It has been mentioned, with respect to the tsunami, that there seem to be more earthquakes these days then there have been in the past. I visited the USGS archives today and compiled a couple interesting charts. The first the number of earthquakes magnitude 7.0 or larger since 1900. The purple line plots a regression on the data. At least for the last 100+ years, the number of earthquakes has been decreasing rather than increasing. It then occurred to me that it may, however, be the case that the earthquakes, though not more frequent, have become more lethal. The USGS has a dataset on earthquakes with 1000 or more deaths since 1902. Conclusion? The number of deaths over time has een rising in basically a linear fashion.
The number of deaths from earthquakes for the past 100 years sits at about 2 million. From a heartless perspective, this is surprisingly small. Remember that the world has about 6.1 billion people. To put it into perspective, Martin Gilbert's Atlas of the Holocaust puts the number of Jews exterminated between 1939 and 1945 at 5,750,000.
When using MySQL's UTF-8 character set, besides setting the database character set to UTF-8, you must remember to send SET NAMES 'utf8' to MySQL prior to querying or inserting. Forgetting to do will surely cost you a substantial amount of hair, sleep, and sanity.
Hallelujah, it is a dream come true. I've been wanting something like this for almost a decade. Every so often I would get inspired to learn how to read and write Chinese. Then, for about a week, I would digest any Chinese characters I could find, diligently looking up unknown or forgotten words and etching character, pinyin and definition into my journal. No more! Enter the pinyinator.
What is the pinyinator?
The pinyinator is a tool for translating both traditional and simplified Chinese, line by line, into pinyin. It is especially helpful for illiterati wishing (or having) to sing Chinese hymns. But wait, there's more! Simply moving your mouse over a character will pop-up a definition, as well as the character in traditional and simplified Chinese. Admittedly, it runs slow, but I have a couple tweaks in mind which should speed things up, i.e., grabbing the definitions and pinyin in one database call instead of character-by-character.
Here are a few things to pinyinate:
神愛世人、甚至將他的獨生子賜給他們、叫一切信他的、不至滅亡、反得永生。 -約翰福音 3:16
This project would have been impossible without open source information and software. The core of the pinyinator is Paul Denisowski's CEDICT Chinese-English Dictionary. The dictionary, in UTF-8 format, was imported into MySQL with assistance from Christopher Sexton's phpCEDICT code. The pinyinator also relies util.php from phpCEDICT. Specifically, it calls Scott Reynen's UTF-8 to Unicode conversion tools as well as Konrad Mitchell Lawson's pinyin to unicode function.
What's up ahead? It would be nice if characters could be saved in a user account to be retrieved for things like flashcard use (see my earlier posts on the Leitner cardfile system). This is a major endeavor in itself and may have to wait another decade... It would be nice if I could email the system with some Chinese and have it respond with pinyinated and defined text. It would be nice if the system could periodically email me with Chinese snippets, verses or sayings pinyinated and defined. A good source for this would have been zhongwen.com's extensive list of Chinese material. Unfortunately, most of the text there is stored in a graphic. Chinaknowledge, a site located in Germany, uses UTF-8 encoding, which will work. It hosts a large volume of Confucian and Doaist literature, among other things.
The amount of destruction caused by the tsunami in southeast Asia has been, to say the least, breathtaking. Today, the number of dead rose above 60,000. How can we respond? One easy way is to donate money to organizations in the forefront. The Red Cross, Doctors Without Borders and World Vision are several that immediately come to mind. In the months to come, I'm sure you will encounter a number of solicitors from organizations you may never have heard about. Check them out before you give. An excellent resource for doing this is GuideStar. They provide a massive amount of information on various non-profit organizations including things like salaries and how much money is actually spent for the cause. Interesting in actually volunteering? Check out idealist.org.
I looked into binaural recording several years ago prior to my trip to Russia. The topic recently resurfaced as Sonja and I were looking for a CD with ocean sounds. Fanatasies of a binaural recording of the ocean immediately popped into my head. After some distraction, I have concluded that Len Moscowitz's Core Sound is the way to go.
Mr. Moscowitz is a graduate of Rutgers, Polytechnic Institute of New York and The City University of New York. Holding degrees in electrical engineering and psychology, he spent more than 20 years working on artificial intelligence, waveform analysis and radar jamming for the US Aerospace industry. He also plays bass guitar and guitar, and enjoys recording and composing. So, the background is good.
Core Sound specializes in high quality stealth recording. Think U2 concerts... Of course, they recommend asking for permission before recording. People also use their systems to record ambient sound, such as the ocean. Their high end binaural (HEB) microphones are a bit rich for my blood (~$900), though about an order of magnitude less than professional gear such as the Neumann KU-100 dummy head (~$8000). The HEB set utilizes a set of DPA4060 microphones from Bruel & Kjaer, which Moscowitz claims as "the very best binaural microphones available anywhere".
So how does this work? The microphones are clipped to glasses, a helmet, your belt, or under your collar, seperated by a head's width. In the ideal (and more expensive) world, the microphones are inserted into the ear to truly capture the sound, including the transfer function coming from the ridges and valleys of the ear. On top of the microphones, you will need a dat recorder, an md recorder, or a way of amplifying and digitizing the audio into a digital device such as a PDA or a laptop. Core Sound sells a package to do the latter. Audio is captured and digitized using PDAudio, which consists of a Mic2496 dual microphone pre-amp and A-to-D converter ($499), a S/PDIF to Compact Flash adapter ($199), optical cabling ($15), "Live2496 software" ($50), and, if you don't have it, a PDA/laptop with associated memory. To be portable, you will probably want a PDA ($300) and a lot of memory ($250-300). You can see this is becoming an expensive endeavor.
For the hobbyist (CD-quality), it may be sufficient to purchase Core Sound's original microphones ($260). Though not as sleek and small, for 16-bit/44.1 kHz recordings, it may well be sufficient. The HEB 4060 is really designed for 24-bit/96 kHz recordings, so-called DVD quality. The microphones can then be plugged into an old MD or DAT recorder. While the sound quality may not be as high, I suspect it will probably be sufficient. The main issue with using a mechanical device is that noise is injected into the recording. A solid-state memory such as Compact Flash or SD can avoid this.
I located my Chinese font (see previous post) at David McCreedy's most excellent Gallery of Unicode Fonts. Incidentally, it is also a good place to (1) start learning about Unicode, and (2) learn some travel phrases.
I found a nice traditional Chinese font today. I had been using it in Microsoft Word when I started noticing some funny behavior. Somehow placing the Chinese text by certain styles would revert the font back to SimSun, the default (and not-so-pretty) Asian text font. This, not being consistently replicable, frustrated me enough to do a search for a solution on Google. The fix is easy. Go to Format, then Font and then select the new Asian text font, in my case, AR PL KaitiM Big 5. Click on Default.... That's it!
Jesus Loves Me This I Know
ye1 su1 ai4 wo3 wo3 zhi1 dao4
yin1 you3 sheng4 shu1 gao4 su4 wo3 。
fan2 xiao3 hai2 zi3 zhu3 mu4 yang3 ，
wo3 sui1 ruan3 ruo4 zhu3 qiang2 zhuang4 。
zhu3 ye1 su1 ai4 wo3，(3x)
you3 sheng4 shu1 gao4 su4 wo3 。
Jesus loves me this I know,
For the Bible tells me so;
Little ones to Him belong,
They are weak, but He is strong.
Yes, Jesus loves me, (3x)
The Bible tells me so.
Thanks to Jin Xia, this project is done. I present to you,主領我何往必去 Wherever He Leads I'll Go in English, Chinese and pin yin, for the illiterate. I recommend the PDF version for printing. Feel free to download the original Word document. HTML to follow. Finally, the hmyn, nicely rendered, in midi version, courtesy of Active Bible Church of God, Chicago.
Wherever He Leads I’ll Go
zhu3 ling3 wo3 he2 wang3 bi4 qu4
“Take up thy cross and follow Me,” I heard my Master say;
「bei1 qi3 shi2 jia4 lai2 gen1 cong2 wo3 ！」
wo3 ting1 jian4 zhu3 ci2 sheng1 ；
“I gave My life to ransom thee, Surrender your all today.”
「wo3 she3 sheng1 ming4 shu2 ni3 zui4 guo4 ，
dang1 jiang1 ni3 suo3 you3 xian4 cheng2 。」
He drew me closer to His side, I sought His will to know,
zhu3 qian1 wo3 jin3 kao4 ta1 shen1 pang2 ，
xun2 qiu2 en1 zhu3 zhi3 yi4 ；
And in that will I now abide, Whever He leads I’ll go.
shi3 wo3 xing2 zai4 zhu3 zhi3 yi4 zhong1 ，
zhu3 ling3 wo3 he2 wang3 bi4 qu4 。
It may be thro' the shadows dim, Or o'er the stormy sea,
huo4 yao4 jing1 guo4 you1 an4 dao4 lu4 ，
huo4 du4 feng1 bao4 hai3 yang2 ；
I take my cross and follow Him, Wherever He leadeth me.
bei1 qi3 shi2 jia4 gen1 sui2 en1 zhu3 ，
wu2 lun4 zhu3 ling3 wo3 he2 wang3 。
My heart, my life, my all I bring To Christ who loves me so;
wo3 ming4 、wo3 xin1 、suo3 you3 yi1 qie4 ，
xian4 yu2 ai4 wo3 ji1 du1 ；
He is my Master, Lord, and King, Wherever He leads I'll go.
wu2 lun4 ling3 wo3 he2 wang3 bi4 qu4 ，
yin1 ta1 shi4 wo3 wang2 ，wo3 zhu3 。
Wherever He leads I'll go, Wherever He leads I'll go,
zhu3 ling3 wo3 he2 wang3 bi4 qu4 ，
zhu3 ling3 wo3 he2 wang3 bi4 qu4 ，
I'll follow my Christ who loves me so, Wherever He leads I'll go.
zhu3 zhe4 yang4 ai4 wo3 ，wo3 bi4 gen1 cong2 ，
zhu3 ling3 wo3 he2 wang3 bi4 qu4 。
The C-Guys have been testing an 802.11b SDIO WiFi card with a Linux based driver, the SD-Link11b. The driver was designed for the Sharp Zaurus Linux PDAs. Note that the site is in Japanese. I found a thread on the SD-Link11b. It looks like it is still not market-ready and the drivers are not (yet?) open-source. Having to pay for software may well be what kills this idea.
PalmInfocenter has a snippet on the C-Guys.
I've been waiting for this one for a while - Sandisk + WiFi. An 802.11b WiFi card, packed into an Secure Digital (SD) card with 256 MB to boot. How much, a measely $106.49. Nice. Socket Com also have a similar item - the SDIO WLAN CARDSDIO 802.11B. Amazon list's it for a whopping $1,893.99, though I think this might be for 20.
What I want to know is what software needs to be run on the primary processor in order to get this to work. Is everything mostly on the card already? Or is it relying on the local microprocessor to do the work. If the former, this could be a cheaper way of enabling devices to have WiFi - at least for a hobbyist. We could use embedded Linux. Are there Linux drivers for SDIO 802.11b? Discussion here. The answer, at the moment, appears to be no. A link was made to a Fujitsu document, but this seems to have been removed.
The SDCA is a huge believer in "security through obscurity". Sharp went as far as to offer closed-source drivers for SD memory cards, but I doubt we'll be seeing any SDIO drivers for Linux until the Bulgarian high school students break the security and spread the secrets all over the net.Go Bulgaria!
Steven Pressman has a great piece on libel laws in the United States.
For the United States, the laws that control libel and slander first began to take shape even before the colonies gained their independence from Britain. One of the most famous American cases involved New York publisher John Peter Zenger, who was imprisoned in 1734 for printing political attacks against the colonial governor of New York. Zenger's lawyer established a legal precedent by arguing successfully that truth is an absolute defense in libel cases. Up until then, it had never mattered much whether the allegedly libelous statements about someone were true or false. Since the Zenger case, however, someone can sue successfully for libel only if the defamatory information is proven to be false. [emphasis mine]
The complete set consists of the following:
When installing perl modules with dependencies, e.g., PDF::Report depends on PDF::API2, in private directories, you will probably encounter an error message when running 'perl Makefile.PL' - something like "Can't locate xxx.pm in @INC (@INC contains... [everything but the right directory]". In my case, I had installed the dependency into my private directory, ~/cgi-bin/myapp/extlib. To fix this, set the PERL5LIB directory if it hasn't yet been set using 'setenv PERL5LIB ~/cgi-bin/myapp/extlib'. Try running 'perl Makefile.PL' again. That should do the trick.
The Social Issues Research Centre (Oxford, UK) has a facinating report on smell. "You won't want to stop reading," reported Sonja. I concur. The article is well researched, and rich in the history of smell in Western and other cultures. Here are some thought-provoking factoids:
Behold, the source file...
I used lightverse.com to attempt to do the pinyin conversion. Hmm, maybe if I use big5 as a source...
主zhu3 領我wo3 [何he2;he4] [往wang3;wang4] 必bi4 去qu4 「[背bei1;bei4] 起qi3 十shi2 架jia4 來跟gen1 從我wo3 ！」我wo3 聽見主zhu3 慈ci2 聲；「我wo3 捨生sheng1 命ming4 贖你ni3 罪zui4 過，當將你ni3 所suo3 [有you3;you4] 獻迖 呈cheng2 。」 * 主zhu3 牽我wo3 緊靠kao4 祂身shen1 旁pang2 ，尋求qiu2 恩en1 主zhu3 旨zhi3 意yi4 ；使shi3 我wo3 [行hang2;hang4;heng2;xing2] 在zai4 主zhu3 旨zhi3 意yi4 [中zhong1;zhong4] ，主zhu3 領我wo3 [何he2;he4] [往wang3;wang4] 必bi4 去qu4 。* 我wo3 命ming4 、我wo3 心xin1 、所suo3 [有you3;you4] 一yi1 [切qie1;qie4] ，獻與愛我wo3 基ji1 督du1 ；無論領我wo3 [何he2;he4] [往wang3;wang4] 必bi4 去qu4 ，因yin1 祂是shi4 我wo3 [王wang2;wang4] ，我wo3 主zhu3 。* *(副fu4 歌ge1 ) 主zhu3 領我wo3 [何he2;he4] [往wang3;wang4] 必bi4 去qu4 ，主zhu3 領我wo3 [何he2;he4] [往wang3;wang4] 必bi4 去qu4 ，主zhu3 這樣愛我wo3 ，我wo3 必bi4 跟gen1 從，主zhu3 領我wo3 [何he2;he4] [往wang3;wang4] 必bi4 去qu4 。
That was it. Lightverse works with simplified chinese. Here is the hymn - simplified via khngai.com.
「背起十架来跟从我！」我听见主慈声；「我捨生命赎你罪过，当将你所有献迖 呈。」 *
And here it is in pinyin:
主zhu3 领ling3 我wo3 [何he2;he4] [往wang3;wang4] 必bi4 去qu4 「[背bei1;bei4] 起qi3 十shi2 架jia4 来lai2 跟gen1 [从cong1;cong2] 我wo3 ！」我wo3 听ting1 [见jian4;xian4] 主zhu3 慈ci2 声sheng1 ；「我wo3 捨生sheng1 命ming4 赎shu2 你ni3 罪zui4 [过guo1;guo4] ，[当dang1;dang4] [将jiang1;jiang4;qiang1] 你ni3 所suo3 [有you3;you4] 献xian4 迖 呈cheng2 。」 * 主zhu3 牵qian1 我wo3 紧jin3 靠kao4 祂身shen1 旁pang2 ，[寻xin2;xun2] 求qiu2 恩en1 主zhu3 旨zhi3 意yi4 ；使shi3 我wo3 [行hang2;hang4;heng2;xing2] 在zai4 主zhu3 旨zhi3 意yi4 [中zhong1;zhong4] ，主zhu3 领ling3 我wo3 [何he2;he4] [往wang3;wang4] 必bi4 去qu4 。* 我wo3 命ming4 、我wo3 心xin1 、所suo3 [有you3;you4] 一yi1 [切qie1;qie4] ，献xian4 [与yu2;yu3;yu4] 爱ai4 我wo3 基ji1 督du1 ；[无mo2;wu2] [论lun2;lun4] 领ling3 我wo3 [何he2;he4] [往wang3;wang4] 必bi4 去qu4 ，因yin1 祂是shi4 我wo3 [王wang2;wang4] ，我wo3 主zhu3 。* *(副fu4 歌ge1 ) 主zhu3 领ling3 我wo3 [何he2;he4] [往wang3;wang4] 必bi4 去qu4 ，主zhu3 领ling3 我wo3 [何he2;he4] [往wang3;wang4] 必bi4 去qu4 ，主zhu3 [这zhe4;zhei4] 样yang4 爱ai4 我wo3 ，我wo3 必bi4 跟gen1 [从cong1;cong2] ，主zhu3 领ling3 我wo3 [何he2;he4] [往wang3;wang4] 必bi4 去qu4 。
Ahh, and here it is unsimplified
主zhu3 領ling3 我wo3 [何he2;he4] [往wang3;wang4] 必bi4 去qu4
「[背bei1;bei4] 起qi3 十shi2 架jia4 來lai2 跟gen1 [從cong1;cong2] 我wo3 ！」我wo3 聽ting1 [見jian4;xian4] 主zhu3 慈ci2 聲sheng1 ；
「我wo3 捨生sheng1 命ming4 贖shu2 你ni3 罪zui4 [過guo1;guo4] ，[當dang1;dang4] [將jiang1;jiang4;qiang1] 你ni3 所suo3 [有you3;you4] 獻xian4 迖 呈cheng2 。」 *
主zhu3 牽qian1 我wo3 緊jin3 靠kao4 祂身shen1 旁pang2 ，[尋xin2;xun2] 求qiu2 恩en1 主zhu3 旨zhi3 意yi4 ；
使shi3 我wo3 [行hang2;hang4;heng2;xing2] 在zai4 主zhu3 旨zhi3 意yi4 [中zhong1;zhong4] ，主zhu3 領ling3 我wo3 [何he2;he4] [往wang3;wang4] 必bi4 去qu4 。*
我wo3 命ming4 、我wo3 心xin1 、所suo3 [有you3;you4] 一yi1 [切qie1;qie4] ，獻xian4 [與yu2;yu3;yu4] 愛ai4 我wo3 基ji1 督du1 ；
[無mo2;wu2] [論lun2;lun4] 領ling3 我wo3 [何he2;he4] [往wang3;wang4] 必bi4 去qu4 ，因yin1 祂是shi4 我wo3 [王wang2;wang4] ，我wo3 主zhu3 。
* *(副fu4 歌ge1 ) 主zhu3 領ling3 我wo3 [何he2;he4] [往wang3;wang4] 必bi4 去qu4 ，主zhu3 領ling3 我wo3 [何he2;he4] [往wang3;wang4] 必bi4 去qu4 ，主zhu3 [這zhe4;zhei4] 樣yang4 愛ai4 我wo3 ，我wo3 必bi4 跟gen1 [從cong1;cong2] ，主zhu3 領ling3 我wo3 [何he2;he4] [往wang3;wang4] 必bi4 去qu4
Oops - I missed verse 3.
或huo4 [要yao1;yao4] [经jing1;jing4] [过guo1;guo4] 幽you1 暗an4 道dao4 路lu4 ，或huo4 渡du4 风feng1 [暴bao4;pu4] 海hai3 洋yang2 ； [背bei1;bei4] 起qi3 十shi2 架jia4 跟gen1 随sui2 恩en1 主zhu3 ，[无mo2;wu2] [论lun2;lun4] 主zhu3 领ling3 我wo3 [何he2;he4] [往wang3;wang4]
back to traditional
或huo4 [要yao1;yao4] [經jing1;jing4] [過guo1;guo4] 幽you1 暗an4 道dao4 路lu4 ，或huo4 渡du4 風feng1 [暴bao4;pu4] 海hai3 洋yang2 ； [背bei1;bei4] 起qi3 十shi2 架jia4 跟gen1 隨sui2 恩en1 主zhu3 ，[無mo2;wu2] [論lun2;lun4] 主zhu3 領ling3 我wo3 [何he2;he4] [往wang3;wang4]
Microtek's newest ScanMaker, the i900, is my dream scanner for Hiroshige prints. Professional and yet under $1000. Amazon has the ScanMaker i900 for $525. It boasts 42-bits of color. Wowsers. As with most great products, it has one a good number of awards, most notably the CNET Editors' Choice and the photographer's Hot1 Award. The included software is also quite impressive: Adobe Photoshop Elements 2.0; Adobe Photoshop Album SE (PC only); ABBYY FineReader Sprint OCR; Ulead PhotoExplorer; Kodak Digital Science Color Management; Microtek's ScanWizard Pro scanning software with LANShare scanner-sharing utility for PCs; and Microtek's Scanner ICC Profiler with IT-8 reflective and transmissive calibration targets.
True love costs - this year the Christmas index, based on “The Twelve Days of Christmas” has risen to $17,297. Make sure to check the out the flash presentation. Interestingly, because of the cost of shipping, the Internet turns out to be substantially more expensive, $27,736.
Briefly fantasizing about writing a Hiroshige screensaver, I stumbled onto Lucian Wischik's Holistic Screensavers: Beginning to End. Nice.
Update: I swapped out the background image on Wischik's Images example for a Hiroshige print. Download the file. To install, simply right click on the .scr file. On second thought, don't install it yet. I'm not sure how to uninstall it. You can just double click on the file to look at it. Definitely more to come...
It has been said, that Time is Money, and Knowledge is Power. By substituting these into
Power = Work/Timewe quickly find that
Knowledge = Work/Moneyleading us quickly to the infamous
Money = Work/Knowledgewhich has presumably been used by VC's and CEO's to assuage their nighttime guilt about making so much mulah at the expensive of lesser paid scientists and engineers. Who can dispute a law of physics?
Let's take a closer look, to see if it makes sense. The common argument is that for a given amount of work, as knowledge tends towards zero, the money you make increases to infinity. Of course, we all know this shouldn't be the case. So where lies the logical flaw? It lies in the interpretation of work. Work is Power/Time. The more Power you expend, the less Time you need to achieve a given amount of Work. You can buy time by hiring help. So, substitute in Money. Instead spending Time, you are now spending Money. Now it should be clear that the Money in Money = Work/Knowledge does not have to do with the Money you make, but the Money you have to spend to do a given amount of work.
You get paid Money for the amount of Work you do. Taking a company from a seedling to a public company is a lot of Work. That's why VC's (and investment banks)get paid a lot of money. How does the equation fit into this? Everyone agrees that VC knowledge is typically infinitesimal*. Which means the money that must be spent to achieve this huge Work must be immense. Where does the Money come from? It comes from the Investor.
*If you are a VC with funding for a revolutionary brain-related medical device, this excludes you.
Kent R. Weeks is an American archaeologist specializing in ancient Egypt. Some of his work on what he believes is Ramses II firstborn son's skull will be featured on Discover this Sunday. Discover's own advertising campaign has been extremely aggressive. The theme? Do you dare question the Bible. Was the tenth plague the "wrath of God or Man"? beliefnet has an interview with Charles Sennott, an author and news correspondent who worked with the Discover Channel on the program. His article from the Boston Globe has been posted here.
Weeks is a professor of Egyptology at American University in Cairo. In 1965, he received his Master's degree from the University of Washington and his Ph.D. in Egyptology from Yale University in 1970 . He's written a number of books on KV5 a dig done by James Burton in the early 19th century. His claim to fame is having re-discovered the entrance to the tomb while working on his Theban Mapping Project. Here's a bibliography.
Ahhh... I found what I was looking for. A fellow enthusiast, johnxyz, has done a superb job on Hiroshige's many woodblock prints. The site is clean, easy to navigate, and contains well-written well-researched prose (with citations!). Large images, when available, are 806x580.
Magome There is the Magome Pass (801 m above sea level) between Tsumago and Magome, which are 8 km apart from each other. From the pass, Mt. Ena can be seen in the distance due south. The post town of Magome is below the pass. This is where Shimazaki Toson, a famous Meiji novelist, was born and is also the stage of his masterwork "Before Dawn."
I've been thinking about setting up a writers' and researchers' marketplace using the scriptlance engine. For research, Google's answers site takes us close to where I want to be, but there are some important limitations. First of all, answers are posted for everyone to see. Second, the number of "experts" has been limited (though this may change in the future). Some listings of writers and jobs exist, but they are just that, listings. I'd like to set up an auction and track buyer and seller experiences ala Amazon or eBay. Do you think that there is a market for this? Would you be interested in being a buyer or seller?
I'll give you an example. I happen to be interested in Ando Hiroshige - a Japanese woodblock artist from the Edo period in Japan. I'm interested in obtaining high quality, high resolution scans or photos of his work. One approach is to have them scanned from a book - several great Hiroshige collections are available. A better approach would be to get the original digital art from the book author or publisher. I would like to know how much this would cost compared to, say, hiring a professional or semi-professional photographer to photograph the prints in a museum. I might be interested in (1) having some research all this and tell me what to do, and (2) having someone write up and publish this research.
Update: Facinating. PR Newswire has a site called ProfNet which claims to unite sources and journalists. It is pretty exclusive though. As they say, "all experts registered in the ProfNet Database must be linked to a member PR professional or information officer who can vouch for their qualifications."
Session Start (AIM - torque:boxocide): Thu Dec 02 11:43:33 2004
torque: are you the boxocide of boxocide and esx?
torque: only possibly?
boxocide: yes, only 'possibly'
torque: Well, assuming that you are, i have a couple of questions... I run a little blog that was recently defaced (actually, my entire domain was defaced). It took some time to recover, but I quite appreciated that most everything was left intact. I'm interested in interviewing you for the blog, as well as understanding in more detail what the holes were in my setup.
torque: Tell me about yourself.
boxocide: I'm young; still in my 'teens'. I have been programming multiple languages for quite some years now and have aquired a great knowledge of computer hardware and software. Not only do I like computers, but I play bass, and I love taking apart my toys :-)
torque: That's fun. In my (minimal) spare time I enjoy jamming on my acoustic guitar. Haven't quite picked up the bass yet though. How did you get started in computers?
boxocide: I started playing Quake2 when I was in grade 5, and I started trying to learn HTML to make my clan a website. From here I slowley started getting into "border-line" illegal activites.
torque: Wow, I feel old now. I remember when Quake1 was introduced. I was a Doom junky in college. What is your long-range objective? Where do you want to be 10 or 15 years from now?
boxocide: Hopefully not behind bars. :) I'd love to become a security teacher, However; I'm not the most motivated in my school work as I should be to get a computer science degree, or something of that nature.
torque: Are you currently working on a college degree?
torque: What do you think are your greatest strengths? You mentioned teaching, have you been able to do anything informally?
boxocide: Some people say I'm quite the 'social engineer', I love talking to others; I teach my friends how to do certain things with computers and even my teachers!
torque: I'd like to jump back to your statement about "border-line" illegal activities, how did you get started? Was it experiment on your own? With a group of people?
boxocide: Hahaha, I was defently a little script kiddie; playing around with trojans. Until I started getting more in depth with computers and they internet -- Learning protocols and seeing how I could manipulate systems into doing something they shouldn't/or be stopping.
torque: What is the most interesting thing you have done in terms of making a system do something it shouldn't be doing?
boxocide: That's a tough question, I generally tend to just expierment with different applications and try to make them do silly things! Especially gaming, I love 'hacking' the game! I'm going to have to say the most exciting thing I did though would have to be ... I couldn't tell you, I'm not even sure! :-P
torque: So, why "boxocide"?
boxocide: haha, because I couldn't think of anything else! I use to go under an old alias; which I won't reveal even though a lot know ;p -- however, it means "to kill your box" -> box as in, your computer: icide, to terminate. I just used ocide instead of icide because it sounded funner ;)
torque: Clever :) Are your activities politically motivated?
boxocide: Hahaha, not at all! I just like having fun! Making people think I'm some crazy nazi or something!
torque: So you aren't a crazy nazi then. :)
boxocide: ... Unfortunatly!
torque: How do you select which sites to attempt? (Read: Why me? :))
boxocide: I havn't said I attack sites. :) But if I were probably random sites just for fun! *cough*
torque: Of course, :).
torque: My site, as I alluded to, was recently defaced. Given your knowledge and interest in computer security, what sort of steps can I take in the future to protect myself?
boxocide: Well, you want to be a frequent researcher. The best step to take is knowing what services/applications are running on your box and make sure you always have the latest patches! And when your bored; Much around as if you were a client to your server and try to mess around doing random things some silly kid could do! Much=Muck :)
torque: Sounds like a reasonable suggestion - though most sites these days, including my own, are hosted by a third-party. Is it usually the host being sloppy or the preson putting up websites? Should I find a more secure host?
boxocide: It can be both, if you are running a web-based application off your hosting it's probably started by you (with full access)... If someone can manipulate that application to doing something such as running system commands on the system; you can end up in a big mess, as you said you've expierenced.
torque: In my domain, i run a number of different open-source suites, e.g., Mambo, phpBB, MovableType, Gallery, etc. Having experienced the said "big mess", is there a simply way to backtrack where the vulnerability was?
boxocide: You would have to look through your web browser logs and try to find some unusual query strings sent by the 'suite'. for example, if you are running a version of phpBB 2.0.10 or lower you are very vulnerable.
torque: Hmmm, I can see that now.
boxocide: There is a exploit in the viewtopic of phpBB which allows an attacker to gain privelages of phpBB, and if your webserver is hosted by a 3rdparty application it probably has the same access as you.
torque: Looks like I've just been exploited again.
boxocide: I wouldn't doubt it if you still havn't fixed the same whole! err, hole*
torque: Ok, enough about this. I want to know more about you. You mentioned earlier that you were not very motivated in school. Is there any particular reason?
boxocide: I find it unnessacary, I find the best knowledge is gained through expierence. It's ridiculous the fact that I need a piece of paper to tell me if I'm qualified for a job or not.
torque: That is a reasonable feeling. Quite widely shared. :) Have you ever had any classes or subjects where this feeling was not the case?
boxocide: It's always the case no matter what! I mean I do learn some things in school but those tend to only be during through my actual hands on expierence... Like my chemistry labs. ;) Sitting on listening to a teacher rant is absurd, the human brain will only interpurt to remember 15% of what is said.
torque: It can be quite frustrating, sitting through a class like that. I've had quite a few. I've found though, that having a "good" teacher can really make a big difference. Are there any teachers that have stood out for you?
boxocide: Oh of course, I have nothing against my teachers most of them are fantastic, caring people. But sitting around living such a repetative life isn't my cup of tea!
torque: What's your favorite food?
boxocide: Haha, potato skins! potatoe*
torque: Do you play in a band?
boxocide: Nope, My rythm isn't the best yet!
torque: What kind of music do you like?
boxocide: classic rock! morrison, zepplin, hendrix! ... and I do love disco, I must say! Beegees!
torque: Your kidding. Really?
torque: How did you get into disco? That's pretty unusual.
boxocide: My dad, singing aloud. Oh, and defently John Travolta! Saturday Night Fever!
torque: You mentioned possibly becoming a security teacher. I assume you meant computer security. Do you see yourself teaching students in a class? Or helping corporations? Some hybrid?
boxocide: No, I meant home security! Haha, I'm joking! RELAX! Yes, I'd love to teach a class of students but probably corporations... But I don't think I will get there considering I'm not a brick on the wall! I won't have the paper to say I'm eligable for the job!
torque: You don't always have to have a piece of paper. Social engineering and who you know usually makes a huge difference. Do you program for money?
boxocide: Nope! I havn't had a job in my life!
torque: Do you have any hobbies outside of computers and your bass?
boxocide: My girlfriend? :)
torque: How is it that you've never had a job? Not even mowing the lawn? :)
boxocide: Never! I'm one lazy SOB. ;) Unless I was asked to do something with computers, It will be done in a jippy, with high quality work! ;)
torque: Tell me more. What languages are you proficient in? What's the most sophisticated thing that you have worked on?
boxocide: Computer Languages?
torque: French, Estonian, Cuban... Let's start with the computer languages, then we'll move on to the human languages...
boxocide: French, Arabic, English... ;p Looks like I'm 2 steps ahead of you :p
torque: Here's mine for real - English, Mandarin, French
torque: For computer languages, the usual suspects for me - C/C++, VB, Perl, PHP, some TCL
torque: Impressive... all self-taught?
boxocide: Pretty much, but I love talking with others -- I can't say I havn't asked for help before :p
torque: Of course. Are you working on any projects now?
boxocide: Most programming languages revolve around the same structure; it's just learning the basic functions for each. Currently, I am working on a Modular Exploiter.
torque: Yeah, that's what I've found. Especially with the internet, basic functions can be looked up as you go. What is a Modular Exploiter?
boxocide: Well basically it's a base program which exploits can be inserted into and then a full remote system scan can be run to find out common vulnerabilties in a site. And exploits can be added as it will have its own exterior language.
torque: What are you using to write it? Is it a web application? I guess it is all a web application, what I mean is, whether or not it is something that is run locally or on a server.
boxocide: It can be run locally or remotely, and it's a *nix based program runs from shell. Written in C
torque: Are you writing this on your own?
torque: What are your plans for this software?
boxocide: Maybe Public Release, I don't know how people would react though or if it would get me in trouble.
torque: Sounds like it could get you into trouble. Though site admins would probably thank you. Is there software already out there that does this sort of thing?
boxocide: Yes, but not to this far of an extent.
torque: How far along are you on it?
boxocide: 15% :)
torque: Have you had the opportunity to travel much?
boxocide: Not really, I've been around.
torque: Any place of note? I just got back from China.
boxocide: Not really.
torque: Who is "esx"?
boxocide: My friend
torque: Hey, thank you for taking the time to answer my questions. I learned a lot. Thanks, especially, for pointing out my phpBB vulnerability. Are there any questions you would like to ask me?
boxocide: No problem, if you ever need any help let me know. Hahaha, not really any questions but if you post this interview.. let me know so I can see :p
torque: If you don't mind, I'll do just that.
boxocide: Not at all ;p
torque: Take care of yourself. Try to keep out of trouble. :)
boxocide: Thanks! ;)
I admit it, I was goofing off when I was supposed to be doing more important things. How are you doing on your Christmas shopping? Done yet? If not, visit my Japanese woodblock print gift shop. Focusing on the magnificent Edo era, I offer Hokusai and Hiroshige mugs, t-shirts, etc. Let me know what you think.
Of course, I did set sendmail_from. What happened? It turned out, after a little poking around, that php.ini was not being read. I had placed it into C:/WINDOWS. The configuration: WinXP, Apache2.0, MySQL, PHP. The key turned out to be the Apache2.0 httpd.conf file, PHPINIDIR needed to be pointed to C:/WINDOWS/php.ini (if you moved it there). The most frustrating part was that there were no error messages.