Sunday, June 29, 2008

Electoral Projections blog

Got this link via a colleague and it has some of the most detailed, up-to-date data and analysis on the polling data and cruft coming from the punditrocracy about who's going to win what and how they can win it. One to keep an eye on this election season. These will be some long months ahead! Right now it shows that Obama has an 88.6% chance of winning the election if it were held today. Electoral Projections Done Right

NCIS can't hold a candle to CSI

I had watched one episode of NCIS early on in its life and just thought that the writing was _horrible_. I knew then that I didn't need to watch any more episodes.

Well, someone I know was recently raving about NCIS so I decided to give it another shot--maybe they had gotten new writers? It was still _horrible_ writing. The writers tended to make most every line "cutesy", "syrupy", not like real people would talk at all. And the cast of characters are all their own caricatures. They fill the show with loads of dialogue that just detracts from the show. It seemed strained, like the writers are trying _way_ too hard to be funny. It wasn't.

There were a lot of cut-shots where they would cut to someone else's face to get their reaction. Why don't they just insert their own laugh track while they're at it?

I'll stick with CSI and CSI New York. The writing is intelligent, the characters are all very intricate and interesting. The humorous lines are just enough. The only thing that I can't stand on CSI are the guest writer episodes where they try something totally different -- like making it a dark comedy. Those are terrible. Stick to the regular characters and format. Oh, and the thing I can't stand on CSI New York is how overtly in-love with technology the writers are. It makes me sick how they try to shove as many techno-anythings into every episode. Once I saw the Cisco product placements I knew what was up. Now I know where Bill Gates sold his remaining tablet PCs...

Sunday, June 15, 2008

Batch transcoding flv audio to ogg/vorbis using VLC

Here's a handy bash script that I use to quickly batch transcode flash audio-only files into ogg/vorbis for playing on my Cowon D2:

for file in *.flv;
/cygdrive/c/Program\ Files/VideoLAN/VLC/vlc.exe -vvv $file --sout="#transcode{acodec=vorb,ab=192,channels=2}:standard{mux=ogg,dst=$file.ogg}" vlc:quit;

Coolest social network music site

IMEEM - what's on your playlist?

I stumbled across this site googling for samples of some songs on albums I was considering buying. They have postings of high-quality videos and clips of songs, with charts. Excellent for trying to find that song on the radio you never knew the name of but enjoyed.

Saturday, June 14, 2008

Democratic leaders need a spine: Say NO to FISA compromises

This points out how the Democrats aren't capitalizing on this issue which is working against the Republicans. Show how the Democratic party is about freedom and the Republicans are about unitary executive and a police state.

Daily Kos: State of the Nation: McCain's FISA Flip-Flops Still in the News

Now, take some action and tell your congresscritters to take a stand on our rights. Thanks to CREDO Mobile!

Say No to Senator Bond's FISA Capitulation
For over 30 years, the Foreign Intelligence Surveillance Act (FISA) has dictated necessary and appropriate ways for the U.S. government to collect intelligence on its own citizens for the sake of national security. Two key provisions of this law are that:

* The government must obtain a warrant from the Foreign Intelligence Surveillance Court (FISC) before spying on a citizen.
* Citizens have the right to sue if they believe they were spied upon illegally.

FISA provided broad leeway for every President from Carter to Clinton to conduct extensive intelligence-gathering operations. However, President Bush has decided that he is above warrants and judicial review, and major newspapers have reported that he has been using big telecoms like AT&T to spy on Americans without warrants for years.

Saturday, June 7, 2008

ViewStateUserKey not entirely effective against CSRF

Oh, how timely! Just a few days ago, a blog post about the limitations of ViewStateUserKey as a means to prevent CSRF in ASP.Net applications. The bottom line:
  1. developers can disable ViewState entirely, so it lacks central control (kind of like ripping out your firewalls and hoping everyone has an up-to-date and securely configured desktop firewall instead)
  2. There are some issues with the mechanism working over load-balanced connections or across IIS app pools where session IDs are likely not shared.
  3. Most importantly, the ViewState MAC is only checked on POSTback, so if you have apps that don't use POSTbacks, you are still vulnerable.
The article also suggests that a CSRF Guard for .Net is needed. Well, they are in luck because it is:

ViewStateUserKey Doesn’t Prevent Cross-Site Request Forgery -

Thursday, June 5, 2008


At the OWASP conference in San Jose last year, the Java OWASP CSRFGuard was presented and I met Eric Sheridan, its author. I noted that there was not an analogue for .Net so I started coding right then.

Well, it's been a hobby project for some time. Eric and I have gone back and forth with design/feature ideas and are working toward feature-equivalent solutions for each language, albeit implemented within the appropriate language paradigms.

I have been coding away for the past several weeks, whittling down my TODO list, and am ready to release an alpha version soon. I need to figure out some logistical issues and get the assembly a strong name so it can be installed in the GAC. So, check it out and watch this space for the release announcement.

I also have lots of work to do to flesh out the full documentation on the wiki page.

.Net CSRF Guard - OWASP

Wednesday, June 4, 2008

Catholic church again being heavy-handed about pro-life supporters

This is really stupid. To single out only certain members of the church? I agree with Steve,

"I think it’s a mistake to deny Communion to public officials who, in
their official capacity as policy makers, stray from the church’s
doctrines. But this is adding insult to injury — targeting Catholic
congregants based on their votes, rather than their beliefs and conduct.

In other words, at least in the abstract, John Kerry should be blocked from receiving Communion and Catholic voters who supported him should receive the same treatment."

And why just pro-life stances? Isn't the catholic doctrine that we are all sinners? In fact, you say before communion "I am not worthy to receive you [Jesus, via transubstantiation in the body & blood, aka bread & wine] but only say the word and I shall be healed". You would think that this would be the _last_ thing they would want to deny to anyone. But I guess they have to keep up appearances...

Crooks and Liars » Communion need not be a political weapon