SeanColombo.com

I’ll be speaking at the University Of Pittsburgh’s School of Pharmacy (in 810B) for a “Lunch and Learn” on May 14th. The talk will be on SiloSync (which will need to be updated quite a bit before then) and will probably go into a more general discussion of Social Networking and Freeing the Social Graph during Q&A.

From what I understand, the Lunch and Learn series is mostly attended by faculty and staff, but we’ll see. The last talk was by Jesse Schell of Schell Games, so I guess I’m in good company!

Thanks for inviting me, Pitt!

Don’t worry… be happy.

UPDATE: This was an April Fool’s joke. On April 1st, every page on LyricWiki resulted in a Rick-Rolling. To view the page as it would have been on April 1st, please try this permanent link.

Now you can easily link directly to LyricWiki from Wikipedia. Behold inter-wiki linking.

I wrote a simple (and portable) PHP profiler for the engine running doItLater.com.

It’s a whole barrel of fun if you’re into having blazing-fast code: check out my post on the doItLater blog.

Enjoy!

Today I’m visiting my brother in his office on the 42nd floor of a skyscraper in downtown Pittsburgh. He has some stuff to read for work and I have some code to write. We saw a couple of helicopters hovering over the Strip District, so I went to a bunch of local news stations to see what was going on. It’s Saturday so there isn’t really anyone else around to ask about it.

The local news is pretty miserable at giving up-to-date info, so they didn’t even have anything about the fire that traffic was being diverted around on McKnight Road last night at about 1:30am. My guess on that is that it was a natural gas fire. On my way to the city today, there were still fire-crews and policemen all over the block.

Since I have little confidence in the timeliness of the local old-fashioned media outlets (they try… but they’re years behind), I had several sites open. The closest thing I could find was that a man was shot to death last night after firing at policemen in the Strip District.

My brother had stepped out for a second when I suddenly heard and felt a deep rumbling. It reminded me of explosions. The first natural response is denial “hmm, I wonder what completely normal event that could be… a dump truck, construction in this building, fireworks for some celebration?”. After a few seconds denial was shot… something was up. I went to the window to see if I could find any visual explanation because the rumbling was still going on and was very loud.

I couldn’t see any dust clouds, fireworks, crashes or anything else that would explain what was going on. It was somewhere in the range of 5 to 10 seconds total and I could definitely feel that the building was shaking. Right after it stopped, my brother came back into the room and said “did you feel that?”.

Thinking back to 9/11 and basically any other your-skyscraper-is-pwned event, the secret of survival is NOT to be standing on the 42nd floor wondering what is going on. You GTFO and figure it out later.

So we just bolted to the stairs and started heading down. At about floor 38 it sunk in that this was going to take awhile. After quite some time of running for our lives down the stairs and out the building (that’s a lot of stairs) we got outside and realized that the building looked fine, there was no panic in the streets and the security staff seemed not to have noticed anything.

Shweet, everyone gets to live.

My brother said there was construction on the floor below him, so maybe something really weird was happening there. It still didn’t totally make sense though. We approached a security guard and had a somewhat amusing conversation:
“Hi, um, did you feel the building shake a couple of minutes ago?”
“Yeah.”
(pause) “… do you know what it was?”
“That was the implosion.”
(pause) “… what implosion?”
“The old St. Francis Hospital they’re getting rid of for the new [Penguins] stadium.”

Thanks for the forewarning, local news websites! :-P

We realized ahead of time that it was probably no big problem, but the evidence we had pointed to street-level being a much better location than a skyscraper while we figured out what happened. I’m glad that we made the choice to bolt so quickly instead of thinking about whether or not we’d be embarrassed by running for no reason. If only one out of every 1,000 times I’m in a situation that abnormal there is actually a catastrophe, I’d be more than happy to sacrifice the 5 to 10 minutes getting to a safe place each time before figuring out what happened.

That’ll get your blood flowing!

UPDATES: Two quick observations…
1: out the window, way out to the right (between two other buildings) is the wreckage of the implosion. If I’d looked that direction well enough I might have been able to see the cloud. That would have been sweet (and saved me a workout).
2: Geek-reference: We’re on floor 42… Hitchhikers Guide… “Don’t Panic”. LOL. I should have brought a towel.

W00t… it’s my first Valentine’s Day as a married man and I’m lucky enough to be married to the greatest woman I’ve ever met!

I love you Nicki. :-*

I’ve noticed over the past week or so that the spammers have a new trick up their sleeves. Within the last week I’ve gotten invites to iLike.com, IMVU, and myYearbook from people I don’t know, sent to an email address that I don’t really use (it’s forwarded to the same place like all the rest, but I don’t give it to anyone).

Bot-nets

I’ve had to fight spammers quite a bit on LyricWiki.org, and I’m beginning to realize a little bit more about why things work the way they work. As far as I can tell, the state-of-the-art in spamming is that tech-criminals build up bot-nets and then sell them as spamming machines. They use the zombies to attack popular technology in ways that uses other people’s web-servers to send out spam. This way, they can use the reputation of these servers to assure higher delivery-rates and they can count on the people running the servers to try to keep their reputation w/spam-filters as high as possible.

For a little more background for the uninformed: a bot-net is a vast array of hacked computers (zombies) that can be controlled remotely. Basically these are just everyday people who have been infected and are none-the-wiser. Years ago when your computer got infected, you generally got viruses that caused a ton of popups and eventually you sought help to remove the viruses. But with today’s bot-nets, the infected user generally has no knowledge of the problem and therefore doesn’t clean off their computer. When the bot-herder (who runs the bot-net) wants to do something, they use Trojan Horses which they’ve installed on the computer to send updates with what the computer should silently do.

For instance, I run MediaWiki on LyricWiki.org, and many bots have been trained to vandalize pages with random letters (I’m assuming it’s random… it might actually be a tracking-code) which they later come back and check for. If the wiki is not well-patrolled, then they come back and spam these pages with links. This way, they don’t have to reveal what product they are promoting unless they know it is some small wiki potentially with low resources - this prevents them from being tracked down by huge companies and reported to authorities. An added bonus of the bot-net approach is that each computer has a different IP address, so it’s hard to block all of them.

Invite-Spam

In this new flavor of spam, it appears bot-nets are signing up for profiles at social networking sites, and sending out invites to victims. This is a great way to use other sites’ reputable servers to send out spam that is highly likely to get delivered and also to make it through contextual spam filtering (since they look like any other invite).

This creates an interesting conflict for the sites who are being used to send the spam: on the one hand, these bots are out promoting them for free, getting new users to sign up out of curiosity (”Do I know this person? The name sounds vaguely familiar…”). On the other hand, these are ill-gotten users, and the spam that’s being sent out probably moves their servers on to more and more blacklists. Both options are a mixed-bag, and in the end I feel that it’s always best in business to do the right thing without immolating yourself. You didn’t earn these new users, so just take a stand and try to solve the spamming issue if you can. Aye, there’s the rub: often, a startup’s most rare asset is time. How much time should a company devote to trying to fix a problem like this? They could be out promoting their site, adding new features, or fixing bugs. They’re always understaffed, and there is always more work to be done.

This is a hard problem to deal with since you’re either protecting strangers from a bunch of spam that’s coming from your servers (which you really had nothing to do with), or you’re adding features for your users. A tough call to make. Hopefully some of these companies can co-operate to come up with a technical solution that they can share amongst each other to make it practicable for them all to implement it. The three companies whose servers spammed me aren’t even direct competitors - one is chat (IMVU), one is youth social-networking (myYearbook), and one is music-focused (iLike).

I’ve emailed a friend at one of the companies and explained the situation. It will be interesting to see how they respond.

PS: Please don’t comment about just adding a CAPTCHA. Those things are horribly useless against talented programmers and have an inherent “economic” flaw. I’ll probably write more about it later, but to put it simply, every time I see a site using “ReCAPTCHA” in a place where they should have actual decent Turing-test security, I cringe. It doesn’t do that!

This is one of those things I use really rarely, then forget about it and have to re-figure-it-out every time. Never again!

If you are using JavaScript and you have a number inside of a variable as a string, the JS engine won’t do numerical comparisons, so you may get some weird results.

For instance:

var nine = '9'; // the quotes make this a string
var ten = '10';
if(ten > nine){
   alert('This makes sense, but will NOT get displayed');
} else {
   alert('10 is less than 9 because JS uses a string-comparison ' +
         'that stops after it finds the \"1\" character being '+
         'less than the \"9\" character');
}

… will actually display the second alert. Looks crazy, huh?

To work around this, we can just use arithmetic and subtract the numbers from each other and look at the difference. This chunk of code shows how we can fix this to make more sense:

var nine = '9';
var ten = '10';
if((ten - nine) > 0 ){
   alert('This makes more sense!  '+
         'Since the difference of the first var minus the '+
         'second var is greater than 0, the first var must '+
         'be greater than the second.');
} else {
   alert('This will NOT be displayed because it would make no sense');
}

Hope that helps someone!

Another quick tip that will hopefully be helpful to someone. When using “file_put_contents” on a directory that has full write permissions, you may still get “Permission denied” errors. It turns out that in PHP (at least in some cases, not sure if it is always), you need to have execution permissions on the destination directories also (chmod them to 777) in order to be able to write to them using file_put_contents().

I was at a bookstore last night looking to learn more about learning itself. I was horrified by the state of things. I figured in a massive Barnes and Nobel which has entire aisle devoted to focused niches such as Manga or Personal Fitness, that Education should have an entire area - strange that I didn’t remember seeing it before since I’m in bookstores quite often. I mean… it’s education; a book store should be just the place to find this info.

After poking around for a while, I had to ask for help. I was finally shown the single “Education” rack (there’s about 5 racks on each side of a single aisle). I poured through the titles on the shelf and there wasn’t a single volume on pedagogy (roughly: the study of teaching) or epistemology (the study of how humans learn). All of the books I found were basically just mis-classified and belonged in the “teaching” section next to this rack. There were nice little memoirs about a teacher’s first day on the job, a book about the challenges of being an administrator in a poorly-funded inner city school… but no actual scientific studies of how to teach people or how people learn.

Something is terribly wrong here.