Happy Easter!

One thing that did strike me was that I found the title misleading - I understand it is just a title and meant to be evocative but there was nothing that felt Wiki-like to this story and its structure or content. I found myself trying to figure out why this dialog would be specific to a forum associated with a Wiki and what the overall content of that Wiki would be and came to the conclusion that I was over thinking it and the Wiki portion was just meant to hint at the on-line nature of the interaction in the title. Or am I missing something?

It actually makes me wondering if there is some sort of tie in with Doonesbury - this week they are rerunning their awesome series from last January where Alex is off at MIT competing in a robot competition. Go check it out - start back at the beginning of the week.

Since I have no better context for this link: another crazy and possibly dangerous thing I could make is Beer Cheese Cupcakes with Bacon Cheddar Cream Cheese Frosting. I am disturbingly tempted....

This week we are asked:

Weekend Assignment #201: To promote a new cooking show, a TV station is going to pay you $500 to eat the same basic meal every day for a week, prepared with only minor variations by their on-screen host. What's on the menu?
Extra credit: Do you tend to eat the same thing all the time anyway?

For me, the answer to the extra credit pretty much answers the first question. I definitely get in food ruts where I eat the same thing for a week or two straight. I made a huge batch of Susie's Green-Curry Shrimp last week and have been eating it basically every night since then, making up fresh rice in my microwave rice cooker as needed. I do that with stew and chili a lot also - I can eat either every night for a week easily, especially if it is within the "rules" (or, my own inclination to bake or go to the store) to have fresh bread or biscuits with it.

So, really, this doesn't sound like a challenge at all so long as it is something I like okay. But, I've never understood people who didn't like leftovers. There is a show on the Food Network right now that seems to be all about how to get three different meals out of the same ingredients and preparation processes - it just seems easier and no less appealing to make three times as much of the first dish and be done with it.

• Last year's Hack of the Year involves a Swedish hacker obtaining passwords for a number of governmental and embassy email accounts using TOR, an open-source tool that obscures web traffic. Think TOR sounds cool? Check out this guide to using TOR to surf anonymously to learn more about how it works.
• Not surprisingly, a study of wireless networks used in retail stores shows that most of them are insecure to some degree, with 25% not even using any encryption at all.
• We have read about hackers taking advantage of default passwords back in the 80s, but it remains a problem and there are a number of lists out there of default passwords for modern hardware.
• This is a slightly older story and the infected drives were pulled off the market, but certain Maxtor 500GB hard drives are being shipped with Trojans on them that send information on them back to sites registered in Beijing. But it seems that hardware being shipped with malware installed is a growing problem with digital photo frames also recently being infected.
• We all got used to the idea of disabling Javascript or Java in our browsers to block malware, but now Flash advertisements have malware embedded in them too.
• Sometimes what you think is a virus is just Microsoft being Microsoft: "During normal operation or in Safe mode, your computer may play "Fur Elise" or "It's a Small, Small World" seemingly at random. This is an indication sent to the PC speaker from the computer's BIOS that the CPU fan is failing or has failed, or that the power supply voltages have drifted out of tolerance."
• A hole in QuickTime allows SecondLife avatars to be hijacked and made to turn over their Linden cash. Huh - I am about halfway through that novel.... More seriously, though, security within MMORPGs as a subset of software security seems to be a growing topic of interest.
• A McAfee report predicts more cyberattacks against and by governments in the coming years, based on evidence that many countries, including the US, have already started to use cyberattacks. It seems the attacks are mostly for the purpose of espionage. A related article coming out of this reports frames the issue as a coming cyber cold war - interesting in the context of this report that a number of recent blackouts outside the US were due to cyberattacks. And cyber-espionage need not be just against countries; corporate cyber-espionage is also believed to be on the rise.
• There is a lot of argument about how to compare the relative safety or number of holes in operating systems or software. Recently Microsoft reported that the number of holes announced in IE was less than in Firefox, and the Head Security Strategist at Firefox responded that the count did not include holes patched in major service packs and thus not announced, and discusses the security risk this represents for users. A similar argument get made in comparing Mac versus Windows vulnerability stats, with Mac by this report having many more flaws, but there being a question of whether apples are being compared to apples or not...
• This commentary on the balance between security and usability is worth reading. Part of the usability issue here is supporting depreciated filetypes, and whether that support needs to include security patches.
• This long technical article, in PDF format, describes a Chinese black market in malware. I have only skimmed the article so far but it has an interesting classification of the different players in the black market and how they related to each other, as well as a couple of case studies. Somewhat related is this article on the emerging "malware economy".
• If cracking WEP seems daunting (though it probably shouldn't after reading that guide...), maybe you want to practice on the less securely encrypted wireless keyboards.
• Lots of end of the year reports, including that 3.2 billion dollars was lost to phishing attacks and anti-virus protection is less good at detecting malware when looking at responses to new attacks.
• Sometimes sneaky malware-style behavior finds its way into commercial products, such as the feature in Adobe's CS3 that reports back usage data to a server with a sketchy name.
• South Carolina may require forensic investigators to have a PI license and some are concerned since the specialized skill set for forensic investigation currently has little overlap with the training and skill set of licensed PIs. The motivation, of course, being a desire to ensure that evidence to be used in trial is collected using appropriate standards.
• A recent report says that projects to find and repair security holes in open source software are proceeding well - the more interesting part of the article possibly being the large government supported effort to harden open source systems as their use expands. This would appear to be another "hidden" cost of free, open-source software.
• A case originating a couple of years ago and centering around the question of whether unauthorized (but unblocked) whois and DNS lookups constitute hacking has been decided in the positive (more commentary critical of the decision here).
• Worried after all of this that your computer is going to go kablooey any minute now? Keep this nifty Ubuntu LiveCD based technique for restoring your Master Boot Record in your back pocket...

The major variations seem to involve either (1) group primaries starting with small states, and then working up to larger states towards the end of the process, (2) ordering the primaries to start with a random sampling of primaries but with structure imposed to start with "easy" primaries and work up to the larger, more expensive ones, (3) working through regions of the country in turn, or (4) pulling one state from each of a set of regions for each of a set of primary dates. FairVote has nice details on how each of these work with sample breakdowns/schedules.

The cynic in me thinks it likely, though, that any of these plans is going to lead towards a bias towards particular groups/regions and against others, and that saavy analysts will be able to work out which these are and the constituency with the best lobbying power is going to win (if anything ends up changing). To me, this calls out for a different plan (yep, despite what I said about listening to people who actually know what they are talking about, I'm going to throw in my ignorant two cents...) based on pure randomness. Let's pick a set of primary dates, and then randomly order the states among those dates. In order to prevent a state from being consistently devalued by falling late in the process, if you are in the last quarter of the primaries in one cycle, you are guaranteed to be in the first half of the primaries in the next cycle.

Sure, in any given year, you could have a bad outcome - small states could get a disproportionate say, primaries could be located such that poorer candidates have a harder time competing, etc. But you would avoid systematic biasing and considering the long-range trends of presidential elections, these concerns ought to even out. Otherwise, the debate seems to focus on whether particular goals (giving larger, urban states more say, making campaigning easier on fringe candidates, etc.) actually is desirable or not. And as I like to remind my students when looking at various AI systems, you always want to ask yourself if your highly engineered system beats random chance....

• RSS Feeds: My general websurfing habits had been to open folders of bookmarks into my Firefox tabs and click my way through them, but I finally broke down and tried out reading feeds and it's an experiment I'm sticking with. I started out using Sage, a Firefox extension, but I'm pretty firmly wedded to Google Reader at this point. Sure, Google is harvesting what I read when, but I can keep up on my feeds anyway, including on my cellphone and it's support for tracking new feeds and letting you star old entries for later references is great.
• Eclipse: I had played with it very briefly before, but this year marks the first time I have really used it, and after a surprisingly shallow learning curve I feel like I'm pretty proficient with it. I've only tested out the Java support, and have heard that it is less ideal for C++, but it has all of the expected bells and whistles, I like the debugger, and I'm a fan of using a free tool that my students can continue to use after the end of the semester. I still think you ought to get started with a simple text editor and command-line compilation, but if you are going with an IDE this is a reasonable choice.
• Facebook: I was talked into setting up a profile and, having never gotten on MySpace or Friendster or any of those things, it's been interesting to play with. I'm invested enough that I even have opinions on the recent changes allowing your status to not start with "is" and emailing you messages you receive, and not just notifications (both great!).
• New Toys: My laptop and lab computers all got upgraded, along with shiny new flatscreen monitors. Bonus on the laptop - all of my wireless networking problems went away, at home and in my office. I upgraded my cell phone and along the way learned to text message and access the internet using it. I think 2007 was the tipping point in my always-on accessibility.

This coming year, I've got modest technological innovation goals. I'm going to learn either Python or Jython. I would like to get my old laptop running Linux. And I'll probably jump on a few other bandwagons along the way, just to keep current - so send me your recommendations of what I ought to be playing around with before next December rolls around.

If you haven't seen that site, which I had not before this, it's got some other interesting films there too. I think it is cool they figured out a fairly low-tech way to film inside a running dishwasher.

For myself, my interest in Python comes from thinking about my upper level courses. With programming as a prerequisite, I can ask students to write Java programs, but Java can be unwieldy and I have wondered if I would be better off spending a couple of classes teaching Python and then have students write code in that. Or, even better, I could use Jython - an implementation of Python that runs via the JVM and lets programmers use the Java libraries in their Python code. I had never heard of this until my friend pointed it out, but it sounds perfect. Students can use the familiar and vast Java libraries, including nitpicky ones like Swing that take some practice, but avoid the complexity of writing a full-blown Java program. Assuming Jython works the way it sounds like it does - I guess I have a backburner project to work on now....