In the spirit of the local CSA opening its doors for the season (hey, back off, we’re in 5a), here’s our recipe for spicy kale chips.  They’re good, but be warned: they are very spicy.

Spicy Kale Chips

(requires dehydrator)

• 1 – 2 bunches kale
• 1/4 to 1/2 cup light oil (peanut, sunflower, or canola work well)
• 1 clove garlic
• 1 to 1 1/2 tbs super hot reshampatti (told you it was going to be hot… cut this amount in half for a milder flavor)
• 1/2 tsp chickpea miso
• 1 handful dried pumpkin or sunflower seeds
• 1 tsp Lemon juice, cider vinegar, or red wine vinegar (subtly different flavor, experiment here as you like)
• Salt
• Pepper

With a sturdy knife, remove large stems (anything larger than a strand of spaghetti) from the kale leaving only the leaves. Discard stems.  Wash and set aside leaves to dry.

While leaves are drying, combine the next 6 ingredients (through lemon juice) into a blender, food processor.  Puree ingredients together into a liquid. Add a dash of salt and pepper to suit your preference.

Rub the kale leaves with the spice liquid.  Do not overapply - the mixture should just lightly coat the kale leaves.   Dehydrate 8 to 10 hours at medium setting (125 degrees) or longer at lower settings.

You know what I really want? A Yubikey that includes data storage.

It doesn’t have to be a lot of storage… I’d be OK with 8 or even 16 gig.  It’s just that there it is occupying space in my USB port all day…  Sure, it authenticates me (which is great), but right now I have to bring it around to multiple computers (so I can log in to stuff)… so while it’s there, why not have some storage too?

To *really* put on my wishing hat and hope for stuff that probably won’t happen anytime soon, in an ideal world the Yubikey would have:

• Dedicated storage for one or more browser-installable certificates
• 8 or 16 Gb of “whatever” storage
• Enough “pep” to be able to support ReadyBoost
• Built-in encryption for stored data

Sigh… makes my eyes misty just thinking about it.

I came across this interesting-looking link this morning that purports to be advice about how to protect your organization from social engineering.

I went to the site only to discover that it’s a video.  At the exact moment I discovered it to be a video, I completely lost interest in viewing it – and, in fact, I decided not to…

I’m wondering if I’m the only one to have this reaction or if this is a normal reaction.  Are folks who publish in video format losing readers (or I guess in this case, viewers) because of the medium they choose to publish in?  Just wondering…

Ah yes… you wait all week for it to get to be Friday, but then you’re not sure what to do after a long day of work.  You know what I recommend?

Video gaming, of course.

And what could be more awesome than the next stop in the continuing awesomeness of the Egosoft X Universe saga than the excellent X3 Terran Conflict.  If you liked X3 Reunion, you’re sure to love this one. If you liked Mass Effect 2 (is it even possible for it to be otherwise?), you’ll love this.

And what’s even better?  It’s available on Steam, so you can play it today – no waiting.

Yes, I finally got it working again.  The.  best.  game. ever.   Hands down.  And I’m not the only one who says so.

More engaging than Portal.  More addictive than World of Warcraft.  More pixeley than either Seven Cities of Gold and Legacy of the Ancients combined.  So good.  And so DOS-ey.

Anyway, should you care (not expecting you to – just sayin’), I used to keep a computer around running Windows 95 (the last OS it would run on cleanly) for the express purpose of playing this game.  Now, however, thanks to the magic of DosBox, that’s no longer a requirement.

If you don’t happen to have a copy from back in the day, I’ve heard it’s available from abandonware sites… although I think that could be piracy, so if it were me, I’d buy it used instead from Amazon.com (well, the remake anyway – better graphics, not quite so good gameplay).  It’s 50 bucks nowadays – a bit steeper from when I bought it there back in 2003… but still more than reasonable for how awesome it is.

So, I mentioned the Blackhat coding challenge the other day.  I still haven’t seen the answers out there pop up in the wild, wild, world of web, and it’s got me frustrated.  So in the interests of figuring out if I’m right or not, I figure I’ll post my thoughts here and “crowd source” finding out if I’m right or not.

Challenge #1

public:
    static bool isDifferent(
        const someClass const * oldObject,
        const someClass const * newObject)
    {
        return
            oldObject != newObject &&
            oldObject != NULL &&
            !oldObject->equals(newObject);
    }

In the unlikely event that I’m right, putting this here could be a bit spoilerey (I don’t want to step on anyone’s good time), so please stop reading RIGHT NOW in the case you don’t want to see a possible answer (no guarantee btw that it is the right one).

My answers:

So there are a few issues I think with this – some stylistic problems and “the whammy”.  The small stuff is:

• Use of second const is unnecessary
• Passing by reference (e.g. const someClass & newObj) instead of the pointer could be safer here since the compiler will help enforce validity
• newObject is not tested for validity before being passed to the equals() method
• The return statement is complicated and hard to read.  Recommend breaking it out to multiple lines
• Return value tests for null pointer but does not test for validity (if non-null) – a function/macro like ISVALIDPTR/IsValidPtr() would help this situation when passing pointer instead of reference
• Return value indicates both success/fail as well as result.  Recommend structured exception handling and returning only the result

Stylistic issues… blah.  But then there’s this:

Big problem: The return statement resolves right to left, meaning you’re asking the compiler to dereference oldObject before you’ve tested it for validity.  Best case, you crap out.  Worst case, it’s a security problem.

Challenge #2

wchar_t *fillString(
    wchar_t content, unsigned int repeat)
{
    wchar_t *buffer;
    size_t size;
    if (repeat > 0x7fffffffe)
        return 0;
    size = ( repeat + 1 ) * sizeof content;
    buffer = (wchar_t *) malloc ( size );
    if ( buffer == 0 )
        return 0;
    wmemset(buffer, content, repeat);
    buffer[ repeat ] = 0;
    return buffer;
}

Again, please not to keep reading if you don’t want to hear my thoughts on the solution.

Small stuff:

• buffer and size are not initialized
• if this is C++, why malloc instead of new?
• Comparison with repeat should be a #define (e.g. if repeat > MAX_SIZE) instead of an architecture/OS dependent value, remembering to take into account that wchar_t is of variable size (usually either 16 or 32 bit)
• Recommend return comparison on malloc result be NULL instead of 0 (usually NULL == 0, but I find it more readable)
• Recommend structured exception handling rather than returning null pointer if there is an issue (e.g. if (!buffer) { throw MemoryException(“Memory could not be allocated”); } or some such

Again, little stuff is stylistic.  Bigger problem IMHO is this:

Big problem: it’s a wide character buffer.  And 0 is not the literal for a multibyte null.  You’re gambling on the compiler doing the right thing, which it may or may not.   This may work, but it’s a crap-shoot.  Replace with L’\0’, the multibyte character literal null (if one were going to fill the string this way – which I also wouldn’t recommend that you do.)

So that’s what I came up with.  Anybody else find anything different?

Useful tip from nataliedee.com

Given the string of well-publicized ID theft schemes recently, it seemed HelpNet’s choice of putting out tips for seniors to avoid identity theft was a good idea.

Of course, then it occurred to me that maybe HelpNet wasn’t in the top ten of sites that the elderly are likely to read with any frequency.    So good effort, HelpNet… but your tips, though useful, are likely to go unread.

Which is a shame.  Because seniors (particularly those that don’t use computers or the Internet) are at risk – more-so because of the online access to records and data.  Those folks don’t realize they are move vulnerable now than they were twenty years ago.  But they are.

Of course, it’s no wonder why.  Note that I’m not about to dig on HelpNet, but I think the following screen capture of the article-reading experience illustrates just a tiny bit of why this problem is as big as it is.  Namely, conflicting and contradictory advice – even from the same source.  Check it out:

If you can’t read the text and don’t want to follow the link, the text warns about the dangers with supplying your email address to web sites… right under the box where you can submit your email address to their website.  Mixed message.

Anyway, just a few thoughts.

Came across this today (from here) and couldn’t resist passing it along.  Please to enjoy the security humor.

OK, so in the spirit of kicking back on the Friday, please to enjoy the picture of this self-proclaimed drone kicking up some rowdy festiveness on his banjolele.

Or, if you prefer something that makes you think instead, check out this video of pure awesomeness courtesy of Liz Safran’s Through the Looking Glass blog. The blog is worth a subscribe, by the way, if you don’t follow it already.