At lunch today, I told Eric about Hash Attacks: for many hash functions, it’s possible to construct a large set of keys that collide. This can be used to cause a Denial of Service as hashtable operations can be induced to take O(n) time instead of O(1).

Crosby and Wallach suc­cess­ful­ly demon­strat­ed this against a number of ap­pli­ca­tions.

Andrew has a good writeup of Hash Algorithm Attacks.

There are various mit­i­ga­tions suggested. The one that I used when I first became aware of this problem is to use a salt to the hash function.

In other words, change:

unsigned hash(const char* s)
{
    unsigned h = 0;
    while (*s)
   

Derick Bailey put together a set of Mo­ti­va­tion­al Posters to illustrate the SOLID principles. SOLID is a set of principles that help guide OO code towards greater testa­bil­i­ty. They increase cohesion and reduce de­pen­den­cies, hence, coupling.

Single Re­spon­si­bil­i­ty Principle — A class should have one, and only one, reason to change

Ideally, a class or a function will do only one thing and do it well, in only a few lines.

Recently, I refactored two large functions. One function proxied an HTTP request: it had to se­lec­tive­ly copy request headers, construct other headers, copy the request body, make the request, handle exceptions, se­lec­tive­ly copy response headers, construct other headers, and copy the request body. The preceding sentence …continue.

I use or par­tic­i­pate in a handful of wikis hosted at PBwiki. A year ago, I wrote a PBwiki syntax high­light­ing plugin for Vim, modeled after the ones that I put together for the FlexWiki and SocialText wikis. Es­sen­tial­ly, paste the wikitext into Vim, get syntax high­light­ing, edit the text, then paste it back into the multiline textbox. I find the WYSIWYG editors annoying.

PBwiki is forcing all wikis to switch over to v2.0 by March 9th. The good news is that the upgrade is painless and reliable. They offer new features, such as an improved editor, better access control, and a new look.

The bad news is that for cranks like me, there’s no …continue.

One thing that’s been bugging me since I started using Opera is that bold and italic text was showing as normal text in my personal blog. Yet other browsers were correctly displaying bold and italic on my blog.

I’m still not entirely sure why Mac Opera had a problem with it, but I fixed it by using the Lucida Hybrid stylesheet tweak.

body, #content {
    font-family: "Lucida Sans Unicode", "Lucida Grande",
        Verdana, Arial, Helvetica, sans-serif;
}

strong, em, b, i {
    font-family: "Lucida Sans", "Lucida Sans Unicode", "Lucida Grande",
        

I like Stack Overflow, Jeff Atwood’s pro­gram­ming Q&A site. It’s quickly become a go-to place for all kinds of pro­gram­ming questions. It’s certainly easier to find a definitive answer there than trying to wade through a thread in a mailing list archive. The social dynamics seem to be working and a definite community has evolved.

I’ve been going there more often recently. I browse the hot questions and I often learn something from them.

I’m answering some questions too. I’ve been doing this for twenty years on Usenet and mailing lists. I might as well get a little credit for it on SO. My reputation is 131 as I write this: I expect …continue.

Esther Schindler has a post about in­ter­view­ing your next boss: should a candidate dev manager meet everyone who’ll be reporting to them?

Yes. Definitely. If you want a successful, cohesive team, there has to be trust. A manager can make or break a team.

A new manager starts at a dis­ad­van­tage, relative to a new individual con­trib­u­tor. The new dev is expected to ramp up and have time to build re­la­tion­ships with the team. The new manager has to build the re­la­tion­ships as soon as possible.

If the manager gets to interview with the team before being offered the job, both parties benefit. Why would you want to manage a team that you’d never met? Shouldn’t the team …continue.

Apple launched the public Safari 4 beta today.

It runs beau­ti­ful­ly on Vista and it’s the fastest browser that I’ve seen, noticeably faster than Chrome. Everything that I tried worked fairly well; I saw only a few minor glitches.

I installed it on my MacBook at home this evening. It crashes at startup every time that I attempt to run it. For­tu­nate­ly, it comes with an unin­staller so that I could revert to Safari 3.21.

Back to Opera for now.

I was Toast­mas­ter of the Day at this evening’s meeting of Freely Speaking Toast­mas­ters. My theme was software de­vel­op­ment and I wanted to give the non-developer audience a taste for what it’s like to write a program. I talked about writing a simple Sudoku game.

Yesterday, I read Pro­gram­ming Sudoku for background. I bought this book for Emma after reading about it on Scott Hanselman’s blog. It’s targeted at beginning pro­gram­mers and walks them through building a Sudoku game and solver. I was hoping to get Emma more interested in pro­gram­ming—un­suc­cess­ful­ly. She found it …continue.

Emma, Eric, and I went to Gay Bingo this evening. It’s a monthly fundraiser for the Lifelong AIDS Alliance. This is not your grand­moth­er’s church bingo: the Sisters of Perpetual Indulgence are the ushers and the show is MC’d by a drag queen.

Every Gay Bingo has a theme. Tonight’s was the Love Boat, the campy 70’s TV show. Many in the audience dress for the occasion. I wore the nearest thing to a lounge suit that I had; Emma ac­ces­sorized a nautical top with a scarf. We brought Jill and Dick the last time we went. They have an enormous collection of costumes and they were some of their choice Fifties glad rags.

I’ve …continue.

Set in an alternate 1985 where costumed heroes are real—and outlawed—Watchmen follows six ad­ven­tur­ers. Rorschach, half-mad, continues his vigilante activities. Nite Owl is retired and a worrywart. The former Ozy­man­di­as—the world’s smartest man—is now one of the richest. The Comedian is murdered at the very beginning; after the Keene Act passed, he was allowed to continue operating as a government enforcer. Dr. Manhattan was trans­formed into a superbeing in a nuclear accident in 1959; he is America’s strategic weapon in the arms race with the …continue.