XBox 360

Microsoft released the specifications of the XBox 360..
it is a beast..

With 3 CPU cores running on 3.2Ghz each with 2 hardware threads and 1 mb l2-cache each it is a powerhouse.

A remarkable feature of the XBox 360 is that it has got processor level support for MSIL (the bytecode used by .net applications).

The best thing of the XBox 360 is that it’ll be quite cheap (~150$), this probably lets the XBox360 deliver the most processor capability per dollar.

Maybe I’ll buy a few and make my own little linux server cluster with it, when the guys behind xbox-linux.org have added support for the XBox360 :-).

Music Fill Out Thingy

Zef handed me the music baton, meaning I got to fill out a form ’bout music. So well… here it is:

Total volume of music files on my computer
3.2 GB.. that isn’t a lot.. but in contrary to some with huge collections I do listen to them all.

The last CD I bought was
I got myself some albums of Children of Bodom recently. I`m trying to get the Lamentations DVD of Opeth.

Song playing right now
Opeth – Still Life – The Moor

Five songs I listen to a lot/mean a lot to me
I don’t really listen to a certain song a lot.. although recently I listened to these a bit more than the others:

– Opeth – The Drapery Falls
– Children of Bodom – Needled 24/7
– Nirvana – You Know You’re Right
– Opeth – Dirge for November
– Muse – Citizen Erased

Lets be creative and add another question:

Artists you like
Opeth, Children of Bodom, Nightwish, Nirvana, Linkin Park and last but not least Muse.

The five people where this meme will go on
Kaja Fumei
– Noud Aldenhoven
Gumuz
– you!
– (yes, i was out of idea`s)

Safe web authentication

The major problem with security of web applications is that the client sends the login name and password in plain text if https isn’t available. A nasty person with access to the network could use ARP poisening alongside packet sniffing to acquire the login, which wouldn’t really be desirable.

I stumbled accross a very interesting piece javascript which implements the md5 hash algorithm: http://pajhome.org.uk/crypt/md5/.

Using a hash makes it impossible to reverse engineer a password and makes authentication safer. An issue with this is that you only require the hash, not the password to get in. To prevent this the password should be salted before hashed.

Basicly a secure authentication via http would look like this:

Client sends request for login to server.
Server sends the login form which includes a login id and salt to the client.
Server stores the login id and salt it sent to the client.
Client sends the hash of the filled out password and received hash alongside the login id from the server to the server.
Server checks whether the hash of the password in the database and the received hash combined with the login id are valid.
Server sends whether authentication was a success.

Maybe I’ll implement an example application :-). In any case I hope that this will be employed.

Update, most authentication system used by webbased software are still vulnerable and would almost neglect the use of this by being able to hijack a session by just getting the session key. The client however could also implement javascript to use a similar method with a salt to protect the session key. The problem still is that it is extra overhead on the client and that not every client has got javascript enabled.

Assembly ‘programmers’ suck

Some programmers claim writing assembly is the solution to every single programming issue, for it would be great for being down to the basics, or it creates small programs, or even be fast. For all I care they are just trying to brag for not a lot of people know how to program in assembly and it is generally seen as difficult to do.

Programming in assembly is almost everytime a bad idea.

So first, what exactly is assembly?
Assembly is a text language with which you can write opcodes and arguments of machine code processed by the processor by hand. This gives you a very high amount of control of what the processor does. Whereas higher languages generate the machine code for you as they deem it to fit you can choose which machine code would fit.

Assembly isn’t difficult to learn. Assembly is very straight forward. It just is hard to program for you don’t have functions, you don’t have high level structures, you don’t have all the aid of a high level languages.

The reason programmers claim that assembly is superior is for with assembly you can write faster and smaller code. This is only partially true.

When you know all opcodes and tricks you can pull on all different architectures you can beat a compiler.. The problem here is that there are tens of architectures with totally different opcodes and even more subarchitectures with each a slightly different implementation and different performance characteristics of each opcode or way to do something.

So to truely beat a compiler which compiles one piece of code to assembly, you have to create for each different architecture a seperate piece of assembly source.

You’d also have to learn all the opcodes of one cpu, that aren’t just a few hundred which would suffice to get it working, but thousands which are required to get it working as fast as possible.

Compilers know all these extra opcodes and tricks for each architecture and would therefore a higher level programmer would do a better job on creating an executable than an experienced assembly programmer in the same amount of time. If the assembly programmer would want to beat the higher level programmer he would require not just 2 times more time but at least 10 times.

Also assembly isn’t very portable. If you want to change one little thing you got to change it for all optimalizations for all different processors. I haven’t seen a big application written in assembly. And that has got a reason.

Most programmers that claim to be able to write quick assembly don’t have got an idea how everything works exactly and are just thrilled that they made a little program work in assembly.

Assembly though can be usefull. An example is an arbitrary length integer class like GMP which uses optimized assembly for certain operations. It aren’t a lot of operations done in assembly, but it certainly has got a lot of assembly. And it is worth it.

Sticking with a good compiler and a high low level language like C is always the best option for good applications.

Gentoo Linux

3 days ago I came accross gentoo linux.

Gentoo Linux is a linux redist that provides you with a livecd from which you are able to build a whole new linux installation practicly from scratch.

Yes, that means compiling everything yourself.

Normally compiling means reading through tons of documentation, trying to find dependencies, trying to get stuff working, making tweaks, and reading again through tons of documentation, trying to find dependencies, hoping version won’t collide, and again, and again.

Luckily gentoo provides a very neat tool called portage.

Portage allows you to simply install for instance gnome by just typing:

emerge gnome

Portage will look up which dependencies are required, download them, configure them, compile them, and clean up garbage. The only thing you got to do is hang back and relax.

Portage also automaticly implements your preferenced optimalization settings to create the best possible build for every single application you compile.

Gentoo seems to have resulted in a lot faster linux installation, although there is one little issue, it takes time.. A lot of time…

Compiling gnome (with all dependencies) took about 8 hours…

Maybe gentoo will be the first linux to kick windows from my desktop :-).