Wednesday, September 28, 2011

Node.js frontend to Rails

I have an intuition that Node.js can fruitfully front-handle user web requests, then pass them to Ruby/Rails, when doing this:

* In the case that processing requests (from users) requires collecting information from elsewhere, like various web service APIs (very common, now!).

Node.js would handle the (long) event queue thus generated, then send HTTP requests to Ruby/Rails, forging the sender in the header like the users'.

Then, Ruby/Rails won't block for very long, only long enough for the database.

Node.js could put the info anywhere, like the URL or in a fast database.

Copyright (c) 2011 Mark D. Blackwell.

Monday, September 26, 2011

Dice.com user data insecure

I've just signed up (again) to Dice.com, and noticed that Dice only checks the first 8 password characters.

There is no description of a Dice password on the site, I believe.

However, a good feature is that Dice passwords can contain:
* Special characters like ! $ % & (etc., except backticks `)
* Bracket characters like ? [ ] { } ( ) < > (etc.)
* Underline and minus: _ -

in addition to the (more) usual digits and to distinguishing upper- and lower-case letters.

Using these, (Keepass informs me) Dice attains '53 bits of [password] quality,' which is not very much, in addition to a certain cleartext sniffing problem (see below).

But who cares?

EDIT: Dice confirmed they only use the first 8 characters of the password. They also pointed out (correctly) that their login form has an action which is https, so it normally uses SSL encryption.

However, some people say that corporate or other sniffers can see, block, rewrite (using Perl or something) and resend to a Dice user the packets in their login page as Dice sends it out unsecured, making its form action contain (sometimes) another address, other than the https address their software intends!

When the form is submitted (to the wrong address) they can see the Dice username or email, and the password. Then they can log into Dice using these credentials, and see whose resume it really is. If they want to.

They say some banks even have this problem!

References:

http://ask.metafilter.com/48531/are-http-forms-posted-thru-https-secure?
http://www.perlmonks.org/?node_id=542038?

Copyright (c) 2011 Mark D. Blackwell.

Thursday, September 22, 2011

Learn You a Haskell for Great Good!

Following is a note I wrote to the author of a wonderful book:

Hi, Miran Lipovańća,

Thanks for your wonderful, _Learn You a Haskell for Great Good!_. Just now, I am resuming reading it, after completing a project (in another language).

For many people, it is important to be refreshed by beauty, as of mathematics in your book!

Copyright (c) 2011 Mark D. Blackwell.

Friday, September 16, 2011

Meantone tuning systems

As you may know, interestingly, the tuning systems called quarter (1/4) and sixth (1/6) comma meantone differ, not only in their fractions, but also because their two commas (from which they calculate the fractions) are of different sizes (albeit somewhat close). To wit:

The comma in 1/6-comma meantone has one size (the well-known difference between 12 pure fifths and 7 octaves: about 23.46 cents: called the Pythagorean comma), per:

http://en.wikipedia.org/w/index.php?title=Pythagorean_comma&oldid=431111470

However, the comma in 1/4-comma meantone has another size (it is the difference between four pure fifths, C-G-D-A-E and two octaves, plus a pure major third, C-C-C-E: about 21.51 cents: called the syntonic comma). In other words,

'The syntonic comma... is the difference between four justly tuned perfect fifths, and two octaves plus a justly tuned major third', per:

http://en.wikipedia.org/w/index.php?title=Syntonic_comma&oldid=440411458

Interesting (linguistically, furthermore) is that 'mean-tone' is so-called, precisely because in that system, as you may remember, any major second (a 'tone') is found to be the 'mean' (the ordinary average, logarithmically) between the two notes of whatever size of major third it is we have, per p. (?) of Ross W. Duffin's _How Equal Temperament Ruined Harmony_.

The interesting, following book quotation admittedly differs in meaning from the Wikipedia article, quoted next following.

'[The] ratio between the major [whole] tone [is] 9:8 and the minor [whole] tone [is] 10:9[.] In meantone temperaments, the major and minor tones are made equal. In Pythagorean tuning, the minor tone is replaced by the major tone of 9:8. In quarter-comma meantone, the major and minor tones are made equal to the square root of 5:4.

'In the previous, Pythagorean tuning, a major third was 5:4 (C3 to E3 in the harmonic series, based on the piano note, C1) and there were two whole tones. The major semitone was 9:8 (C4 to D4) and the minor semitone was 10:9 (D4 to E4). These two semitones are not the same size.

'In any mean-tone tuning, however, these two semitones are averaged. This means that the two semitones have the same size, of 1/2 * sqrt( 5). This means that equal-temperament is a mean-tone tuning. Also, at first, people were rather shocked when the irrational square root of five disrupted the mathematically pure, small-whole number world of musical consonance.'

Now, for the Wikipedia article:

'In general, because the two semitones can be viewed as the difference between major and minor thirds, and the difference between major thirds and perfect fourths, tuning systems that match these just intervals closely will also distinguish between the two types of semitones and match their just intervals closely', per:

http://en.wikipedia.org/w/index.php?title=Semitone&oldid=450607863

Another interesting and relevant Wikipedia article is:

http://en.wikipedia.org/wiki/Meantone_temperament

Copyright (c) 2011 Mark D. Blackwell.