Thursday, August 28, 2008

Polly Ticks

This is freakishly long. For that, I apologize.

I hate politics. No, let me correct that. I hate politicians and I hate the political process. The philosophical branch named "politics" -- I don't hate that. Primary season just makes me mad. I don't like either side. While I would like to think that most of the USA is "mostly rational people that are politically centric" it always is hard for me to hold this belief and watch the news. If you watch the news, we are a people that appear to foam at the mouth with religious fervor on both sides. In fact, if you are religious and wonder what the rest of us think of you when they see you acting silly and believing things without really thinking about them -- just watch the convention of "the other guys" (whichever party that is for you.) Not pretty is it?

Politics is a whole lot like marketing. In fact, I guess it is marketing. And you know, if you have a world class wonderful product that sells itself, being in the marketing department is a dream. Think of nothing to say. Say it. Get money. Cool.

But if you are marketing the current Far Left or Far Right, you have the privilege of being the marketing department for some late night infomercial on penis enlargement pills or "run your automobile on water" schemes.

And one of the things I really can't stand is having to support someone I really don't like. No, I am not really talking about voting for them (though if I vote for either of the front runners, I guess I am doing just that.) What I am talking about is a blatant misinformation policy. At least in my circle of friends/family, this is always really right wing misinformation. I don't know if that means this is a policy of the right or if it is just the circle in which I live. (The left may do it too, I just don't know.)

It's like the whole "Barrack is a Muslim" thing. It's not that I want to defend him, but when you tell outright lies, it makes me do just that. In fact, just as a word of warning: If you compose and send out lies, you will convince those that already are on your side. But those that are on the fence -- you are not going to win them. In fact, you represent your side as a desperate lying scheming machine that will do anything to gain or maintain power. If you cannot figure it out, let me tell you: This is a bad thing.

First off, let me give you one tiny little lesson in "Internet 101." I won't say I've been on the internet longer than everyone, but I've been around the block a few times. Lets just say it was about 1990 when I came on board. That doesn't make me a pioneer. I know that. Okay, here comes a really important word of wisdom. Listen for it. Shush there in the back row. I swear this is important. Here it is: If someone sends you something in e-mail that makes a fervent case for "this is true, really" then there is a real possibility that it isn't. Moreover, sadly enough, the more it gives authority figures and references, the less likely it is to be true. So if someone says "here is the reference, I have already checked it" you would be surprised exactly how many people check it (In fact, I bet 9 out of 10 times the reference doesn't even exist).

Bottom line: Before you forward that on, check your references.

Case in Point

This is only one example. I get these all the time. And I almost hate to reply. Again, I hate to defend someone I don't particularly care for. But I hate the untruthiness of it too. So this is just one example of many, left anonymous to not point too many fingers. My comments are inline in green.

Here comes the truthiness:

Not sure? Check out the 6 references at the bottom of this page. First off, the most important generic point here is that presidents don't make laws. They may suggest stuff, but the last time I read the constitution, they don't make laws. That is the job of Congress. Fear congress. One notable contradiction here is that the last/current president has done a whole lot to increase executive power, which is exceedingly dangerous. And no one has really challenged him. Badness.

ISSUE JOHN McCAIN BARAK OBAMA
Favors new drilling offshore US Yes No
Will appoint judges who interpret the law not make it This is stupid and subjective. They both are going to appoint judges that will be more likely to take a stance they approve of. In the absence of reason, you might as well try to keep the court balanced left vs right. Using this logic, its probably time to have a left judge appointed (again, due to the lack of one that just applies reason.) Yes No
Served in the US Armed Forces Yes No
Amount of time served in the US Senate Not necessarily a good thing mind you. The Senate/House are the least trusted and most dangerous 22 YEARS 173 DAYS Since this is more than a little outdated, I am prone to call it a lie. And its a stupid lie, since McCain does have more time on the job. But 173 days is not 3.5 years. And since he declared candidacy on Feb 10, 2007 and assumed the office on January 4, 2005, it was always a lie. There was never a date that this was true.
Will institute a socialized national health care plan Truly something I vehemently oppose, but again: presidents don't make laws. No Yes
Supports abortion throughout the pregnancy This is way too vague. I seriously doubt you can find something where Obama supports, for example, 3rd trimester abortions. But this in a way says "on one point, Obama supports individual rights, McCain doesn't". Not a good thing to say if you are a McCain supporter. No Yes
Would pull troops out of Iraq immediately Okay, ignoring the "who got us into this whole mess by lying to us" thing here, Given the sources quoted below, while Obama wants out immediately, it doesn't really sound like it will happen immediately. We all know we are there for freaking ever. No Yes
Supports gun ownership rights I found no references in the links below to gun ownership for either McCain or Obama. Good luck amending the constitution to repeal these rights anyway. Yes No
Supports homosexual marriage Again, this reads "supports individual rights: McCain: No, Obama: Yes". I wouldn't include this if I was trying to sway a rational person. If preaching to the choir, then ... WHY? Of course, I have already had my say on this issue here In short: being anti-gay marriage sets you up to destroy the foundations this country was built on. And if you give me a religious reference here I will throttle you. Make it against the policy of your church, but that doesn't make it a law. No Yes
Proposed programs will mean a huge tax increase Too damn generic. Taxes have to go up. The Bush Jr. administration has pretty much assured that with their spending. Will Obama support laws that make more programs? Probably. Will McCain? Less of them, but still probably some. No Yes
Voted against making English the official language I find no reference to that in the references below. However, the internet is pretty searchable and this is public record. No correct answer is YES. This is awkward wording. Actually he voted No to making English the official language if this refers to SA 1384 to SA 1150 to S 1348. Or No if this refers to S Amdt 4064 to S 2611 Yes correct answer is no if this refers to SA 1384 to SA 1150 to S 1348 or yes if this refers to S Amdt 4064 to S 2611. You see, sometimes the same legislation appears more than once... and you get different answers to the same questions. Usually this means one of the bills contains pork, but I couldn't tell you which one (if either)
Voted to give Social Security benefits to illegals You know, if they paid the damn tax, they should get the damn benefit, right? No Oops. Voted YES on allowing illegal aliens to participate in Social Security. (May 2006) Yes this is actually correct... though McCain's record is not -- unless there are multiple bills here.
CAPITAL GAINS TAX Again, I don't see this in the references I was supposed to check. But, this portion of the email -- the entire capital gains tax entry from here to the end is totally documented on factcheck.org I won't go into it here, but I knew it smelled. Obama's tax plan applies to those making in excess of $250k a year. Don't get me wrong: I hate taxes. I think it is wrong to take money from one person (without their permission) and spend it on another. However, the current idiotic way our government has acted has put us so far in debt that it is unlikely that we will ever dig out. Taxes have to go up. If you don't believe that, then I would guess you also have a big credit card balance, a car lease and an interest only mortgage. In short, the rest is bullshit, so I won't comment further. 0% on home sales up to $500,000 per home (couples). McCain does not propose any change in existing home sales income tax. 28% on profit from ALL home sales. (How does this affect you? If you sell your home and make a profit, you will pay 28% of your gain on taxes. If you are heading toward retirement and would like to down-size your home or move into a retirement community, 28% of the money you make from your home will go to taxes. This proposal will adversely affect the elderly who are counting on the income from their homes as part of their retirement income.)
DIVIDEND TAX 15% (no change) 39.6% - (How will this affect you? If you have any money invested in stock market, IRA, mutual funds, college funds, life insurance, retirement accounts, or anything that pays or reinvests dividends, you will now be paying nearly 40% of the money earned on taxes if Obama becomes president. The experts predict that 'Higher tax rates on dividends and capital gains would crash the stock market, yet do absolutely nothing to cut the deficit.')
INCOME TAX (no changes) Single making 30K - tax $4,500
Single making 50K - tax $12,500
Single making 75K - tax $18,750
Married making 60K- tax $9,000
Married making 75K - tax $18,750
Married making 125K - tax $31,250
(reversion to pre-Bush tax cuts) Single making 30K - tax $8,400
Single making 50K - tax $14,000
Single making 75K - tax $23,250
Married making 60K - tax $16,800
Married making 75K - tax $21,000
Married making 125K - tax $38,750
Under Obama, your taxes
could almost double!

INHERITANCE TAX 0% (No change, Bush repealed this tax) Restore the inheritance tax. Many families have lost businesses, farms, ranches, and homes that have been in their families for generations because they could not afford the inheritance tax. Those willing their assets to loved ones will only lose them to these taxes.
NEW TAXES PROPOSED BY OBAMA New government taxes proposed on homes that are more than 2400 square feet. New gasoline taxes (as if gas weren't high enough already) New taxes on natural resources consumption (heating gas, water, electricity) New taxes on retirement accounts, and last but not least....New taxes to pay for socialized medicine so we can receive the same level of medical care as other third-world countries!!!

You can verify the above at the following web sites: But if you had tried, you would not have embarrassed yourself by forwarding this on.

http://money.cnn.com/news/specials/election/2008/index.html
http://www.cnn.com/ELECTION/2008/issues/issues.taxes.html
http://elections.foxnews.com/?s=proposed+taxes
http://bulletin.aarp.org/yourworld/politics/articles/mccain_obama_offer_different_visions_on_taxes.html
http://blog.washingtonpost.com/fact-checker/candidates/barack_obama/
http://blog.washingtonpost.com/fact-checker/candidates/john_mccain/ Funny to include this, as it contains McCain gaffs

Conclusion/Challenge

Who the hell does this? I can only conclude that the number of lies means it was intentional. And isn't the right the "religious" party? And what are you really trying to do here? I mean, the convinced are not going to blink, they just forward it. The unconvinced think it is a lie and distance themselves from you politically. This is a very bad bad move.

So I challenge you: If you are really lovers and purveyors of truth, then unwind this. For everyone you've forwarded this to, send them a correction. Something like "I am still for McCain, but this outrageous pack of lies really just destroys the Republican party and I am sorry for sending it." And for everyone that sent it to you, give them the same message and challenge them to send it on. If you really want to be believed... you have to be believable.

And it really cheeses me off. I don't even like Obama... and yet you force me to defend him.

Sunday, August 24, 2008

snappy title here


Odd coincidence. My uncle had just emailed me a photo of the fauna he found on his property. (Note copyright violation: this photo was totally used without permission.) Ellie Mae id'ed it as a garden spider. I explained to Uncle Joe how I had an affinity for spiders... they eat all the awful bugs that I personally don't care for. Nieces and other assorted femalia often are off put by my tendency to save them. In fact, Ellie Mae calls me Jesus of Spiderus. I'll walk in the room and see a tupperware container turned upside down on the floor. That's the international symbol for "if you don't put this thing outside I am going to squish it."
Years of spider salvation. And last night they pay homage to me and return the favor, trapping my arch enemy and leaving it wriggling half alive like a good kitty leaving a headless rat on the back porch. Note that this is precisely where my feet are when I wash dishes.

Thursday, August 21, 2008

Bubba Toothbrush

Instead of a long crazy "hey you kids get off my lawn" rant, today's topic is oral hygiene.

I am on my 2nd Sonicare toothbrush. They last about 5 years in my experience, then they go poof. In reality there really isn't anything wrong with them other than they have NiCad batteries and the batteries just get worn out (or get a memory of zero).

I opened my first one (about 5 years ago) by splitting the case down the seam. This is obviously how they are put together... and they obviously think that is how you are going to take them apart. Smart thinking. Its really easy to tear them up this way. And then there is a really fragile circuit board with about 6-8 solder points that all have to be unsoldered to get to the batteries. And the batteries are super epoxified to the back case. All in all, not an easy project.

So when this one died the long slow painful death, the cheap ass bastard kicks in. My last one was about $100.... which isn't bad if you think of it as $20 a year. But those manual toothbrushes are cheaper than that.

This time I googled around looking for options. Everyone bitched about how hard it was to get the circuit board off in one piece or without burning it up, yadda yadda. Then I find this guy that talks about just cutting a hole around the battery box with a Dremel. Now I actually have one of these, but it is my firm belief that this is the ultimate "girl's tool." In other words, it works great on balsa wood. (80,000 rpm and 0 torque.)

So lets begin, shall we?


The cuts, made with a hacksaw in about 2 minutes. It would take me that long to find my Dremel. And then I'd have to replace that little cutting wheel at least 8 times when it explodes during a cut. Yeah, go with a hacksaw.



And this already looks easier. I nailed it when it comes to hitting the "battery box."





Batteries out... and a nice replaceable cover.



And here I have taken some off the shelf NiMh batteries and soldered them in. I make that sound short and simple, but for me it took a while. I am not some electrical whiz, just a guy with a soldering iron. I extended the original + and - poles to make longer pigtails. I had a little bit of a difficult time with one tying to one of the negative poles. The negative side of the battery makes a damn fine heat sink.




And here it sits in the charger... charge light blazing. (Okay, Blazing might be an overstatement.)













Add a little electrical tape and viola (or cello, or whatever). By the way, the little battery bastards are a bitch to get back in. The originals had finer wire on the upper side and a thin metal strap on the lower side (which I replaced with wire). Tight fit. Push. Shove. Swear. Accidentally rip one solder off of it. Repeat.

Saturday, August 16, 2008

Ellie makes fun of me

Okay, chicks can move right along. Don't bother looking. The reason here is that the sex appeal included below may be too much for you. Honest. I am warning you.

So Ellie makes fun of me. For lots of reasons really. But I just wanted to share 2 of them.

First off, she doesn't think much of my bubba bifocals. I don't know why. They work just fine.

Secondly, (and she is really to blame for this) for my snorific chinstrap. See, I snore something awful. And its starting to bother not just her but (gasp) me. I would wake up in the morning so dull and lifeless (and yes, more dull and lifeless than usual) that it would take an hour to really come to consciousness. And yes, I am fully aware this is really hard on me. I started looking into a do-it-yourself CPAP. Do you know you have to have a freaking prescription to buy a CPAP? Now I could make my own with an air compressor and a bit of bubba engineering. And that might actually be dangerous. I mean if the pressure was 140 PSI, I might bust a lung. But I cannot imagine why a CPAP needs a prescription and hence a hugely expensive sleep study. I mean, we're easily talking 4 or 5 grand here.

There is also a little bit of evidence to suggest that serum cholesterol is actually affected by apnea. (No, not bacon, apnea. That's my theory and I like it a lot so shut up.)

So I went with a chin strap. And yes, more than just looking sexy... it actually seems to work somewhat.

I warned you it was sexy.

Thursday, August 14, 2008

Bacon Report 2: Revenge of the return of the son of the pig

This batch was mostly experimental -- like a mad scientist on the verge of bringing the monster to life. I sort of expected something awesome. What I got was fine.... but it wasn't the Frankenstein monster. Maybe next batch.

I had it in the back of my mind that I would find the bacon elixir of life itself and present it something like my favorite food porn. But alas, dear pork, it was not to be.

Not that there was anything wrong with any of the dear baconion slabs. They just weren't The One.
But, just to tell the tale, here is a snippet. Not quite food porn. Just a snippet.

The cure:

The smoke:

The fry:

The goo: (Julia Childs would take you outside and beat you with a cast iron frying pan if you made home made bacon and didn't save the rendered fat for later.)

The report:
  • Garlic: tasty, but honestly not quite up to the last garlic batch. Still, it was good.
  • Honey: Hmm. This really ended up as a basic sugar cure. They honey really didn't impart any real flavor like maple does. And damn it burns easily. I made the mistake of frying it in a small pan on a small burner and it was pretty burnt. Good, but nothing stellar. Beats Oscar Meyer.
  • Jalepeno: This was where I had my hopes and dreams. Again, its good, but nothing awe inspiring. Jalepeno is fat soluble not water soluble. That was my mistake I think. There were lots of peppers in the mix, but the cure pulls all the water out (and that water is what ends up flavoring the food.) Since the peppers weren't soluble, they didn't do much. I would have done better to use some of my home made chipolte powder instead of fresh jalepenos.
Ah well. Next time.

Tuesday, August 12, 2008

Not Journalism. Not Science. What is it?

What the hell is the deal with Dr Nancy Snyderman? She is supposedly an MD (and hence a scientist) and a journalist. I am seeing issues with both of those roles.

This morning she did a fluff piece on Eastern medicine to accompany the Olympics. Now fully admit there may be other cultures that have some answers ours does not. But this bit went on and on about the wonders of Eastern medicine and really never touched on science or proof or studies. It's just wonderful okay? Sure one of the folks that practiced it mentioned in passing how there is evidence behind it... though there was no examination of the evidence. And the unexamined evidence was proclaimed by the person practicing the voodoo. This doesn't smell of good science. I am sorry, but when my prescription contains entire whole dried lizards and snakes in it, I want some amount of study that this actually is doing something positive for me. (Yes, this is a real example and not an exaggeration.)

Compare and contrast this with a very biased bit she did about a month ago on a study of low fat diets vs low carb diets. In study after study the evidence continually shows that the low carb diets have positive effects on cholesterol, triglycerides and weight loss. This isn't really something new. The diet dates back to the 1970's and was developed by a cardiologist. It does fly in the face of some well accepted Western medical traditions, but isn't the point of science to adapt and change as studies come out? Accepting an outdated study is akin to a flat earth "theory" or an intelligent design "theory." In this bit, Dr. Snyderman mentions the following:

  • Whenever she mentions the Atkins diet used in the study, she always uses cutesie little air quotes and says "Atkins like" diet. She continually points out that the diet they used was not the greasy bacon double cheeseburger diet of the Atkins plan. Of course, she does this without ever reading Atkins. The only reason I say this is because the "Atkins like" diet is ... quite honestly pretty true to Atkins. The greasy bacon diet attributed to Atkins is pretty much manufactured by the media. There is a "jump start" part of Atkins that lets you do this, but that lasts 2 weeks. Read the damn book if you want to criticize it. Journalism, remember?
  • You must discount this study because it was funded by Atkins. (Now cut to Dean Ornish and show studies he funded. But that's okay.) First Atkins was criticized because his organization did the research. So his organization funded someone else. They got the same result. And now that's wrong too. Okay, don't believe it? Do your own damn study and prove you are right.
  • She discusses the low fat diet and its restricted calorie intake and points out the Atkins version had no calorie restrictions. She then goes on about how there is no magic -- it's calories in vs. calories out. Um... I think you changed the subject there Nancy. Atkins is not calorie restricted. That doesn't mean it doesn't follow the laws of conservation of energy. You see, while it isn't calorie restricted, that just means the diet doesn't restrict you. What restricts you is your body. You still take in fewer calories, you are just full. Get it? (Yes there is some complicated chemistry bits on how the body deals with sugars. And yes, that is still within the laws of physics.) But I am pretty convinced that is small potatoes in comparison to just eating fewer calories, feeling full, and still feeling full 4 hours later. Now compare that to a plate of nothing that never fills you up1 and makes you one angry son of a bitch for the next 4 hours before your next empty plated meal.

It just doesn't matter that low fat diets have worse outcomes in weight loss, blood chemistry and weight maintenance. They are better because she says so. This is bad journalism and bad science. I think she needs to take two lizards and call me in the morning.



1I would like to point out that I edited this. I originally typed "A plate of nothing that never feels you up". While that is not what I meant to say, it is still pretty funny, so I had to include it here in a foot note.

Thursday, August 7, 2008

Scary Movie


Want to see a scary movie? I just saw the scariest movie I have ever seen: Jesus Camp. It's a documentary about a christian camp. Seriously. Scary. (I don't just watch documentaries, honest. If you dont believe me, look at my flickview.)


And the chick that runs the camp says something (paraphrased) like "left wing liberals are going to be shaking in their boots when they see this." Well, I am by no means left wing or liberal, but I am shaking in my boots over it. Not for the reasons she talks about (their power) but for a vast virus of irrationality. There is nothing scarier than that.

A few tidbits that won't spoil it for you

  • (Paraphrasing) "those people need to get off their fat lazy butts." (said by a chick that easily tops the scales at 275.)
  • (paraphrasing) "who in here believes god can do anything?" (a mom grabs the hands of her kids and physically raises them herself)
  • talk of the likelihood of demonic manefestations
  • there are some military families that absolutely think Iraq is a holy war and meant to spread the word of jebus.
  • preaching to a room full of kids under 10 about abortion. Now, correct me if I am wrong, but aren't these the same kids that you don't want to have in sex education? If they can't learn about sex, what bidness do they have getting the abortion talk?
  • (paraphrasing) "Its terrible, in Muslim countries they have little 5 and 7 year old kids being taught to blow themselves up and give their life for their cause. We need to do that here." Really? Wouldnt it be better to teach folks the folly of self destruction?
  • ...and of course, what god movie is complete without Ted Haggard (who says he talks with our president once a week to give him advice) giving a speech on the damnation to hell for homosexuality. Classic.

Wednesday, August 6, 2008

on the rise

It looks promising... It looks like a graph of rising assets (with a tiny amount of liability that is consistently on the decline.)
It must be good news... What else could look like this and be bad.
Unless it was a graph of my cholesterol.
The only thing on the decline? My HDL. (That's the "good cholesterol" if you didn't know.)

So I have developed a quick action plan. A sure fire way to fix this in a short time. My simple solution? Simple. I grabbed a frozen pork belly from the freezer and decided it was time again to make home made bacon.

Saturday, August 2, 2008

a picture is worth a thousand lines of code

Okay, this is a seriously geeky rant.

If you don't care, move along. (But you should care.)

So hackers have recently started exploiting web sites by creating "GIFARs". That is a file that acts like both a gif (picture) and a jar (executable java program). In other words, they upload a "picture" to a web site (like Facebook) and when someone "looks at it" it actually gets executed as a java program... and does something unexpected. This could be worse on a financial type web site... or even on Facebook it could be used as social engineering. (You take over someones account then act like a trusted friend to one of their friends to get private data from them.)

This really takes me back... to about 1990 or so. I argued at that time with various WinWeinies that Windows handled file types incorrectly[1]... or actually not at all. Why in the world would changing a filename change a file's functionality? That just doesn't make sense. If a file is a GIF, then isn't it still a gif if it is named picture.jpg? Or picture.jar?

As far as I know, Unix has always used the actual type of the file[2] and not the file name.[3]

They argued then, and some still argue now, that this is a performance issue. I have to call bullshit on this. First off, it just wasn't that big a performance hit back in 1990 on a Sparc 1. I cannot imagine[4] its a hit on today's modern computers. I also might point out that the default behavior for a windows file manager is to do a little iconic document preview in the file manager, which not only means reading the entire file, but also rendering it and resizing it to an icon sized thing. This is surely more processor intense than say, reading the first 2 or 3 bytes of the file. (And if you render it, aren't you already reading the first 2 or 3 bytes of the file?)

I would also point out that whether it is "efficient" or not, it is more important to be correct. And whether you are dealing with a file manager (whose entire focus is managing files, and that includes file types) or scary unknown things coming from an untrusted web site source... isn't it better to be correct?

Some will also point out that there are some non-header type files. MP3's with ID3v2 have the "file type" buried deep inside them, meaning you might have to read the whole file. So what? In the case of the exploit, don't you have to read the whole file anyway in order to display/execute it? And I might add that the current unix file type command (i.e. 'file') can and does correctly identify these types of files... and even if it didn't, wouldn't a file type of 'unknown' be superior than a file type of 'pwoned'?

In order for this stupidity to happen, you still have to believe in the old Win name is file type mentality. Or in this case, file name and Mime type [5]are file type (and not the contents of the file itself). In fact, in order for this to happen, you have to have had this stupid mentality three times.

Probable Attack Vector

Okay, I have not read or heard the details here, so I am winging it, but I am pretty sure the actual vector is something like what I am describing.

  1. Make your exploit code into a GIFAR (or a PNGAR or some other stupid combination of executable and non-executable).
  2. Find a stupid web site
  3. Upload GIFAR in a spot that wants a picture. I am guessing they named it picture.jar.
  4. Facebook serves it, sees the picture.jar name and wraps it in mime type of "application/java-archive".
  5. Browser executes the Java

Problem with Web application

First off, this is a bad web app. You are getting a file from a probably anonymous teenager. Might you check it's file type? Do you really trust this guy? If the web app was expecting a minimal set of possible file types... lets say GIF, JPG, MPG, PNG... then it should toss anything else on the floor and complain loudly.

Problem with Web Server

Look, I like Apache. And apache has built in stuff to figure out and tag the file with the correct mime type. If I serve a file named 'picture' it can figure out it is a jpg and tag it correctly. But if I put a picture out there named 'picture.jar' it trusts the file name[6]. Ick. Sure, I could edit the configuration and make this go away. I understand that. But it should ship safe. It should still be configurable, but if you want it to do stupid things with a file, you should have to ask it to do stupid things with a file. This is what I meant when I said unix still had some apps that didnt handle file types correctly... even though it is very available in the OS.

and yes, a problem with the browser

Even with Firefox[7] there is trust for the mime type... which is just as stupid as those WinWeinies back in 1990. Its a web site you don't trust. Why trust the type? If it says java-archive and the magic number says GIF89, toss it.[8] But I tried serving up a PNG named picture.jar, which apache was more than happy to mime type as a java-archive... and Firefox was more than happy to (attempt to) treat is as a Java file. Now whether IIS and/or IE do this, I don't know. I suspect they do since the OS has a tendency to always trust file names as file types.

And an easy fix

Okay, the fix isn't so easy unless you are willing to open up the code, but it's been there for-freaking-ever. libmagic is your friend. It knows what files are what types. And if we could all agree exactly on how it is implemented[9] then it wouldn't matter. In other words, if a file, by some mystery, met the signatures of both a GIF and JAR... and we agreed that the file type was the signature that occurs first in the file, then it would either be one or the other. And if we all used some flavor of libmagic... well, we'd know what freaking file types things were. And if we were connected to untrusted hosts by some series of tubes... well, then we could be a little less trusting of mime types and file names.

Notes on my feet

  1. ...and administrative users incorrectly... and time of day incorrectly... and so on

  2. which means I am really not going to do any real checking here. But I can verify that as far back as about 1990, SunOS was doing it correctly. It was a BSD flavor then, which implies BSD was doing it correctly. And with the next major release, it moved to an ATT flavor unix, which implies ATT was doing it correctly too.

  3. I say "unix" does it right. That doesn't mean some unix apps do it right. Facebook is possibly unix... hard to tell since it sits behind a masquerading load balancer. But it runs Apache, which means it might be. More on this.

  4. sometimes I use foot notes for no real reason whatsoever. Have you noticed?

  5. Mime type is just a little bit of descriptive text automatically inserted into the HTTP protocol to give the browser a head's up as to what it is getting. I am not sure why a browser would trust this.

  6. or at least it does as of version 2.2.8

  7. at least with version 2.0.x

  8. Of course, if the web application was so braindead that the signature was that of a JAR file, and it was served a JAR file with mime type of a JAR file, you're in a pickle... JAR.

  9. My understanding is that the specs are a little vague