Saturday, March 24, 2007

A "candy train" birthday cake






Ruth, my sister, and Aviv's aunt, prepared a train, or a candy train cake for Aviv's birthday party.

A soccer game birthday cake



We celebrated today (this is the third time in the last 2-3 weeks: first time was at my parents' home, second time in the kindergarden and this is the third) Aviv's 6th birthday, by inviting over to our house family members.

Here's a birthday cake with a soccer theme.

Friday, March 23, 2007

New pictures from a morning in the National Park in Ramat-Gan





I spent this morning with my mother and my youngest son, Nir, at the national park in Ramat-Gan. We went there due to a gathering of participants of Tapuz's gardening forum.

Here's my post with many pictures, at the forum: http://www.tapuz.co.il/tapuzforum/main/Viewmsg.asp?forum=465&msgid=95914106

Thursday, March 22, 2007

New patent submission

I just submitted a new patent idea at work. It describes a pattern matching engine that I designed and implemented for signature based negative security (i.e., signature based IDS/IPS). The engine is useful in cases where one needs to match a large (possibly even a very large) number of matching rules against data, for example be used in lexical analyzers or parsers, or other information extraction tools.

Let's see when the patent committee discusses the idea.

Multiple possible root elements in XML Schema validation

I posted to xml-dev that validation of an XML document against an XML Schema allows more than one root element to the document when there are global element definitions in the schema.

This was confirmed and the relevant standard text was quoted by repliers.

See: [link to post is not yet available in the online archives]

Wednesday, March 21, 2007

Google Reader

A few weeks ago a friend of mine at work showed me how he reads things using the Google Reader. From then on my life is not the same :-)

I gradually find more bloggers that I enjoy reading and I like it!

I started to do daily reads on XML technology, math, science, open source software, linguistics, data mining and other interesting things.

Sunday, March 18, 2007

New pictures of the kids




There are new pictures on the kids available on the gallery at http://yeda.cs.technion.ac.il/~yona/aviv/index.html

Here are some previews:


Nir with his great grandmother (Michal's grandmother), Sabina.

Sivan devouring some olives.

Aviv just before his celebration of his 6th birthday party at his kindergarden with his teacher, Sara.

Saturday, March 17, 2007

Music of the primes המוסיקה של המספרים הראשוניים

I read the "Music of the primes" over the weekend. See my review on Amazon:
http://www.amazon.com/Music-Primes-Searching-Greatest-Mathematics/dp/0060935588/ref=pd_bbs_sr_1/002-9555581-6095224?ie=UTF8&s=books&qid=1174159170&sr=1-1

קראתי את ספרו המרתק של מרכוס דה סוטוי, המוסיקה של המספרים הראשוניים. הסקירה ההסטורית על נושא במתמטיקה וחשיפה עלילתית של ההתמודדות של האנשים השונים, של החוקרים השונים והכול תוך כדי חשיפת האוירה והתרבות והחיים בתקופות שבהם פעלו הדמויות -- כל זה מרתק.

I'd describe the book first as a novel, then as a history book and will not describe it at all as a mathematics book. It does, nonetheless, links nicely the thread that links several important works in mathematics.


Too many metaphors for my taste. Also, too many repetitions on information that was already mentioned in previous pages.

The book gave me a nice overview of the last two centuries viewed through the linking thread "The Riemann Hypothesis", introduces some interesting problems, some of which I learned in my undergraduate studies, and some were new to me. I liked the list of references for "extra reading" given by the author.

Nice book, too much of a "novel" for my taste. I like my math formal and my history with more facts than metaphors, but I'm not sure that my taste is the kind that makes books like this sell... :-)

Bottom line: nice read. I read it in a weekend and the Hebrew version (with a very good, in my opinion, translation by Uriel Givon, who added some extra information in the footnotes). 

Saturday, March 10, 2007

u8u16 high-speed UTF-8 to UTF-16 conversion software

http://u8u16.costar.sfu.ca/ contains the SVN repository for u8u16, high-speed UTF-8 to UTF-16 conversion software based on the parallel bit stream technology developed by Prof. Rob Cameron.

The implementation uses a (patent pending) technology to achieve high-speed encoding form conversion several times faster than typical industry standard iconv implementations.

Friday, March 9, 2007

Keep it DRY, shy and tell the other guy

I read a nice article from IEEE Software by Andy Hunt and Dave Thomas that tries to describe Object Oriented Design in one sentence: "Keep it DRY, shy and tell the other guy".

DRY means: Don't Repeat Yourself. The idea is to keep a single authoritative and unambiguous representation of an information item in your system. This way, even if you end up having several copies of the same data, possibly in different representations, you should be able to generate them all from that single authoritative and unambiguous representation. Code reuse is a good example of this principle. The principle doesn't only apply to code, but also to documentation, build process, schemas, etc.

Shy means: de-coupling. The authors describe four types of coupling:
  • static -- one thing requires another thing in order to compile. This is not a bad thing as long as you use what you need and avoid things you don't need. Don't carry excess baggage.
  • dynamic -- when one piece of code requires another one at runtime in order to perform a task. This becomes a problem when you find yourself using a daisy-chain of calls to different pieces of code instead of direct communication between the parties involved.
  • domain -- when your domain expertise becomes part of the code. This is not bad as long as the domain information doesn't change much, but becomes a serious problem when it does. Representing the domain information as meta-data and processing it using a rule engine will usually save the day.
  • temporal -- when the coupling has time dependency. Think about avoiding time dependencies where they are not necessary.
Tell the other guy means: do your best to tell other code what to do instead of asking it for data and process it yourself. You shouldn't care about details and how things are done, your should just care about getting things done and leaving the details to the parties that need to do it.

I really recommend reading that short paper. It is offering quite good advice.

Chat on any (?) site

I came across a service called Gabbly. It uses Ajax to add a chat widget to a website which can then be used to facilitate chat between fellow-gabblers.


For example, the code to add to my website at http://yeda.cs.technion.ac.il/~yona/ is as follows:

<iframe src='http://cw.gabbly.com/gabbly/cw.jsp?e=1&t=http://yeda.cs.technion.ac.il/~yona/' scrolling='no' style='width:300px; height:250px' frameborder='0'></iframe>

Of course, you'll need to register with them, i.e., give them a username a password and an email address, which they validate using a link they email you and expect you to click in order to invoke the account.

You can also initiate a chatter on any website from their site simply by entering a URL into a form and clicking submit.

Another nice thing I saw was an ability to get an RSS feed from a chatter box. I couldn't think of a use for this -- but it does look like a "cool" feature.


Thursday, March 8, 2007

character encodings considerations in XML parser implementation

I posted questions regarding character encodings considerations in XML parser implementation in the xml-dev mailing list.

See: http://lists.xml.org/archives/xml-dev/200703/msg00074.html

xsd:any and how to interpret the XML Schema standard with regards to it

I opened a thread on xmlschema-dev mailing list regarding interpretation of how to process xsd:any. See: http://xsd.stylusstudio.com/2007Mar/post03001.htm

Threats on Web applications -- nice summary and introduction

Researchers from the Honeynet Project are monitoring attacks by providing systems on which attackers perform their vulnerability exploits. There is a paper listing their findings and conclusions titled: Know your Enemy:Web Application Threats. Using Honeypots to learn about HTTP-based attacks.

The conclusions and future work is listed below:

Conclusions

Web applications present a very high risk, and an attractive target to attackers for the following reasons: Firstly, the quality of the code is often rather poor and many vulnerabilities of commonly used code are published. Second, attacks can often be performed using PHP and shell scripts, which are much easier to develop and use than buffer-overflow exploits. Thirdly, tools such as search engines provide a very easy way for attackers to locate vulnerable web applications. We believe that web servers present relatively high-value targets for attackers since they are more likely to have higher bandwidth connections than the average desktop computer. They will also typically need to access the organisation's databases and so may provide a stepping stone for an attacker who wishes to recover such data.

Although significant effort is being made to improve code quality in many web applications, the volume of existing code, and the amount of new code being written are causing the number of vulnerabilities being reported to remain quite high. (For example, the number one cross-platform vulnerability listed in the SANS Top 20 Survey is web applications.) Since the other factors - public availability, easy exploitation and web applications being easy to locate via search engines - are not likely to change significantly, we can expect to see these trends carrying on into the future.

Future Work

In order to acquire a greater amount of information the deployment process will be stream-lined. Therefore we plan to develop a live CD or an easy-to-install VMware image of our honeypots. Further, the level of detail of the emulation performed by our honeypots will be increased to improve the realism of the simulation and more accurately mimic a genuinely vulnerable web application. These improvements will enable us to observe a wider range of attack patterns and threats that are launched against today's web applications. Finally it would be very interesting to monitor bogus web spiders. This could be done by setting up a new honeypot that denotes its web pages as not-to-be indexed and logs any access to them.

Wednesday, March 7, 2007

Search using www.keywop.com/

I came across http://www.keywop.com/ which has an ajax interface for a meta search engine. It searches 3 search engines (Yahoo!, Mojeek and NG-Search), but it appears that all relevant hits are from Yahoo! alone.

I'll keep an eye on it.

Sunday, March 4, 2007

This month's israel.pm meeting

The next israel.pm meeting will probably take place this week either on Tuesday or on Thursday. No topics and no speakers yet.

I am thinking about dedicating this meeting to fuzz testing and fuzzers

Hopefully, I can solicit Ran Eilam and Yuval Yaari to talk about them...

Let's see how things work out.

Here's the post on israel.pm: http://perl.org.il/pipermail/perl/2007-March/008492.html

Saturday, March 3, 2007

Ra'anana Park





We took the kids today to Ra'anana's park where we met some friends.

A new batch of photos is available at http://yeda.cs.technion.ac.il/~yona/aviv/index.html
which adds a new section at http://yeda.cs.technion.ac.il/~yona/aviv/2007/3.2007/index.html

We saw a swan, the kids played soccer, we sailed in the "lake's ship" and had some ice cream.

Interviews, CVs and integrity

I've been doing quite a lot of interviews of candidates for several development and QA positions, and I'm constantly amazed how some people don't write the truth about their knowledge and experience.

It might be that people think that they are more knowledgeable than they actually are.

I don't know.

I met people who claim to be proficient in algorithms, but cannot describe a sorting algorithm. I met people who claim to be proficient in some programming language, but as soon as you present a simple task to be performed in that programming language it turns out that they actually were only participating in a course where that language was used and don't have any real understanding or proficient of it.

What do these people think? Do they really think that their lies will not be exposed? Even if they fool me and others in the interview, don't they think what will happen when they actually start working and be expected to perform?!

Purim





Sivan dressed up as Snow White.

Aviv dressed up as a Pirate. He was really happy that it included a sword.

The kids were excited from the chance of dressing up in colorful costumes and looked forward to meeting their friends at the kindergarden. Just before we took them to the kindergarden, we took some pictures of them together.

A new batch of photos -- Purim

I put last night a new batch of photos.
You can see the kids with their Purim outfits.
See: http://yeda.cs.technion.ac.il/~yona/aviv/index.html and the March section: http://yeda.cs.technion.ac.il/~yona/aviv/2007/3.2007/index.html