Sunday 31 October 2010

Hallow Tao

The Hard Root

Hallowe'en is hard,
Hollowing is hard.
There are many turnips --
Which am I to hollow?...

With apologies to Li Po.

Tuesday 26 October 2010

Belts, Braces, Rawlplugs

Fabricating Security

These guys have the right idea: a programming language that won't allow you to write insecure code. That language goes by the handle Fabric, and is currently under development by Cornell University's Applied Programming Languages Group (APLG).

Distributed computing systems comprise many interconnected nodes, and the level of trustworthiness varies across this landscape. The approach taken in Fabric is to attach security policies, by means of type annotations, to every object, and even to blocks of code. An object's policies control what operations may be performed on it, and so how its data can be accessed and changed, as well as by whom. Code policies determine where and when a particular block of code can be run.

As the APLG page puts it, "Fabric provides decentralized yet compositional security." High availability is provided using peer-to-peer replication. The new language is implemented on top of an earlier security-oriented/extended language called Jif ("Java + Information Flow"), itself compiled in Polyglot Java, so it inherits many features crucial for language-based reasoning about security in complex applications (selective, robust downgrading; language-based access control; dynamic labels; dynamic principals). Fabric also adds a guarantee of strong consistency, with the help of a hierarchical, two-phase commit protocol, respecting data security.

Version 0.1.0 of the Fabric prototype is available for download here:


Via: /.

Saturday 23 October 2010

Take The Paper

Technology Fail

See, that's what happens when you let these printer manufacturers rip you off with their wet razor business model. First, their toners and inks become, quite literally, more expensive than gold dust. Meanwhile, the non-consumable part of the deal - the manufacture of the actual printer - has slid so far down the durability slope, that it's achieved parity. Replete with delicate plastic hinges and cogs, precision engineered by the cost-benefit equations of modern quality control, it can now be relied upon to cease functioning, and instead to whirr and roll unproductively, exactly ninety one days after unpacking. Meet the new consumables.



Hat tip: John Scalzi.

Playing Solo

Scoring Your Own

Nothing beats the buzz of playing along with your fellow musicians. Particularly when you've reached the "mindreading" stage, where your individual improvisations overlap, coinciding in point of rhythm and key; it's almost a psychic experience. But for every hour spent together refining and polishing your collaboration, two or three or more have to be spent practising in isolation, discovering and learning new tricks and repertoire, to ensure that you always have something new, interesting and fresh to bring to the next session.

Today's tech can help every amateur gain more from these private studies. Let me take that back, in fact. That was yesterday's tech; today's, well that can turn any toddler into a mixmaster.

So now, as we patiently await the imminent arrival of Pai Mei's ten-point palm exploding heart technique - sorry, I mean, universal ten-finger multi-touch user interface - here are a few of the more interesting music making websites out there. Some are just for fun; others have enough on offer to let you get excited and make things.



Ken Brashear's Virtual Drumkit
http://kenbrashear.com/
Level: drive-by.

Sitting at the resolutely fun/beginner side of our studio, Ken's site features a 15-piece* set of skins and cyms that you can play by either clicking or just moving the mouse over them, or using the keyboard shortcuts.


Fun, certainly, but not too practical without multitouch, and even then, would suffer from too much latency to be really useful.

* I counted the hi-hat as 2 pieces, because well, it does comprise two cymbals, and there are two ways to play it: stick and pedal.



Tony-b Machine 3.0
http://www.tony-b.org/
Level: beginner.

Speaking of just for fun, the Tony-b Machine hits the floor running, with a catchy beat already playing on a stylised laptop. You control the bass, drums, melody, vocals, patterns and accompaniments using various rows of keys, organised in a scheme that's simply far too ludicrously easy to pick up. Just go there. Then click Start.

Within seconds there'll be more musical talent in your little pinkie, that in Simon Cowell's whole genome (if there isn't already). Tweak and mix, cut and add, then once you've become utterly addicted, as you will, explore the online tutorials and forums to learn how to expand, develop, loop, sequence, and publish your clubby little masterpieces.

Seriously, it really is that addictive. You'll see. In fact, why don't you just put down that cup of coffee, Go There Right Now, and click Start (open that link in a new window, so you can follow the instructions below). If bass and melody are already running, locate and press the appropriate keys (4 and 7) to stop them temporarily. Also press A and V if their corresponding keys in the onscreen keyboard are not already down (note: although there is also an AZERTY keyboard alternative UI, this brief tutorial assumes you're a QWERTY type of person). Now start playing:
Drums first. Locate the Q - W - E - R keys and then press them, one at a time, allowing at least a full eight beats to elapse between these.

Now press 5 to bring in the bass. Simmer for 10 seconds and then add a twist of middle melody with 8. That sounds a bit lax, so break it with 9. That's better, now do the same to the bass with 6.

Next add a touch of decoration by cycling the 1 - 2 - 3 keys. Leave a beat or two between these. When you get tired of that press 0 (zero) to cancel this accompaniment.

Now for some advanced stuff! On the bottom two rows of the keyboard, locate the following key pairs: SZ - DX - FC - GV. Now press these pairs, one pair at a time, leaving just two beats between pairs. Experiment with more pairs on these key rows. You're now playing melody and bass, not in unison, but in harmony! Try to hit the keys "early" so the transitions land just where you want them. Press A and V when you're done with that.

Now use the rest of the top row T - Y - U - I - O - P to add some tastefully vocoded lyrics. While you do that, also press 1 or 2 or 3 occasionally to vary the accompaniment.

Finally, wind it down. Press 0 (zero) to stop the accompaniment; 8 and 5 to simplify the melody and bass, followed by 7 and 4 to park them; and last of all, shut down your rhythm section in the reverse order to which you started them, so: R - E - W - Q.
You can hear my version of the above by searching for user name dogbiscuituk, track name Basics. Click the CD icon to access thousands of recordings by hundreds of other artists, and get a feeling for what's achievable. At the time of writing, Italy's Dyablo is the star player, with recordings of Waka Waka, Blue, Barbie Girl and The Final Countdown.

Now, the real challenge is not to do it again!

Below are a few more sites to progress on to, with successively more samples, options, voices, etc., and correspondingly steeper learning gradients.



musicshake
http://eng.musicshake.com/
Level: intermediate.

First order of business here is to click on the Tutorial tab, then Basics in the sidebar, to acquaint yourself, via the medium of video tutorials, with the installation (Windows only) and use of this music creation tool.

Select from a library of over half a million copyright-free music and instrument samples. Record and incorporate your own voice. Use their Music Robot, a proprietary algorithm, to add harmonies. Create songs and ringtones, download as MP3s (note: this is a paid feature), and share on social networks or embed them anywhere with the Musicshake Widget.

Watch out for their scheduled server update-downtime, on Oct 25.



Aviary Music Creator
http://www.aviary.com/
Level: advanced.

Roc is the name of the music creation app in the Aviary suite. Select your instruments from soundbanks containing over 50 different types of guitars, keyboards, percussives and more.

With Aviary we are beginning to get into the area of music creation tools which can support your own compositions, rather than relying almost exclusively upon sample banks. But for actual musicians, as distinct from console ones, even better is available, and it's still free...



MuseScore
http://musescore.org/
Level: professional.

With the sole exception of a beautiful Epiphone Hummingbird, this last one must be my favourite musical plaything. It's a WYSIWYG score editor, a serious compositional tool, using the same input methods as popular commercial offerings like the proprietary Finale and Sibelius; but crucially, now in its third year of independent development, it's still free (yes there is a Donation page on the musescore.org website, but that's just to support the site itself; all coding, documentation and forum support are provided free of charge, by teams of double rainbow-bedecked angels riding on unicorns).

Advanced features include cross-staff beams, automatic left/right note head positioning in chords, slur edit mode, and drum notation. Currently available for Windows, Mac and Linux.

Saturday 16 October 2010

AntiXSS 4.0

Microsoft Anti-Cross Site Scripting Library V4.0...

... has recently been released.

Microsoft's AntiXSS 4.0 is the latest release of an encoding library, built to help developers to protect ASP.NET web-based apps from cross-site scripting attacks. AntiXSS 4.0 uses a so-called "white list" technique, unlike most such encoding libraries; this defines an "allowable" character set, outside of which anything else gets encoded.

Now I hear you shout, "What are some of the most exciting features of the new version?" - and because I aim to please you, here is your appetizer:
  • Medium Trust Support has been provided, by the simple expedient of moving GetSafeHtml() and GetSafeHtmlFragment(), the HTML sanitizing methods which require full trust and unsafe code permissions, into their own separate "HtmlSanitizationLibrary" assembly. Everything else works just fine with medium trust.
  • You can now modify the safe list for HTML/XML encoding, based on the Unicode Code Charts for the languages your app typically expects to encounter in its working day.
  • Support for HTML 4.01 named entities, and for surrogate characters, have beed added.
  • HtmlFormUrlEncode - encodes according to W3C specs for application/x-www-form-urlencoded MIME type.
I hear too that LdapEncode has been split into LdapFilterEncode and LdapDistinguishedNameEncode, which operate according to RFC4515 and RFC2253 respectively; but I have no idea if the guy telling me that was on drugs or something. All I remember is that one used '\' and the other '#'...

As befits such a mission-critical tool, the Library is licensed under an open source licence, namely the Microsoft Public Licence, which can be seen at http://www.microsoft.com/opensource/licenses.mspx. The Source is available on CodePlex.

Diagonal Stripes

Diagonal Stripes
Copyright © 2010 by Heather Marshall

That's the name Little Niece has given to her latest exhibit in the abstract expressionist mould. Philistines that we are, we reckon it's better viewed in landscape, and interpreted as a psychedelic vista of rolling fields. But then again, there are apparently still several Mark Rothko originals in various locations throughout the world, to this day exhibited in this, and other, incorrect orientations. Only the artist ever knows the ultimate truth; and in this case, she's not telling.

Friday 15 October 2010

Cage Against The Machine

Pray Silence for Baby Jesus!

Not that I'd recommend this particular social networking site to anyone; no indeed, not even to my own worst enemy (who incidentally just missed her 85th birthday party, due to flu; do get well soon, Margaret). But I've just had the pleasure of joining a Facebook group, entitled JOHN CAGE'S 4'33'' FOR CHRISTMAS NUMBER ONE 2010:


This one simply mixes together far, far too many subjects so near and dear to my heart. Primarily, puns: Cage Against The Machine, that's only priceless. Then, there's the avant-garde. And specifically, the music and other sundry ambient stylings of one Mr John Cage.

Then too there's the commercialisation of Christmas. Which actually, to an agnostic like me, is just a convenient placeholder for rampant, wasteful and ultimately pointless consumerism. But it's there, it's in the mix of what makes this story so irresistible.

Above all, there is the bottom-dredging trawler damage done annually, and throughout the year, by the giant black hole of popular culture, the musical dead zone, the infecting, suppurating, all-extinguishing oil slick, that is Simon Cowell and his X-Factor.

About "4:33"

For the uninitiated, John Cage's musical composition 4'33" is made up of four and a half minutes of complete silence. Or rather, of whatever ambient noise happens to become generated by a suitably sized orchestra, sitting in their seats in a fully occupied concert hall, and concentrating entirely upon doing absolutely nothing for that particular length of time.

The new campaign follows last Christmas's successful Internet based promotion of Rage Against The Machine's song Killing In The Name, that managed to deny X Factor contagion Joe McElderry's The Climb the Christmas number one slot to which some rich, wastelaying suits with haircuts thought it was entitled.

This time around, we are being asked to purchase instead a digital copy of John Cage's silent classic. What a perfect statement that would be, and how beautifully spotless an irony, should the bandwagon that has brutally silenced the once traditional battle for that Christmas No.1 spot, find itself - quite literally - silenced in its turn.

There's just one fly in the balm. Presumably, certain of the profits from the expected avalanche of sales would go to The John Cage Trust. Now, these people are the publishers who trolled a six figure settlement out of our very own Mike Batt, for his track "A One Minute Silence". Said track consists of, that's right, one minute of silence; and it is credited, whether in fun or in homage or both, to "Batt/Cage". Yes, yes, I know, such royalty trolling is nothing new in the music business. But this one case has always struck me as a particularly egregious example of the extortionist's art, the meritless extraction of money with menaces; it will pain me to make this purchase. As nevertheless I must, when the time comes.

One Last Thing

Oh, and to anyone else in the office who's reading this: I think it might be best if I don't take part in the Secret Santa this year, not after this little outburst anyway. So, Humbug to all that, don't you agree?

Update, 12/12: Shit. Bloody X-Factor winner is one of my favourite Biffy Clyro songs. And it's an even better version than the mighty Biff (though NME's Luke Lewis would disagree). Now I'm threatening both to boycott and to buy it...

Monday 11 October 2010

Stuxnet Updates

And It Wriggles On

There seems yet no end in sight for the Machiavellian malware, second in history only to last year's Aurora attacks. A list of coverage and miscellaneous links (don't want to lose sight of these):
  • Iran continues to blame "Western states" for a plot seeking to frustrate their "peaceful nuclear program".
  • One researcher from Symantec's security response team (actually a co-author of the W32.Stuxnet Dossier) described a possible attack scenario, speculating that the initial attack was already complete before discovery.
  • Dennis Fisher of Kaspersky's threatpost blogged a bit more about the extreme level of sophistication embodied in the worm's construction, casting doubt on the Israel-Iran "cookie-cutter narrative".
  • A Netherlands supplier of industrial sorting systems reported repelling two attacks, while that country's Borssele nuclear power plant also remains on high alert.
  • Slightly off-topic: in a just-published Symantec survey of critical infrastructure providers, more than half report their networks experienced multiple (average 10) "politically motivated cyber attacks" in the past five years, resulting in typical costs of $850,000 per supplier over the period.
Finally, there's this comprehensive treatment by Bruce Schneier (above) of the Stuxnet outbreak, the analyses presented to date, the speculations of the press, and a voice of considered reason amid the hyperbole.

Friday 1 October 2010

Tweets - September 2010