Some astute individual has probably told you at some point that Eskimos have dozens of words for “snow,” whereas English-speaking individuals only have one.

They lie! (Warning: link goes to a PDF file.)

Also on Wikipedia.

I found this today and thought it was kind of neat.  Many northeastern Indian tribes had names for each of the full moons every year.  Here is a list of the named moons for 2008.  First up is the Full Wolf Moon, next Tuesday.

Maybe everyone else has heard about this, but I never had so I thought I’d share.  It also seems like a great idea for an elementary school teacher to have a little party for the class for each of the moons, while teaching the kids about Indian culture.

Public service announcement

If a carbon monoxide detector goes off in your house, you are supposed to call the fire department immediately, and then go outside.  Do not ventilate the area or turn off appliances: the fire department will be there in about 30 seconds, and they are more likely to be able to identify the source that way.

I put this out here because it’s something I didn’t know.  So when I got home today and the carbon monoxide alarm was going off, I opened some windows, turned on a floor fan, and took Punky, my laptop, and a phone outside to try to figure out what was the problem and what I should do.  Now I knew that carbon monoxide was deadly, but I didn’t know you were supposed to call the fire department.  I figured it was something like a leaky pipe:  if you own the property you’re responsible for diagnosing and fixing the problem yourself.  Eventually I found a website that said to call the fire department.  So I called the fire department, and they were there before I could get the front door unlocked (literally!).  Of course, by this time I had ventilated the house for an hour, so they were unable to detect anything.

Anyway, I thought this was the kind of knowledge that I should pass along.  Because knowing is half the battle.

Update
It seems I may be an idiot, but this carbon monoxide detector’s UI is largely to blame.  Here is what it looks like:

There is one input, labeled both “Test” and “Silence.”  And there is one LED, with a label underneath saying “Move to fresh air.”  But that LED is always on to indicate that the device has power.  Maybe it flashes when there is an emergency?

Then there are the audible beeps, which must be counted.  One “chirp” per minute: replace battery.  Three “chirps” per minute: replace alarm.  Four beeps (no time limit specified): carbon monoxide alarm.  And this information is printed on the side of the device that is plugged into the wall.  I was getting one beep per minute, I think, which means to replace the batteries.  I assumed the slow beeping meant that CO levels were low, and that they might pick up when they reached deadly levels.  I couldn’t find the paper that came with the detector, and I was afraid that if I unplugged it that it might recalibrate itself upon being plugged in (like a joystick?).

For very little cost they could have used three LEDs: one to indicate low battery, one to indicate power, and one to indicate that carbon monoxide is present (maybe that one could flash and be a different color?).  Then the device wouldn’t need to output sound except in the event of an emergency.

In any case, this is still good information to have.

I started a list last week of completely random facts that I have learned in the last few months, for the express purpose of sharing them with you, my faithful blog readers.  Without further ado...

When a pilot lands a jet on an aircraft carrier, he does not put on the brakes.  In fact, he throttles his engines to full power.  The is because he might not catch one of the four wires which stop the jet, in which case he must be going fast enough to immediately take off again (otherwise he’d roll off the deck into the ocean).  When such an emergency take-off is required, the pilots call it “bolting.”  In the briefing room, the last pilot who bolted has a mark of shame on his seat (I believe this was a red towel or red jacket or something like that).  I saw this on some Discovery Channel program; I think it was an episode of “Really Big Things” about the USS George H. W. Bush.

When a woman goes to a doctor, no matter what the reason, they ask when her last period was.  I learned this when I went with Stephanie to the emergency room after she fell down the stairs and nearly broke her foot.  I believe she was asked the question at three different times (at check in, by a nurse, and by a doctor).  I failed to see what that had to do with her foot.  It was later explained that they need to know if there is any possibility that you are pregnant before they administer any drugs or take an X-ray or basically do anything.

Squirrels make noise.  That’s something I found out after Punky nearly caught one.  She chased it up a tree, where it turned around about ten feet from the ground and started making a noise that’s kind of hard to explain, somewhere between a high-pitched grunt and a low-pitched chirp.  I’m not sure what natural predator of the squirrel might be deterred by this noise.  Maybe some kind of bird?  Or bats maybe?

When a flag is raised to half-mast, according to US Flag Code, it should be raised all the way to the top, and then lowered to half mast.  When it is taken down, it should be raised to the top before lowering it again.  I had always assumed you just raised it halfway and stopped.  Also, probably the least-observed article in the flag code: “The flag should never be used for advertising purposes in any manner whatsoever.”

Now you can all feel more knowledgeable.

About a year or so ago I came across a link to this paper (warning: PDF file) in the comments to a blog.  I found it very interesting, and since reading it I’ve been able to recognize this phenomenon “in the wild” so often that I figured I should share.  I’ll warn you that the paper is a 14-page academic paper from the Journal of Personality and Social Psychology... and it reads like one.  After the first page or so it gets pretty tedious to read.

Even so, here’s the gist of it:  Often times, someone who is unskilled at something is unaware that they are unskilled, because they don’t have enough skill to evaluate their own skill.  If you ask students how they think they did on a math test after taking it, for example, the students who performed poorly will grossly overestimate their performance.  They usually have some idea that they didn’t perform well, but they aren’t good enough at math to realize just how badly they did.

I’ve seen this kind of thing happen a surprising number of times.  Like someone a few years ago that claimed to have a “heavy graphics background”, then showed me something he made in Flash that was a bumpy model of 3D text, with a glaring shading error on one edge.  I remember someone I went to high school with, who would typically say “I didn’t miss any questions on that test” after taking a test, which would have me worried because I thought I might have missed one or two.  Then we’d get the test back and he’d get a seventy-something.  But he never quite caught on that maybe he was judging his own performance poorly.

Long before reading about this behavior, I learned to distrust confident people.  Upon reading this paper, I realized why most advice you receive is bad:  most people who feel entitled to give advice are not at all qualified to do so.  The great irony is that for most people confidence is a desirable quality in a leader, misinterpreted as an indicator of competence.  You needn’t look far into the world of politics to find dozens of examples of this principle at work.

So to conclude, I ask that my readers (all ten of you) watch for examples of this in your life.  It happens way more often than you might expect.

maybe if we’re loud we’ll stay alive

Something I learned today: overloaded method resolution in Java is done at compile-time, not runtime.  Warning: if you have no idea what half the words in that sentence meant, then you probably don’t care about the rest of this post.

Let’s say Alice (who is in tons of hacking books for some reason) wrote this code:

1
2
3
4
5
6
7

public class Alice
{
  public static long roundToNearestFive(long n)
  {
    return Math.round(n / 5.0) * 5L;
  }
}

And let’s say Bob (who totally has a thing for Alice even though she says they are just friends) wrote this code:

1
2
3
4
5
6
7

public class Bob
{
  public static void main(String[] args)
  {
    System.out.println(Alice.roundToNearestFive(12.7);
  }
}

When Bob runs his code it will print 10, since 12.7 will be silently converted to an integer (12) to be passed into roundToNearestFive(), and 12 is closer to 10 than to 15.  Bob could call roundToNearestFive( Math.round(12.7)) to fix this, but that is annoying because now he has to first round his floating-point numbers before passing them into a rounding function.  So Bob asks Alice to provide a fix, and she adds a version of the function which takes a floating-point number:

1
2
3
4
5
6
7
8
9
10
11

public class Alice
{
  public static long roundToNearestFive(long n)
  {
    return Math.round(n / 5.0) * 5L;
  }
  public static long roundToNearestFive(double d)
  {
    return Math.round(d / 5.0) * 5L;
  }
}

She sends a new .jar file to Bob with the change, and he runs his code again, expecting it to now output 15.  But it still prints 10.

The problem is that when Bob compiled his code, there was no roundToNearestFive(double) function available.  So the compiler generated bytecode that looked something like Parent.roundToNearestFive( (long)12.7).  So even when he runs with Alice’s new code in place, the bytecode is still forced to call the integer version of the function.  The only solution for Bob is to recompile his code against the new .jar file sent from Alice.

For further reference, here is the spec for binary compatibility in Java.  And here is more information about Alice and Bob.

Just a word of caution for the world:  if your installation of Windows XP is, shall we say, less than legal, and you get a popup while using Windows Media Player that says there is a security update to be installed... DO NOT INSTALL IT.  Although they don’t tell you this, the “security update” is actually Windows Media Player 11.  After you have installed WMP11, you will have to verify your Windows installation to use it (sure, they could have just as easily checked this beforehand, but that would be nice).  And if you have System Restore turned off (and what self-respecting geek doesn’t?), you won’t be able to go back to version 10.

I understand that a person who is using the software illegally has little room to claim that Microsoft is wronging him by doing this.  However, the method is pretty underhanded—they claim there is a security update, which is the one thing that Microsoft has said they won’t require Windows validation for, and something that they’ve been trying for the last six years to teach everyone to do automatically.  Not cool, Microsoft.  Not cool.

A word of advice for the next time you go furniture shopping:  check your pockets frequently, to make sure nothing has fallen out while testing out a recliner or couch or reclining couch.

I learned that the hard way last weekend at Hickory Furniture Mart, which is kind of like a mall, except it only has furniture stores in it.  After I got home and realized I didn’t have my cell phone, I had to go back and look through dozens of stores.  After spending the better part of an hour searching, I found it buried deep within the cushions of a recliner.  The lady in the store said that this happens a lot.  So... don’t let it happen to you...

Here is a database query that has a potentially huge problem:

1

select * from users where username = '$username' and password = '$password'

If you’re not a programmer, bear with me, I’m sure you can still follow the problem here.  In the line above, $username contains the value the user gave for their username, and $password contains the value given for their password.  Let’s say my username is “kip” and my password is “12345”.  That gives us:

1

select * from users where username = 'kip' and password = '12345'

So far so good, a database can execute that just fine.  But what if my password is “My dog’s name is spot”?  That gives us this:

1

select * from users where username = 'kip' and password = 'My dog's name is spot'

See the problem?  The database will think the password is just “My dog”, since there is a single-quote in the password.  It will additionally not know how to handle the rest of the statement and probably return an error, preventing the user from ever logging in.

Nothing I’ve said here of this should be news to a programmer.  In introductory programming courses, students are often asked to write a program where the user is asked for input (let’s say, a number from 1-10), and the program must not fail if the user enters something entirely different (let’s say, “judicious”).  What is happening in my example is in no way fundamentally different.

If you’re thinking to yourself, “Hey Kip... you’re not writing this post because you just figured this out... are you?”, rest assured that I am not.  I am writing this because (a) I like to pretend that my blog has more than a dozen readers; and (b) because I have seen several sites discussing this type of bug lately.  The implication is that many programmers—presumably the paid, professional types (not just amateurs)—would put user input inside single-quotes without entertaining the possibility that the user might enter text with single quotes in it.  It seems like one of those things that you shouldn’t need to be taught—you should logically know to validate user input, even if you have never received formal training in programming.

Thus far, I haven’t even talked about the security hole caused by this code:  someone could intentionally use a single-quote in their password to exploit this bad code.  For just one of many examples, giving a password of “‘ or ‘abc’ = ‘abc” will let you into any existing user’s account (this is called SQL Injection).  I can understand why a programmer might not see that security hole immediately.  But the security hole is just an abuse of a bug that a logical human being should have seen in the first place.

</soapbox>

I don’t consider yesterday’s post to be a real post, just a few questions for the world.  Feel free to keep responding to it, but I’m going to go on with a more typical post.

So my grandfather does not wear a seat belt in a vehicle.  This is something that drives me crazy.  When my dad was driving the van from Oak Island down to Myrtle Beach one day during our vacation, my grandfather was in the passenger seat with no seat belt, while we were going down Highway 17 at 60+ miles per hour.  I’m not sure why he does this.  I’ve been told something about needing to be able to get out of the car if there is an accident.  I’m not really sure if that’s true or not though.  But then I got to thinking—why is it illegal to not wear a seat belt?  I mean, the government can require that cars have seat belts, and it can make sure that people are educated about them.  Buy why is it the government’s responsibility to make sure that we use them?  If I don’t use a seat belt, I am not harming anyone else.  I mean, there is no law requiring that I eat three servings of fruits and vegetables a day, although that probably has a similar statistical effect on my life expectancy.  All that being said, I still don’t understand why anyone would opt to not use a seat belt, and I would probably use much harsher words to describe such a person were I not closely related to one.

I just learned something about human behavior while exploring this topic:  there is a phenomenon called risk compensation, which was “discovered” when researchers were trying to figure out why laws requiring seat belts to be worn didn’t reduce the injury or fatality rates from traffic accidents.  It seems that if you give people a safety feature—say, seat belts, air bags, or anti-lock breaks—they will drive more recklessly, so that the level of risk stays more or less the same.  So my grandfather being in the passenger seat without a seat belt may have made the rest of my family safer, by causing my dad to drive more cautiously.  And it may actually be true that you drive better after one or two beers, because you are being extra careful.  However, I wouldn’t recommend explaining that to a police officer.

Stick shifts and safety belts, bucket seats have all got to go
When I’m driving in my car, it makes my baby seem so far