bugfox blog

In a development of world-shaking importance, Alex Papadimoulis announces a new technique that can totally eliminate the problem of bad code.

The new FTC blogging guidelines are supposedly intended to go after the big commercial astroturfing campaigns, where publicity agencies pay large number of bloggers and tweeters to push commercial products. However anyone who blogs or posts to social networks needs to be aware of the rules, since it would be pretty easy to run afoul of them.

This raises significant free-speech concerns. Jack Shafer in Slate has a pretty good run-down of the issues: The FTC’s Mad Power Grab.

I got a request for Sean Hickey’s original aLinks code.

Here it is

Download

…but be warned that it has some serious bugs. However it includes features that are not in my fixed version.

Go here for my fixed version, which omits some broken features that I never got around to fixing (because I don’t use them.)

In The Quiet Coup Simon Johnson, former chief economist for the International Monetary Fund (IMF), says that the current financial crisis resembles on a larger scale the sort of messes that emerging markets get into. He says that if we don’t want things to get worse we need to impose the kind of reforms that the IMF would demand of a small country that came to it for help.

Megan McArdle seems sympathetic to this notion, but in Foreigners + Money = Crisis? she points to claims that the IMF thoroughly botched its handling of the Asian financial crisis of 1998, which like the current crisis had a lot to do with countries being flooded with volitile foreign investment.

How do you create a IDictionary that does case-insensitive key matches. There are a number of solutions posted on the web, but none of them seem quite correct. The following should work.

IDictionary map = new Dictionary(new StringCompInsensitive());


where

public class StringCompInsensitive : IEqualityComparer
{
    public bool Equals(string x, string y)
    {
         return String.Compare(x, y, true) == 0;
    }

    public int GetHashCode(string obj)
    {
          return ((string)obj).ToLower().GetHashCode();
    }
}

I can’t give proper credit to the author of this piece. He may be an expert on computer security, but he doesn’t seem to know much about how to set up a web site (there’s no link back to the home page.)

Nevertheless, The Six Dumbest Ideas in Computer Security is well worth reading if you have any interest in how to secure a computer or a network.

Microsoft has finally addressed the problem I described here and and released an official update to let you really disable AutoRun. (via The Register.)

Wired tracks down the actual mathematical formula used by the investment bankers and credit rating agencies to wreck the economy.

Maybe it’s unfair to blame David X. Li, who did warn that his formula was being used inappropriately. (On the other hand, he did say it was “better than nothing”, which seems not to have been the case.) Probably if the Gaussian copula function did not exist, the whiz kids would have found something else.

Greg Newton dug up a series of photos that seems to do a nice job of explaining the system.

Back in the early 1990s, when Microsoft was raring to conquer the world, and still thought that security was something that could be dealt with as an afterthought, they added two features to Windows that have caused endless grief: ActiveX controls and AutoRun. Both were intended to make things more convenient for developers. (ActiveX was also a blatent attempt to hijack the Internet by encouraging web developers to build sites that could only be accessed using Windows and Internet Explorer.)

ActiveX controls used to cause all sorts of security problems, but this issue has gradually faded away as web developers came to realize that they should never, ever use them, and end users learned to always click “No” on requests to install them (or better yet, just use FireFox or some other browser that doesn’t support them.)

AutoRun, which automatically runs a program whenever a removable disk is inserted in the drive, has persisted because it’s just so convenient for developers to be able to say “Just put the CD in the drive and follow the instructions on the screen.” Recently however a new wave of viruses spread though devices like USB keys and electronic picture frames has convinced many users that this feature is much too dangerous to allow on their machines.

However when they try to disable AutoRun they find that Microsoft has made it ridiculously difficult. There are various menu options to turn it off, but they don’t really work.

As a public service, here’s a link to Scott Dunn’s article that gives relatively simple instructions for really disabling AutoRun. (After doing this, when you want to install software from a CD-ROM you will need to open the disc in Explorer and run the setup program manually.)

Woody Leonhard’s description of the “Conficker” worm makes it clear why it is so dangerous to leave AutoRun even partially enabled.