Thursday, April 21, 2005

Cagayan de Oro online directory

I had to get phone numbers for some Cagayan de Oro hotels so that friends who were going there could query prices and book (they still don't have web sites, or the web sites don't come up early enough in google) and I remember that there's a handy site for searching for CDO phone numbers. CDO-ID is a searchable site for numbers.

Now, the front page hasn't been modified since around 2001, so possibly the phone numbers aren't the latest either, but most of the numbers will still work.

I remember that when I used to work for an internet provider in CDO I wanted to do something like CDO-ID too. Years before that I'd gotten hold of the Misortel phone data and had a searchable site (long gone now, hosted by weblink i think). Well, I tried to get the data out of the telcos, but they were incredibly unimaginative and I never really could get the data out on a regular basis so that I could have a reasonably up-to-date directory. Eventually I gave up trying, particularly when I found out that CDO-ID already had a site.

This resistance to putting up phone numbers on the internet is a major stupidity for any telco. After all, if the phone numbers are online, people can search for them and they're then likely to make long distance landline calls. The cellular telcos should probably also do something similar, at least for their postpaid accounts, and maybe some sort of interactive prepaid directory too (aliases allowed, but maybe filtered for obscenity and illegal names). That would probably drive up voice traffic.

But I don't see the celco's doing that either. They don't like change, despite their business being founded on technology, where change is so fast, it's essential to embrace it.

Wednesday, April 20, 2005

one letter passwords

I was listening in on a conversation on passwords the other day. One of the people in the conversation mentioned that they knew someone whose password was "A". Just the one letter. And there was a conjecture that maybe that was a really hard password to guess since, most people would think 3 was short and no one would think that anyone would use a one letter password. This was for windows login passwords, so it's not something that would normally be attacked via brute force somehow, although in an organization with lax password controls, the same password might also be used for email, file shares, etc. In which case the situation suddenly becomes worse.

Anyway,I thought about that a bit, and yesterday the refutation came to me. A one letter password is a dead giveaway because it's so easy to shoulder surf. It's not even necessary for the shoulder surfer to actually see what's being typed. It's sufficient to see that only one character was being pressed. After that, it would be trivial (in the lax organization, more security conscious organizations would have failed password limits and timeouts) to try all the one character printable characters on the keyboard and log in.

Tuesday, April 12, 2005

usb thumbkey svn repository speed

I store (most of) my source code in a USB flash drive. Originally it was ext2 (because my previous thumbdrive was ext2, because i couldn't put reiser on it, at 32MB the old drive was too small and reiser wouldn't mkfs on it). Yesterday I got frustrated because commits were taking too long (small commits, but they were taking 2 minutes or more). So I did an svnadmin dump and also tar-gzipped the repository and rebuilt the filesystem as reiser.

Reiser said how much of the disk it would eat, and then proceeded to make the filesystem. After the load, checkouts, commits and updates are very much faster. I think I'll stay with this. I'm not sure what the problem was though. It might just have been that svn was trying to update too much data there (maybe the strings file, which is 6MB) and was just slow yesterday. Or it might be that reiser is just doing something good and it's a better match for SubVersion. I'll keep track of when it gets slow again. If it never does, then I'll stick with svn, but if it does get slow, I'll try xfs and jfs for svn, just for fun :).

boost regex!

I posted on the PLUG mailing list about regex libraries in C/C++. Matt Baluyos pointed me at PCRE and paolo falcone pointed me at Boost. I decided to go with boost because I couldn't stand the PCRE library.

That's not to denigrate the quality of the library, it works, very well. I use PCRE implicitly in PHP and it's a great help and is incredibly easy to use there. But C is now just too low level for me and while I can work there, I don't like it much. If I can, I work in PHP (perl is far too ugly for me, although that could change if i were to work in it instead of just reading it). I'll be working in java soon, but I tend to have a bias against it for small projects. I'm sure it's great for large projects, but even there, the libraries and frameworks seem over-engineered. But that's probably just a function of the fact that they're large enough that I can't get my brain around them in a week.

For anything lower level that I can't do in java or php, i like C++. And that's where I use the boost regex libraries. I've written utility functions that hide some of the details of the boost implementation (just pass string pattern, string data, vectormatches, and internally it does everything else). there's also a similar set of utility functions that passes the pattern as a regex const reference instead (so that patterns that are used all the time aren't re-compiled).

it's very nice to be able to say:

vector matches;

if ( re_search(pat, line, matches) )
{
for (int ctr=0; ctr < matches.size(); ctr++)
do_something_with_match(matches[ctr]);
}

Thursday, April 07, 2005

php, popen, stream_set_blocking(...,false)

So I thought that I could make a "multi-threaded" (but not really) program in php by using stream_set_blocking. Well, the things I need to do simultaneously involve calling popen on external programs and then reading the data and doing something with them.

Well, popen doesn't work with stream_set_blocking(..., false), so I can't do things that way. Unfortunately, I've spent a week or two setting up the framework for all this (so it would be easy and convenient) but now I find it can't be done.

Oh well, time to give up on trying to do that in PHP then, and just buckle down to doing it in C++ (the original version is in C++, but frankly, I just don't want to maintain that code anymore, no choice now though).