Robert Hahn

inspired by integration

I'm always interested in infrastructure that brings people together and facilitates communication. I'm currently exploring social software, markup & scripting languages, and abstract games.

Home | In This Site … | Google Thread
noted on Thu, 11 Sep 2003

Disclaimer & Legal Stuff.

I regret the necessity, but I’d like to point out the following:

Should you see any reference to any company, product, or service on these pages, please understand that these names may officially have trademarks, registered trademarks, or service marks after their name. If the particulars are important to you, please Google for this information. It is freely available, after all.

If you should happen to catch any factual errors, or feel it necessary to point out that I should refer to a product with a slightly different sequence of words[1], then a polite letter would endear me to honour your request a lot better than a barked command. Please remember that I’m maintaining this site for the love of it, not for profit, and I think we’ll get along just fine.

[1] for example, I once worked for a company who had Microsoft Canada as a client, and learned that if I had to refer to a product, I wouldn’t say “Windows”, but “the Microsoft® Windows® Operating System” for a first reference, followed by “the Windows Operating System” in later references on the same page. Many companies have a trademark policy document that describe the appropriate and inappropriate references to their products, so that any corporate communications is standardized. This is simply good business sense. And to the point that prompted this long footnote, this is the kind of change I’d be willing to make on request if it mattered.

noted on Wed, 10 Sep 2003

Site Maintenance

I just moved the contents of the archives, all logos and the “In This Site” menu to a separate page. Not sure if this triggers a refresh of the RSS streams, as I’m not in the habit of subscribing to my own site.

Sorry for the inconvenience, folks.

noted on Mon, 08 Sep 2003

The Invisible Friend

My wife gave our daughter a sticker she found while we were at the mall just as we got into our car to go home. Always delighted with such gifts, our daughter was very content to play with this for awhile.

But it was not long into our trip home when troubles arose. The announcement of “Sticker gone!” was what started it all.

“Gone? Well, what happened to it?” asked my wife.

“Stacey[1] took it!”

“Stacey??” My wife and I looked at each other in surprise. Stacey was our best friends’ kid. “But she’s not in the car!”

“Um... pretend Stacey took it!”

“Oh, that’s horrible!” I said. “Do you think Stacey will give it back?”

“Mmm-hmm!” our daughter agreed, with considerable enthusiasm.

“Did she give it back now?” I asked. I could tell nothing’s changed.


“Well, where is it?” I like asking the tough questions.

“Um, um...”

And I think it was at that point where the conversation kind of got derailed. But the story isn’t over yet.

The next day that our daughter had to get into the car, she discovered something in her car seat. We didn’t notice it before because it was quite dark when we got home. It was the sticker that Stacey took.

“Hey,” said my daughter, “Sticker back! Stacey brought sticker back, mommy!”

Good for Stacey. The pretend one.

[1] Names changed to protect the guilty.

Ah! Well, That's Very Different, Then

A month or two ago, we gave our daughter a present. It was a black doctor’s bag with lots of plastic toy doctor tools - stethoscope, blood pressure taker thingy (tell me what they’re called!), thermometer, reflex hammer, magnifying lens for ear/eye, scalpel, bandages, the works. It’s pretty cool.

She took to this toy like a duck to water, and loved to play doctor with us. She’ll also get us to play the doctor, probably because she wants a clue on how it’s done. Ever sensitive to the doctor-patient relationship, she always tells us that the tests she has to do won’t hurt, and that she’ll make it better.

One time, I was the patient, and I said I had a boo-boo on my arm, could she please fix it. So she goes through the battery of tests, most having nothing to do with diagnosing or fixing the problem I said I had, and decides that surgery on my leg is in order. So she gets out the scalpel and proceeds to start ‘cutting’ into me.

Reacting like any sane patient would, I cried out, “No! No! I don’t need surgery! Don’t cut into me!” To which she replied, “No, daddy! No hurt! Look: no point!” And indeed, the scalpel she had didn’t come to a point, but was rounded off.

noted on Thu, 04 Sep 2003

One Time Password Generation

Holy cow. I was just last night/this morning conceiving in my mind a web service for generating one time passwords (OTP’s) that anyone can use.

The way it would work is as follows: You need an OTP. You visit this site, which is running under https, and input a URI for what you want the password for. It generates a random number, or an MD5 of the URI combined with a random number, or something like that. Doesn’t matter. You take that generation, go to whatever resource that requires a one-time password (which may be connected to the internet, but not a web-based application), and input it along with the rest of your data.

That second site, upon receiving the password, contacts the OTPG (One Time Password Generator), and sends the random password. That server would only send an http status code (204 No Content, 401 Unauthorized , 403 Forbidden , and 404 Not Found status codes come to mind) as a response, and mark that random number as being ‘used’.

One scenario I can see this being immediately useful for is blogging by email - Once you get an OPT, you can embed it in an email containing a blog, and the script receiving and processing the mail can ping the OTPG server to ensure the mail is valid.

All that isn’t why I said “Holy cow.”

The reason why I said “Holy Cow” was because earlier today (relative to this post date), Sam Ruby started a discussion about what a nonce is - a topic particularly relevant to this application. And I’m glad he did, because he raised some concerns I hadn’t given thought to (yet). Like what happens when you DoS the password server.

One thing I like about my design is what happens if you’re being attacked, but aren’t at the point of collapse. Because I’m requiring a URI as part of the input, the number of possible OTP’s generated per URI remains the same, so as long as it’s giving out random strings, the damage is limited on a per-uri basis, and doesn’t pollute the entire range of values. I had given some thought to expiry, but not a lot. Sam has given me some ideas. I am going to go think on this one some more.

But I think this will work.

noted on Wed, 03 Sep 2003

Real Maps

Geoff Cohen apparently had things to say about the way maps are being drawn today.

Then he came up with this really cool idea about maps being more dynamic - for example, using technology, we can load up a map file, and illustrate where borders were at any time, or show border disputes, or show the location of friends.

Hmm... this sounds like a great problem to solve using SVG There are, of course, some challenges. Almost all of the good maps are copyrighted, and those copyrights are judiciously enforced. I seem to remember reading somewhere that the way they can tell you copied ‘their’ map is by deliberately introducing inaccuracies into the map in the first place!

Perhaps a good starting point would be to trace this image and get people to upload GPS coordinates for border points. Does anyone know where there’s a public-domain repository of political boundaries?

tall ship