Hashemian Blog

Best Valentine's Day Gift Ever

noreply@blogger.com (rh) — Sun, 04 Jan 2009 19:24:00 +0000

With the holiday season behind us and the data reflecting dismal sales for most retailers, the economy is probably focused on the next big spending opportunity by consumers, Valentine's day.

We all know that this is basically a revenue generation scam, but there's nothing wrong with women buying something for their men this Valentine's day. So here's my suggestion, depicted below. A beautifully appointed Zenith watch from Amazon.com. At a 40% discount and only a $20 shipping cost, it'll make a perfect gift.

Can you just imagine paying for standard shipping and having the package dropped off behind your door only to be dragged away by an animal or wind or something?

* Image tightened-up to show all elements.

amazon,watches,luxury watches,valentine's day,holidays

2009 in NYC

noreply@blogger.com (rh) — Fri, 02 Jan 2009 05:28:00 +0000

I don't have a great affection for loud holiday celebrations. Not that there's anything wrong with them. Mine just happens to be a subdued personality shunning large and loud crowds. But when your kids want to see the ball drop in New York City, you put your prejudices aside and take the plunge. One must experience everything at least once, with some exceptions of course.

My take: it was miserable. This comes close to the concept of cruel and unusual punishment, except that people actually choose to or are chosen to do it. We actually started out late. Some accounts have people arriving at Times Square at dawn on new year's day. Our train reached the Grand Central Station around 9 PM and as we emerged from the station we were welcomed by a blast of arctic air. In fact it was one of coldest new year's eves recorded in New York City.

We joined the throngs of people trying to make their way to Times Square but we soon ran into blockades and barricades set up by the police to prevent people from going any further east than fifth avenue. The police kept sending people further up to make the crossing to Broadway and we kept going until we hit Central Park. We were finally able to cross eastward and after passing security check we were stopped once again by more barricades and told that no more people will be allowed in.

Cold and miserable we turned around and backtracked our way to possibly find another way in. By that time the kids just wanted to go home, but we pressed on, refueling with a couple of expensive pretzels bought from a street vendor and hot beverages in a Starbucks store with one of the longest bathroom lines I had ever seen. I pity the person who has to clean up that mess.

In the end we settled for watching the ball from the corner of W 44th and 6th. Standing in the cold, pressed in the crowds for an hour, we saw the ball drop, go dark and the ensuing fireworks erupt. People cheered as best as the could in that chill, but the whole event seemed anti-climatic to me. I was just happy that kids actually saw what we came to see. As we settled in for the train ride back home, I was just happy to realize that with my duty fulfilled, I don't have to come back to this event ever again.

If you are brave (or crazy) enough to want to see the ball drop, here's a short list of rules to consider based on my experience:

Expect the worst but bring your best and most patient attitude. It's cold, you'll walk a lot, stand a lot, will get pushed and pulled and pressed a lot. Short fuses won't stand a chance.

Stay away from drinks (soft or hard drinks). Bathroom opportunities are nearly non-existent.

Dress warmly (heavy coats, hats, gloves, etc). Have something to eat. Your body needs the energy to fight the cold and the stress.

Don't believe what the cops tell you when you ask them a question. They are generally courteous and friendly, but their primary task is crowd control and safety. To them you are like cattle being herded into a slaughterhouse. About the only truthful statement they will tell you is that you can't cross. Everything else is said to keep you calm and keep you hoping that you can eventually get to your destination while you're going in circles.

Don't expect a surreal experience or anything. It’s just a flashing ball sliding down a pole with a bit of fireworks at the end. It's way overrated and not that exciting.

Finally, if you missed the big party, don't despair. Starting this year, you can see the ball year-round. Ok, it's not the same thing as being there when the year flips over, but you'll have a front-row seat any other day.

Have a happy and healthy 2009.

2009,nyc,new york city,new york,times square,new year's eve

Google's Missing News

noreply@blogger.com (rh) — Tue, 30 Dec 2008 01:23:00 +0000

One of the things I like about the Google news site is the fact that it's mostly an orderly aggregation of news from other outlets. Add to that the legendary Google search technology and one can find just about any news release about any item in any period.

That is unless you search for a term and a range of dates when there were no news published. Of course it's hard to believe that there were no news items referring to Google in the nearly 3-week period shown below. In fact for that period there are no news on Microsoft, Iraq, or even Thanksgiving - nothing.

Well, if Google says there were no news, who am I to argue? Google can't possibly be wrong. There must have been no news whatsoever during that span of time :)

google,google news

Oil at $200 a Barrel

noreply@blogger.com (rh) — Mon, 22 Dec 2008 00:28:00 +0000

Seems like an insane prediction when oil is hovering around $34 a barrel, but it was only in July when crude reached $147 and we were paying $4.20 per gallon to fill up our cars. Back then plenty of pundits and analysts were predicting $200/barrel oil and $6/gallon gas and everyone seemed to accept that prediction as a foregone conclusion.

Here's one such prediction published in New York Times in May 2008 titled: An Oracle of Oil Predicts $200-a-Barrel Crude. An oracle of oil? This was a mere 7 months ago, not decades to give the "oracle" a little margin of error.

I'm really not picking on this particular analyst who made this bold prediction in May 2008. When crude was trading just over $100 per barrel and rising sharply, it wasn't perhaps so radical to make such a statement. But even those pundits who strongly disagreed with this prediction didn't get it right, as evident by this statement in the same article: "Some say prices will fall as low as $70 a barrel by year-end, according to Thomson Financial." As low as $70? Did they possibly dare fathom as low as $30?

Every time I hear a prediction from one of these guys, I know they are winging it. Sure, they have access to lots of data, charts, reports, and specialized programs to crunch numbers, but in the end all they can give you is a best guess. It's like predicting the color the ball will land on while it's spinning in a roulette wheel.

Sometimes they get the color right and they come back gloating looking for validation. Other times they take bigger risks and predict the number the ball will land on. It's a gamble, and if it comes to pass, they can reap fame and fortune, at least for a while. In the end their predictions are probably just as good as a moderately informed investor.

Oil didn't hit $200 per barrel. Instead it took a nose-dive amidst the worsening financial crisis and a severe slowdown of consumer spending. Who knows, in a year or two or three it may reverse course again and really reach $200 per barrel. Would that be a vindication for the oracle? Not at all. If he had correctly predicted the intervening price swings, I might have become a believer. But then again if he could do that, he wouldn't need a job forecasting oil prices. He'd be an instant billionaire tanning on a beach.

oil,oil prices,analysts,crude oil,gasoline

Ponzi Schemes

noreply@blogger.com (rh) — Tue, 16 Dec 2008 03:19:00 +0000

The bad news on Wall Street today was Madoff's Ponzi scheme. This old trick works by paying off previous investors with money from new investors, thereby garnering a false reputation of handsome profits as long as new money keeps arriving, as in the adage: robbing Peter to pay Paul. Of course the problem is that the scheme eventually runs out of steam and as it unravels it leaves the investors at the tail-end of the cycle holding the bag.

This particular one had an apparent run over decades with losses to the tune of $50 billion. Many investors were large institutions such as banks and municipalities with fiduciary responsibilities to average folks. Most likely this will become another bailout liability for the taxpayers.

Of course Ponzi schemes are not just the domain of the greedy individuals. The subprime mortgage was another example of a Ponzi scheme perpetrated with the approval, and even encouragement, of the government wishing to expand homeownership at any cost. But it even goes further than that. The Social Security and Medicare programs are also Ponzi schemes of sorts. These entitlement programs are funded with the potential earnings of future generations.

The U.S. government's irresponsible borrow-and-spend cycles are also garden variety Ponzi schemes with the investors generally consisting of foreign governments. One could argue that the borrowing cycles are not so nefarious as the investor countries are well aware of the risks and they are even in some form complicit in the scheme, since they are also beneficiaries of this vicious cycle. But what will happen when the interest payment liability on the IOU's finally outstrips the government's revenues and China stops buying up more debt to protect itself? Hint: financial calamity on a global scale that makes the current crisis but a pleasant memory.

ponzi schemes,madoff,social security,china,treasuries,financial crisis

Showering Dilemma

noreply@blogger.com (rh) — Wed, 10 Dec 2008 03:12:00 +0000

What do you do when you come home at night, after a long day in the office and a 5-mile sweaty run and see your shower in this state? (It's being remodeled) You suck it up and go to bed sweaty and sticky.

No sir, not me. It doesn't mater that it's almost winter time in the northeast and it's dark outside. Your tell the kids to be prepared to call 911 for a cardiac arrest case, then you go behind the house, strip naked and take a shower in record time holding the garden hose over yourself and hopelessly try to make soap suds in the frigid well water. And of course, you pray that the neighbors don't call the cops on you :)

remodeling,bathroom,911,showering,running

YouTube Outage

noreply@blogger.com (rh) — Fri, 05 Dec 2008 03:07:00 +0000

At my place of work we have a number of shadow Web servers that sometimes double as staging servers when we want to roll out new projects. The thing is that for any change, no matter how large or small, the proper approach is to install and inspect on test servers, followed by the staging servers and finally, when everything is good and ready, a scheduled rollout on the production servers.

The downside is that following proper procedures take just too darn long, specially when you have the production Web servers ready and willing right on your desktop. I admit to shunting the proper procedure on occasion and going right into the production servers. The justification being that only in production one can truly gauge the results of a change and if there are problems, then we can just fix it in real time.

What we don't realize is that this kind of carelessness could turn off or at least irritate viewers who happen to be browsing the site at the exact moment that new changes and potential bugs are being rolled out. But I have the sneaky suspicion that many sites, even the popular ones, are guilty of this fault on many an occasion.

Take YouTube (owned by Google) as an example. This site is a classic example of frequent quick rollouts. On many occasions I have run across broken CSS, missing images, and sudden changes while viewing the site.

Last night while viewing a classic Twilight Zone episode (The Odyssey of Flight 33), the pages suddenly started to exhibit behavior indicative of malformed or missing style sheets. Then videos stopped playing and were replaced by an error message as shown in the below screen capture. Obviously YouTube was in the midst of a rollout and things weren't going quite as planned.

Based on the error message, I tried to update my browser's Flash plug-in, but the Adobe site (where Flash player can be downloaded from) was strangely out of reach. I suspect the error message had sent masses of people to the Adobe site causing an overload and an eventual outage of that site.

In the end, It turned out that there was nothing wrong with my Flash plug-in and YouTube was eventually restored and videos began to play normally again. The error message was likely triggered by an unrelated glitch arising from a rollout of some new feature.

Eventually I finished watching the episode and I also learned something else besides the fact that careless website rollouts lead to user irritation, the fact that the New York JFK airport was once known as the Idlewild airport.

youtube,web servers,google,twilight zone,jfk airport

GE, FDIC, and TLGP

noreply@blogger.com (rh) — Wed, 03 Dec 2008 04:11:00 +0000

For years the standard FDIC (Federal Deposit Insurance Corporation) protection for single accounts had been $100,000. This mostly covered bank accounts such as savings, checking, or CD (Certificate of Deposit) with FDIC member banks. With the recent global financial meltdown, the government sought to stanch the erosion of confidence in the banking system and raised that limit to $250,000 on Oct 2008 to continue through 2009.

The FDIC coverage however does not extend to other types of accounts such as money market or corporate debts. To alleviate the frozen credit market and jumpstart the flow of money in the economy, the government recently introduced the Temporary Liquidity Guarantee Program (TLGP) rule which provides unlimited coverage to certain types of unsecured notes. It possibly guarantees certain types of corporate deposit accounts which act much like savings accounts but have not generally benefited from FDIC coverage.

The problem is that the rules are apparently so complex and so fluid that even seasoned people running these firms aren't sure whether the deposits are covered or not, as evident below. The screen capture was taken today from the GE Interest Plus site which offers interest-bearing accounts to the public. These accounts are really investments in GE Capital notes, and for now the company's position is that the deposits may not be insured by FDIC. So, for the time being, the depositors' only assurance is the top ratings issued by the rating companies, S&P and Moody's and GE's own reputation.

Given the poor track record of the rating companies who were at least tangentially complicit in the recent meltdown, and GE's own financial woes with its stock price hovering near 16-year lows, that's hardly any assurance.

Disclosure: I am a previous GE employee and hold GE shares in my 401(k) account.

fdic,ge,general electric,tlgp,federal reserve,banks

News Robot Incompetence

noreply@blogger.com (rh) — Mon, 24 Nov 2008 03:10:00 +0000

I am a fan of Google Finance. There's a lot to like. Real-time stock quotes, nice charts and graphs and a clean design. But when it comes to breaking financial news, Google just doesn't cut it. Many sites use bots to collect and disseminate news, but in the rapidly changing financial world a news bot is all but useless.

Take a look at the snapshot below taken last Thursday from Google Finance's homepage. The image has been tightened up to show the interesting elements. The headline and subordinate stories shouted losses in the stock market, while the real-time numbers and chart showed considerable market gains.

This contradiction was brought to you courtesy of Google's news bots. By the time the headlines came online, the stories were no longer relevant. Of course, the stock market (specially in volatile times) is a rapidly moving target, making it difficult for an even experienced editor to keep up, let alone a soulless bot who can't care less about market timeliness, or which stories may matter more to the readers.

So for now, Google Finance is fine for stock quotes and charts, but for timely news its bots have a long way to go to catch up with the biological machines known as the editorial staff.

google,news,google finance,market data,stock market

ASP.NET Response.TransmitFile File Locking

noreply@blogger.com (rh) — Fri, 14 Nov 2008 03:31:00 +0000

If you use the Response.TransmitFile method in your ASP.NET pages, there is a good chance that the file being transmitted is locked and unavailable for writing during that operation. TransmitFile was introduced with .NET V2.0 and it's supposed to be a more optimized version of WriteFile.

For months I had been dogged with exception alerts when a scheduled program was trying to update files used in TransmitFile. As the alerts were intermittent and the files would eventually get updated by the program, I would just ignore the messages. But today I decided to take a closer look and discovered that TransmitFile is to blame for the files being locked.

As I understand, TransmitFile in ASP.NET makes use of the Windows TransmitFile API function which directly streams a file to an open socket. It is more optimized than WriteFile which buffers the entire content of the file before emitting it. In that sense, WriteFile consumes precious memory and processing resources, switching between kernel and user modes, to accomplish its work.

While TransmitFile API function is optimized, care must be taken to avoid having the streamed data getting mixed with other data and my hunch is that some locking mechanism is used to assure an orderly and sequential transmission of data under ASP.NET. That's all fine until one needs to write to the file which could get shot down while the lock is still active. I was able to reproduce this behavior in a loop where a file is continuously updated and then streamed via TransmitFile. Here’s a simple example:

void Page_Load() {
  Response.Buffer=false;
  for(;;) {
    System.IO.File.WriteAllText(MapPath("/test.txt"), DateTime.Now.ToString());
    System.Threading.Thread.Sleep(100);
    Response.TransmitFile(MapPath("/test.txt"));
    Response.Write("<br>");
  }
}

Running this ASP.NET page invariably lead to an exception being thrown. I then changed the code as shown below:

void Page_Load() {
  Response.Buffer=false;
  for(;;) {
    System.IO.File.WriteAllText(MapPath("/test.txt"), DateTime.Now.ToString());
    System.Threading.Thread.Sleep(100);
    // CHANGED LINE BELOW
    Response.Write(System.IO.File.ReadAllText(MapPath("/test.txt"))); 
    Response.Write("<br>");
  }
}

I ran the page a number of times and no exception was thrown. I'm sure that ReadAllText is nowhere as optimized as TransmitFile, but I would readily take the performance penalty over the unpredictable exceptions. Incidentally, WriteFile proved to be no better than TransmitFile in locking the file.

Based on the simple test I have concluded that TransmitFile or WriteFile should be used when the file is never or rarely updated. If the file is to be updated frequently, ReadAllText (or other System.IO file reading operations) is the way to go. But if someone can disprove my tenuous theory, by all means.

asp.net,file systems,windows,web programming

MSNBC Prostitution Articles

noreply@blogger.com (rh) — Thu, 13 Nov 2008 04:23:00 +0000

For the past few days a number of prostitution-related articles have made their way to the "Most Viewed" list on MSNBC, but clicking on those links results in a Page-Not-Found error. Is this a prank by vandals or just MSNBC's censors blocking the articles that were ostensibly published on the site?

Screenshots:

msnbc,prostitution,censorship

Why I Voted Obama Today

noreply@blogger.com (rh) — Wed, 05 Nov 2008 04:01:00 +0000

I am an independent in just about all facets of my life, including in my political choices. It's a simple belief that not one party is right or wrong all the time and either side can produce good or bad candidates.

While many have supported or opposed Obama because of his economic policies, my vote went to the person that would be less likely to start a war. Having subsidized (through tax payments) one unjust war, my conscience could not bear the responsibility of financing another. Under Obama I may pay higher taxes, I may subsidize the poor, or I may pay more to heat my house, but for me the stakes were much higher. The risk of contributing to the demise of more innocent lives was much greater under a McCain administration.

The Iraq war was based on fabricated evidence. We went to Afghanistan to capture a terrorist mastermind, but somewhere along the way we were railroaded into another war that was anything but rightfully justified. The terrorists who committed the 9/11 atrocities were Saudi Arabians, financed by a Saudi. They were trained in Afghanistan. Most transited through Europe and they got their flight lessons in the US. There was no connection to Iraq and no weapons of mass destruction were ever found there.

In the ensuing years American forces and Iraqi citizens have sustained heavy losses. For what? Bin Laden and most of his cronies are still at large, while the architects of the Iraq war (Bush, Cheney, Rumsfeld, Wolfowitz) gloated over the capture and hanging of Saddam Hussein. Yes, he was a brutal dictator but also a one time pal, armed to the teeth by the same powers that eliminated him.

Reminds me of the song "Fortunate Son" by Creedence Clearwater Revival:

Some folks inherit star spangled eyes,
Ooh, they send you down to war, lord,
And when you ask them, how much should we give?
Ooh, they only answer more! more! more!

Well, today I decided not to give them any more!

war,iraq,afghanistan,bush,obama,mccain,elections

ASP.NET Denial of Service

noreply@blogger.com (rh) — Tue, 04 Nov 2008 03:41:00 +0000

How to send your IIS server into a frenzy with one line of HTML code? I didn't think it was possible until a few days ago we were stung with a persistent denial of service at work. This is what the event log showed on every instance of outage:

Event Type: Warning
Event Source: W3SVC-WP
Event Category: None
Event ID: 2262
Date:  10/23/2008
Time:  8:32:51 PM
User:  N/A
Computer: WEB
Description:
ISAPI 
'C:\WINDOWS\Microsoft.NET\Framework64\v2.0.50727\aspnet_isapi.dll' 
reported itself as unhealthy for the following reason: 
'Deadlock detected'.

I have always been frustrated with IIS event logs and there's one proof of that. OK, I know there was a problem, but can this be more specific? which process? which application pool? Which page? This is hardly helpful. I believe new Failed Request Tracing feature in IIS7 was designed to help with just that. Countless debugging hours would be saved if one could quickly identify a misbehaving page. Googling this entry lead me to the http://support.microsoft.com/kb/821268 KB article and that sent me on a wrong path for some time before realizing that I was on a fruitless chase.

Finally, After 6 hours of struggling with the server (Window Server 2003, IIS6, CLR 2, FCL 3.5) and slicing and dicing and moving various applications to different pools, I found the offending ASPX pages. It didn't take long for my colleagues to discover an HTML anomaly in those files. And here it is in a generic format:

<p param1="" param2="" param3="" param4="" param5="" 
param6="" param7="" param8="" param9="" param10="" param11="" 
param12="" param13="" param14="" param15="" param16="" param17="" 
param18="" param19="" param20="" param21="" param22="" param23="" 
param24="" param25.="" />

Notice that last parameter with a trailing period (.)? that's the culprit right there, an HTML tag with a long list of attributes and a punctuation mark in one or more of the ending parameters. It had crept into our pages via a poorly made web editing product.

To test for yourself, just drop the line into an ASPX file and browse to the page and watch the CPU crank up and eventually the server refuse to serve pages. Remove the period or reduce the parameters and the page will display fine. I know, seems hard to believe. I didn't believe it either at first. But the results were the same on IIS6 and IIS7 on various platforms.

My hunch is that this tag throws the ASP.NET engine into a regular expressions frenzy as it tries to construct the page elements and compile the page into a DLL application. Now this HTML syntax might look weird but I don't think it's illegal and it certainly shouldn't cause a denial of service. Certainly IIS or browsers have no issue with HTML files containing such tags.

While at first I had feared serious security risks, this issue has a limited risk factor. In order for an attacker to exploit this issue, he would need access to the page sources. It's not something that can be injected in or remotely scripted into the page. Of course someone with a shared hosting service, could potentially take down the entire server and all the sites along with it.

So if you run into such a problem on your IIS web site, you might want to check your source files for these types of HTML tags. And by the way, Microsoft has already been advised of this issue and they have indicated a fix will be incorporated in the next ASP.NET release.

asp.net,denial of service,aspx,dos,ddos,iis,html,microsoft

Certified U.S. Based Technicians

noreply@blogger.com (rh) — Mon, 27 Oct 2008 01:53:00 +0000

Here is an interesting banner ad from AT&T I saw tonight while browsing a news site. I'm not sure what the certification process for U.S. based technicians is, but the ad addresses the angst Americans have had dealing with representatives with thick accents, unfriendly attitudes, or low qualifications.

Personally, my experience with foreign agents hasn't been too calamitous. Most have been helpful, and relatively articulate. But I must admit that for those times when I need critical and immediate help, there is no substitute for state-side assistance.

Being an Iranian expat, I know something about foreign cultures and I can say that with some exceptions, U.S. companies offer some of the best customer service around. Not to disparage Iran, but over there you have a snow ball's chance in hell of getting prompt and courteous customer service, unless you're personally known to be a lucrative and loyal customer. It’s the reality of that culture.

And the reality in the U.S. is that customers expect and rightfully deserve to be coddled. I think it's a smart move for AT&T to highlight their state-side operations in their campaigns. If I were shopping around for such a service, I would surely take that into consideration.

tech support,call center,call center agents,at&t

For Update, Update to Update

noreply@blogger.com (rh) — Thu, 16 Oct 2008 01:44:00 +0000

Recently after installing Windows Server 2008 on a new server at work, I noticed this interesting message from Windows Update. I'm not sure, but I think it had something to do with update :)

windows,microsoft,windows update

Half Marathon 2008

noreply@blogger.com (rh) — Mon, 06 Oct 2008 02:38:00 +0000

Ran the ½ marathon today and as expected my performance was dismal. I ran the course in 2:14:58, at the pace of 10:18/mile. Last year I finished the race in 2:02:32 and the year prior to that my time was 1:55:52, and the one before that at 1:54:05. Beginning to see a pattern here. But this was my first race with a herniated disc, so I guess I can cut myself some slack here.

The race started at 8:30 AM in a cold rain. I absolutely hate running the rain, but not much can be done about that. Some people had bundled up to face the cold and wetness, others (myself included) were going to brave it with only a t-shirt. My rationale was that extra layers will get heavy in the rain and besides the running will warm me up anyways.

I hadn't taken any painkillers this morning so I was expecting back discomfort. The discomfort was there, some radiating pain and tingling down my left leg, but eventually it subsided enough that I was barely aware of it.

I had decided early on to pace myself in this race, as in, go slow and steady to avoid any potential aggravation of my back. I pretty much stuck to that the whole way through. While I knew this would hurt my finish time, I had no idea about the positive side effect. In the few years that I have run in this ½ marathon, this race was by far the most pleasant and enjoyable of them all. Ironic, considering my fears of back pain flare-ups. The rain was a nuisance, but unlike past races, I finished the course barely tired and in no pain. In fact I could probably continue for another 5 or 6 miles with ease.

I never downshifted to a walk, nor did I stop at any water stations. It was as if I wasn't even in a race. I was paying more attention to my surroundings (beautiful, scenic nature) than to the race itself.

I feel a bit conflicted over my time in this race. I guess I should be disappointed, but I'm really not, and here's why. As recently as a week ago I didn't even think I could handle the course and here I was crossing the finish line. To top that off, it went smooth and steady and it turned out to be the most enjoyable ½ marathon ever. For the first time ever, I actually began entertaining thoughts about running a full marathon.

marathon,running,jogging,back pain,

Herniated Disc and Half Marathon

noreply@blogger.com (rh) — Mon, 29 Sep 2008 02:01:00 +0000

One of my biggest anguishes I've had about getting hit with a herniated disc has been my inability to participate in my town's annual half marathon. But as I recovered from this affliction and started to run again I began to think that perhaps my fears on that front were premature and I could at least try the race this year. So I decided to register for the event next week and give it a shot.

My running performance hasn't been anywhere near before my injury. I jog slowly about 4 or 5 miles depending on my condition every other day and I've learned to be satisfied with that. Running 13.1 miles has been such a distant goal that I knew I was deluding myself about running, let alone finishing, this race.

Then to add insult to injury I got hit with another blow to my back yesterday. I must have over-extended myself lifting heavy bags after grocery shopping. Those with back pain know what I'm talking about. As you begin to straighten up you feel the dreaded pop in your back followed by the pang of sharp pain. It's unmistakable and it's the beginning of yet another bout with extended back pain. After muttering a few expletives under my breath I realized that this was the kiss of death for next week's half marathon. Just my luck! Oh well, perhaps this was a sign that I should accept my condition and avoid strenuous activities.

Yet there's that stubborn part of me that just won't capitulate. So after a painful night, I popped two Advils today and decided to pay a visit to the half marathon course to evaluate my condition. I planned to run the course as far as I could and then quit at the 7th mile or so, if I could get that far.

Right from the start the back pain kicked into high gear and kept hounding me to stop. "No way," I thought to myself and I kept on going with pain piercing my back and pins and needles radiating down my legs. I wasn't about to let the pain force me to quit. As I passed every mile marker already painted on the course, I said "one more mile" and pressed on. As I reached the 7th mile, I had a sudden realization that I've made it this far, might as well finish the darn thing. The temperature was mild but humid, pain was my only companion, and there were no water stations to get hydrated, but finish I did.

When I incredibly passed the finish line, I continued for another fraction of a mile as a sort of a victory lap. Dehydrated, exhausted, and pain-ridden (and not just in my back anymore), I got in my car to drive home, dazed at what I had actually done. I hadn't stopped even once. It was one smooth jog from beginning to end.

I'm not sure if this was a case of mind over matter or just a foolish act to defy my own body and prove a point. Whatever the case, I learned that the human body can sometimes be pushed beyond its perceived limits. The jury is still out on whether I can repeat the performance next week at the race. On top of that I might have aggravated my condition today. But even if I can't, I know I ran the half marathon even before the starter pistol's trigger will have been pulled.

back pain,marathon,half marathon,running,jogging,herniated disc

Windows XP Service Pack 3 Error

noreply@blogger.com (rh) — Sun, 14 Sep 2008 03:27:00 +0000

Last week I stumbled upon this Gmail Blog post mentioning that IE6 (Internet Explorer version 6) now supports some of the GUI enhancements offered by Gmail. But in order to exploit these enhancements, one had to apply a critical update to IE6 from Microsoft. An interesting point cited by this post was that Google and Microsoft developers had worked together to address the issue. I didn't think these guys even talked to each other, let alone cooperate to release an update for the IE6 browser.

I had always wondered why Gmail appeared less fancy in IE6 than in other browser like IE7 or Firefox, and this post finally resolved that mystery. Now I'm not the type to jump on a patch or a service pack as soon as Microsoft releases them. I still use IE6 on Windows XP at work and at home alongside Firefox 3, and I have no desire to upgrade to Windows Vista or IE7. The prospect of better Gmail experience however was tempting enough for me to pay a visit to the Windows Update site and apply the IE6 patch.

I have automatic updates disabled on my machine and apparently I was missing a lot of them as I was suddenly greeted with a long list of security and critical patches once I got the process rolling. Among the list were two notable items, IE7 and Windows XP Service Pack 3. I promptly opted out of IE7, but decided to give SP3 a green light. Little did I know that I'd be wasting the next 3 hours of my life over this inane service pack.

The process started our smooth enough. a number of patches were applied, followed by the obligatory reboot. Then came the SP3 update from hell. The sluggish process would run almost to the end at which time an error dialog box would pop up with a simple message: "Service Pack 3 setup error. Access is denied." Huh? Access to what is denied? Acknowledging the message would commence a rollback process as sluggish as the installation itself, followed by an automatic reboot.

Not acceding defeat, I ran a Web search on the error and found this KB article from Microsoft Support. Apparently I wasn't the first person having this issue. Following the advice of the article, I exited my antivirus program (AVG) and tried once more, but again I got the same error. Perhaps Windows Defender was the culprit, but stopping that process didn't help either. After a few more tries shutting down various programs like Diskeeper and Symantec's Backup agent, I was still getting nowhere. Finally I fired up Process Explorer and slaughtered every process in sight until only the basic ones remained. And yet, SP3 defiantly refused to be installed. It was the same old snail-pace install-error-rollback-reboot that I was getting well acquainted with.

There comes a time when a person must cut his losses and move on and my time was then. Most likely the trouble was a registry permission issue which is also mentioned in the KB article and a solution is offered. But by then my patience had already run out and by that final reboot I decided that SP2 was good enough for me.

In the end it turns out that SP3 doesn't really offer anything substantial over SP2. A few security fixes and optimizations but nothing so crucial that’s worth this kind of hassle. Happily, the IE6 update had been applied (possibly among the first set of patches) and that wiped away any modicum of temptation I might have had to give SP3 one more shot. The computer is working as before (even after the multiple upgrade onslaught), Gmail enhancements now appear fine on IE6, and my only regret is not stopping after the first SP3 update attempt went awry. Sorry SP3, we just weren't meant to be together.

windows xp,gmail,windows service pack,internet explorer,firefox,microsoft,google

DNS Vulnerability

noreply@blogger.com (rh) — Fri, 29 Aug 2008 02:42:00 +0000

While programming is my main focus at my company, one of my side jobs at work is networking. I have no complaints as I'm curious and interested in the inner workings of computer networks. Our IT department handles most of the networking tasks, but I usually find myself getting involved in setting up connectivity in the company. Whether it's a firewall, a router, a reverse proxy, or a DNS server, I find the networking field too fascinating to ignore.

That's why when the latest DNS vulnerability, discovered by Dan Kaminsky, came to light in April 2008, I began investigating our DNS servers to determine the risk factors. Dan's site contains a simple tool to assess the risk and it identified all of our caching DNS servers as vulnerable. A patch from Microsoft took care of our Windows-based DNS servers, but there was also a Fedora server in the mix running an old version of BIND that needed attention. Patching that server would have required upgrading to a newer version of Fedora.

I knew I could buy some time using the safety-in-numbers logic, but today I finally decided to tackle that server and plug the hole. My intention was to install the newest version of Fedora (version 9) on a new hardware and then add a patched version of BIND on top. BIND is a great name server product but it has a large footprint that seems like an overkill as a caching server. There are several other free DNS products out there so I began to look for an alternative.

My search eventually led me to PowerDNS (PDNS) and I decided to give that product a try. After installing Fedora 9 on the server, I downloaded the latest RPM of PNDS and promptly installed it on the server. PDNS comes in two flavors. The authoritative version and the caching version, known as Recursor which is the one I was interested in. The install was a breeze and the configuration was as easy as importing some of the data from the old BIND server and making some quick edits to the recursor.conf file. A server restart to make sure everything is in order, and I had the new caching server up and running, resolving names.

PDNS has been free of the DNS cache poisoning vulnerability for a few years now, and Dan's site confirmed that the new server was indeed running at much safer levels.

There is little doubt that the bad guys are hard at work to poison as many DNS servers as they can get their hands on. If your unpatched servers haven't been targeted yet, it's only a matter of time before they are. Whatever method or product you use to avert this risk, the sooner you do it, the better. As a quick alternative, you can use one of several free and already safe services like the one offered by OpenDNS.com as direct name servers or as forwarders on your caching servers.

dns,dns vulnerability,dns hack,fedora,bind,powerdns,opendns,networks,named

Online Car Registration Renewal, Finally

noreply@blogger.com (rh) — Thu, 28 Aug 2008 02:00:00 +0000

It's taken a long time. Perhaps a decade late for the Connecticut Department of Motor Vehicles to carry out some transactions online, but better late than never. While most of the private industry has shifted their operations online, the government is painfully behind on that front. The reasons range from the government being generally slow, to having under-paid technology workers and to shunning change. But change is inevitable and the DMV has finally taken some steps to that end.

When I received my registration renewal papers in the mail a couple of weeks ago as I have for years, I started to reach for my dusty checkbook to write a check and mail it in. that's when I noticed a new section on the paperwork detailing their online renewal service. I thought this was one of those payment processing sites that handle credit card payments on behalf of the government offices and charge an extra fee. But no, this was the real deal. An actual DMV site that handled renewals and accepted credit cards with no extra fees.

It took a mere couple of minutes to take care of the business on the site and I had an email confirmation soon after. The renewal document and sticker followed about a week later. It took them quite a long time to get on with the technology but I'm happy that they finally made it. I just hope that enough people make use of it and there are no major glitches to force them back to the old way. Online payment sure beats writing checks and licking stamps.

dmv,car registration,online payments

Herniated Disc, Six Months Later

noreply@blogger.com (rh) — Thu, 14 Aug 2008 02:59:00 +0000

It's been nearly 6 months since I was diagnosed with a herniated disc. During that time I have had to make some lifestyle changes, but looking back, the adjustments haven't been as drastic as I might have feared initially. Or perhaps I am now just used to dealing with the condition.

When I was in the throes of the torturous pain, all I could think of was that my life as I knew it had ended. There would no longer be any running, no motorcycle rides, no hiking and no getting in and out of the car without the excruciating pain. Fast forward 6 months and those dramatic changes I was afraid of didn't quite materialize. There has been some changes to be sure. No lifting of heavy objects, no fast running, and occasional pain in the lower back and down the leg to contend with. But with daily exercises, sleeping on a hard surface, and avoiding long periods of sitting, I have been able to reclaim some of the freedom I used to enjoy.

Thankfully, so far I have been able to avoid steroids shots or more drastic measures like surgery. I have done quite a bit of research during this time and realize that many people aren't as fortunate as I have been, but at the same time many others live normal lives with their herniated discs.

As far as I can tell and as explained by my doctor, the herniated mass has probably shrunk with time, relieving the pressure on the spinal cord and affording me more freedom of movement. That is not to say that I am completely pain-free. There are occasional bouts with pain and discomfort which I manage with patience and a few doses of pain killers. But generally, I have resumed a relatively normal life. The prospect of another attack is on my mind every day, but I try not to let it rule over my life.

My approach to my condition has been not to succumb to a state of hopelessness. It's difficult not to, but after accepting the situation, I decided that the best way to manage it was to continue with my activities the best I could. Ditching the bed for a thin pad on the floor has helped. So have daily back exercises and conditioning. As much as I wanted to continue with my running routine, I initially down-shifted to walking. Even that was painful at first, but as time passed I was able to slowly incorporate some jogging in my daily walks until I was ready to completely switch over to jogging. On good days, I would increase the distance to 4 or 5 miles. Currently I'm on alternate days of jogging and walking and that has been relatively steady. I have also learned not push it too far. When there's pain during a jog, I heed my body and slow down to a walk. There's no reason to be stubborn and risk paying a big penalty later on.

The point is that if you are an active person who has suddenly been struck with a herniated disc don't lose hope and wallow in grief too long. It doesn't have to be all or nothing. There's always a middle ground. Accept what has happened and then make the right adjustments to battle your way back. You may never be the same as before, but concentrate on what you can salvage rather than fussing over what has been lost.

herniated disc,back pain,running,walking,jogging

Yahoo Slurp Versus Googlebot

noreply@blogger.com (rh) — Sat, 19 Jul 2008 16:05:00 +0000

As a part of my early morning routine at my job I scan a daily notification on our web site visitor patterns, specifically looking for abusive or abnormal page requests to identify rogue hosts. I wrote the program years ago, but it has become one of my most effective tools in identifying abuse.

No surprise that search engine robots (spiders or crawlers) always top the list. Spiders are necessary evils. You want them crawling and indexing all your pages frequently, but that leads to spiders with voracious appetites that can rob the infrastructure of performance.

Speaking of voracious appetites, for years Googlebot used to top our crawl volume list, far and away from the second position, usually (but not always) occupied by Yahoo Slurp (Yahoo's spider). As of a few weeks ago I am noticing that Yahoo Slurp crawl volume is surpassing that of Googlebot. The first few days I considered it an anomaly, but the levels have remained consistent, knocking Googlebot out of its first position. Googlebot still registers with more or less the same numbers, but Yahoo Slurp has been consistently beating those numbers, sometimes by twice as many. That's a considerable spike in Yahoo's crawl activity.

I find it interesting that Yahoo's crawl volume started to rise in the midst of its take-over battles with Microsoft. Search engines have always competed on who has the most indexed pages. It's a bragging right, more than it is a practical or useful matter in search accuracy. But accuracy in search results is subjective, while page volumes are concrete numbers and that's why they are sometimes used as key differentiators between competing search engines. Still, the timing of the jump in Yahoo's crawling activity is intriguing. Could the motive be to enhance its index size (considered a key asset), thereby adding to the company's value? One wonders.

Meanwhile, sites need to consider the battle repercussions between the search engine titans as their increased crawl rates could put additional pressure on their infrastructures. One way to mitigate the effects is to set up mirror servers and deflect the spider/robot traffic to them using application-aware appliances, but that there's some effort involved and there's room for error as the servers need to be synchronized in real-time, specially for those such as news-related sites that continuously publish new pages and fresh content. The other consideration is bandwidth management to accommodate increased traffic. At the least, faster servers and fatter pipes are in order. As a reference here are the current signatures left behind by Google and Yahoo crawlers:

Googlebot's user-agent:
Mozilla/5.0+(compatible;+Googlebot/2.1;++http://www.google.com/bot.html)

Yahoo Slurp's user-agent:
Mozilla/5.0+(compatible;+Yahoo!+Slurp;+http://help.yahoo.com/help/us/ysearch/slurp)

google,yahoo,search engines,http,seo,googlebot,web

The ANWR Oil Debate

noreply@blogger.com (rh) — Mon, 07 Jul 2008 04:09:00 +0000

Lately I've seen a number of Web sites and emails exhorting Americans to press their government to explore for oil in a parcel of land in ANWR, the Arctic National Wildlife Refuge in the northeast corner of Alaska.

The ANWR debate is nothing new and it was a hot topic back in the 1970's oil crisis. Proponents argue that this location may hold vast deposits of oil which could bring relief to the current shortages of oil and thus tame the high prices in the US and the rest of the world. Opponents include the natives and environmentalists who fear that such exploration and subsequent drilling could endanger this natural setting robbing it and its inhabitants (humans and animals) of its ecological diversity and wealth.

I am not sure which side of the debate holds the better argument. Personally I don't like to see natural settings overrun by industrial concerns, i.e. the oil companies. What I do know is that Exxon-Mobil's earnings topped $40 billion in 2007 and surely they will easily exceed that figure this year. As people learn of these outlandish profits by the big oil while their savings are being squeezed, there is bound to be some backlash. That has manifested itself in the form of calls for special taxes on oil companies.

Couple that with the inevitable emergence of fuel economics and alternative energy and it's not hard to guess that oil companies are worried about their prospects. To me, these pro- oil exploration campaigns are not about alleviating oil shortages, but more about distracting the public from the abuses of the oil companies. Many go even further to shift the spotlight away from the big oil and cast it on the liberals, democrats, or Arabs in a shameless effort to create public sympathy and support for the oil companies. One wonders who the real authors are.

Oil companies already have millions of acres of land they can start exploring, but that's not enough. ANWR may hold large reserves of oil, but this campaign smells more like a land-grab and less like a sincere effort to help calm the oil crunch. Blaring their propaganda machine in times of panic and despair is always a good way to assure power and profits.

Review history and see how dictators and tyrants have come to power. Their reigns have almost always preceded by periods of unrest and panic when people are at their most vulnerable and can be easily deceived by empty promises and blustering rants. Once they tap into the herd mentality, they are assured of their golden positions. I want a way out of this oil mess too, but not enough to sell out this country to oil thugs. They're beyond rich enough already.

oil,anwr,alaska,oil companies,exxon

RSS/ATOM SyndicationFeed in .NET 3.5 Framework

noreply@blogger.com (rh) — Mon, 30 Jun 2008 01:20:00 +0000

Among some of the new classes introduced in Version 3.5 of the .NET Framework Class Library (FCL) were the syndication-related classes. While other technologies such as LINQ, extension methods and lambda expressions have been grabbing most of the attention the new syndication classes also deserve a nod. Part of the System.ServiceModel.Syndication namespace the classes offer a variety of methods to easily generate or consume syndication feeds in RSS 2.0 or ATOM 1.0 formats.

It's not that reading or writing feeds were exceedingly difficult before. FCL comes with a number of XML classes that facilitate working with XML data which all syndication feeds emanate from. No doubt there are plenty of sample code out there that made the task as easy as copy, paste and tweak. But now FCL comes with its own native classes to handle feeds, with advanced settings, intellisense, and potential of extension.

To demonstrate ease of use, here's a sample code that pulls in a sample feed from Google, and scrapes and saves the content of each link to a file:

var wc = new WebClient();
using (var rss = XmlReader.Create(
       "http://finance.google.com/finance?morenews=10&q=NASDAQ:INTC&output=rss")) {
  var feed = SyndicationFeed.Load(rss);
  foreach (var x in feed.Items) {
    var uri = x.Links.Last().Uri;
    wc.DownloadFile(uri, @"c:\rss\" + Regex.Replace(uri.LocalPath, @"^.*/", ""));
  }
}

That was easy, eh? Just remember to add System.ServiceModel.Web.dll as a reference to your project. Happy syndicating.

rss,atom,microsoft,net,asp.net,xml

DNS Mystery, NameServers, IP addresses

noreply@blogger.com (rh) — Wed, 18 Jun 2008 04:18:00 +0000

Today I was trying to reach 1&1's home page, but the browser kept failing to pull up the site. Mysteriously I was able to reach 1&1's home page when I changed my DNS servers to those of OpenDNS.org. Feeling curious I decided to investigate the matter in depth. My default DNS server was reporting the IP address of www.1and1.com to be 217.160.232.1. While that address belongs to 1&1, it's really one of their routers or gateways and not a Web server. No wonder I was unable to access the site. the working IP address reported by OpenDNS.org and a number of other DNS servers was 217.160.226.203. That is indeed the correct IP address for www.1and1.com. So why was I seeing different results from different DNS servers?

As you may know the job of translating a host name to an IP address falls on a program known as the resolver which queries its designated DNS server for the answer. If the DNS server can not produce the translation (from its cache or authority zone), it issues what it's know as a recursive query to the DNS network on the Internet. The host name is broken to its fragments and each fragment from right to left is queried successively. The results generally consists of hosts known as NameServers, which get the query one step closer to the final result. The final NameServers produce the IP address translation. However, if any of the NameServers along the way can produce the translation, the query stops and the IP address is sent back to the resolver.

Using the Unix/Linux dig command I followed the name resolution for www.1and1.com one step at a time. Results are shown here and shortened for brevity.

This command displays the root servers:

# dig
;; ANSWER SECTION:
.                       451081  IN      NS      M.ROOT-SERVERS.NET.
.                       451081  IN      NS      A.ROOT-SERVERS.NET.
.                       451081  IN      NS      B.ROOT-SERVERS.NET.
.                       451081  IN      NS      C.ROOT-SERVERS.NET.

This command queries one of the root servers and produces NameServers for "com." TLD (Top Level Domain):

# dig +norec @A.ROOT-SERVERS.NET www.1and1.com
;; AUTHORITY SECTION:
com.                    172800  IN      NS      K.GTLD-SERVERS.NET.
com.                    172800  IN      NS      L.GTLD-SERVERS.NET.
com.                    172800  IN      NS      M.GTLD-SERVERS.NET.
com.                    172800  IN      NS      A.GTLD-SERVERS.NET.

This command queries one of the "com." NameServers:

# dig +norec @A.GTLD-SERVERS.NET www.1and1.com
;; ANSWER SECTION:
www.1and1.com.          172800  IN      A       217.160.232.1
;; AUTHORITY SECTION:
1and1.com.              172800  IN      NS      ns27.1and1.com.
1and1.com.              172800  IN      NS      ns28.1and1.com.

Generally the previous command shouldn't produce and IP address, instead the authority section would prompt a final query to one of the 1and1.com NameServers (which by the way have the correct IP translation.) Instead somehow an IP address is produced at this level and the query ends with this inaccurate IP translation. I've tried the same query with the homepage URL's of Microsoft, Google, Yahoo and a few other sites and none return an IP address at this level.

It remains to be seen if this erroneous translation would eventually spread around, causing 1&1's homepage to become widely inaccessible. Anyone knows how that IP translation ended up in of the "com." NameServers? Am I making wrong assumptions here? Feel free to let me know.

dns,nameservers,domain names,ip addresses,internet