Today I have various bits of edutainment for you. But first, Happy Birthday to my wee sister, who turned 21 today. Actually, yesterday. Well, technically, 2 days ago, depending on your timezone. Regardless - Happy Birthday, Sis’.

Ok, on to the entertainment. Well, it’s not really that entertaining, actually. But it is educational. Apparently the corporate behemoth that is Dove (you know, the soap people) have reformed their fetishizing-waiflike-bulemia-victim ways, and are now using “real girls” in their advertising. Or, at least, they’re willing to show you what the real girl looked like, before the makeup team and photoshop artists got at her:

I wasn’t particularly surprised by the make-up part, but the Photoshopping blew me away, and I’m a frickin’ professional computer graphics nerd. I’m well aware of the crazy photoshopping that goes on these days, like this Faith Hill “re-imagining”. But this video is insane. Did you see what they did to her NECK?!? Who has a neck like that?!? And then they give her bugged-out alien space-eyes!?! Freakish. It’s basically a caricature. I wonder why we don’t notice this kind of thing…

Ok, now on to the lowbrow humour. Below is the subject line of an e-mail that was forwarded to most of the departments at a certain university-which-will-not-be-named (senders have been hidden to protect the guilty):

AC pointed out that the slip may have been Freudian in nature, which hadn’t even occurred to me.

(Yes, I am making jokes at the expense of a dead man (well, tangentially, at least). Hear that scraping? It’s the bottom of the barrel…)

Finally, for your nerding pleasure, don’t you just hate it when you don’t have a fixed memory address containing jmp esp to point your buffer overflow attack at? I know I used to. But not anymore, because some ingenious hacker-type has come up with a solution - Temporal Return Addresses.

If you don’t know how a buffer overflow attack works, here’s the Coles notes - say you have some program with a function foo() that has a local array char bar[100]. Because the programmer is an idiot, the function contains a call like “strcpy(bar, line_from_a_file)”. So you create a file with a line that contains more than 100 characters, causing strcpy to write past the end of the array, overwriting the return address on the stack that foo() will jump back to when it is finished. Normally this causes the program to crash, because the return address was replaced with random garbage. But if you’re clever, you can craft a string that replaces the original return address with a new one - say somewhere else in memory that contains the assembly code to delete the hard drive, or give you administrator access. Voila, you’re a hacker.

But there’s one problem. You need to know the new return address, which is highly program-specific. The problem is that the addresses of memory buffers can change for all sorts of reasons, including people wising up and making them random, breaking this attack. Good, right? But those hackers are crafty. They’ve figured out that, really, you just need a fixed memory address that is constantly being incremented - like, say, a timer. Then you just wait until the bit pattern of the timer is the same as the assembly instruction you want to execute, then you (very quickly) point your return address there, and you’re golden.

Let me repeat that, for the kids in the back. The timer is an integer which is constantly incrementing. At certain times, the bit pattern of this integer is the same as the bit pattern of an instruction the attacker wants to execute. The buffer overflow attack can be executed at that exact moment - the attacker just has to be willing to wait.

But you’re safe, you say, because your source code is closed and nobody knows the addresses of your timer variables. Wrong again, because the crafty hackers have written a program which scans your program over time and automatically identifies addresses in memory that are constantly incrementing. Plus, on Windows it turns out that all processes have at least one timer that Windows makes for them. Wild.

If you’ve read this far but aren’t a programmer and don’t really understand, just trust me, this is a work of staggering fucking brilliance. And we totally lucked out, because most timers on computers count the date from 1970, and it turns out that for most of 2003, these timers contained a highly desirable bit pattern really, really often. Combined with all the worms that were running amok back then, and, well, it could have been messy.

(That’s the end of the science lesson - you may return to your facebook now…)

So, about 6 months ago I moved unknownroad.com to a new webhost, site5, because they had an awesome deal where I got 5 full sites (not just domain pointers) for $200 for 2 years. Which works out to about $5 a month, which I can cover with a bit of advertising. w00t. Anyway, one other bonus is that site5 has waaaaay better web statistics tracking. Which is awesome for me, because I’m a huge dork. Seriously, though, because I actually get a decent amount of traffic, it’s interesting to see the breakdown of some of the statistics (Well, “interesting” if you’re also a huge dork. If you’re a normal person, please be aware that you are now descending into hard-core nerdery. If that’s not your bag, lucky you. Just skip to the funny/horrific picture at the end of the post)

First, the OS wars. Linux on the desktop, eh? I’ll believe it when I see it. Even though 90% of my traffic is programmers looking for gdb tutorials (yes, gdb - as in, the linux debugger), most of them are using windows boxes. Ha! Also, AmigaOS and IRIX make strong showings, given that nobody has sold an Amiga or IRIX box for many, many years. Guess some people just can’t let go…

Next, the browser wars. I think Firefox has about 10% of the general “browser market”. Clearly, programmers are bigger fans. But I kind of thought Opera was more popular….

Finally, the search engines wars. Have been won. By Google. Thanks for coming out, Windows Live! MSN Live! Search Live!. But you lose.

I also discovered on my shapeshop3d.com logs that ShapeShop was downloaded over 4000 times this month. Last month? 300 times. So it was very exciting. Until I noticed that the average download size was 300 kb. ShapeShop 002 is about 5 megs. So, there were probably 300 actual downloads, and 4000 failed downloads (I just verified that this gives almost exactly the right average. Which only cements my “huge dork” assertion…). So, I have to wonder - who is this person that tried (and failed) to download ShapeShop 4000 times? Whoever it is - I like their persistence…

END NERDERY (for those skipping ahead)

Finally, something almost unbelievably fucked up. It used to be that only celebrities had their photos photochopped so that they looked thinner. But not anymore. Hewlett Packard has democratized vanity retouching, bringing it to the people. You too can now apply advanced “horizontal scaling” technology to “instantly appear more slender”. I am ashamed for the field of computer graphics…