September 26, 2006

Firefox redux: Safer Browsing in 2006

Shocking - more Firefox users=more bugs and exploits! Still, major props for response times (less than a day to patch), and market share growth.

Just remember - just because your sh#@ is a different color, doesn't mean it doesn't stink :)

If you really want users to be "safer" tell them to use Opera - though I still think all those plug-ins and extensions that are (essentially) shared across all the desktop browsers makes that choice all more moot than people think...

And of course, the report was produced by a party with an interest in the world being unsafe -
read it for yourself and see what you think.

September 25, 2006

Jet Li's Fearless: Go see it!

Fearless is a straight up, guy-flick Kung Fu opera - so don't be surprised if it does not wallow in the metaphysical being of personal martial combat the way movies like the Matrix, Hidden Tiger Crouching Dragon, or Hero did. From the opening text crawl - which proclaim a trial-by-combat challenge from four of the best fighters from around the around to the "Sick Men of Asia" (an epithet directed at the Chinese) - you know all you need to know about the plot. The movie's marketing, about Jet Li's "last marital arts film" is of the same vein.

And the movie ROCKS.

Not just that it clips from fight-to-pause-to-fight in a frenetic cycle - though it does slow down before the third act begins to allow us to catch our breath. And not just that the movie is a parable of accepting change, grounded in friendship and loss. And not just that even the standard "revenge" motive for such films is upended (just enough for freshness), as our hero Huo Yuan Jia transforms his battles from a journey of divisiveness, destruction, and strength to one of unity, purpose, and the strength of body, mind, and soul.

Really, the back story (grounded in just enough history and truth to make the movie work) is there only to ensure we're emotionally invested in the combat.

And it works.

And the comabt! Wow. Just: wow.

There are a few moments where you see "cracks" in the cinematographical firmament - where the wire fighting or camera tricks break the framework of disbelief. But those are fleeting execptions. Whereas the other movies (of the metaphysical nature) I referenced above embraced the uncanny valleys their special effects created as a part of their storytelling fabrics (to generally good effect), in Fearless you're seeing astounding fighters in deeply physical, real, painful, solid and astoundingly unbelievable yet believably natural battle.

It's good - very good. Go see it - its a spectable that benefits from the big screen.

September 22, 2006

Problems with Integer Overflow Math and Detection, pt 2

Updated: as promised, my solution in Part 3.

Continued from
Part 1 -
following some discussion in the comments

Michael Herf
and Eric O'Laughlen suggested I try a bit of x86 assembly to salve my problem (a good suggestion - at least to establish a performance baseline; I still ultimately want C), but I must be doing something wrong...

Here were my time tests:
-------------------- Math requiring no overflow detection
-------------------- This is for speed (overhead)
Testing Simple..... total: 750201700 Time = 484.331 ms
Testing ASM Safe... total: 750201700 Time = 1370.02 ms
Testing MS Safe.... total: 750201700 Time = 872.027 ms
Testing Sree Safe.. total:
750201700 Time = 523.12 ms

-------------------- Math requiring overflow detection
-------------------- This is for correctness - ignore timings for 'Simple'
Testing Simple..... total: -120255288 Time = 482.925 ms*
Testing ASM Safe... total: 2147483518 Time = 222.645 ms EXCEPTION
Testing MS Safe.... total: 2147483518 Time = 141.048 ms EXCEPTION
Testing Sree Safe.. total: 2147483518 Time = 101.048 ms EXCEPTION

Simple is just "a+b" whereas ASM is the code others
suggested, and MS is from Microsoft's MSDN article on the subject. I fully expected the ASM one to be faster than the MS case - so its gotta be me (or that just is the fastest/cleanest way?). I think the conditional is killing it. My C case is I think as good as it gets, and a nice replacement for Microsoft's, but I should verify validity before I go shooting my mouth...

(*btw, Simple is there just for reference for perf and correctness. In particular, since it DOESN'T throw an exception in the bottom tests, it is "slower" because it COMPLETES the test - the other two do not; they throw an exception part way through, as noted by "EXCEPTION".)

You can grab the benchmark executable or the source, and try it for yourself.

I had added both of their suggestions (Mike's and Eric's), but neither passed the correctness test. They didn't toss exceptions in the right cases, or (in Eric's case) were much slower than MS and ASM both once I added an exception-toss-on-overflow-flag-set test - though both were faster so long as you didn't want to actually look at the overflow result immediately, which unfortunately, I think you usually do.

As Herf points out - I think the branch prediction kills the assembly attempts.

I have a (probably too) simple idea in just C, but want to validate it (perf and correctness) before I post - hopefully I'll get a chance to do something this week. This so seemed like an already well solved problem to me?

Python 2.5

A new version of Python (2.5) came out this week... I still have trouble with the importance of whitespace in Python, but there's no denying its continued growth and power. I do worry, as it adopts convenience grammars and features from other languages, that its gets a bit sprawl-y, but thus far, their PEP system keeps things in line.

And Python's got some nifty things going for it (check out
Yahoo's Python center). In particular, I've a new found appreciation for their language evolution model of late.

Most of the time, (
Perl 6 is a good counterpoint) classic CS design philosophy suggests if you're going to make changes, make them once (and complete), so that everyone can get over it and get on board. Enh.

Python's been more incremental - generally they break you just a *little* with each regular-ish rev, though some 5 revisions down the road it might not be so compatible. Basically, they create an incentive for people to stay on the upgrade chain.

September 21, 2006

Problems with Integer Overflow Math and Detection, pt 1

Updated: Fast(est?) portable simple solution outlined in Part 3
Continued in Part 2.

: I see Linus Torvalds (of ye verily Linux fame) crying about the same problem way back when - did he ever find a better solution than the MS one?

I was checking out a
new blog site that the Microsoft Vista Shell team has (a former friend of mine runs that group there), and, digging around, happened upon an old post from Raymond Chen (that guy is amazing - LOVE his blog)

This particular post was about integer overflow and resultant subtle problems. Its a trickier thing than most people think, and has all sorts of
well documented long standing "famous" bugs.

That led me to Microsoft's very nice
SafeInt class - but yowza - safe addition takes 3 compares and 3 branches? In the trivial case? (i.e. positive number plus a positive number)

I saw that there's been an update that deals with this by casting to int64, doing the add, and then two compares and 1 branch, and a cast into a int32, but yoinks... someone must have a better solution than that.

I'm going to do a little research - but someone? anyone? Faster/better solution?

(My timing tests show - I wrote a tiny benchmark - with the "safe int" exception throwing on, that simple addition takes twice as long (almost) - that really the state of the art?)

September 17, 2006

The RIAA battlelines

I took a cheap shot at the RIAA in my last post, and have often wondered whether DRM was really the solve (or perhaps I should say "fate") for content distribution issues.

I think the jury's still out in a big way on this topic.

Either DRM technologies will become
THE way that all digital content is licensed (even if that license is simply "unrestricted"), or it'll go the way of the Dodo. The middle ground will get squeezed out on this in the next 4 years.

Obviously, publishers (distribution middle men) and to a lesser (at least less vocal), but very real extent, creators want to ensure they're properly credited for their work, both financially and artistically. On the converse side, users want access to stuff as broadly and cheaply as possible - but most importantly, as conveniently as possible, with as high fidelity as available. This last has been a HUGE boon to the movie, music, and publishing industries, generally, as technology advances have meant people are re-purchasing essentially the same content in a variety of formats (e.g. LP, Tape, CD, AAC /VHS, Laser-Disc, DVD, HD-DVD).

But that trend has delivered broadly available commercial-grade content creation tools to (essentially) consumer cost points, in combination with federated broad digital communication (read: syndication) and personal publishing channels.

Case in point: MySpace's MP3 Store and this recent article about iTunes and iPod music consumption in the real world fly directly in the face of Microsoft's Zune, iTunes, etc, with things like YouTube skirting a narrow middle. The RIAA hopes you like Apple and Microsoft.

That iTunes/iPod usage article is the most interesting - and the big question is whether the trend it reveals is of the moment, or of the future.

You know this is something the software industry has been dealing with since its inception - its done OK. I realize its easy for me to say (because I have nothing at stake in this particular debate), but sometimes sweating the threat means you squander the opportunity.

September 12, 2006

The RIA battlelines

(Not to be confused with the RIAA battle - that's an entirely different funny/sad Monty Pythonesque story about how suing your customers is really in their best interests...)

Interesting article yesterday at Zdnet about the upcoming technology infrastructure contenders for Rich Internet Applications (RIA), primarily Flash/Apollo, XUL/Firefox, and XBAP/WPFe.

Not sure how much I agree with the details, but the broad strokes are interesting at least (to me at least :P - I've written on this topic more than a few times). The business models for the technology originators gets pretty short shrift though - Adobe's charging directly, through tools and the runtime (at least for devices), whilst the Mozilla Foundation's stuff is free (as in beer and as in software) with Microsoft somewhere in the middle. Wonder what impact that will have on success opportunities?

Also interesting is the implicit notion/question that the main turf war will be over browser plug-ins and/or extensions, as opposed to server-ware or development paradigms (like AJAX, Rails, etc.) - remains to be seen if that's true, though it feels right. Even Flash is still primarily ad-ware - and wherefore art though client-side Java or .NET apps?

Complicating matters further is the increasing user/input interaction fragmentation caused by portable general purpose computing devices like smart phones, PSPs and the like.

Some examples from the past.

September 7, 2006

Unicode-y-ness UTF-16 Nonsense

UTF-16 is an abomination. It is a lot of wasted code and space, doesn't really solve any real world issues and is just generally bad (not to mention responsible for probably billions of dollars in wasted code fitting and retrofitting). Everyone should just stick to UTF-8 . Strings are not randomly accessible data structures (unless you want to REALLY waste memory with UTF-32) - get over it. Adjust your coding practices appropriately, and for god's sakes don't convert everything to "mostly" two-byte character strings.

(and yes, it is a bit more space for far east languages, but is still just better - for example, do you know what endian UTF-16 you're using?)

p.s. this only applies if you're writing code, not script and its high-level equivalents.

September 5, 2006

Back to School

Summer's over. It's official (well, not official, but you know what I mean). Some interesting tidbits from over the long weekend:

  • Tessseract (OCR software) has been open-sourced by Google. This is an underdeveloped area, especially in the OSS community (and so, very nice of Google), but expect to see an increase in CAPTCHA cracks. No good deed goes unpunished.
  • Vista's in lock-down mode, getting ready to ship. As is always the case with these things, it'll be less and more than people expect, and it'll have a long tail of issues and upgrades that follow. Also, a funny side story about how Mactel machines from Apple being able to run Windows isn't as good for Apple as the zealot crowd thinks (not sure I agree).
  • Slightly older, but always compelling stream of conciousness from John Carmack (of Wolfenstein 3D, Doom, Quake, etc. fame) about stuff.
  • Browzar (an IE "privacy" wrapper) has been getting some buzz; though it doesn't really appear to do squat. Still, though I think its useless, I feel compelled to defend it. There's been GROSSLY unfair criticism about it being "adware" in the press; appears this is the new "Red Scare" tactic. Truth is it, it IS Adware (you get it for free, and it generates money from advertising/search revenue) - but so is Firefox, the Google Toolbar, etc. What ought to be a simple statement of business model fact has instead has become a loaded, scary epithet. Pretty much every site on the 'net derives revenue from advertising, and the quid pro quo is free access to said software and services - but Adware and Malware (thanks to more than a few bad eggs) have become synonymous for desktop applications. There's nothing "tricky" about Browzar - other than it doesn't really work :P - let them be judged on the merits of their software, not the politics of public flagellations (half-wit, half-brained punditry seems the order of the day in the tech press these days...)