"Nothing will ever be attempted if all possible objections must first be overcome." - Samuel Johnson   |    "The more difficulties one has to encounter, within and without, the more significant and the higher in inspiration his life will be" - Horace Bushnell   |    "Every artist was first an amateur." - Ralph Waldo Emerson   |    "There is no such thing as luck; there is only adequate or inadequate preparation to cope with a statistical universe." - Robert Heinlein   |    "Good luck' follows careful preparation; 'bad luck' comes from sloppiness." - Robert Heinlein   |    "Perl - The only language that looks the same before and after RSA encryption." - Keith Bostic   |    "Nothing can stop the man with the right mental attitude from achieving his goal; nothing on earth can help the man with the wrong mental attitude." - Thomas Jefferson   |    "Success is the sum of small efforts, repeated day in and day out." - Robert Collier   |    "We are what we repeatedly do. Excellence, therefore, is not an act but a habit." - Aristotle   |    "Take calculated risks. That is quite different from being rash." - George S. Patton   |    "Nothing great was ever achieved without enthusiasm." - Ralph Waldo Emerson   |    "Our doubts are traitors, and make us lose the good we oft might win, by fearing to attempt." - William Shakespeare   |    "The big secret in life is that there is no big secret. Whatever your goal, you can get there if you're willing to work." - Oprah Winfrey   |    "The more you learn, the more you need to learn." - Robert Heinlein   |    "The talent of success is nothing more than doing what you can do, well." - Henry W. Longfellow   |    "If Java had true garbage collection, most programs would delete themselves upon execution." - Robert Sewell   |    Hofstadter's Law: It always takes longer than you expect, even when you take into account Hofstadter's Law.   |    "We are still masters of our fate. We are still captains of our souls." - Winston Churchill   |   

Code Reactor

The best of modern Web development

Sleep quality (complete darkness, duration, time of day)

Schedule III
Crucial
Estimated life impact: 3-10 years
Evidence level: Moderate

Presuppositions

Our body needs sufficient sleep to be able to fully rebuild itself from the various physical and psychological stress factors which are affecting us during the waking hours. The amount of sleep needed can vary substantially from person to person, but all humans need some of it.

Quality and function of sleep is a complex matter. There are likely many internal and external factors affecting it. However, sleep is also a very natural process, effects of which are hard to misjudge (much harder than effects of nutrition, for example), but could be hard to notice, and so one of the best ways to evaluate your own personal sleep needs is to just go by how you are feeling before and after the sleep, after trying different kinds of it and seeing how much sleep seems required. If you feel more rested after less hours of sleep of certain quality (in total darkness for instance), that is a high quality sleep for you in your current life circumstances. Such evaluation ability requires developing the natural sensitivity and personal experimentation.

Many studies measure specific hormones like melatonin or cortisol (the main idea being that bad sleep decreases melatonin and increases cortisol, ie the most notorious stress hormone), in order to measure the quality of sleep. Since sleep is very complex, such findings might be a bit simplistic, and need to be taken with caution, but still provide valuable information.

As suggested by common sense, and also seen in conclusions of many research papers on the matter, it’s the overall general sleep pattern that matters – not individual nights or sleep habits during shorter periods of time. Even if you don’t sleep for days sometimes or sleep for 4 hours each day for several weeks – that is not likely to change your fate a lot, assuming that you have an overall proper pattern to back it up with. But longer continuous periods of bad sleep, like sleeping with lights on every day for years – might change your life A LOT. Having regular episodes of quality sleep is of crucial importance, while making sure that EVERY instance of sleep is of high quality is not essential. Read the rest of this entry »

Crash course in Ethereum DAO hack, the “DAO”, decentralized smart contracts chatter etc, what are all these words?

ethereum-unstoppableBackground: what is Ethereum?

Ethereum is a cryptocurrency (technically, a decentralized ledger/consensus system, meaning that currency is only one of the applications of this system), similar to Bitcoin. Ethereum is newer and the idea behind it is to make the decentralized consensus system more versatile, to actually make all the other applications of a blockchain easier to implement in practice.

Smart contracts?

Other applications of a blockchain can collectively be referred to as “smart contracts” – other functions that could be implemented on a blockchain, in a secure manner, besides transmission of cryptocurrency tokens. For example a smart contract can perform a reliable ownership tracking, voting or management of equity tokens in a company. Doing this in a crypto-blockchain can have potential advantages compared to the old-fashioned way: no humans to make mistakes or become corrupted in the process of enforcing the contract. (Similarly to how having a currency in a crypto-blockchain, like Bitcoin, has tons of advantages compared to regular currencies.)

Now, Bitcoin itself already supports smart contracts. It has a scripting language in the blockchain which could be programmed to perform other functions than simply transferring currency. However, Bitcoin’s possibility to implement smart contracts is somewhat limited, and in practical terms, Bitcoin has mostly been used only to transfer the currency.

Ethereum has marketed itself as being very friendly to all kinds of smart contracts, and a lot of its development and features have been geared towards making implementations of such contracts practical and viable. At the time of writing (2016), Ethereum has been gaining a lot of momentum during the recent months and it has been objectively regarded as the second most important cryptocurrency system after Bitcoin itself. The price has been around 0.02 ETH/BTC. (Although price of a cryptocurrency alone is a very bad way of judging it, due to how the emission is usually structured, and how it’s different from fiat currencies.)

What is “DAO” and “The DAO”?

“DAO” stands for “Decentralized Autonomous Organization”. It’s basically a type of application (a smart contract system) that can be deployed on the Ethereum network/blockchain. Such an application, instead of simply managing transferring of currency tokens between addresses (like plain Bitcoin does), also manages voting rights of those addresses (which can be owned by individuals or other entities), and “proposals” – specific transactions that can be added to the network, and securely voted on, by the members of this organization. (“Members” meaning simply addresses that own DAO tokens.)

Basically a “DAO” is an attempt to re-create the traditional publicly traded company on the blockchain. It recreates all the usual laws governing such companies (owners of shares have rights to vote, they receive dividends, they can appoint directors, etc…), but instead of using a law framework and a bunch of courts/judges which make up the regular legal system, a DAO uses a set of smart contracts which are cryptographically enforced on the Ethereum blockchain.

A straight-forward usage scenario of a DAO would be to do an IPO of a company, or initial funding of a startup. The public would buy the tokens, and those tokens would give them righta to vote, appoint directors and receive dividends, according to their ownership share.

Basically, “DAO” is a name of a category of Ethereum applications.

“The DAO”, on the other hand, is specifically one of such applications that have been deployed and implemented. Each deployed application has a “token name” on the Ethereum network, and this one is called “TheDAO“.

There are some other DAOs that have been deployed, but TheDAO is by far the only one that is somewhat known, and that has any traction with the investors. The total estimated invested amount is in tens of millions of USD.

If a DAO is simply a crypto-company, what is the purpose of the company TheDAO? Unfortunately it does not seem clear what the exact point is, except for investing in other startups. At this time, “TheDAO” seems to simply be the one crypto-company which has gained most traction, and the main idea driving the interest in it is the fact that it is a decentralized company in itself. The idea that all the investors will simply be voting on which startups to invest in, and based on that, the investor money will be spread out. At this time, no specific voting has been performed yet, and only a couple of proposals have been talked about, all being loosely related to the cryptocurrency-technology field. “The DAO is designed to operate like a venture capital fund empowering it members to fund ethereum projects.”

The specific creators of “TheDAO” seem to be unknown at this time.

The Hack

Potential vulnerabilities, or unintended behaviors of the code, which could be exploited by someone purposefully, can unfortunately find their way into any code, and the implementation of DAOs are no exception. The incident is an example of such a vulnerability. It seems that it is not the codebase of Ethereum itself that is to blame, but the codebase of “TheDAO” and some other DAOs, the code which has been written in the Ethereum scripting language of their blockchain transactions.

What is the nature of the hack? Basically, an unintended consequence of the exact way the “TheDAO” script was written, allows a single participant to “drain” Ethereum tokens from the collected pool of all the investor money to a separate personal pool, which “the attacker” can then use by himself.

Funny enough, the hacker seems to have published a message to the community, stating that he does not see the incident as “theft”, and completely blames the programmers of the hacked contract. The message is very amusing, with quotes of the legal contract text of DAO itself where it says that the only contract that should be regarded enforceable is the one actually programmed in the blockchain.

===== BEGIN SIGNED MESSAGE =====
To the DAO and the Ethereum community,

I have carefully examined the code of The DAO and decided to participate after finding the feature where splitting is rewarded with additional ether. I have made use of this feature and have rightfully claimed 3,641,694 ether, and would like to thank the DAO for this reward. It is my understanding that the DAO code contains this feature to promote decentralization and encourage the creation of “child DAOs”.

I am disappointed by those who are characterizing the use of this intentional feature as “theft”. I am making use of this explicitly coded feature as per the smart contract terms and my law firm has advised me that my action is fully compliant with United States criminal and tort law. For reference please review the terms of the DAO:

“The terms of The DAO Creation are set forth in the smart contract code existing on the Ethereum blockchain at 0xbb9bc244d798123fde783fcc1c72d3bb8c189413. Nothing in this explanation of terms or in any other document or communication may modify or add any additional obligations or guarantees beyond those set forth in The DAO’s code. Any and all explanatory terms or descriptions are merely offered for educational purposes and do not supercede or modify the express terms of The DAO’s code set forth on the blockchain; to the extent you believe there to be any conflict or discrepancy between the descriptions offered here and the functionality of The DAO’s code at 0xbb9bc244d798123fde783fcc1c72d3bb8c189413, The DAO’s code controls and sets forth all terms of The DAO Creation.”

A soft or hard fork would amount to seizure of my legitimate and rightful ether, claimed legally through the terms of a smart contract. Such fork would permanently and irrevocably ruin all confidence in not only Ethereum but also the in the field of smart contracts and blockchain technology. Many large Ethereum holders will dump their ether, and developers, researchers, and companies will leave Ethereum. Make no mistake: any fork, soft or hard, will further damage Ethereum and destroy its reputation and appeal.

I reserve all rights to take any and all legal action against any accomplices of illegitimate theft, freezing, or seizure of my legitimate ether, and am actively working with my law firm. Those accomplices will be receiving Cease and Desist notices in the mail shortly.

I hope this event becomes an valuable learning experience for the Ethereum community and wish you all the best of luck.

Yours truly,
“The Attacker”
===== END SIGNED MESSAGE =====

Message Hash (Keccak): 0xaf9e302a664122389d17ee0fa4394d0c24c33236143c1f26faed97ebbd017d0e
Signature: 0x5f91152a2382b4acfdbfe8ad3c6c8cde45f73f6147d39b072c81637fe81006061603908f692dc15a1b6ead217785cf5e07fb496708d129645f3370a28922136a32

So is a smart contract really enforceable?

A lot of what the attacker writes really makes sense. TheDAO has specifically stated that the only rules that are to be considered valid are the ones embedded in the code the of contract. In fact, it is the main premise of the “smart contract”: it has been created to get the power away from the corruptible people who manage contracts in our present day society, to the code, math and cryptography, so that we could be governed by those solid things instead.

If the Ethereum society finally decides to revert the attack, and remove the tokens from “the attacker” (the nature of the code is such that they still have a couple of weeks until the tokens that have been taken can actually be used or withdrawn), and give them back to the pool of investors – well then how is that different from the current system? It would send a clear signal that math and cryptography notwithstanding, it is still up to people to enforce or delete contracts. If so, what is the reason for these smart contracts anyway?

On the other hand, if they decide to let the attacker keep his money, based on logical conclusion that he did actually act in the full accordance with the contract (the actual code of the contract) – then all the investors must also understand that such an event can easily happen in the future, and their funds sent to a DAO, no matter the good intentions of it, can hypothetically be taken by someone who is simply better at programming than the author of the contract code.

Programming (monospace) fonts comparison chart

I’ve been searching the web for different programming fonts since the beginning of times it seems, so I can tell you that this website has gathered most of them: http://www.s9w.io/font_compare/. There are some I have in my collection which are missing, but the authors seem to update their website with new tips, and provide a very useful preview mechanism.

Also here are some useful links to downloading those fonts: http://programmingfonts.org/list

Actually, that last website has it’s own web app for directly testing those fonts: http://app.programmingfonts.org/

Test the overall inflammation level of your body: C-Reactive protein blood test

crpA great number of health books, websites, gurus and guides talk about the inflammation level of the body. The premise of it is that besides local inflammation which happens on-site of a physical injure, there is a more broad, full-body phenomenon of general inflammation, and that eating specific foods can actually affect that general level of inflammation. Some foods are supposed to be good for you and decrease inflammation, others may cause specific allergic reactions, thus increasing the inflammation acutely, and yet other foods which are just generally bad, will increase the inflammation slightly, but continuous consumption of those foods will result in your general inflammation level being chronically higher than it is supposed to be.

Even though many of those sources make blatant claims about foods having inflammatory effects without citing proofs, the phenomenon itself appears to be real, having a lot of scientific proof. It also appears to have a significantly negative effect on your body, and so watching your inflammation level is a very useful, objective and easy way to guide your diet choices in the right direction.

What makes it so objective and practical is the existence of a general inflammation level- test, which is called C-Reactive protein test.

Quoting Wikipedia, (since the page appears to have an established history, lot’s of sources and generally seems to be based on solid science):

C-reactive protein (CRP) is a protein found in blood plasma, whose levels rise in response to inflammation. CRP is synthesized by the liver in response to factors released by macrophages and fat cells (adipocytes).

CRP rises within two hours of the onset of inflammation, up to a 50,000-fold, and peaks at 48 hours. Its half-life of 18 hours is constant, and therefore its level is determined by the rate of production and hence the severity of the precipitating cause. CRP is thus a screen for inflammation.

CRP is used mainly as a marker of inflammation. Apart from liver failure, there are few known factors that interfere with CRP production.

CRP is a more sensitive and accurate reflection of the acute phase response than the ESR (Erythrocyte Sedimentation Rate). ESR may be normal while CRP is elevated. CRP returns to normal more quickly than ESR in response to therapy.

That page even mentions a direct link between levels of CRP and risk of CVDs, thus implying that the scientific connection between the two has been widely established. “The risk of developing cardiovascular disease is quantified as follows: …”

“Recent research suggests that patients with elevated basal levels of CRP are at an increased risk of diabetes, hypertension and cardiovascular disease”

“To clarify whether CRP is a bystander or active participant in atherogenesis, a 2008 study compared people with various genetic CRP variants. Those with a high CRP due to genetic variation had no increased risk of cardiovascular disease compared to those with a normal or low CRP.

“Since many things can cause elevated CRP, this is not a very specific prognostic indicator.”

It appears that while a CRP tests for a global level of this protein, and thus the phenomenon has effects affecting the whole body, there can still be different localized origin problems in the body which trigger the increased CRP production in the first place. Luckily, for the purposes of aiding nutrition choices, this does not matter: the goal is to decrease inflammation, no matter what was the exact mechanism behind it.

It is also worth to note that the article does not imply a clinical possibility of there being an inflammation without CRP levels being increased compared to the base for the individual. So even though a CRP test would not yield a definitive answer as to what has caused the inflammation, it seems to be a reliable indicator of at least existence of some kind of it.

 

While I’m in the process of looking at implementing these tests, it’s worth to mention that this company Inside Tracker (no affiliation) claims to provide a CRP test, along with other very useful blood tests (cholesterol, etc.), in a “mail your blood to us” fashion, to anyone interested.

Other than that the general idea is to get a doctor to perform this test, several times, after eating different diets for at least a week.

 

O(…) complexity of common algorithms – cheat sheet

http://bigocheatsheet.com/, Very useful in certain situations, this website lists the complexity costs for common operations for common algorithms used in computing today. You should know all of these by heart of course, but you should also easily and quickly be able to find the pieces you don’t know!

Changing size of VirtualBox disks before and after deleting snapshots

If you search for guides for changing the size of VirtualBox .vdi disks, there are plenty, and really the solution is pretty simple, just

vboxmanage.exe modifyhd "<path-to-vdi>" --resize <newsize-in-MB>

But what some of the guides fail to mention (some of them don’t fail to mention it, but since you are reading this post you probably failed to see it in the guides that did mention it) is that you really should delete all the snapshots for the disks you are trying to change the size of, BEFORE changing the size. Otherwise you’ll pretty quickly notice that the guest OS doesn’t recognize the drive size change, and now you can’t delete the last snapshot, getting instead the error with something about “virtualbox could not merge the medium VERR_INVALID_PARAMETER”.

So this post is really for you that are now stuck with a virtual machine that has a disk that cannot be size-changed and a snapshot that cannot be deleted.

Basically the solution is to clone the whole virtual machine using the standard virtualbox functions, because the cloned version will be free of any snapshots and still represent the current state of the original VM.

When you are going to clone it you will be presented with some options which are self-explanatory. But one of those options will have you choose to keep or discard all the snapshots, and you obviously have to choose discard at that point.

One small drawback of this operation is that VirtualBox does not seem to let me choose where to put the disk of the cloned machine and creates it in the default location, which can be problematic if you keep your disks somewhere else.

Now you will still have to resize the new disk. This is where another small problem arises: if you just use the command line fromt he beginning of the post on the newly created disk, you may receive the error “VBoxManage.exe: error: Cannot register the hard disk … becase a hard disk …. with UUID … already exists”. Long story short, the solution is to first run

vboxmanage.exe internalcommands sethduuid "path-to-the-new-disk"

It will assign a new uuid to the disk which will solve the problem, and you can now resize the disk with your normal command (the modifyhd one, from the beginning of the post).

Now just boot into the guest and use Gparted (if you have *nix) or Computer Management -> Storage -> Disk Management in Windows 7 (probably Vista had this already) to make the guest OS understand the new disk change.

Of course, now would be also a good time to make sure the guest OS works properly and delete the original VM in VirtualBox gui to save space.

Watch out for empty constructors

Well, this is a pretty rare caveat, but took me some time find. And it is a very subtle case of wrong assuming of things.

I will show this with an Ogre example, but the principle is the same in many other similar situations.

Ogre is a 3D engine, and naturally, has some convenience math classes like Vector2 or Vector3. Each such class has a number of constructors, both in form of ::Vector3(float x, float y, float z), but also in form of just a ::Vector3().

And at least for me, it is very easy to assume that a ::Vector3() constructor actually initializes the object to some default state, which for a vector would logically be (0,0,0). But when you think about it, it is not so certain at all… Also in my situation in release builds, these objects would be initialized to 0s anyway, even though I am sure it’s is technically a case of Undefined Behavior. In debug builds, this was not the case, and naturally, it created some nice bugs.

The moral of the story, be aware that empty constructors of such small data classes do not necessarily initialize any state of an object, especially when such classes have static members like Vector3::ZERO, which suggest that this is the default and best way to create a zero vector (like they do in Ogre).

Implementing win32-events with Boost

I’ve been trying to modify the Hydrax sources for a while. Hydrax is a great project that renders quite pretty water, but has some performance problems, the main of which being the fact that it renders the heightmap of the water using Perlin noise on the CPU, and does so synchronously. Ogre, which is the 3D-engine that Hydrax runs on, is already pretty single-threaded, which works out relatively well, but not when Hydrax adds the noise generation to the already bloated singlethreaded CPU-part of the Ogre render cycle.

So the basic idea was to take the heightmap-generation and put into another thread which will execute on another core while the main thread does the rest, including waiting for the GPU to render things. (Yep, that’s just how single-threaded a stock Ogre application is.)

Hydrax stores the height-map in a handy blob of vertex positions (also colloquially known as the vertex buffer), which is then just fed into the mesh class in it’s entirety every frame. This gave me a nice practical possibility to just have a secondary vertex buffer which would be updated in the background, so that the primary one will be free for usage by the mesh in the main thread (I didn’t have any control over how it’s used, nor wanted to dig into the details of that), and then the only place I would need to synchronize the threads would be the point of switching the primary vertex buffer to the secondary buffer which has been generated/updated in the background.
Read the rest of this entry »

SQLite in Groovy crash course

When creating a small Groovy project lately, I required a good data storage, and plain old text files seemed just too damn inflexible. Yet the project was very small and command-line based, and was supposed to be portable, so installing a full database engine seemed even more inflexible. It was great to find out that using SQLite in Groovy can really be perhaps even more simple than text files.

So here is a basic crash course, the code is so simple and plain that it speaks for itself:

First you will need the SQLite driver. The latest library for this I could find was the Xerial SQLiteJDBC. Based on my browsing around, this is the one that should be used nowadays (end of 2012) for SQLite in Java. But the usage is very simple: just download the .jar (mine was called sqlite-jdbc-3.7.2.jar) and add it to the project.

This .jar somehow magically contains native libraries for Windows, Mac OS X, Linux, and automatically knows when to use each, to get the best performance. If you are on another platform, it will use the pure Java implementation.

You can add the .jar to your project in any way you want, but I’ve found that for a cli groovy script, the easiest way is just to put it in the same folder as the script and add this in the beginning of the code:

this.getClass().classLoader.rootLoader.addURL(
    new File("sqlite-jdbc-3.7.2.jar").toURL())

That’s it, you are ready to use the SQLite features:

Initialize:

import groovy.sql.Sql
def sql = Sql.newInstance( 'jdbc:sqlite:databasefile.sqlite', 
  'org.sqlite.JDBC' )

Replace the “databasefile.sqlite” with whatever name you want.

Check if a table exists:

def metadata = sql.connection.getMetaData()
def tables = metadata.getTables(null, null, "tablename", null)
if (!tables.next()) {
    // table does not exist
} else {
    // table exists.
}

Run SQL:

sql.execute("CREATE TABLE  .......  ")

Select data:

sql.rows("select * from .....").each{
 println(it)
 }

Basically just the same syntax as the rest of SQL operations in Groovy.

Remember to backup :)

loading...
Your connection appears to be too slow, automatically disabling HeavyAjax (TM) for better performance...
You seem to run a browser without JavaScript support or it has been disabled. To fully experience Code Reactor please enable JavaScript. (It is not 1995 anymore :)
You seem to be using Internet Explorer. If you want to experience both Code Reactor and the rest of the web to their fullest and fastest, you are advised to download and install a real browser, like Opera, Firefox or Google Chrome.
Close
You seem not only to use Internet Explorer, which is by far a joke when it comes to browsers, but to even use an old version of it!
If you want to experience both Code Reactor and the rest of the web to their fullest and fastest, you are STRONGLY advised to download and install a real browser, like Opera, Firefox or Google Chrome.
Close