By the way, if any of you will be in Charlotte, North Carolina next week, come to the annual CLNUG IT Forum. I'm going to attend and see what I can learn, and it looks like they're going to have some good topics. Cheap, too (only $75 per person). And if you go, I'd be tickled if you tracked me down to say "hi"...I'm actually a nice guy in person. I'll be the one who looks like me.
and then later in the article they say this:
What I found ironic here is that if someone wants to "cause havoc" with a company that's using this brand of quantum encryption, all they have to do is constantly intercept the signals. Even though the attacker might not be able to decrypt the signals, if the company keeps getting "contaminated" signals, they're going to switch encryption methods. There's your havoc. Heck, the contamination may even make the signal impossible to decrypt...they never really say in the article.
And speaking of encryption, I was walking through the bookstore the other day, and I noticed that my favorite book in the whole world -- Cryptonomicon by Neal Stephenson -- is now in paperback (it was previously available in trade paperback, but not small paperback). When I took a closer look, I saw that it had an excerpt from Stephenson's soon-to-be-released book called "Quicksilver" at the end. If you're a big Neal Stephenson fan like I am, it's worth a trip to the local bookstore to read the excerpt.
If you're not a big Neal Stephenson fan, you should consider becoming one. There's a link to some of his online articles and writings at this site, and you can download the text of his essay about operating systems, the Microsoft monopoly, and why Linux is so cool here. Some of his books are on the science fiction side of things, but Cryptonomicon is just good, honest, geek fiction. Buy it, read it, love it.
Here's the deal: when you use Val to convert binary number strings that you haven't explicitly defined as Integer or Long (using a & or a % suffix), Notes automatically tries to decide whether it's an Integer value or a Long value before the conversion. In very specific cases, this will give you unexpected results. For example, the following script:
Const bin1 = &B00000000000000001101010101010101
Const bin2 = &B00000000000000001101010101010101&
Print "bin1 = " & bin1 & "; bin2 = " & bin2
bin3 = Val("&B00000000000000001101010101010101")
bin4 = Val("&B00000000000000001101010101010101&")
Print "bin3 = " & bin3 & "; bin4 = " & bin4
will give you this result:
bin1 = -10923; bin2 = 54613 bin3 = -10923; bin4 = 54613
For bin1 and bin3, because we didn't explicitly specify the variable type, Notes decided that it was a 16-bit Integer instead of a 32-bit Long because the first 16 bits are zeros. The problem is, the 17th bit (or the 16th, depending on which direction you're counting from) is a one, and for an Integer value that's the sign-bit. As a result, Notes thinks it's a negative Integer instead of a positive Long. You'll notice that explicitly assigning the binary number as a Long by using the "&" suffix will make Notes interpret the number like you want it to. The same thing is true for Hex values, too (try using &H0000FF00 and &H0000FF00& in the agent above).
So the problem with the SHA-1 routine was that the bin2dec function that converts binary strings to Long numbers wasn't designating the 32-bit binary strings as Longs, so if you happened to be converting a string that had 16 zeros followed by a one, then the strings were being incorrectly converted to negative Integers.
I think everything is fixed now, so if you downloaded the SHA-1 scripts before today, please re-download and try again. I guess I need to start versioning these things, so you'll know which bugs to expect.
Oh, and this is completely off the subject, but I just saw this on the news as I was typing: if you use a laptop, please watch where you put it.
If you need more stuff to look at while you're waiting for Monday to arrive, you should stop by the IBM DeveloperWorks site. They've got something for everyone: on the Java frontier, there's everything from understanding Java bytecode to a Tetris JavaBean. Fun, fun, fun.
I had a little more time on Tuesday night, so I posted a LotusScript implementation of the SHA-1 hash algorithm and made a minor update to the web server logging section of the Notes Tips page. I've also got some more C code to put out there, as soon as I get it cleaned up and a little more tested. And maybe some DSAPI and SOAP stuff, if I can ever make time to finish those pieces of code. And lots of other partially written chunks of code scattered over several of my computers.
I've probably got a few too many irons in the fire right now, but I suppose it's better too many than not enough. I just have to keep reminding myself to focus on one or two tasks at a time. I also have a family and a job and a life to think about, and those things are a wee bit more important than a silly website...
One other random comment, since I have a few minutes to write at the moment: as I was getting those pieces of C-code cleaned up for posting the other day, I was debating on whether or not to start hyping my site as offering "open source" software and code. After all, I've got plenty of pieces of freely available code for download on this site, and calling myself an open-source contributor seems like a cool thing to do. After a minor debate with myself, I decided against it. It felt too much like a buzzword (like saying my tools were "developer enablement initiatives" or something), and I wasn't sure if "open source" might imply more than just free source code. I don't know what, but I didn't feel like researching it at the time.
Of course, it's this very type of marketing non-initiative that will always keep my site from being popular with more than a handful of people. Well, I guess there are plenty of other reasons (including a severe lack of graphic design ability on my part), but that's just one more for the list.
To keep this entry from being a total waste of your time, I'll offer you a link. Here's a page that's simply one man's story of his redneck neighbor; it's one of the funniest things I've ever read. I can probably appreciate it a little more than some because I grew up in Georgia (USA, not USSR), but I'm pretty sure that most people can find something in this story to laugh about.
Have a good weekend.
There's a DSAPI connector for Tomcat, which looks like the big contender. This series of articles from Workflow Studios looks like it might be a big help if I decide to go down that path (at the time of this writing, only part 1 of 3 is available). There's also this article on the Lotus website that's not nearly as in-depth, but it also talks about integrating GnuJSP as an alternate to Tomcat -- GnuJSP isn't nearly as feature-rich as Tomcat is, though.
If I end up going down any of these roads, I'll try to keep you posted.
(p.s. -- the previous month blogs have now been retrofitted with the new format...for better or for worse.)
First, the blog entry titles and the colored bar that visually separates the entries will allow you to more easily scan the monthly blogs for information. Second, I finally got around to defining a CSS class for the blog entry titles/headers, so it will be easier for me to update the design later on. Third, I'm now storing each day's blog entries as a separate document in a Notes database, which will make it a lot easier to manage everything on my end (before each month was a single document, not each day -- a short-term decision I made in order to bring the site up as quickly as possible when I first started out). And fourth, the titles and the separation of documents will allow me to set up an archive page like Ned Batchelder's, which I think is a nice concept.
Of course, I still have to pull all the previous month's blogs into the one-document-per-day format in order to complete my little project. I'll probably write an agent to parse everything out for me, to avoid at least some of the manual effort.
I often wonder why I spend so much time doing this sort of thing. Probably better not to think too much about that...
Speaking of spending time doing things, since you're spending yours looking at this site, I suppose I should offer you a link to something interesting, lest you get bored with my self-involved blog entries as of late (I'll try to work on that). How about this: for those of you thinking about saving a little money by staying at offsite hotels for this January's LotusSphere, you may want to avoid the Holiday Inn.
For all you generous people who monitor the LDD Forum, you can now tell newbies to download and use this program when they get an RBOD or an error message on their client that just says "Error: 0x1234". Of course, with some of those people you'll still have to explain to them how to get to the site, and how to download a file, and how to unzip it, and how to put it in their Notes program directory, and how to find their Notes program directory...
I'll probably write a tip about how to understand the header information in some of the itemdata elements sometime in the future too, whenever I get a chance. It's not that hard to figure out once you understand where it's coming from.
On a totally unrelated subject, here's a pretty funny news bite I read on the wire today. The moral of the story? Never trust a sorcerer.
Sorry, that's probably getting a little geeky. Suffice to say that I fixed it and reposted the code, so if you downloaded it before today, please download it again.
That reminds me of an interesting quality of ASCII letters: if you take the ASCII value of a lowercase character and apply a mask of &HDF with a bitwise AND operation, you get the uppercase value of that character. If the character is already uppercase, it stays that way. I've always wondered if that was intentional on the part of the ASCII designers or just a nice coincidence.
Okay, I guess that was pretty geeky too...
for %I in ( c:\mydir\*.dll ) do dllxlist %I >> c:\dllexp.txt
This will run the dllxlist program against each DLL in the c:\mydir directory, and send the output to the file c:\dllexp.txt. If you wanted a separate file for each DLL, you could also do something like:
for %I in ( c:\mydir\*.dll ) do dllxlist %I > %I.txt
Oh, and if you're going to run that command from a batch file, you'll need to specify the variable as %%I (with two percent signs instead of one), just because those are the batch file rules.
If you want some really in-depth analysis of the issues surrounding secure voting technology in general, there's a whole section on it in Bruce Schneier's fantastic book: Applied Cryptography.
Also on the subject of electronic voting, here's an older story about how Microsoft employees manipulated the results of an online poll between Java and .NET. Boy, if you can't trust Microsoft, who can you trust...?
Also, thanks to Rod Whiteley for giving me a good answer about my recent post on LDD. That guy truly is a wealth of knowledge -- and I say that not because he answered my question, but because of the quality and volume of his past answers on that forum. He's posted some really cool information out there.