoy the peace of mind you get from knowing that no one can read your comments while they're in transit.

It's Time to Make Outlandish, Unattainable Promises to Ourselves!

Happy New year, e'ryone! My New Years resolution this year is to actually post to my blog on some reasonable schedule.

Like that's likely to happen...

How to be Ignored for Months: The Microsoft High School Internship Program

Update!

The high school internship program was taken over by some great people in Microsoft College Recruiting, who've addressed all these issues and made it better in other ways. If you're looking to apply, don't let this post stop you, it's outdated!

As a high-school student living in Redmond with more than a passing interest in technology, it was only natural that I apply for the Microsoft High School Internship program. Big mistake. Don't get me wrong: some of you might enjoy sending in your résumé and letter of recommendation in late February, ignored for months, yelled at over email when you try to find out what's up, and finally told that they weren't actually accepting any interns from your grade level, anyways. I don't.

From Google Beginnings

It started with a Google search a few years ago. During my sophomore year I was looking for something to do over the summer, and came across a page from Microsoft about an interesting program for Juniors and Seniors in high-school in the Puget Sound region. Being a year too young for the program, I made a note to come back to it the next year. Which I did: come January of my Junior year I got together my résumé, filled out the application, and got my Computer Science teacher to write a letter of recommendation. I sent in the application via FedEx the last week in February, with signature confirmation just to be sure it got there. The website said they'd get back to me by early June at the latest, but talking to about ten different people who'd been in the program in the past, I was expecting to hear back from them late April or May.

First Contact

When I still hadn't heard back come May, I was starting to get a bit curious as to the status of my application. The only thing given on the program website was a mailing address, and clearly mail wasn't working for them. I someone in hiring through an obscure Microsoft website, and asked them to forward my email on to the correct person, which they agreed to do. To illustrate exactly how terrible trying to contact the High School Internship program is, I listed what I had to do below:

1. Search Google for "site:microsoft.com intitle:Hiring"
2. Find the name of someone in the hiring department.
3. Try to contact them using the built-in contact form, find out it only supports 255 characters.
4. Google her name and find her Twitter account.
5. Find a link to her old Blogger blog in her Twitterstream.
6. Find a link to her Facebook page in her Blogger profile.
7. Send a Facebook message asking if she can put me in contact with the correct person.
8. Get an email from the person who was supposed to be the correct person, telling me to contact someone else, with another email address.
9. Email that person and get forwarded to yet another person.
10. Have that person tell me that they've definitely received my application, but haven't decided anything yet, and not to write anymore.

This entire process was a bit ridiculous, but I just supposed that they weren't really prepared to take any emails for some reason.

And the Trouble Continues

A few more weeks came and passed. Microsoft held their annual Hunt the Wumpus game development competition. I had been leading a team, and we ended up winning one of the four awards there. Meanwhile, I got to talking to a bunch of participants from other schools, some of which were Seniors and, for the past few weeks, Microsoft Interns. It turned out that Microsoft had actually accepted a bunch of applicants the week before. On the plus side, I got the email of the program's director. I waited a few days, and the "latest" day by which they would inform me of their decision passed. Still, I waited a few days. Then I sent a message to the email I'd gotten at the competition.

The reply came a few days later: whereas I was nice, especially considering the circumstances, she basically told me to f*&k off - although admittedly in somewhat less plain terms.

Whereas the person I had talked to earlier at least made an effort to answer my questions, this person didn't even pretend to. Rather than answer any of the questions I asked, she simply told me very plainly to stop emailing, and that they did not have any intention of talking to me before they were ready. At this point I was just upset. Being ignored is one thing, being treated as if you are nothing more than an annoyance is something entirely different.

A Page of Text for Months of Trouble

Finally, a week later and more than half a month past their own deadline, I got an email from them. It was a form-letter rejection. "We regret to inform you ... you have not been accepted ... continue to work on your skills, and, if you're a Junior, you can apply again next year."

I wrote to some of the people I had met at the Wumpus competition, to see if perhaps they, as interns, could be more helpful than the actual department which hired them. I mean, I could have understood if they found me unqualified a few months ago, but my team had just won a competition which they sponsored, beating many of the people they actually chose. From what they could gather, the only people who were accepted were Seniors who had already been interns their Junior year.

Conclusions

Throughout most of this, I considered myself relatively calm. At this point, however, I was absolutely enraged. They completely wasted four months - that's one-third of my year. I wrote an email describing everything I'd gone through in the process of trying to get an internship here, and how unprofessional everyone was every step of the way. I sent it to everyone I had talked to throughout the entire process as well as the email from which the rejection letter had come from.

A few days later, I received a response asking if I was available to talk sometime in the future. Given that they had wasted so much of my time, it was now summer, so I had nothing but time. I replied back: I was available every day except Friday due to an orthodontist appointment. I gave them my phone number in case they wanted to call me, and offered to go meet in person if it was any better for them. After two weeks without a response, I sent another email asking if they still wanted to talk. Nothing. I decided to write the entire program off as a joke, and started looking for any other companies who would hire a high-school intern.

A few emails and a few days later, I got a response from a company in Bellevue by the name of Atigeo. They asked me to come in for an interview the next day. I happened to be in Las Vegas at the time, so I asked if the following Monday would work for them. I got a response a few hours later: of course. I showed up at nine that morning and met with a few members of their programming team. They asked me some questions about Regex (it turned out that one of the guys I'd be working with had started programming in Perl like me) and offered me a position starting the next day. It paid nearly twice as much as the Microsoft High School Internship had.

Final Score

Microsoft: 4 months wasted, 5 emails, 1 Facebook message, numerous Google searches, only to be rejected by a form-letter email.

Atigeo:2 days and an interview, to be offered a higher paying position than I would have at Microsoft.

Thanks, Microsoft.

This site is not a cold dead place

I don't hate you all, I've just been rather busy. As I'm sure you've realized, it's summer, now, and that means more free time for me, so I'm finally getting around to some of the projects I've been wanting to do for a while now.

Some of you might remember I mentioned a tool I was developing a while back for dealing with frontpaging on Digg. Well, it's basically done now, and I've just submitted it to WordPress for approval under the name S3Social. It's the same thing I said I was going to do, but it also supports a bunch of other sites. More details on that in a future post I'll make when it's ready for download.

I'm also playing around with the idea of starting an IPTV show similar to thebroken and the old episodes of Systm, so you might be hearing more about that later, as well. (If you're interested in working on the project, drop me a line.)

Well, that's it for this post. Just wanted to remind you that I'm still here.

New location: Tyler.Menez.es

I bought a new domain, which is where you're seeing this post right now: tyler.menez.es. It took a while to find a registrar which would register .es domains to US residents, but it's done, anyways.

No need to update your bookmarks, you'll be redirected anyways. My question, internet, is what do you think of domains like menez.es, del.icio.us, blo.gs, cr.yp.to, et cetra? You can answer in this poll below.

 Loading ...

Because I'm nice like this, if anyone else out there has the last name "Menezes", or has the last name "Menez" and lives in Spain, let me know and I would be happy to give you the subdomain corresponding to your first name, assuming it's not "Tyler" as well.

The Political Process Must Continue

Or, alternatively, How I won my school election through the power of the internet.

Today I found out that my school elected me to the office of Vice President. Whether I can really make any difference is debatable, but that's not what was interesting about this election. Given that I'm basically just the "tech" guy around school and my opponent was rather popular among the school, as well as the traditionally accepted "high school kids vote for who the know" idea, I would have been quite surprised if someone had revealed this to me two weeks ago.

However, I did win, and I won by quite a lot from what I can tell. I don't think that this win would have been possible ten years ago, I'm sure that technology had a direct effect on the outcome of the election; the internet really does level the playing field, so to speak. So, how did I do it? Obviously, I can't be sure if any of this actually had an effect, but it seemed like it to me, so I'll post it here for the interest of any of my high school readers here. (Some of these techniques may apply to higher elections, as well, though not all.)

Twitter

Has anyone else noticed an increasing amount of spam on Twitter? It may just be a function of its increasing popularity, but I'm seeing a lot more. Maybe it's time for Twitter to implement a more robust spam trap?

Of course, they'll probably come up with a business model before that happens!

By the way, for those of you wondering where I get my blog pictures, there's an excellent tool I found to search Flickr called Compfight. I'm not getting paid for this link, I just think it's a great tool that more people should know about. I mean, it uses AJAX! How much cooler can you get?

Splogging

Hello tubes! I've decided to start a new project where I reply to spam emails I get, and see what happens. Obviously if I did so in a serious tone it would be stupid, so they're not 100% accurate emails. Anyways, if that seems like the sort of thing you'd be interested in reading, it's over at http://splog.blogs.arson-media.com/.

Shoot me any spam you think might be interesting at splog@tylerm.info. [Photo credit: cursedthing]

AdWords

I'm experimenting with using Google AdWords to draw traffic to specifically interesting posts on my Blog. Why? Mainly, I'm just curious how well it works. I don't run ads on the site (for those of you with AdBlock installed) so all I really have to gain is a new client or something. So far I've gotten quite a few clicks (about 20 in 2 days) which is pretty good, I think. I'll post more details later when I get them.

Do any of you readers have interesting experiences with online advertising? Explain yourself below in the comments!

Fading Posts

If you'll take a look down the homepage of this site, you'll notice that the posts fade as they get older. Obviously that's intentional, and I think it's a pretty interesting way of showing that some of the older posts are less relevant than the newer ones.

Some people have asked me why I list all posts on one page. While it does make the page load times much longer, it requires less time to load overall for visitors who want to read my archives, and it makes searching much easier -- why have a full search engine when people can just use Ctrl+F? It's more of a personal thing I guess: I tend to read the full archives of blogs when I find one I like. This is a less annoying way of doing so for people that want to do so with this blog than going through 100 pages of entries to find interesting ones. And honestly there's nothing interesting at the bottom of the page, anyways, so why should visitors have to see it at all?

And While We're on the Subject of Plagiarism

One of the things which has always bothered me about parents and some teachers is that they pretend students have no idea what plagiarism is. While I haven't exactly conducted studies on the matter, I can tell you from the point of view of a high school student that at least ninety percent of those who plagiarize know exactly what they're doing.

TurnItIn.com Loophole

I turned in a paper to TurnItIn.com today. Personally, I'm not a big fan of a service which is created to assume that most students are inherently dishonest, but whatever. Anyway, I think I've found a loophole for all of you who *are* dishonest.

The loophole I mentioned earlier.

Yeah, if you can't tell, TurnItIn doesn't work with private use characters. While that's not altogether surprising, given that private use characters aren't, well, standardized, this gives would-be plagiarists a fairly large opening. Quite a few fonts provide alternate glyphs which aren't technically letters (in the sense that they don't use the standard Unicode values for letters). In the case provided in the example, the little squares are small-caps and oldstyle figures.

So you could, in theory, just replace every few words with an alternate character you find in the font (in Windows one would use the Character Map), or the first letter of each word. In practice, I have no idea if this works, but from what I've seen, it should.

Or you could just, you know, do the work yourself, rather than taking the time to replace letters manually just to rip someone else off. Still, it's good to realize that systems like this aren't foolproof.

Asterisk / FreePBX on Ubuntu Server

I spent the past few days trying to get FreePBX working on Ubuntu Server. Finally, I have a script for you so you won't have to go through the same guess-and-check that I had to. Download it at the following link, then run it and just follow the prompts. Done!

Asterisk Installation Script

Spanish Conjugation

I'm working on a PHP library which conjugates verbs in Spanish. So far it can conjugate the present and the preterite forms for all parties who you might be talking to. People in my class have been asking me to release it, and I will when it's done. For now, I've created two services (mainly for myself) which you can use.

The first one allows you to solve a hangman puzzle. It takes a list of words in the format I created, and uses AJAX to filter the list. You just tell it what letters you know (in what position, obviously) and it filters the list. It's useless to most people because there's no interface for adding your own word lists, I have to update them on the server myself.

The second one creates tables of the different forms of preterite for different verbs. It works with any regular verbs, as well as any irregular verb forms I've added to the word list. Give it a linebreak-seperated list of words and it will give you a bunch of tables (Gasp! HTML tables?!) with the different forms. It's only really useful if you need a bunch of tables of preterite forms, but I'll extend it to the other forms (present, etc) later.

So, there you have it. I doubt this is interesting to most of you, but people in my Spanish class will probably find them useful.

Ubuntu Server with PCMCIA Cards

Installing Ubuntu Server today, I found that it doesn't install the proper applications for PCMCIA ("PC") Cards to function. If you're having this problem, here's my solution:

• First, install Ubuntu Server in Expert mode. I'm not sure if it works in regular mode or not, I don't have the time to check. The key combination from the main installation menu is F6 twice, then Enter, then Escape.
• Install normally.
• Before hitting the "Finish Install" option, go into the Terminal option.
• Mount your drive, it's probably going to be:
  
mkdir /mnt1
mount /dev/sda1 /mnt1 -t ext3

• Chroot to the drive with chroot /mnt1
• Execute apt-get install pcmcia-cs
• Finally, type exit twice once apt-get is done.

I don't like WYSIWYG editors, either

(The "either" is a reference to my last post about CAPTCHAs.)

This is more of a personal preference. I'm not a huge fan of WYSIWYG ("what you see is what you get") editors. Personally, the control afforded by these things is horrible, and the code they produce is even worse. Don't get my wrong - Microsoft has made great advances in Expression Web from Frontpage.

What benefit do they really have, though? They don't save me any time, I've never seen one which solved the weird things about HTML and CSS for you, and they often have odd quarks of their own. Also, I don't think I've ever seen a full graphical website editor that didn't have browser compatibility issues.

I feel the same way about Photoshop mockups, for much the same reasons as 37signals. Maybe I'm just not a real graphical person, but I'd rather be writing code than designing graphically and then trying to convert to valid, working code.

Or maybe the reason I'm opposed to both CAPTCHAs and WYSIWYG editors is that deep, deep down I'm morally opposed to ridiculously long acronyms. Though, why, then, would I use DNMMFAWFIAAEWSSA almost daily?

I do not like CAPTCHAs

I'm a web developer. The site tagline probably makes that clear. So, I've come across numerous situations where spam is a problem. Yet I refuse to use CAPTCHAs to prevent spam. Even as the owner of a site with absolutely no spam filtering at all, I'd sooner write a 10,000 line spam filter than a 100 line CAPTCHA.

Why? Because spam should not be the user's problem. By using a CAPTCHA you are doing just that, making a spam problem on your site into something which is somehow the user's fault. That has never seemed right to me. A better solution is just a spam filter.

Web Comics

I've been adding a lot of things to my RSS Feed Reader recently, and I noticed what a collection of web comics I'm getting there.

Why I don't use StumbleUpon anymore

The more observant of you will have noticed that I haven't logged into StumbleUpon since May of 2008. Most of my friends already know the story of why I don't use it anymore, but I figured I'd finally write it down.

Coming Soon - WP Digg Tools

I just started work on a WordPress plugin I've been wanting to create for a while. Essentially, it provides a large amount of tools for Digg. You know, "digg this" buttons and the likes. Anyways, where this plugin will really excel is the caching function.

Most plugins I've found will cache pages to your local server when you tell them to. How useful! You can somewhat mitigate the Digg effect on your CPU provided you are monitoring these sites to see if you hit the homepage. (The statement of usefulness was sarcasm, by the way.) This plugin will take a more practical, pro-active approach. When you get more than a few hits from Digg within five minutes, the plugin will query Digg's API to see if your site hit the homepage. This is already much more useful than the other plugins.

To make it more useful, the plugin will, upon detecting that your site is on the homepage, send a cached version of your site to Amazon S3 and redirect people thereto.

So far a lot of it is working. On the detection side, at least. I've got to start on the S3 side, which brings up some interesting problems: the issue of how to redirect people with the lowest CPU load, while still maintaining the WordPress permalink structure, and the issue of caching CSS and image files. If anyone has ideas on those two, leave a note in the comments. Otherwise this plugin should be out sometime in the next month or so.

Digg Users

Dear Digg users,

Please stop voting up comments which took less than thirty seconds to write. Looking at stories on the homepage, comments which say things like "something awful ftmfw" and "too true." have more votes than comments which say intelligent things, such as:

The "Official Nintendo Seal of Quality" has become the "Official Nintendo Seal" since 2003 (right after the Gamecube and before the Nintendo DS and Wii era).

Notice the difference between those? The obvious is that one of them actually had to be put in a blockquote. If you actually read the bad comments and the good one, too, you'd notice that the good comment actually conveyed information, or some form of thinking at the least. The other ones just stated the author's agreement or disagreement with the article. Heck, even most Twitter users can convey more rational thought in 140 characters than you Digg users can given unlimited space.

So, in conclusion, stop being stupid.

Thanks,
The intelligent social media websites

Blogspot

So, recently Linus Torvalds (the "benevolent dictator" of Linux) started blogging, using the ever-popular Blogspot website. Blogger is an interesting platform to me. Initially, their engine generated only static HTML, so whenever a post was changed or a comment added, the blog would have to undergo a "publishing" process where the HTML pages were generated. A little while ago, Blogger added dynamic functionality; blogs hosted on the Blogger servers could connect to a database to get information, thus bypassing the publishing delay.

My Thoughts on WordPress

I know plenty of people who hate WordPress. I'm not sure why, it's very effective at what it does: allow you to write a blog. WordPress was never developed to do complicated things like Drupal or Mambo. I'd even venture as far as to say WordPress isn't even a CMS. (It has pages, but they're really not much more than posts without a date.)

Laugh Out Loud

Dear internet:

Please stop using the acronym "lol" when you're not actually laughing. Seriously, nine of ten times I see the phrase lol used, there's no way the person would have actually laughed out loud. I present you with a list of phrases which can be used instead, in ascending order from not that funny to very funny.

1. "haha" (feel free to repeat as many times as you want, more "ha"s mean more humor)
2. "loi" - laughing on the inside.
3. "lqtm" - laughing quietly to myself.
4. "lol" - laughing out loud, to be used only if you actually laugh out loud
5. "rofl" - rolling on the floor laughing, funnier than lol, still misleading if you didn't actually get on the floor
6. "rofl-isiagotf" - "rolling on the floor laughing - I'm serious, I actually got on the floor."

In conclusion, don't say "lol" if you don't really laugh out loud. Also, stop adding extra letters to the end of words likeeeee thissssss. It's really annoying.

Election Fraud

[Photo credit: Daquella Manera] My high school has decided, for whatever reason, to use Zoomerang to conduct student elections. To prevent multiple votes, Zoomerang allows the creator of what will from now on be referred to as a survey, though it's more of a voting thing, to send a one-time link to a list of people.

These one-time links, as you can probably guess, allow a user to take the survey only once. However, I have always been suspicious of such tactics, and so a while ago I decided to take a look. (Disclosure: I'm working on a free, open-source voting system. I promise not to let that skew my results.)

I can has new theme?

All lolcats aside, what do you think of the new theme? You can obviously leave a comment here, or just choose your opinion on the poll below:

 Loading ...

Splogging as a business model? Meet fav.or.it!

Thought splogs were run by the same underground groups who send out 90% of your email spam? Meet fav.or.it, a company who seems to have adapted it as their business model.

WordPress Vulnerability

There's a big WordPress vulnerability going around (see http://clasione.blogspot.com/2008/06/wordpress-anyresultsnet-hack-search.html for details). Be sure to check your wp-blog-header.php for:

This is the post where I start a contest

Hey, everyone. I was just reading a bunch of successful blogs today, and noticed almost every one has run a contest at some time. I would like this blog to be very successful, as well, and it seems I can't do that without running a contest, if these blogs are anything to go by.

So, here's my contest. It's actually pretty cheap, but whatever.

Top 3 reason TrackMania sucks

A lot of people I know like the game TrackMania. I've hosted TrackMania fan sites before. Yet before last week I had yet to actually play the game. However, I was a little bored and looking for things to write about here, so I decided to get the demo. Here's my top reasons you should buy something other than TrackMania:

Security on the Web

XSS (Cross Site Scripting) is one of the main problems with Javascript. I was just reading an article on Javascript security, when an idea came to me. We could solve all these problems by allowing servers to send an Allow-content header (or something like that).

Should Download Status Bar be in Firefox by default?

Those who use Firefox (I hope a large number of readers, though Opera and Safari are good, as well) are undoubtfully aware of the amazing addon that is Download Status Bar. Let's face it, the download manager built in to Firefox is annoying and clunky. But in a recent conversation with a friend of mine an interesting question was brought up: Should Download Status Bar come preinstalled on Firefox?

Is it wrong for Mozilla to preinstall addons? Or is the usefulness of certain addons worth giving up the "no pre-installed software" idea? (My opinion is "yes".) Chime in below

 Loading ...

(I can only imagine the feedback I'd get if this were about Adblock!)

Updating Addons for Firefox 3.0b5

I've created a nice little PHP script to make addons compatible with Firefox 3.0b5 (or any other version of Firefox later than the addon was developed for). Actually, it doesn't exactly make it compatible, it just changes the max-version attribute to 9.0, so that it will install anywhere. 90% of the addons still work perfectly, AdBlock, Download Statusbar, and Firebug to name a few. To install an addon which is usually incompatible, just copy the URL (this is only tested on addons.mozilla.org pages, but should work on other pages) and paste it into the box below.

This works on the fact that a Firefox extension (.xpi) is really a Zip file. Inside is an "install.rdf" file which controls installation. The script extracts this file, modifies the max-version, and repackages it.

reCAPTCHA for Spam Karma

I've just finished my first Spam Karma plugin. It integrates CAPTCHAs from reCAPTCHA into the system, authors who submit comments within a certain error margin are given the opportunity to solve a CAPTCHA from reCAPTCHA, in much the same way as the built-in CAPTCHA module. (Indeed, some of my code is based on that module.)

The top reasons why this page will not be popular on StumbleUpon

The first reason this page will not be popular on StumbleUpon is that it's a post about StumbleUpon. Stumblers (myself included) tend to "thumb-down" posts that talk about StumbleUpon. Quite often I don't even read the page! If the page says "StumbleUpon" in it, it's usually another generic "Why StumbleUpon is awesome for my site though I don't know why you'd care" post.

Digital Point StumbleUpon Exchange Spammers

StumbleUpon is a great service, which is why it makes me sad to write this post. If you've been around StumbleUpon even a bit, you've probably seen a website which is popular, but doesn't seem interesting. Yet it receives many great comments.

"Huge base with excellent articles"

"recommended to all"

"WOW! Awesome site. You can find anything there-" (This one shows up seven times in the comments for one page.)

"That is an interesting looking radiator." (Referring to a plain-white radiator.)

These are all examples of StumbleUpon "exchanges" - the trading of one "thumbs-up" and a review on your page for a "thumbs-up" and review on someone else's page. Unsurprisingly, these pages are typically packed with advertisements, and short on content. A typical Stumble Exchange can be seen here.

How This Page Crashes IE

This page crashes Internet Explorer. How? It seems just about every version of Internet Explorer has some bug that can be exploited.

To crash Internet Explorer 7, some CSS (valid, even!) is applied to all links, setting them to relative positioning. The next line sets both spans and links to absolute positioning. This, for some reason, causes IE to choke on links, where the correct action would be simply to set links to absolute positioning.

To crash IE 6 we use the code onLoad="window()". This isn't really a valid action to call, but it shouldn't really kill the browser. Yet it does.

To crash IE 5, we create an invalid form field with <input type crash>. Internet Explorer dies when it reads this. Internet Explorer is, of course, closed source so no one can be sure why.

Perhaps some of you are visiting with the Internet Explorer 8 Beta. I'm not sure if any of this code crashes it, if not I'll add some upon the public release of the browser.

Enforcing your CC-style copyright on hotlinkers

Introduction

Picture the following scenario: you run a blog that posts pictures of cats. These pictures seem to get stolen a lot. You're okay with this, because your content is licensed under a Creative Commons-style license. But nobody is respecting your copyright! In fact they're linking to images directly from your server!

In fact this scenario is not all that uncommon. Thousands (if not millions) of blog owners are unaware of other websites hot linking to their images without so much as attribution! This tutorial will show you how to turn the websites of those copyright-discarding, hotlinking fiends into free advertising. More after the jump.

Yeah, I didn't update for a while

<Insert generic "Sorry for not posting..." post here> (That should be said in the voice of GLaDOS from Portal, preferably.) Maybe I'll put some new stuff up. I'm kind of busy.

Some news for you:

• I have this site in uber-1337 (read: Commodore terminal-style) form: here.
• GHOP is done. I got $100 + a shirt. I might have won a free trip to the Googleplex, but I doubt it. I only did 3 tasks.
• I finally started C# programming in school. After "Digital Graphics" in the 8th grade I was expecting another sucky class, but this one is great so far. The teacher knows what he teaches very well, which rocks. (According to my good friend and uber-n00b Josh Erwin, he hates the RIAA, as well -- yes!) (link juice)
• IE Sucks. It's not new news. My page that should crash IE6 and IE7 is becoming very slightly popular in the blogosphere.
• I installed Visual Studio on Vista. People said it couldn't be done without loosing your audio and System Restore, but I did it. I'll post the instructions here later, or just go check the M$DN forums for my post. This is another reason I like "The Linux," I guess.

Eh, that was a post, wasn't it. I mean I'm in no danger of getting Dugg or Slashdotted for it, but it's a bit interesting. I promise more interesting content later.

GHOP

No, it's not the competitor to IHOP. GHOP is short for Google Highly Open Participation, and it's a new contest from Google specifically for pre-college students.

If you're already familiar with Google's SoC (Summer of Code) program, then this won't seem very surprising to you. Google is now offering money to high school students who will volunteer their time to open source projects. Each project defines their own Tasks - which are almost exactly what you'd expect them to be, short tasks which benefit the project - and for completing any one task you get a Google T-Shirt + Certificate. But there's so much more. For every three tasks completed Google will pay $100 (there is a limit of $500, though).

So far not much of a contest, per say. But at the end of the contest (late January) each project gets to pick one individual who they feel contributed the most to the project. That student will be flown to the Googleplex for four days to attend an awards ceremony (I'd assume meet some of the Google team as well).

Interested? The contest site is here. Be sure to read the FAQs; there's not a Sign Up link or anything, the entry process is a bit abstract.

CSS Attribute Selectors

Everyone who has ever written CSS is familiar with curly brackets and parentheses. Yet surprisingly enough very few even know of a hidden power of CSS, square brackets! Learn more about how to harness this power of PHP and how Microsoft is screwing it up after the jump.

TylerM.info - now with more Blog!

Seems that no designer's portfolio site is complete without a blog. So here's mine. I suppose the design of it was the easy part - now I need to figure out what to write. Hmm...