I just found out that last week, I unwillingly and for the first time, apparently helped spammers send out thousands of emails over my webhost. It resulted in me being denied access to my mail server and my web site being disconnected temporarily. This is a bit embarrassing because it’s due to some really sloppy PHP code that I wrote a few years ago, but here we go:

I had a page with a very generic include command to render whatever file it was given via URL parameter:

include($page.".php");

What up to today I never considered was that PHP’s include command allows inclusion of remote files over HTTP. Here’s a piece of Apache logfile that my provider admin sent me:

In http://www.geocities.com/love_guy200200/Douglas.txt is PHP code along with a convenient HTML form to compose spam messages and retrieve email addresses from a database. Apparently, last Friday the guy behind 195.166.237.42 exploited my script to include his file and execute PHP’s mail() function on my provider’s server. He even got around the auto-appended “.php” string in my include line by adding a “?” at the end of his filename, which to me suggests that someone actually took the time to tailor this attack to my code.

All in all, this seems like a very common, easy-to-detect, easy-to-fix exploit that’s been written about sufficiently and could have been avoided with code written just a little bit more securely. But it was still surprising to find that it happened to me. So, next time your webspace is down or your mail server doesn’t let you in, consider bad code on your site. Also, this gave me some first-hand insight why after all these years we still have to deal with spam.

When I call someone a “nerd,” “geek,” or “dork,” it’s generally an expression of solidarity, since it’s highly probable I will return home that evening to watch the latest Battlestar Galactica. I’m all about nerd identity, and “nerds” are pretty much the only group of people I feel comfortable identifying with, aside from “Americans.”

But what about this trailer for an upcoming documentary on nerdcore:

In the trailer some bold (and possibly ridiculous) claims are made to the effect that nerds need empowerment, and that nerd empowerment is the new civil rights issue.

So some questions (k7-style):

1. What’s a nerd?
2. Are nerds a definable social group? There couldn’t possibly be any necessary and sufficient conditions for nerdom, but do you at least perceive a family resemblence among nerds (202 is not over…)?
3. Will expressions of nerd culture like nerdcore or cosplay ever gain broader legitimacy without being steeped in irony? Is the absense of self-mockery important?
4. Post-dotcom, why is anyone still talking about the revenge of the nerds? What’s the difference between Bill Gates and MC Plus+? How can we possibly lump them in the same category?

(More examples: Weird Al’s White & Nerdy, Beefy’s wonderful ode to Chun-Li)

i’ve mentioned cory arcangel’s berkeley talk before, but in it, he talked about trying to do the minimum edit to existing items, in creating “his art.” he implied that any less of an edit than his work, and it wouldn’t be his work. any more of an edit, and it’d be too much work. he simply deemed himself “lazy” (though i found him to be good at implementing his whims).

the other day, i wrote a few words on a piece of stationery (thanks daniela!), and suddenly i felt as if i’d made an original creation (see right)

i didn’t do much, i took a black sharpie and barely took 10 seconds to write a few context-setting words. yet people ask me about “my drawing.” decades ago, a talented illustrator named Martin Provensen spent a significant amount of time and effort developing the character of Tony the Tiger. Isn’t it audacious of me to think that a piece of stationery, bearing both the long-standing icon of Provensen’s success, and my overlaid chicken-scratch, is MINE?

this spurs questions that i thought i’d pose to everyone:

- what constitutes a re-authorship edit? restated, what are the properties of an edit that causes the authorship to be reassigned to the editor?

- what are some examples of tiny tiny edits that re-frame the authorship or the statement of a work?

google scholar’s slogan is an imperative statement: “Stand on the shoulders of giants.” the bulk of “user-created” content on the web is somehow derived from copyrighted content that users find compelling.

- are we just relaxing the once-hard boundaries of originality? should we be worried? is originality less relevant, as overall quality goes up?

UPDATE: it seems that Tony really did have to go through an interview process, and beat out Elmo the Elephant and Newt the Gnu, who never got to be cereal mascots.

I’m a naturalist, and one of my favorite things in the world is finding something in nature that is not only new, but that I can’t even begin to describe. The mystical naturalist might be satisfied with admiring the humbling magnitude of nature’s diversity, but not me. For me, this is the primal information retrieval experience, and since I spend all my time inside in front of a computer, I generally tap the Intarweb when books fail me.

Here’s how I went about it in a few cases I can recall:

Wingless mantis?!

I had only known one kind of praying mantis where I grew up, and I was never particularly concerned with exactly what species it was. When I got out to California and found this little guy, I didn’t know what to think. It was small, wingless, and skittish, very un-mantislike as far as I was concerned. In order to find a list of mantids in the state, I actually had to turn to the Google Books edition of California Insects, a slightly outdated but mostly comprehensive guide to the state’s insects. Searching inside the book for “mantid” brought me to page 74, which describes the female minor ground mantid as sometimes having short wings like this. Still not 100% on the ID, but this was the closest I could get.

Continue reading ‘Personal Biodiversity Information Retrieval’

I am not sure how interesting this would for this audience, but there is a cool map included anyways.

Gmail had this web clip for me:

One of my friends gmailed me that he was going to India next week. The email was not in English but was transliterated in English (like this Telugu sentence ‘nenu india veluthunnanu‘ means ‘i am going to India’). The email doesn’t have the word ‘Bangalore’ in it and I never google searched for cheap tickets. There is no translation engine yet for any of the Indian languages. All that said, Google could still ‘make sense’ of what was going on in the email. But whats a little disappointing is…it didn’t zero-in on the right destination. Bangalore is located in the medium slate blue area in this map, while Telugu is spoken in the region adjacent to it. Both languages have a common ancestor, but Google probably doesn’t use linguistics anyways. Google obviously has a huge corpus of email and web searches to mine things, but as this example shows, thats still not enough statistically. As the corpus grows, one could basically have cheap tickets to anywhere.

Forget the “Uncanny Valley“, the new rage is robo-shadenfreude!

Humans, you can relax. It’s going to be a while before we see the likes of Skynet, HAL-9000, or Cylons.

Around 10:35pm PST today, I visited the Wikipedia only to be slapped in the eyeballs with the following (NSFW, extremely graphic, and disturbing.) monstrosity:

Wikipedia frontpage.

Remember, kids: When bockwurst says it’s NSFW, it’s NSFW. You have been warned.

On the other hand, maybe it’s good that we are periodically reminded of Wikipedia’s mutability and how that property can be bent for the purposes of good or evil. Trust is fragile.

System calls for a single page load in IIS on Windows

Same for Apache on Linux

Both images are a complete map of the system calls that occur when a web server serves up a single page of html with a single picture. The same page and picture. A system call is an opportunity to address memory. A hacker investigates each memory access to see if it is vulnerable to a buffer overflow attack. The developer must do QA on each of these entry points. The more system calls, the greater potential for vulnerability, the more effort needed to create secure applications.

The author claims this is a qualitative proof of why IIS on Windows is harder to secure than Apache on Linux. Whether or not it is, it’s a great piece of visual rhetoric.

Via Visual Complexity

A old housemate has put up a blog featuring some of the comics his fiance puts into his lunch to surprise him later in the day. Here’s another funny one.

Here’s the link to their blog with other funny comics, and generally bizarre / not-safe-for-work material:

Nature’s Graffiti