Rants and Tips from a Crazy Old Programmer

Sunday, November 6, 2016

Simple Is Still Simple

Yes, contrary to the conventional state of technology and computer programming, simple is still simple. Well, at least it should be.

Quite frequently I read different articles about programming in an attempt to maintain professional relevance. Some are well written articles on good programming techniques. Some are poorly written but the core material is still good. Some are well written pieces about some fluff fad and then there are occasionally the poorly written article about some programming technique or library or concept that has 'bad idea' written all over it.

Solution to DDOS Attacks from the IoT

Last Friday, October 21st, the company DYN was the recipient of a rather massive DDOS (Distributed Denial of Service) attack. Companies and tinkerers won't like this simple solution because it causes them to do a little extra work. If this potential solution doesn't solve the problem, it would certainly mitigate it.

It's simple. For those old enough to recall free AOL disks, remember how many included an account password printed on the CD/disk case? Well, the same thing could be done for IoT devices. Manufacturers of these things could simply print two random English words on a label and stick it on the IoT Device. This password is burnt into the device as its factory default. There is no standard factory default. Let's face it... The bulk of people using and installing IoT devices either don't know there is a password on their new-fangled refrigerator, or they just don't care to change it.

Seriously

water-wood
january-carolina
protien-curious
wrecked-quipped

These passwords would be so much better than admin or system or the ever-popular password.

Tuesday, October 18, 2016

Mouse Peep in a Snow Storm - or - How NOT to Operate QRP

So... On last Sunday (2016-10-16) there was a little ham radio contest called the "Illinois QSO Party". Yes, I am a licensed amateur radio operator, and have been continuously since 1983. Since then I have talked to folks all over the world from my car or home office, completely without this new-fangled thing they call the internet.

Anyway, my wife and I went to the Peoria Ham Fest several weekends ago and I bought a late 1970's Yaesu FT-7. Sure, I would have preferred my favorite, an Icom IC-706, however my play-budget is currently quite limiting. The Yaesu was only $200; the Icom runs around $700. Add another $100 for antennas and other accessories, and the Icom will simply cost far too much right now. At any rate, for $300 I purchased a rig and enough wire and coax to make antennas for the 80, 40, 20, 15 and 10 meter bands.

One thing... The FT-7 is considered a QRP rig; that means 'low-power' for you non-hams out there. Generally, this radio uses less power than a computer monitor.

Since tossing a 20M dipole up into the trees, I have been making regular contacts with mobiles on the County Hunter Net (14.336 MHz) and a few special events stations. Signal reports are 'ok' but not outstanding. This is how it works... The other station "calls CQ" and is specifically listening for other stations to call them on a certain frequency. They are listening. So, when I call them with my little low-powered rig, they hear me and call me back. It works.

I remember reading somewhere a long while ago that QRP stations really shouldn't call "CQ" (i.e. is anyone there). It will be a waste of time. Other hams tuning around the band might hear your puny little signal but move on to a louder signal because it is easier to make a contact with them.

Absolutely. I wasted an hour on Sunday calling CQ with my little QRP radio during the Illinois QSO Party and made exactly zero contacts.

So, the common thought holds... When running QRP, don't call CQ... It's like a mouse peep in a snow storm.

Thursday, September 22, 2016

Getting a 500 Error When Trying to Access a REST API from C#?

This just might be the solution.

Here's the deal... I need to write a simple C# client to access data from a REST API served up by an Apache Tomcat server. Not a big deal at all... should be pretty simple...

Should be...

For some unknown reason, my attempts generated nothing but '500' errors from the server. Myself and our resident network wizard captured my traffic and we compared the headers of a successful GET using CURL and the non-successful attempt using my simple C# program.

After trying a few things with no success, I noticed the CURL capture showed an 'Accept: */*' header. My C# program did not. So, I added this...

request.Accept = "*/*";

SHAZAM!!! No more 500 errors.

No search results from Google helped. None mentioned this as being a possibility. But, heck... it worked.

By the way, this Apache server is what I like to call LegalWalled. Yes, it's our server but if we touch it, or even log onto it using SSH without the guidance and approval of the vendor's support group, we could violate our support contract... so opportunity to dig into why that specific error was generated.

Monday, September 12, 2016

Yes... I did that... Don't remember it, but did it...

I am a programmer (or is that obvious?). Once in a while I will be tasked with researching or changing a program that I originally wrote. I get the most recent code from our Source Repository System and start reviewing the code. There is no doubt the program came from my brain, but it is certainly not familiar. Why did I put these functions into a DLL? What was I thinking when I designed this junk table? OMG, WHY did I use singe letter variables??? WHY?!?!?!?!?

Maybe this happens with people in other professions... read this to mean I hope sincerely that any doctor, dentist, commercial pilot or member of law enforcement who feel a similar temporary disorientation should firmly consider taking the day off!

Does a mechanic one day, look at a half-rebuilt carburetor that they have been working on for a month and wonder what motorcycle it came from? Does a blackjack dealer in Vegas pause and wonder what those cards with an "A" printed on them mean? Does a baseball umpire call "STRIKE!" before the pitcher throws the balll?

Anyway... Walter Bishop from Fringe may never have said this, but maybe he could have...

Friday, August 26, 2016

"We WANT to Protect You..."

Imagine this, if you will...

Your daughter and yourself own and operate a small jewelry repair and gift shop in an old brick building on a busy old street. Most of the business have been there for decades. There's the deli and coffee shop, and the used book and curio shop, and the pharmacy, and the motorcycle repair and accessory shop, and the sporting goods store, and the small bank branch on the corner. The town has a bustling core of tourist traffic that supplies ample amount of financial support. This tourist business is solid but does cause a few issues with fraudulent credit cards and so forth. The merchants do what they can but accept this as a typical danger of being in business.

You notice one day, some merchants are installing these new loss-prevention machines that really seem to be stopping all credit card fraud. Unfortunately they are hesitant to discuss the details and are somewhat unhappy, saying foot traffic is down significantly even though the number of tourists in town is increasing.

One day a couple of fellows come into your store and offer this new system to you. They offer to place a detector and door lock on your front door free of charge. All they ask is that all purchase transactions you make go through them, 'for security purposes.' They will hold all money for three days in their bank account for transaction validation, then release the funds to your bank account.

Here's the big catch... only people who have registered with their service can enter your store. Sure, they can look in your window, and if they ask, you can let them in if they haven't registered, but they don't recommend it.

"Everyone else on your street are using our system and LOVE it! No one has had a fraudulent purchase since our systems have been installed," they say. You tell them you will think about it. They give you their card and leave.

One month later you are balancing your books and realize fraud is up by 20%! Generally foot traffic and cash flow has increased but not enough to cover the new fraud. You call the two fellows selling the anti-fraud solution and have it installed.

That's what seems to be happening to E-Bay. Buyers can look at the items but unless they are PayPal users with validated accounts or addresses or whatever, they can't even put a bid on items. You aren't a PayPal customer, you are shit-outta-luck.

That's how it works... There's fraud happening so E-Bay offers this great service to a few merchants. It's a little shady and locks the buyer base but it works. As more and more merchants use this service, fraud becomes focused on those merchants who don't use it. So, those merchants are pressured into using the service for 'protection'.

Here's what I did. Yesterday I browsed E-Bay looking for deals on used lenses for my Canon Rebel. BINGO, I find a lens and try to put in a bid. I don't use PayPal so... BZZZZTTTTT... I can't even enter a bid. I try entering a bid for another lens. BZZZZTTTTT... same thing. Another? Same thing.

WTF???

Here's what will probably happen in the future... Customers will not like this requirement to be 'verified'... Foot traffic in E-Bay will start declining... E-bay will need to change their validation.

Just my half-asleep $0.02 worth.

Wednesday, August 17, 2016

Webcollage bug/irritation repair

So, I am enjoying my little Linux build with that little AMD APU detailed in my last post... Something is missing... YES! A good screensaver.

Oh... Yes it has been a while since my last post, so what? I've been boating and working on the house and generally enjoying the outdoors while the weather is agreeable. So... pfft...

Anyway, I installed the XScreenSaver package with several additional screensaver packages. One looked intriguing... webcollage by Jamie Zawinski. Webcollage uses dictionary files (just lists of words) to seed simple searches on several internet search engines. When the screen saver is activated, a random image (or part of an image) from a random webpage from the results of searching a random word is placed on a the screen like a collage, one image over the other.

Needless to say there is a lot of online bitching about this because quite simply, it can display porn and other NSFW images. OK, so some people don't like it. Personally, I find it intriguing. But... occasionally the following text would show up on the screen... sometimes several times before a screen redraw covered the text:

Use of uninitialized value $vals in index at /usr/share/perl5/HTTP/Headers.pm line 264
Use of uninitialized value $vals in concatenation(.) or string at /usr/share/perl5/HTTP/Headers.pm line 267

After trying a few repairs to the webcollage Perl source, I just went into Headers.pm and fixed it there. Here's the repair:

sub as_string
{
my($self, $endl) = @_;
$endl = "\n" unless defined $endl;

my @result = ();
for my $key (@{ $self->_sorted_field_names }) {
next if index($key, '_') == 0;
my $vals = $self->{$key};
if ( ref($vals) eq 'ARRAY' ) {
for my $val (@$vals) {
my $field = $standard_case{$key} || $self->{'::std_case'}{$key} || $key;
$field =~ s/^://;
if ( index($val, "\n") >= 0 ) {
$val = _process_newline($val, $endl);
}
push @result, $field . ': ' . $val;
}
}
else {
if ( defined $vals ) {
my $field = $standard_case{$key} || $self->{'::std_case'}{$key} || $key;
$field =~ s/^://;
if ( index($vals, "\n") >= 0 ) {
$vals = _process_newline($vals, $endl);
}
push @result, $field . ': ' . $vals;
}
}
}

join($endl, @result, '');
}

My changes are in red. Not sure if the bug is in webcollage or if it is in Headers.pm but here ya go. This is the fix. Damn, I love open source!

**Disclaimer: I am NOT a Perl programmer, I only know enough to successfully poke around Perl source and figure things out.
**Suggestion: Anyone running webcollage might want to consider two things: 1) it uses internet resources to perform searches and retrieve images; 2) some of the images shown on the screen could really get a person in trouble at most companies, not to mention what might happen should certain significant others see certain images.