BUFORD, Ga. - Two off-duty officers from different police departments wounded each other in a gun fight in the middle of a road in an Atlanta suburb, authorities said.

Both officers suffered non-life-threatening wounds, police said. Their conditions were not immediately known on Saturday.

Officer Jay Daily, a five-year veteran of the Duluth Police Department, exchanged multiple gunshots with Fulton County officer Paul Phillips on Friday afternoon, police said.

"It's an embarrassment to this agency."

To serve and protect... Classic.

Ga. police officers shoot each other

Dilbert shares my hobby

Microsoft has made an unsolicited $44.6 billion bid for Yahoo. The bid, which would consist of cash and Microsoft stock, values Yahoo shares at $31 a share, a 62% premium on Thursdays closing price.

Microsoft + Yahoo = a stronger competitor to the Google borg.

Microsoft Offers $44.6 Billion To Acquire Yahoo

It seems that a group of artists have celebrated 1-31-07 in their own way and have created a series of political themed LED art sculptures and (you guessed it) placed them all over Boston. Pictured here, Bush & Bin Laden...

I have a friend that goes the Berklee School of Music in Boston. He gave me a first hand account of the bullshit the scared sheep caused there 1 year ago. I thank the artists for the mockery.

THIS IS NOT A BOMB ITS JUST FOR THE LULZ

A team of Russian hackers have found a way to read the CAPTCHA with 35% accuracy. Let there be no mistake: the CAPTCHA that Yahoo! deploys is believed one of the most difficult CAPTCHA's to crack. It utilizes bended alpha numeric characters and other features you might expect from a strong CAPTCHA, and still it's easy to solve by humans.

Impressive Russian hackers... Only failing roughly 2 out of 3 tries. The Russian hackers went on to say:

The CAPTCHA has a vulnerability we'll discuss later. It's not necessary to achieve high degree of accuracy when designing automated recognition software. The accuracy of 15% is enough when attacker is able to run 100,000 tries per day, taking into the consideration the price of not automated recognition – one cent per one CAPTCHA.

Why can they get away with 100,000 tries per day?!?! That statement made me think that Yahoo's CAPTCHA sounds like a good candidate for the incremental delay anti-bruteforcing technique. In short, the incremental delay could decrease the number of successful attacks by delaying the response time from a failed automated attack.

After the first failed login attempt, for example, the response would be delayed by one second. After the second failed attempt, the response would be delayed by two seconds, and so on. A one-, two-, or even six-second delay is probably not going to bother a human user too seriously. Certainly he will find it less irritating than having to wait 30 minutes for his account to reactivate because he accidentally left his caps lock key on. On the other hand, an incrementing delay can completely defeat an automated tool being used for a brute force attack. Assuming the tool could normally make ten requests per second, the time it would take to make one thousand requests would jump from two minutes to five days. This pretty much renders the brute force attack tool useless.

If only to prevent Russian spammers from creating less bogus Yahoo email accounts to SPAM from; do you think incremental delay would help Yahoo?

Yahoo! CAPTCHA Cracked.

Ever read a book (required or otherwise) and upon finishing it thought to yourself, "Wow. That was terrible. I totally feel dumber after reading that."? I know I have. Well, like any good scientist, I decided to see how well my personal experience matches reality. How might one do this?

Well, here's one idea.

1. Get a friend of yours to download, using Facebook, the ten most popular books at every college (manually -- as not to violate Facebook's ToS). These ten books are indicative of the overall intellectual milieu of that college.
2. Download the average SAT/ACT score for students attending every college.
3. Presto! We have a correlation between books and dumbitude (smartitude too)!

Books <=> Colleges <=> Average SAT Scores

4. Plot the average SAT of each book, discarding books with too few samples to have a reliable average.
5. Post the results on your website, pondering what the Internet will think of it.

The best parts of conversations with Virgil is that occasionally you pick up on subtle jokes. Other times they completely fly by you and Virgil has to come out and tell you what your missing:

Legions of Literature majors harangued about Lolita's categorization as "Erotica" instead of "Classics". Fine. I've already updated the entry and rankings. Tomorrow I'll make a new version of the images with Lolita in "Classics". You all lack any sense of humor.

Booksthatmakeyoudumb

creepiness of your Maid Cafes

Japan: 1 win and 1 loss

When I wrote the ASP.NET book I pretty much lived in Reflector 24/7 to figure out all the gory implementation details. Back then it would have been great to be able to simply set breakpoints in some of the low level classes like HttpRuntime or modules.

Fortunately this is now possible, here's a quick walkthrough:

* Set up your Visual Studio to work with the new .NET symbols. Also have a look at the various symbol loading options you have.
* Open an ASP.NET app
* Set a breakpoint somewhere in your code (e.g. in a Page_Load)
* Let the debugger hit the breakpoint
* Open the call stack window and navigate up the stack, e.g. to HttpRuntime.ProcessRequest or Page.ProcessRequest
* Set a breakpoint (use HttpRuntime.Init or the (c)ctor to step through the whole initialization process)
* Right click the breakpoint, select location and check the "Allow the source code to be different from the original version" option.
* Debug again. The debugger should now hit the breakpoint in the ASP.NET infrastructure class
* Depending on how early in processing you set the breakpoint, you may have to recycle the AppDomain to start over. Simply make a change to web.config and save to trigger recycling.

This is a reminder for me to try again at getting ASP.NET Regex Validators to fail. I tried a few months ago while waiting at the airport for my connecting flight. Other than making the Regex.Match thread hang with backtracking I was unable to make the regex validator fail.

I was only poking around with Reflector before, but thanks to Dominick Baier for reminding me that I can now hook a debugger to the code I previously couldn't.

ASP.NET Internals Spelunking

Wouldn't it be great if there was a way to combine drinking from a bottle with drinking from an unusual, high quality glass? Well, guess what? There is!

There, the crevasse, fill it, with your mighty juice!

Beer Bottle Goblets

The wind blows the blossoms in the garden. The monk breathes in. The air is crisp; the world is good. The only thing missing is some tea. Alas, the tea tree branches are too high and the mountain face is too steep. He stops in thought. His monkey, however, knowing his master wants tea, climbs the mountain face, picks the leaves, and brings them to the monk. And the tea was so delicious, other people began training their monkeys to pick it. So the legend goes.

After searching across four continents, we found this unbelievable tea. The lovely folks who package the tea for us say:

Nowadays the practice of monkeys picking tea has all but died out, except in one small remote village where they still continue this remarkable tradition. No monkeys are harmed or mistreated in order for us to bring this rare brew to you!

And boy are we glad we found it. The legendary flavor is something that can only be tasted to be believed. Monkey Picked Tea is truly in a class by itself. Full of antioxidants, this tea will calm your soul, temper your spirit, and put you in divine touch with your monkey ancestors.

Each package is 57g (about 2oz) of the finest loose tea you'll ever taste. Each bag makes approx. 28 servings of tea.

I've had hand picked tea which I'm assuming was picked by child slaves. It is good to see monkey slaves being used for a change...

Monkey Picked Tea