Category Archives: miscellaneous

A mathematical digression

I need some help with a mathematical problem. A geometry problem to be specific.

Congratulations on reading this far. One of the features of Perfect Table Plan is the drawing of tables and seats on scale floor plans. The user can optionally specify how many seats and let the software calculate a sensible table size so that all the seats touch the table and their neighbouring seats. This saves the user time and produces tidy looking floor plans. Calculating the table size is trivial for square or rectangular tables. It is a bit more complicated for circular tables. But, after a bit of head scratching, I managed to work it out. Placing the seats around the circle is then trivial.

But my customers keep asking for oval (elliptical) tables, with that callous disregard customers have for how difficult a problem might be [1]. Here is the problem.

We have an ellipse E with axes A and B surrounded by N identical circles of diameter D. Each circle touches the ellipse and each of its 2 neighbours at one point, as shown above. Given N, D and the ratio A/B what is A? Given A, what is the angle THETA subtended by the centre of each circle to the centre of E?

I doubt there is an exact analytic solution to this problem. I have some vague ideas about how to tackle it. I can work out the approximate circumference C’ of an ellipse E’ that passes through the centre of all the seats (axes A+D and B+D) using the formula derived by Indian mathematical prodigy Ramunajan.

From this we should be able to work back to A. As N becomes large C’ will tend to N*D. For smaller N, C’ will diverge from N*D so we might have to use an iterative method[2] to calculate A, but we can use the approach above to get a starting value for A and then iterate numerically from there.

I am less sure about how to work out the angle THETA for each circle. But if we pre-compute the angles of, say, 100 equally spaced points around E we could use these to interpolate the position of N circles where N is <= 100. It might be OK to place the first circle at THETA=0 for all values of N>0, I’m not sure.

Several hours on Google didn’t turn up a solution. Surely I am not the only person to have tackled this problem in human history? Can anyone point me at a workable solution? Preferably with code.

Alternatively can somebody write me the code to solve the problem? Maybe there is someone out there with a mathematical background that would relish the challenge? I am prepared to pay for working code that I can use in PerfectTablePlan (a few hundred dollars, negotiable).

  1. To simplify things we can assume a fixed value of A/B, say 1.5 .
  2. It needs to work for N from 1 to 99.
  3. The solution doesn’t need to be exact, but it has to look OK to the human eye. No overlaps and no big gaps.
  4. Low values of N might need to set up as special cases. E.g. it isn’t possible to get all the circles to touch if N <=6 (and possibly higher values of N depending on A/B).
  5. The solution must be returned in a reasonable time, ideally under 0.001 seconds and definitely less than 0.01 seconds. It can store pre-computed values, e.g. in an array. But it mustn’t require excessive memory.
  6. The code needs to be in a form I can easily convert to C++. C, Java, BASIC or Python should be fine. Haskell not so much.
  7. Ideally it should come with a simple GUI that allows me to set the value of N and D and see the result visually.

If you want to be paid I need to be able to buy all rights to the code and it mustn’t be released into the public domain (i.e. don’t post the code on this blog). In the unlikely event I get more than one set of working code, I will pay for the best solution according to the above criteria. Contact me for more details.

[1] I love them all really.

[2] For example Newton-Rhapson.

**** UPDATE ****

See https://successfulsoftware.net/2008/08/25/a-mathematical-digression-revisited/ .

Lego

I loved Lego as a child. Now I have a two year old son I have a good excuse to play with it all over again. Below are some of things I have managed to construct out of Lego Duplo with his ‘help’ (building something out of Lego with a two year old reminds me of playing Tetris, only in 3 dimensions rather than 2).

What has this got to do with software? Not a lot. I am not even going to attempt a strained analogy with software design. But I figure nearly everyone interested in software also likes Lego, even if they haven’t played with it for a few decades. Am I wrong? Some of you might have preferred Meccano – but you are probably Perl programmers now. Serves you right.

Anyway, I am looking for some inspiration for future creations. A search on Google only turned stuff a bit out of my league or not very appropriate for a two year old (work safe). Have you (or your children) built anything good out of Lego (Duplo, classic, Technics, Mindstorms etc)? If so, please post a link to a photo in the comments below. Alternatively email them to me and I will add them for you.

I reserve the right to sneer at anything made by following instructions on a packet.

Photos & comments sent in:

Scott: “It may not be as involved as your creations, but my daughter absolutely loved this crane that I made.”

Bob: “I have many happy memories of building LEGO projects with my son who is now studying Computer Aided Product Design in college. He started out with bricks, then Technics, and then MindStorms. I think the LEGO people should be commended for having made some excellent products over the years.”

Stephen: “Like you, I also had Lego when I was a kid. Meccano, I did not have.
I could never afford too much Lego, so had to settle for one railway
engine and a really small amount of track to go with it. The things I
buy my nephews are much more involved. Quite a change.

Anyway, some tidbits of Lego info for you. The moulds for the bricks are
machined from tungsten carbide using diamond cutting bits and machines
the moulds to 1 millionth of an inch accuracy. My uncle’s company wrote
the CAD software that controlled the CAM machinery for this operation.
That info is I guess, now about 20 years old. I’ve no idea if they still
make them the same way, But apparently that is how they did it back then
(assuming my memory hasn’t tweaked any details). I was always told it
was 1 millionth of an inch but that may have been for explanation’s sake
and they may well have measured in microns, fractions of a millimeter. I
guess stepper motors are your friend for this type of job.

The bit I love is that the moulds are made out of something so
tough they have to use diamonds to cut them. And all for some
lightweight plastic bricks!”

Ebay bug?

A couple of weeks ago I received a rather expensive looking tie in the post. I hadn’t ordered it and there was no note or letter to say who it had come from. How very odd. As a microISV my work attire doesn’t get any more formal than a t-shirt and I don’t ‘do’ meetings. Perhaps a happy user of PerfectTablePlan had sent it in gratitude for saving them hours with post-it notes?

Then the books started appearing. First “Julius Caesar” by Shakespear. Shortly followed by “The life of charlemagne”, “Travels through France and Italy” and “In the shadows of vesuvius”. Then finally “The complete angler”. Perhaps I had a cyber-stalker? One with rather refined tastes.

I have been buying lego duplo for my son on Ebay. Maybe one of the sellers got confused and sent the wrong items? I did some digging around on EBay and found that one person had purchased all the above items on Ebay. I contacted him and the sellers to find out what was going on. The sellers all said they had sent the goods to my address, as provided by EBay. The buyer said that his EBay delivery address had mysteriously changed to my address. He has since paid me the postage and I have forwarded them on to his real address.

To the best of my knowledge the buyer and I have never had any dealings with each other, through EBay or otherwise. So it is unlikely that he mistakenly supplied my address to EBay. Also there is no incentive for him to have deliberately changed his address to mine. The only rational explanation I can come up with is that this mix-up was caused by an egregious bug in EBay. Perhaps the bugs at PayPal are spreading to it’s parent company? Has anyone else heard of similar EBay address mix-ups?

Is the Eurovision song contest rigged?

There has been a lot of moaning in the UK press that the Eurovision song contest is rigged. Specifically that countries are voting for each other in geographical blocs, with little regard for the merit of the songs. But are they? It is hard to see any patterns from looking at a table of voting results:

Eurovision 2008 voting

2008 results from Eurovision.tv, click to enlarge.

So I created a simple visualisation of the data[1], similar to one of the approaches I use in my table planner software, PerfectTablePlan. In this visualisation I draw a line from each country to the country that it gave the highest points to. The closer the country is geographically, the thicker and bluer the line.

Eurovision 2008 voting visualisation

Eurovision 2008 voting patterns. Click to enlarge.

Looking at the diagram, there does appear to be bloc voting going on in the Balkans, Scandinavia & the former Soviet Union. But what would the voting look like if there was no bloc voting? To find out I randomly swapped columns in the table. For example votes made by the UK I assigned to Belarus and votes made by San Marino[2] I assigned to the UK. So each finalist now has the same number of incoming votes, but from random countries. Assuming they are voting for the best (or least awful) song, not by geography, the results should look similar. The randomised version looks more, well, random.

randomised Eurovision 2008 voting patterns

Randomised Eurovision 2008 voting patterns. Click to enlarge.

These results are suggestive, but not conclusive. But If I put the last 3 year’s results together with their randomised versions, I think there is little doubt that geography is the key factor in determining Eurovision voting patterns. The actual voting patterns look remarkably similar year-on-year and the difference between the actual and randomised results are quite marked.

Eurovision voting patterns

Eurovision voting patterns, actual and randomised, for 2006, 2007 and 2008. Click to enlarge.

Maybe if the western European countries liked each other a bit more, the UK wouldn’t have come last this year? But I can’t really see Britain, Spain, France and Germany voting for each other any time soon. ;0)

Does it really matter whether Eurovision song contest voting is based on merit? It certainly won’t keep me awake at night. But I think it is a nice illustration of how you can use simple visualisation techniques (even something hacked together in a few hours) to turn raw data into usable information. The human brain has incredibly powerful visual processing hardware. Have you optimised your software to run on this platform?

[1] I wrote some throwaway code to generate these images in C++ and Qt over a few hours on a wet bank holiday Sunday. QA amounted to ‘that looks about right’.

[2] I’ve never heard of it either – but apparently it gets as many votes as the UK.

So what’s your excuse?

Double amputee sprinter Oscar Pistorius has finally been given the chance to qualify for the Olympics after the the IAAF’s ban on him competing against ‘able bodied’ sprinters was overturned. Oscar’s achievements in battling against his disabilities and a unsympathetic IAAF is an inspiration to everyone struggling to achieve their personal goals.

Chinese domain scam

I got this email yesterday:

Dear Sir

We received a formal application from a company who is called Meiao Investment Co.,Ltd are applying to register “ oryxdigital” as their domain name and Internet keyword in China and also in Asia on Apr 17 2008. During our auditing procedure we find out that the alleged Meiao Investment Co.,Ltd has no trade mark, brand nor patent even similar to that word. As authorized anti-cybersquatting organization we hereby suspect the alleged Meiao Investment Co.,Ltd to be a domain grabber. Hence we need you confirmation for two things,

First of all, whether this alleged Meiao Investment Co.,Ltd is your business partner or distributor in China.

Secondly, whether you are interested in registering these domains. (The alleged Meiao Investment Co.,Ltd will be entitled to obtain a domain not needed by original trademark owner.)

If you are not in charge of this please transfer this email to appropriate dept.

This is a letter for confirmation. If the mentioned third party is your business partner or distributor in China please DO NOT reply. We will automatically confirm application from your business partner after this audit procedure.

Bst Rgs

chenllychen

Registration Commissioner

Beijing HA ZD Networks Science and Technology Co., Ltd

Tel: +86-10-82772601

Fax: +86-10-82773610

Email:chenlly.chen@ha-zd.com

http://www.ha-zd.com.cn

Needless to say, it’s yet another scam. The “Meiao Investment Co” (if they even exist) have no interest in my domain. I am guessing the scammer just wants me to pay good money for a worthless .cn domain. Sigh. More details here.

Hopefully somebody Googling “Meiao Investment Co” or “ha-zd.com” will find this post and save themselves a few dollars.

Update 28-Oct-13: Christopher Hofman Laursen contacted me to say he has published a list of 200 Chinese domain name scammers at: scam.europeandomaincentre.com .

svp.co.uk

svp.pngIn the 10 months that I have been writing this blog I have pointed the finger at quite a few companies I consider to be giving less than great service. I would like to even that up a bit by recommending svp.co.uk [1]. SVP supply blank CDs, printer paper, printer cartridges and an ever increasing range of computer related consumables and other items at very good prices. Their service has also been consistently good in the several years that I have used them. If you are based in the UK, you should check them out.

[1] I have no financial interest in SVP. I am just a happy customer.

The great digital certificate ripoff?

digital certificateRipoff: A ripoff (or rip-off) is a bad deal. Usually it refers to an incident in which a person pays too much for something. A ripoff is distinguished from a scam in that a scam involves wrongdoing such as fraud. From Wikipedia.

Digitally signing your software allows you to show that you are the author of the software and that the application hasn’t been tampered with. If your software isn’t signed, Windows displays scary looking warnings when customers download it. So it makes a lot of sense to digitally sign your software if you are distributing it on Windows. So far so good.

Anyone can create their own digital signature, but Windows only ‘trusts’ signatures that have been created by certain third parties. While there are quite a few Microsoft root certificate program members, I am only aware of 3 that sell code signing (‘authenticode’) certificates. This is where it starts to get ugly. Here are their published prices per year:

Verisign: $499.00

Thawte: $299.00

Comodo: $119.95

That seems an awful lot considering that all they appear to do is check a document (e.g. a scan of your certificate of incorporation), check your whois record, multiply a couple of large prime numbers and then send you a certificate file. Much of this process is (or should be) automated. No wonder the founder of Thawte could afford to be one of the first space tourists.

Given that authenticode certificates from these three companies are functionally identical[1], as far as I can tell, why the price difference? It seems even more bizarre when you consider that Verisign now own Thawte. If you had the misfortune to sign up for the Microsoft ‘works with Vista’ program you could get a 1-year Verisign code signing certificate for $99. I doubt they were doing this at a loss, so how can they justify selling the exact same certificate for $499? I would guess that at least 99% of customers will never check who issued a certificate, so it can hardly be due to the power of the brand.

So why doesn’t someone just set up their own certificating authority, get approved by Microsoft, and undercut these 3 companies? Because their root certificate wouldn’t be installed on all the millions of PCs currently out there. It would be worthless until the vast majority of PCs had the new root certificate. What a fantastic lock-in!

The good news is that you can buy Comodo certificates for much more reasonable prices from these resellers:

Tucows: $75 [2]

KSoftware: $85 ($75 for ASP members)

Which rather begs the question – if resellers can make a profit at $75, why are Comodo charging $119? Because they can, I suppose. I emailed Verisign, Thawte and Comodo to ask about the disparities in price. I only received a reply from Comodo:

This [difference between their price and the reseller price] is simply due to Retail Vs Wholesale solutions we offer. Our Resellers commit to a specific program which enables discounted prices allowing them to make margins on the product as they see fit. Whether that be reduced prices, or make a cash profit from the sale.

All 3 companies have had major price hikes in the last few years. With so little competition, why wouldn’t they? So what is Microsoft’s role is in all of this? One would have thought that they would want to keep certificate prices low to encourage their wider adoption. I emailed Microsoft’s PR people to ask about pricing and whether they had any financial interest in Verisign. Here is the response:

1) Why does Microsoft “insist” on VeriSign certificates?

Microsoft Windows Quality Labs only recognizes files that are signed with a Verisign Class 3 Certificate of Authority (COA). Windows Quality Labs is evaluating recognizing other COA’s. There is a USD $399 offer for Class 3 COAs for those partners (IHVs, OEMS, ISVs) – who plan to submit solutions for Microsoft certification. More details are available at http://www.verisign.com/code-signing/msft-organizational-certificates/.

2) Does Microsoft have any comment to make on the disparity in price?

VeriSign also offers a USD $99 Organizational ID certificate. This provides authentication for organizations to Microsoft Windows Quality Labs, providing access to various services, such as creating submission IDs for products to undergo Microsoft testing. This certificate is not valid for signing drivers or executable files.

Information pertaining to Microsoft Investments can be located at the MSFT Investor Relations site, under Investments/Acquisitions: http://www.microsoft.com/msft/default.mspx.

Steve Bell, Senior Product Manager – Server Certification Programs, Windows Server

After a bit of surfing I found this page which says that Microsoft invested in Verisign in 1996. I don’t know how much they invested, but it certainly puts things in a rather different light. So Windows authenticode certificates are effectively controlled by just 2 companies, at least one of whom is part-owned by Microsoft[3]. Companies are in business to make profits, but it seems to me that these companies are using their effective monopoly to take advantage of the situation. I only see the situation getting worse as Windows displays ever more scary warnings for unsigned software. Perhaps this is something government regulators should be investigating. Let’s hope that Verisign don’t buy Comodo as well.

[1] Only Verisign certificates are recognised for some of the Microsoft certification programs, for example x64 Vista driver signing.

[2] You need to register with Tucows to login.

[3] Assuming they haven’t sold their Verisign stock. I am not aware that Microsoft owns any Comodo stock. I haven’t been able to find any further details by Googling.

Credit card fraud

mount seftonFraud can be a very big problem for online software vendors. Fraudsters can easily use throwaway email addresses that can’t be traced back to them (e.g. Hotmail) and IP addresses aren’t difficult to hide. Not only does the vendor lose the payment when the fraud is reported, they also often get hit with a chargeback fee. This is pretty outrageous when you think about it – the credit card companies are charging vendors for the fraudulent transactions that they themselves have failed to detect.

Thankfully I have had relatively few fraudulent transactions in the last 3 years of running my own business. However some more mainstream B2C businesses aren’t as lucky. Below are the experiences of one software vendor I have corresponded with [1]. It makes for scary reading. The vendor wishes to remain anonymous for understandable reasons.

I tracked one of our recent chargeback emails to a forum were they had been openly selling stolen credit card information for $2 each. If you do have a popular product that may be prone to chargebacks then it is a small nightmare unless you have a fraud system in place as there are 1000s of credit card info out there with full contact details. There is not a day goes by that we don’t get at least 3 stolen credit card purchase attempts.

We use WorldPay and they have a quick check on cv2 code and if the country, postal address and postcode match. But almost all of these purchases pass the simple fraud checks. You cannot even rely on IP checking as the fraudsters are pretty smart and use proxies, or even hijack PCs to make purchases from the same country the credit card is issued. PayPal is not quite as serious, but we do still receive quite a few hijacked account purchases also.

WorldPay fraud checking is next to useless. Even the ones they warn on are usually legitimate. They have recently released a new backend, but they have made the problem worse as they seem to warn if the IP address isn’t from the same country. The problem with that is we get a lot of sales that don’t match, from military based in different countries. Our whitelist used to let them go through automatically, but now we have to manually capture the payment.

The number of fraudulent purchases changes depending if you make a new release etc or if your software is hard to find an easy crack. It can be from 1% to 15% depending, as you may have a single user trying to hit you on certain days.

We were forced to make our own fraud checking system. At least we had all the information at hand as we make users sign up to our site before making a purchase and we log all activity from a user, but to get that information we had to lose many thousands of pounds in fees. Since implementing our own fraud check (as fraudsters do tend to use amazingly similar criteria each time) we have reduced it to on average 1-2 a week, which are almost impossible to catch.

I think the level of fraud has to do with the type of users we sell software to. They are the sort of people that know exactly where to find cracks/keygens. Our software does have pretty good protection and online activation, so it is not so easy to get an easy “working” crack/keygen for it. We also have large volume sales over the past few years, so we have more information than most developers would see.

The credit card companies can’t really lose, especially with “no card holder signature” sales. Chargebacks cost on average 15 Euros. I have even contacted the likes of PayPal telling them that sales are fraudulent, and quite a lot of times they do not care.

We get to see all our sales, I would hate to think what is happening at these merchant services like Regsoft etc. How many sales are being refused that may be legitimate? I tried paying a programmer once who accepted payments using Regnow from my PayPal account and they refused it. My account was verified and had been in good standing for many years. It wouldn’t have been so bad but the person I was paying did not have a clue it was refused.

So, if you have a successful consumer product that fraudsters might be interested in, be prepared to expend a significant amount of money and effort dealing with online fraud. And don’t expect the payment processors and credit card companies to give you much help. I guess the credit card companies don’t have much incentive to reduce fraud. As long as they can keep pushing the cost of fraud onto the vendors and the fraudsters don’t bring the whole system down, the credit card companies seem quite happy. Why wouldn’t they be?

[1] I have spliced together the contents of several emails and edited it for continuity and brevity.

Your harddrive *will* fail – it’s just a question of when

failed harddisksThere are a few certainties in life: death, taxes and harddisk failure. I have no less than 6 failed harddisks sitting here on my desk patiently awaiting their appointment with Mr Lump Hammer. 2 Seagates, 3 Maxtors and 1 Western Digital. This equates to roughly one disk failure per year. Perhaps this is not suprising given that I have about 9 working harddisks at the moment spread across various machines. Given the incredible tolerances to which harddisks are manfactured, perhaps it is a miracle harddisks work at all.

As an analogy, a magnetic head slider flying over a disk surface with a flying height of 25 nm with a relative speed of 20 meters/second is equivalent to an aircraft flying at a physical spacing of 0.2 µm at 900 kilometers/hour. This is what a disk drive experiences during its operation. –Magnetic Storage Systems Beyond 2000, George C. Hadjipanayis from Wikipedia

We all know we need to back-up our data. But it is a chore that often gets forgotten at the most critical periods. Here are my hints for preparing yourself for that inevitable ‘click of death’.

  • Buy an external USB/Firewire harddrive. 500GB drives are ridiculously cheap these days. Personally I don’t like back-up tapes due to experiences of them stretching and corrupting data.
  • Back-up images of the entire OS, not just the data. You can use Acronis TrueImage on Windows and SuperDuper on MacOSX. This can save you days restoring your entire development environment and applications from scratch.
  • Back-up individual files as well as entire OS images. You don’t want to have to restore a whole image to retrieve one critical file. Windows Vista and Mac OS X Leopard both have back-up applications built into the OS.
  • Use a separate machine to your development machine as source code server.
  • Use a RAID-1 (mirrored) disk on your main development machine[1]. It is worth noting that this actually doubles the likelihood of harddisk failure, but makes the likelihood of a catastrophic failure much lower. Keep an identical 3rd drive on hand to swap in when a drive fails.
  • Back-ups aren’t much use if they get incinerated along with your office in a fire, so store copies off-site. For example you can:
  • Make sure any off-site copies are securely encypted, for example using Axcrypt.
  • Automate your back-ups as far as possible. Computers are much better at the dull repetitive stuff.
  • Test restoring data once in a while. There is not much point backing up data only to find you can’t restore it when needed.

There are lots of applications for backing up individual files. So many in fact, that no-one has any hope of evaluating them all (marketing tip: don’t write another back-up application – really). I also worry that data stored in their various proprietary formats might not be accessible in future due to the vendor going out of business. I find the venerable DOS xcopy adequate for my needs. I run it in a scheduled Windows batch file to automatically synch file changes on to my usb harddrive (i:) every night. Here it is in all its glory:

XCOPY c:\data i:\data /d /i /s /v /f /y /g /EXCLUDE:exclude.txt

The exclude.txt file is used to exclude subversion folders and intermediate compiler files:

\.svn\
.obj
.ilk
.ncb
.pdb
.bak>

Which of the above do I do? Pretty much all of them actually. At least I try, I haven’t yet automated the offsite backup. This may seem rather excessive, but it paid dividends last month when gremlins went on the rampage here in the Oryx Digital office. I had 2 harddrive failures in 2 weeks. The power supply+harddisk+network card on my old XP development machine failed then, while I was in the process of moving everything to my new Vista development machine, one of the RAID-1 disks on the new machine failed.

Things didn’t go quite according to plan though. The new RAID-1 box wouldn’t boot from either harddisk. I have no idea why.

raid1Also the last couple of weekly Acronis image back-ups had failed and I hadn’t done anything about it. I had recent back-ups of all the important data, but I faced a day or more reinstalling all the apps I had installed since the last successful image. It took several hours on the phone to Dell technical support and much crawling around on the floor before I could I get the new RAID-1 box to boot off one harddisk. I was then able to rebuild RAID-1 using the spare harddisk I had on standby for such an eventuality. Nothing was lost, apart from my sense of humour.

Dell offered to replace the defective harddisk under warranty, but I declined on the grounds that there is far too much valuable information on this disk (source code, digital certificate keys, customer details etc) for me to entrust it to any third party. Especially given that Dell reserve the right to refurbish the harddisk and send it to someone else. What if they forgot to wipe it? My experiences with courier companies also haven’t given me great confidence that the disk would reach Dell. And I didn’t want to receive a reburbished disk as a replacement. It just isn’t worth relying on a refurb given how cheap new harddisks are. So the harddisk has joined the back of the growing queue to see Mr Lump Hammer.

The availability of cheap harddisks and cheap bandwidth means that it has never been easier to backup your systems. No more fiddling with mag tapes. Of course it is possible that your harddisk will work perfectly until it becomes obselete, but I think it would be very unwise to assume that this will be the case. Don’t say I didn’t warn you…

Further reading:

What’s your backup strategy? (the prolific and always worth reading Jeff Atwood beats me to the punch)

[1] RAID-1 is built in to some Intel motherboards and is available as a relatively inexpensive extra from Dell. You may have to ask for it though – it wasn’t listed as a standard configuration option when I purchased my Dell Dimension 9200.

[2] Since I wrote this article I installed the latest version of JungleDisk on my Vista box. On the 3 occasions I have tried to use it it hung Vista to the point where I had to I had to cut the power in order to reboot. I have now uninstalled it.