The November 2002 Blog
send me a comment

Gone For A While (Tuesday, Nov 26)
[ permalink ] [ e-mail your comments ]
Well, I'll be gone for almost 2 weeks, so I wanted to give you fair warning. I probably won't be blogging while I'm gone, because I'll be a little inaccessible. If you need to get your blog fix between now and when I come back, just stop by Ben's site -- he was talking nice about my man Neal Stephenson yesterday, so I know he's all right.

By the way, if any of you will be in Charlotte, North Carolina next week, come to the annual CLNUG IT Forum. I'm going to attend and see what I can learn, and it looks like they're going to have some good topics. Cheap, too (only $75 per person). And if you go, I'd be tickled if you tracked me down to say "hi"...I'm actually a nice guy in person. I'll be the one who looks like me.

Quantum Encryption, New Neal Stephenson Book (Monday, Nov 25)
[ permalink ] [ e-mail your comments ]
Here's something I clipped from the article list on Jake Howlett's "other" blog: an article on quantum encryption. Part of it struck me as funny. First, they have the quote:

"Regular businesses that oversee water, power -- so many things -- need to have more security so that people cannot break in and cause havoc,"

and then later in the article they say this:

"Quantum encryption gives absolute verification of whether a message has been intercepted because interception contaminates the signal," said Laura Koetzle, a security analyst at Forrester Research.

What I found ironic here is that if someone wants to "cause havoc" with a company that's using this brand of quantum encryption, all they have to do is constantly intercept the signals. Even though the attacker might not be able to decrypt the signals, if the company keeps getting "contaminated" signals, they're going to switch encryption methods. There's your havoc. Heck, the contamination may even make the signal impossible to decrypt...they never really say in the article.

And speaking of encryption, I was walking through the bookstore the other day, and I noticed that my favorite book in the whole world -- Cryptonomicon by Neal Stephenson -- is now in paperback (it was previously available in trade paperback, but not small paperback). When I took a closer look, I saw that it had an excerpt from Stephenson's soon-to-be-released book called "Quicksilver" at the end. If you're a big Neal Stephenson fan like I am, it's worth a trip to the local bookstore to read the excerpt.

If you're not a big Neal Stephenson fan, you should consider becoming one. There's a link to some of his online articles and writings at this site, and you can download the text of his essay about operating systems, the Microsoft monopoly, and why Linux is so cool here. Some of his books are on the science fiction side of things, but Cryptonomicon is just good, honest, geek fiction. Buy it, read it, love it.

SHA-1 Fix, Binary Conversions (Saturday, Nov 23)
[ permalink ] [ e-mail your comments ]
Okay, I've got 2 strikes against me on my algorithms. First I had to fix the Base64 script because of a typo, and now I had to fix the SHA-1 script because of unexpected functionality with the Val function (thanks to Richard Civil for telling me there was a problem). It shows that you guys are much better testers than I am.

Here's the deal: when you use Val to convert binary number strings that you haven't explicitly defined as Integer or Long (using a & or a % suffix), Notes automatically tries to decide whether it's an Integer value or a Long value before the conversion. In very specific cases, this will give you unexpected results. For example, the following script:

  Const bin1 = &B00000000000000001101010101010101
  Const bin2 = &B00000000000000001101010101010101&
  Print "bin1 = " & bin1 & "; bin2 = " & bin2

  bin3 = Val("&B00000000000000001101010101010101")
  bin4 = Val("&B00000000000000001101010101010101&")
  Print "bin3 = " & bin3 & "; bin4 = " & bin4

will give you this result:

  bin1 = -10923; bin2 = 54613
  bin3 = -10923; bin4 = 54613

For bin1 and bin3, because we didn't explicitly specify the variable type, Notes decided that it was a 16-bit Integer instead of a 32-bit Long because the first 16 bits are zeros. The problem is, the 17th bit (or the 16th, depending on which direction you're counting from) is a one, and for an Integer value that's the sign-bit. As a result, Notes thinks it's a negative Integer instead of a positive Long. You'll notice that explicitly assigning the binary number as a Long by using the "&" suffix will make Notes interpret the number like you want it to. The same thing is true for Hex values, too (try using &H0000FF00 and &H0000FF00& in the agent above).

So the problem with the SHA-1 routine was that the bin2dec function that converts binary strings to Long numbers wasn't designating the 32-bit binary strings as Longs, so if you happened to be converting a string that had 16 zeros followed by a one, then the strings were being incorrectly converted to negative Integers.

I think everything is fixed now, so if you downloaded the SHA-1 scripts before today, please re-download and try again. I guess I need to start versioning these things, so you'll know which bugs to expect.

Oh, and this is completely off the subject, but I just saw this on the news as I was typing: if you use a laptop, please watch where you put it.

Java HttpEcho, IBM DeveloperNet (Friday, Nov 22)
[ permalink ] [ e-mail your comments ]
Just in time for the weekend (you're on the computer all weekend too, aren't you?), here's a new bit of code for you: the Java HttpEcho program. It just listens on whatever port you tell it to listen on, and echos back whatever HTTP information (header and body, if any) you send to that port. I've been playing around with SOAP recently, and this has come in handy for seeing what the SOAP requests really look like when they hit the server.

If you need more stuff to look at while you're waiting for Monday to arrive, you should stop by the IBM DeveloperWorks site. They've got something for everyone: on the Java frontier, there's everything from understanding Java bytecode to a Tetris JavaBean. Fun, fun, fun.

SHA-1 Hash Function (Wednesday, Nov 20)
[ permalink ] [ e-mail your comments ]
Sorry about the short entry yesterday -- I was finishing everything up at around 1:00 AM (I won't bore you with details about why I happened to be up that late), and I just didn't have it in me to write anything. However, since I hadn't written any "real" entries in almost a week, I wanted to make sure you knew I was still thinking about ya.

I had a little more time on Tuesday night, so I posted a LotusScript implementation of the SHA-1 hash algorithm and made a minor update to the web server logging section of the Notes Tips page. I've also got some more C code to put out there, as soon as I get it cleaned up and a little more tested. And maybe some DSAPI and SOAP stuff, if I can ever make time to finish those pieces of code. And lots of other partially written chunks of code scattered over several of my computers.

I've probably got a few too many irons in the fire right now, but I suppose it's better too many than not enough. I just have to keep reminding myself to focus on one or two tasks at a time. I also have a family and a job and a life to think about, and those things are a wee bit more important than a silly website...

One other random comment, since I have a few minutes to write at the moment: as I was getting those pieces of C-code cleaned up for posting the other day, I was debating on whether or not to start hyping my site as offering "open source" software and code. After all, I've got plenty of pieces of freely available code for download on this site, and calling myself an open-source contributor seems like a cool thing to do. After a minor debate with myself, I decided against it. It felt too much like a buzzword (like saying my tools were "developer enablement initiatives" or something), and I wasn't sure if "open source" might imply more than just free source code. I don't know what, but I didn't feel like researching it at the time.

Of course, it's this very type of marketing non-initiative that will always keep my site from being popular with more than a handful of people. Well, I guess there are plenty of other reasons (including a severe lack of graphic design ability on my part), but that's just one more for the list.

New C Source Code (Tuesday, Nov 19)
[ permalink ] [ e-mail your comments ]
No time to blog right now. Just added C source code for wildcard match and Notes database listing functionality. Plenty of other things on the back burner. More later.

Funny Story (Friday, Nov 15)
[ permalink ] [ e-mail your comments ]
Well, I've had almost no time to work on the site over the past couple of days, but I hope I'll be able to put a few things together this weekend. I'm going to try to start posting some example code in C on a new tips page -- maybe that'll come together on Saturday or Sunday.

To keep this entry from being a total waste of your time, I'll offer you a link. Here's a page that's simply one man's story of his redneck neighbor; it's one of the funniest things I've ever read. I can probably appreciate it a little more than some because I grew up in Georgia (USA, not USSR), but I'm pretty sure that most people can find something in this story to laugh about.

Have a good weekend.

Using JSPs with Domino (Tuesday, Nov 12)
[ permalink ] [ e-mail your comments ]
I've been looking at some information on integrating a JSP engine with one of my Domino servers, because we may have to interface with another product that wants to use JSPs and talk SOAP. Websphere is an obvious choice, although it's really not the only one.

There's a DSAPI connector for Tomcat, which looks like the big contender. This series of articles from Workflow Studios looks like it might be a big help if I decide to go down that path (at the time of this writing, only part 1 of 3 is available). There's also this article on the Lotus website that's not nearly as in-depth, but it also talks about integrating GnuJSP as an alternate to Tomcat -- GnuJSP isn't nearly as feature-rich as Tomcat is, though.

If I end up going down any of these roads, I'll try to keep you posted.

(p.s. -- the previous month blogs have now been retrofitted with the new format...for better or for worse.)

Playing with the Blog Layout (Monday, Nov 11)
[ permalink ] [ e-mail your comments ]
I was playing around with the blog layout this past weekend, and this is what I came up with. I know, it's still not much to look at (if you haven't figured it out yet, I'm really terrible at graphic design), but it's got a few good benefits for you and for me.

First, the blog entry titles and the colored bar that visually separates the entries will allow you to more easily scan the monthly blogs for information. Second, I finally got around to defining a CSS class for the blog entry titles/headers, so it will be easier for me to update the design later on. Third, I'm now storing each day's blog entries as a separate document in a Notes database, which will make it a lot easier to manage everything on my end (before each month was a single document, not each day -- a short-term decision I made in order to bring the site up as quickly as possible when I first started out). And fourth, the titles and the separation of documents will allow me to set up an archive page like Ned Batchelder's, which I think is a nice concept.

Of course, I still have to pull all the previous month's blogs into the one-document-per-day format in order to complete my little project. I'll probably write an agent to parse everything out for me, to avoid at least some of the manual effort.

I often wonder why I spend so much time doing this sort of thing. Probably better not to think too much about that...

Speaking of spending time doing things, since you're spending yours looking at this site, I suppose I should offer you a link to something interesting, lest you get bored with my self-involved blog entries as of late (I'll try to work on that). How about this: for those of you thinking about saving a little money by staying at offsite hotels for this January's LotusSphere, you may want to avoid the Holiday Inn.

New API Sample: CapiErr (Sunday, Nov 10)
[ permalink ] [ e-mail your comments ]
I just compiled up the CapiErr.exe program from the C-API Toolkit samples directory and put it out there for you. All it does is allow you to enter an API error code (in either decimal or hex format), and it returns the error message associated with that code -- very simple, yet very handy. I was actually about to write a little program that performed that function, but some little voice in the back of my head told me that it already existed. So I looked, and it did.

For all you generous people who monitor the LDD Forum, you can now tell newbies to download and use this program when they get an RBOD or an error message on their client that just says "Error: 0x1234". Of course, with some of those people you'll still have to explain to them how to get to the site, and how to download a file, and how to unzip it, and how to put it in their Notes program directory, and how to find their Notes program directory...

Decoding LotusScript from DXL (Friday, Nov 8)
[ permalink ] [ e-mail your comments ]
I've been reading more and more references about DXL and the Lotus XML Toolkit recently, so I decided to make a contribution to the effort. I added a tip that includes a Java class I wrote that will decode the LotusScript items in a DXL document that contains agents and script libraries (if you've ever exported design elements using dxlexport, you'll understand the need).

I'll probably write a tip about how to understand the header information in some of the itemdata elements sometime in the future too, whenever I get a chance. It's not that hard to figure out once you understand where it's coming from.

On a totally unrelated subject, here's a pretty funny news bite I read on the wire today. The moral of the story? Never trust a sorcerer.

Fixing the Base64 Code (Wednesday, Nov 6)
[ permalink ] [ e-mail your comments ]
I got an e-mail from Ruediger Seiffert at, and he was having a problem with the Base64 scripts I put out there a few days ago. He would encode a word like "Paris", and it would come back as "PaRis". Turns out, there was a typo in the part of the code that encypts the fourth Base64 character, where the mask was &H1F instead of &H3F. I probably should have used a Const value for that mask instead of hard-coding it like that.

Sorry, that's probably getting a little geeky. Suffice to say that I fixed it and reposted the code, so if you downloaded it before today, please download it again.

That reminds me of an interesting quality of ASCII letters: if you take the ASCII value of a lowercase character and apply a mask of &HDF with a bitwise AND operation, you get the uppercase value of that character. If the character is already uppercase, it stays that way. I've always wondered if that was intentional on the part of the ASCII designers or just a nice coincidence.

Okay, I guess that was pretty geeky too...

Batching dllxlist (Tuesday, Nov 5)
[ permalink ] [ e-mail your comments ]
Here's a little DOS tip for you: I was using the dllxlist program to list the exportable functions of several DLLs in one of the directories on my computer, and I was wondering if there was an easy way to batch the process to run against all the DLLs at once. Turns out it's pretty easy. Just run this at the command prompt:

for %I in ( c:\mydir\*.dll ) do dllxlist %I >> c:\dllexp.txt

This will run the dllxlist program against each DLL in the c:\mydir directory, and send the output to the file c:\dllexp.txt. If you wanted a separate file for each DLL, you could also do something like:

for %I in ( c:\mydir\*.dll ) do dllxlist %I > %I.txt

Oh, and if you're going to run that command from a batch file, you'll need to specify the variable as %%I (with two percent signs instead of one), just because those are the batch file rules.

Electronic Voting (Monday, Nov 4)
[ permalink ] [ e-mail your comments ]
For those of you reading this from America, don't forget to vote tomorrow! And if you're anticipating loads of allegations of voting scandals, and grumbling quietly about how it would all be so much better if the voting were electronic, consider this quote from the May edition of Bruce Schneier's Crypto-Gram newsletter:

French company Vivendi held an electronic vote. Afterwards, there were stories that hackers tampered with the vote. Others said that the vote was legitimate. Now the courts are getting involved. This underscores the biggest problem with electronic voting: they're hackable, and there's no way to show that they weren't.

If you want some really in-depth analysis of the issues surrounding secure voting technology in general, there's a whole section on it in Bruce Schneier's fantastic book: Applied Cryptography.

Also on the subject of electronic voting, here's an older story about how Microsoft employees manipulated the results of an online poll between Java and .NET. Boy, if you can't trust Microsoft, who can you trust...?

Base64 in LotusScript (Friday, Nov 1)
[ permalink ] [ e-mail your comments ]
Only a little time for a short entry here at the beginning of a new month. I dug out an old bit of LotusScript I wrote that does Base64 encoding and decoding, and I stuck it with the LotusScript encryption stuff in the Notes Tips section of the site. If you've ever wondered how Base64 encryption works...well, here you go.

Also, thanks to Rod Whiteley for giving me a good answer about my recent post on LDD. That guy truly is a wealth of knowledge -- and I say that not because he answered my question, but because of the quality and volume of his past answers on that forum. He's posted some really cool information out there.