My Best Teaching Is One-on-One


Of course, I team teach and do special lessons, etc.


But my best work in the classroom is after the lesson is over --
going one-on-one,
helping individual students with their assignments.


It's kind of like with computer programs, walking the client through hands-on.
The job isn't really done until the customer is using the program.


Sunday, December 10, 2017

Saturday, December 9, 2017

New Book -- Love Undefined (Anthology)

The LDS Beta Readers group that I've been participating in lately has released several anthologies of short-short stories written by members.

The most recent is called Love Undefined. (No, I haven't got a story in it.)

If you are interested in Mormon versions of condensed sweet romances where the girl gets her guy, these tales will be interesting.

And if you enjoy clean, short romances of love, with a hint of O. Henry-esque twist, you'll enjoy them:

* A blood-sucking immortal night-flyer finds repentance, family, and salvation.

* A teenage girl in a clan of were-creatures finds that love is more than a prop for her ego and salve to her wounded pride, when an enemy saves her life.

* Two journals record two series of dreams running in parallel in reverse.

* Christian traditions and symbolism bring a soldier back to life twice under an alien sun.

* A single woman finds love looking through her list of old flames and crushes.

* Two tartaned warriors find a way to end the bloody conflict between their clans.

* A pimpled musical prodigy finds a blind fan for her music, who inspires her to excel.

* A soldier cruelly disfigured by war wins more than friendship with the congregation's chorister.

* An inhabitant of a cold, gray and blue world unwisely leaves the protection of her world and her pack, and goes through a magic portal to a bright, vibrantly colorful, and too warm world, only to discover she can't return in her new human form. But she finds a place in her new world with her new human friend.

* A mail-order bride escaping a brothel on a slum planet finds two kinds of welcome when she arrives at her new home under two suns.

* When the reasons for a father's odd arrangement for his son to spend summers with the widow and daughter of his father's deceased business partner become clear, he rebels against the arrangement so she can have her freedom.

* And a couple celebrates their feelings for each other with a dinner and a surprise diamond ring.

Twelve authors, twelve excellent stories. Judging from activity in the group, at least some of these will turn into sneak previews for coming novels. I kind of hope they all do.

In the meantime, the anthology is available on Amazon, or direct if you know a member of the group.

Thursday, October 12, 2017

Learning a Foreign Language 外国言語を学ぶには

I had a chat about teaching foreign languages with a potential employer recently. Regretfully, it was not very productive.

Her idea of teaching foreign languages consists of subjecting students to two classes of activity:

Input and output.

At the risk of being rude, this sort of approach treats the student as a machine.

I guess the theory is that you shove a lot of input in, and the human machine (in self defense, maybe?) naturally begins trying to make sense of it. The sense it makes of the information you input would be the first step.

Then you give the human machine a chance to output what it has learned, and you give the machine feedback. The machine supposedly uses the feedback to correct what it has learned.

I'll admit that this is a partially valid view of part of the process. But it's fatally flawed because it is incomplete.

Many humans do not naturally try to make sense of all information they are given. Information that is not deemed important tends to get filtered out. You cannot overcome this filter by sheer charismatic force, and, when you try to do so, you end up creating learning blocks instead of learning.

Teaching is a communication process. It is not one-way, it is two-way.

There are four essential elements of learning a foreign language.

1: Courage, determination, perseverence, and desire;

2: Willingness to make mistakes;

3:  Developing learning strategies;

4: And acquisition of the target language itself.

The first element is obvious not something you can force on a student. If the student sees the teacher mindlessly repeating (for example) a set of flash cards, she might believe there is a reason, or she might believe the teacher is crazy.

Babies have to assume the people around them are doing something meaningful, but they usually don't see people mindlessly rifling through a set of flash cards. They usually see see older children and adults communicating, and the communication they observe is rich with clues.

Students learning a second language are no longer in the do-or-die mode (hopefully). But they still need to see people doing things that make sense in the target language. Mindless repetition is, by definition, not going to be an activity rich in meaning.

There is a theory that assumes immersing the student in a target-language environment. In the extreme implementation, there is no mother tongue help at all. Such help is considered a hindrance to the object of forcing the student to acquire acquisition skills.

It does produce results. Children learn patterned responses, but they don't, except for a few who start out with language acquisition skills, acquire real meaning with the patterns. Without the meaning, the language lessons quickly become little more than a pattern game, like those Simon Says electronic toys: beep-beep-beep gets beep-beep-beep.

But that's in the best case. In the worst case, the students just get discouraged, frustrated, angry, and finally lose whatever motivation they might have had.

What determines whether the students start learning the pattern game or just lose motivation? Nothing more or less than personal chemistry with the teacher.

However, in the language immersion environment, even a little bit of the mother tongue can help untangle this web of de-motivation. And it can also help break through the pattern game.

(Really, any extreme idealism in education can't be good.)

More important than the clues, appropriate use of the mother tongue can be used to encourage the students.

The second element is a purely personal thing, but without it no student is going anywhere very fast.

No one starts with perfect understanding, so everyone makes mistakes. The learning environment has to be somewhat forgiving of mistakes. Not too forgiving, because students need feedback, but somewhat forgiving. Otherwise, mistakes pile up and get in the way of learning. (And when they pile up too much, students get stressed out and maybe even commit suicide.)

Learning strategies, the third element are far more important than teaching strategies. If you ask why, I'll remind you. Learning takes place within the student, not the teacher.

How does a teacher teach learning strategies?

Every teaching strategy you use demonstrates a learning strategy to the student. So you want to use lots of different teaching strategies.

But, even better, letting the students see the teacher in the process of learning something demonstrates learning strategy directly.

What is teaching?

It's one half of a process where information is passed from one person to another. Together with learning, education is simply one form of communication.

Or, rather, communication and education are basically the same thing, with a slightly different emphasis.

The most important teaching strategy and the most important learning strategy are both communication.

When you communicate with the student, you are teaching. When you do not communicate, you are not teaching.

Finally, we get to acquisition.

And if you are paying attention, you will see that I have said something Terrible. Awful. Horrible.

A teacher who does not know the target language, but is willing to learn with the students, can, in fact, lead a clsss in learning the target language.


That pile of 500 flash cards is just another tool, a potentially useful secondary tool.

That list of three thousand key vocabulary words is just another tool, a potentially useful secondary tool.

That book of eighty grammar principles is just another tool, a potentially useful secondary tool.

Tests are just another tool, a potentially useful secondary tool.

One of the primary tools are books in the target language, and a teacher willing to read with the students. Note that I say, "with" more than "to".

Another primary tool is a teacher willing to communicate, even if he or she has to give in and use the student's mother tongue sometimes to do so.

Other useful secondary tools?


Hangman or draw-the-flower, and other spelling games;

Word Bingo and other games that allow students to speak and listen to vocabulary;

AGO and Go Fish and other games that allow students to speak and listen to phrases and sentences;


Role-playing, pair practice, and skits (including English Rakugo) can also help, especially if they are made fun.

Why fun? Because things that are fun have meaning, and things that have no meaning are not fun. It helps bring meaning to lessons, and it is the meaning in the lesson that helps students learn.

Along with the flash cards, writing practice, vocabulary matching, pair practice, etc., use games. They aren't just sugar to help the medicine go down.

Wednesday, October 11, 2017

Basshook Revisited

Okay, so, in spite of a certain rant three years ago, I am on Facebook, now.

It has significantly improved, I think. Or maybe the avalanche that hit me on attempted signup three years ago was due to my path in.

It's still not half what it ought to be. No, it's well less than that. Social networking is thoroughly hamstrung by the underlying profit motivation. We shouldn't have to write all our social activities on a business ledger.

Why did I join Facebook? Lots of people at church are using it. It is a bit more convenient than e-mail for certain kinds of contact.

Also, I'm beginning to suspect that I should quit trying to put someone else between myself and the student and just open up my own English/eikaiwa school. SNS will help with that.

Bonus -- I found the LDS authors Facebook group, LDS Beta Readers. Look them up if you're on FB  and are interested.

Monday, October 9, 2017

New Book -- Grace from the Fall by Mike Mabe

An authors' group I have been participating in recently was invited to review a new book by Mike Mabe called Grace from the Fall. When I saw the title, I half-expected it to be a light young adult or teenage romance about a girl named Grace getting over some social embarrassment. I'm sure that had something to do with the predominance of light teenage/YA romance being written by members of the group. :-)

The title, being an inversion of the over-used title (and philosophical term), "Fall from Grace", interested me, so I read the blurb.

Teenage/YA, yes.

Light? Prison is not expected to be a light topic, although the movie, We Are Not Angels is not extremely deep.

Romance? This book could almost be classed as roman à clef.

But grace is definitely not a young woman in this story.

So now you know how I got interested in the book. I checked my schedule and thought I could squeeze in two reads and a review, so I signed up and got an advanced readers' copy.

Starting into the book was a little rough for me. I kept looking for a girl named Grace, and the writing style is definitely on the younger end of the generation gap. :-/

And the opening scene is a painful one, the start of a foot race. (Track was anything but my forté.) But something in the writing kept my attention, and Mike's description of sports from the point of view of a de-motivated youth is accurate, and not excessively painful.

I didn't put it down until the next morning.

About a week later, it held my attention just as well for the second read. (I did put it down twice, for work and to eat.)

The blurb pretty much tells you what is there -- Mike gives a very readable account of how his fall gave him the opportunity to feel and accept the Lord's grace in his life, which opportunity he had somehow been missing on his way through high school. And he shows us a sympathetic view of the people who find their way into prison without romanticizing prison or crime culture.

This is a book that should enlighten the national discussion on crime, prisons, and recidivism. I recommend it, if you have even a passing interest in the subject, and perhaps the more if you don't.

You can find it on Amazon by searching their books for "Mike Mabe Grace from the Fall", or even searching the web for the same.

I'm told that it will be available through other distributors soon.

Wednesday, July 5, 2017

SNS Cold Calls the Wrong Way (Unsolocited Contact)

Message content on LinkedIn:
Hi! My name is [something cute] and I am 28 and looking for somebody to have a good relationship with. I'd like to know if you are interested?
All sorts of ways, that looks like SPAM. Except, well, borderline. The picture on her personal page, for instance, was demur -- pretty, but not sexy, at least, not selling-it-sexy. And it wasn't exactly a cold call. The request for connection which preceded it was a cold call, in the sense that this was someone I did not know. But the message was preceded by the request, so not entirely cold.

Typically, when I get a request for a connection from someone I don't know, I let it sit for a week. The throw-away accounts from which you get spatter-gun solicitation often disappear within a week, either because the owner runs and hides, or because someone has complained.

Being willing to point out abuse of the networking services is part of your responsibility as a user, of course. I've flagged a few users, and will do so again when I see serious abuse.

Even if the account hasn't disappeared, if you check it out, there are certain tell-tales. There usually isn't much there. What's there looks made up and just bare-minimum. It has usually been just recently registered. There's no depth, so it's hard to tell who or what you're looking at. And, of course, certain kinds of solicitation have that tell-tale appeal to the appetites with pictures that could easily be "borrowed" from who-knows-where.

So, it had been a week yesterday, and I thought I wanted to get rid of the nag. I checked out her personal page and it has reasonable depth. The photos are decent, she has friends who also have pages, and she has a link to an employer who is on LinkedIn and Facebook. She has a nice LinkeIn/Facebook persona to lose if I flag it for abuse.

So I think maybe she's a member of my church, maybe she's a missionary I've forgotten. Or maybe she's interested in the novel that I've been writing but am currently spinning my wheels on, trying to figure out a way to make a profit. Maybe I can connect and let her tell me why she wanted to connect.

So I accepted the invitation to connect yesterday. Today I found the above message waiting for me on LinkedIn messaging -- in French. (Google translate made a hash of it, but did well enough to both English and Japanese that I'm pretty confident of the translation.

So I just went back and looked at her personal page on LinkedIn and, actually, the pages only seem to go back two weeks.

I'm a little disappointed, but this gives me a good basis for a rant on this particular sort of misuse of social networking.

The advantage of social networking sites is that you do have the option of cutting a connection, and of reporting abuse.

But I'm not going to do that yet. Google Translate is not perfect. Maybe this is not a faked persona constructed two weeks ago for the purpose of defrauding lonely old men. A ten percent chance is worth a bit of follow-up. Try to ask if she really meant it the way Google Translate translated it.

But I will, of course, not give the person/people on the other end of this any information they can't find from my public profile -- not even an e-mail address.

(I'll post later on how it turned out, but it should not matter.)

I'm thinking I want to post some pointers on cold calls.

But I realize that I'm not particularly good at them. My sales approaches get ignored. If I try to do cold calls with my résumé, out looking for work, I never make it past the first secretary in HR. My mailed résumés often don't even get acknowledged. (Yes, I've sought professional help with this. It doesn't seem to make any difference.)

The only specific advice I can offer seems to be negative: Don't do it this way.

If you like a blog post, and want to actually establish a conversational relationship with the person who posted it, responding on the blog itself is a good start if comments are enabled. If you make contact via e-mail or SNS, make sure you mention that blog post early, preferably with the URL.

And I want to suggest to the spatter-gun solicitors with no real product that they get a real, legitimate product. Abstract product is okay. Just don't use deception to get money without giving a product in return. Getting money that way only leaves you desperate again for money tomorrow or next week.

And be patient. Legitimate relationships, business, friendship, or otherwise, take time to establish.

Wednesday, June 28, 2017

Your Memory Map is No Longer Trivia

You think you don't really care about how applications and such are laid out in your computer's memory, but you should.

I have worked up a little programming exercise to help you examine your computer's memory map, in my programming is fun blog (which I really wish I had more time for). It explains a little about what memory layout means. If you aren't familiar with the problem, or just want to look at a little trivial bit of C language code that can show something about your computer's layout, take a look at that.


gallier2 points out something I tend to forget about: pmap will give you much more information than the little (emphasis on little) program I wrote, posted and linked above -- stkreveal.c .
man pmap
It's a useful tool. And I think it's in cygwin, as well. If you don't understand what it's telling you, reading about and playing with that little stkreveal.c program might help.

(I need to spend more time working with the low level OS tools.)


You may recall some horror stories about stack smashing and stack crashing in the distant past -- maybe even within the last ten years. You may remember that it describes a technique for someone who wants to access the stuff on your computer without your permission to do so. You may remember feeling relieved when the various vendors said the problems were solved (for some domain of the problems).

Recently, one of the companies that is currently investigating computer security decided to revisit the problem. This time, the easy crashes and smashes are quite well protected, but they found some new ways to get around the protections.

I got the news on the openbsd misc user list today. And I found the report here.

(Together with the Kaby Lake and Skylake problems, I got motivated to write this rant and the programming rant.)

At first, I was wondering why they were misspelling "crash". But they were just having a little fun, and pointing out that the existing protections are not sufficient. (If you wonder why they can joke about something like this, you have to understand that waiting all day for a program to break something can get a little boring.)

If the waiting all day sounds like the problem isn't too bad, don't worry, some of what they found works in less than a minute.

Okay. Worry a little.

Most of the vendors have been implementing mitigation techniques, and they aren't hard. The guard pages don't consume memory, whether 4K or 1M, for one. They only consume mapping table entries (which Intel has been delinquent in giving us enough of).

Those techniques aren't perfect, either, but they help. Your average $Kr!p+ k!DDi35 may not have enough patience to use them, so you probably only have to worry about government security organizations and organized crime. (Organized crime doesn't get the tech until a little after the government, usually, anyway.)

Part of my purpose in this rant is to tell anyone who might be wondering, why I don't have a lot of positive thoughts for either Intel or Microsoft.

This problem has been known for a long time. Fixing it is not hard. I'll explain that in another rant, maybe today, maybe later. But it means the processors you make can't be quite as fast. And it means the OS and applications you make can't have quite as many features.

And that means there can be something besides price and apparent ubiquity to differentiate the competition's product from yours. It gives the competition more room to compete with you on their terms instead of yours.

(It would mean that Intel wouldn't be able to just buy up all the best semiconductor engineers, to keep them off of the competitions' payroll. And it would mean that Microsoft's sales department couldn't run their engineering.) 

(And it would mean you couldn't just smooth talk your customers and invite them out for a game of golf and a visit to the nearest mosh pit to seal your deal. You'd have to compete on meaningful functionality.)

If you've already read my Memory Layout rant, here's what the "Stack Clash" business is, in the overview. (If you haven't and are lost, go read that.) First, an early 32-bit addressing CPU might have memory laid out something like this:

  stack (dynamic variables, stack frames, return pointers)
0x000FFxxx ← SP
  heap (malloc()ed variables, etc.)
  statically allocated variables
  application code
  operating system code, variables, etc.


To make this really clear, I am intending, by heap, to include everything allocated by mmap() and brk() and such, as well.


That's way over-simplified, but note that the same problem remains. And faster processors can eat up memory faster, so the extra memory doesn't really help protect things.

A slightly more modern, 32-bit map might look something like this:

  stack (dynamic variables, stack frames, return pointers)
0x0FFxxxxx ← SP
  guard page (Access to this page triggers OS responses.)
  heap (malloc()ed variables, etc.)
  statically allocated variables
  application code
  operating system code, variables, etc.

This is also still way over-simplified, but the gaps are mostly mapped without physical memory, and so is much of the application and OS space. Accessing those gap spaces allows the OS to add more memory in some cases and terminate renegade processes in others. If the guard page is accessed, the OS can be
pretty sure the application is out of control.

This is much improved, and it is the way many 32-bit OSses were mapped ten years ago. But it can be a little tight, motivating us to use a small guard page, to avoid wasting address space.
The small guard page is an important part of the problems the Stack Clash uncovered. If a program has large enough local variables, particularly, larger than the guard page, it can sometimes be caused to allocate one of those large variables without hitting the guard page.

And there are similar problems that opening up the memory map makes a little easier to deal with. So, we'd prefer something like this:

  stack (dynamic variables, stack frames, return pointers)
0xFxxxxxxx ← SP
  guard page (Access to this page triggers OS responses.)
  heap (malloc()ed variables, etc.)
  statically allocated variables
  application code
  operating system code, variables, etc.

You can see how this gives lots more room. In particular, with this kind of map, we can usually use 1M guard pages, which are much harder to force a program to miss.

Taking this to 64-bit CPUs, you might think the addressing ranges pretty nearly completely mitigate the problems, but let's see what Intel, the motherboard vendors, and the OS vendors have given us. It looks something like this:

  stack (dynamic variables, stack frames, return pointers)
0x00007Fxxxxxxxxxx ← SP
  guard page (Access to this page triggers OS responses.)
  heap (malloc()ed variables, etc.)
  statically allocated variables
  application code
  operating system code, variables, etc.

That's roomy, but what we want, of course, is more like this:

  stack (dynamic variables, stack frames, return pointers)
0x7FFFxxxxxxxxxxxx ← SP
  guard page (Access to this page triggers OS responses.)
  heap (malloc()ed variables, etc.)
  statically allocated variables
  application code
  operating system code, variables, etc.

You want to get each major block in memory as far away from every other as we can. But Intel says that practical considerations give them an excuse to scrimp on decoding and claim higher processor speeds.

(Higher processor speeds than their competitors so they can maintain their stranglehold on certain sectors of the CPU market, and use that stranglehold to keep pushing relentlessly at the rest of the semiconductor market.)

I'm not explaining how Microsoft fits into this, but a little thought should produce the obvious.


We in the industry have been far too long designing to the black hat skills of yesterday. 1M guard pages are better than 4K guard pages, but they really aren't enough, either. (I will refrain from explaining why here, since I am not inclined to educate the black-hats. People who figure these things out on their own tend to behave more responsibly with the knowledge.)


Hopefully, I can I have now posted an outline of a different sort of solution one of these days, and a discussion of how to go one step further in hardware, to really protect the return addresses.

(OT, but I'm getting a little tired of the way Google's javascript gadgetry keeps mishandling characters used in XML tags when I try to edit things like the above as HTML. If it gets scrambled, that's probably why. And I do need to start using using my off-line tools and quit using their on-line tools, to just avoid the problems altogether. Or maybe Google didn't want me talking about government security organizations, since that's the paragraph that seemed to beak the round-trip editing.)

Monday, May 22, 2017

journal 20170522

So I think I'll start posting parts of my work journal.

I'm still spinning my wheels.

My last contract ended in March.

In complete rejection of logic and reason, I have not been burning myself out to find a new job.

I have a series of novels I want to write.

Nobody but my oldest sister is reading them.

After the contract ended, I've been stuck on a little side-tour.

I needed to calculate the calendar of the world where the first several stories take place.

Then I got really interested in the puzzle of adding double integer divide to the base wordset of the programming language Forth.

Last week, I pretty much proved to myself that there are no easy, fast, deterministic methods for division, the way there are with multiplication.

Not a mathematical proof, just finding a difficult problem that no one else seems to have solved.

We humans intuitively use estimates when we divide large numbers.

We have the multiplication tables memorized, and we use those tables in division.

When doing this in computers, those tables can become larger than the entire memory of the old 8-bit processors.

The Forth that needs the double length divide is an 8-bit CPU implementation.

Fortunately, the size of the table depends on the numeric base you operate in.

The table for one digit of decimal math is not really big, only 100 elements:


But we are not talking about one digit of decimal math.

The smallest table we can do without using bit shifts is a table for one column of base 256 math.

ビットシフト演算なしで一番小さい表はなんと 256 進法の一桁の表です。

That means a table 256 wide and 256 deep. That's 65,536 16-bit integers.
つまり、 256 桁の 256 行の表です。 65,536個の 16 ビットの整数です。

I'm not going to reproduce that here, because I'm pretty sure it would give your browser fits, not to mention what it might do to blogspot's template engine.


(Blogspot might accuse me of trying to DOS them, and you might accuse my of DOSsing you.)

Now the problem is the shifts. Left shifts are just doubling, so they are pretty cheap. It's just an addition.

Unless you have actual bit shifts, shifting to the right is expensive, requiring a division.

It's a relatively cheap single-wide division, so it's not a chicken-and-egg problem, but even single-wide divisions take a long time on old microprocessors.

Addition on old microprocessors takes maybe ten microseconds. Division takes easily 200 times that.

It's possible to use scaling to reduce the amount of math required without the tables, but scaling requires shifting as well.

Binary division is different. This is all there is to the table:


And binary division is just shifting, subtracting, and counting.

It's slow, but it's straightforward.

So, if I have to use shifts anyway, I may as well go down to the machine level and implement the division in assembler anyway.


I have the program running, and it produces monthly calendars for the planet that I think are accurate. The source can be found, complete with the code for dividing double integers, in my Xhilr Calendar workspace at OSDN Japan.
暦作成のプログラムは稼働できます。その惑星の正確性在るとボクが思っている月毎のカレンダーが作成できます。倍幅割り算を含めたソースコードをボクの OSDN Japan 上の Xhilr Calendar 作業部屋に置いています。


This is not the way a sane person spends his time when he needs to be finding a new job, you know.

Last Sunday, I went to the special stake conference in Kõbe and listened to Elder Oaks and other Church leaders.

I'm feeling much less down.

Monday, May 15, 2017

Do Not Pay the Modern Danegeld! -- Ransomware

Yesterday, I read in the paper how ransomware has been spreading.

It would be easy to waste electrons castigating Microsoft for leading the establishment of impossible-to-secure software as industry standards.

(The words "unsafe at any speed" make me wonder why Nader has been mostly silent about the current computer industry.)

It is true that software, including operating systems, is not exempt from the mathematical principle that absolute security is an internally inconsistent concept.

But the habit of the industry has been to rely on lack of education rather than actual prevention.

This combined with excessive competition for the market has led to unsafe practices built on unsafe features built on unsafe practices.

We all know that our information devices are unsafe -- impossible to secure. (Or, if you do not, you have been deliberately closing you eyes. Perhaps you think there is nothing to do about it.)

So, now someone you know is looking at a message on his or her screen:

Pay up or lose your precious data!
You seriously can't be thinking
$300 is cheaper than losing my mail archives and address book!
Let me put the real costs in front of you:

Every dollar you give in ransom is the price of one bomb or landmine, small enough to hide, large enough to kill and maim humans and animals, large enough to destroy or disable cars, trucks, roads, communication lines, etc.

Every bitcoin paid in ransom is 1,700 such bombs.

And if you pay it now, you will be faced with paying it again.

What should we do?

Step back, take a deep breath, let common sense flood back into your brain.

  • Do you have backups?

If not, now is the time to start planning.

  • Can you reconstruct the data?

Re-constructing the data may take time, but if you can't reconstruct your data, it was never yous in the first place.

("Big Data" is a comfortable illusion with some substantial features, but you really should be honest with yourself about that. Money doesn't really grow on data trees, whether binary, b-star or otherwise.)

  • Okay, you have partial backups -- USBs, dropboxes, cloud services, etc. 
  • And you can reconstruct the most important data, if you are willing to take the time. 

So, no, the data that has been locked away from you is not worth continuing to arm the enemy.

  • First step, shut that computer off. 

If you have reason to believe that the ransomware will try to delete data on shutdown or some such stupidity, pull the plug and the batteries.

Your local geek may be worried about data loss on shutdown, but the converse is also a problem. Hiding is easy, but encryption takes time.

Remove all hard disks, SDs, and USB storage devices that were attached when the malware showed up, and collect all external storage that has been attached to the infected device in the past week, at least.

Learn something about security. Do not depend on books with names like "Security for Dummies." Dummies are soon chumps, and that's how you got in this mess.

Yes, I should write a book. Somebody front me the money. Oh, well, that's not happening very soon.

Two of my blogs, free is not free, and defining computers have some useful information, but some of it is old, and both mix rants, daydreams, and parable with practical advice.

So use your own brain. Here's a start:
  1. Think about what secrets are. 
  2. Think about what computer data is.
  3. Think about walls and locks
  4. Think about protocol.
Think about what the limits of the above are without computers. Then convince yourself that computers are not magic. Fast and re-writable, but not magic.

I'll list a few really relevant rants:

Back to practical steps:

  • Re-flash the BIOS of the infected device. 

If you don't do that, you're likely to get re-infected. BIOS attacks are becoming commonplace, and the ransomware attacks are at that level.

(And, yes, there are indeed huge problems in the new BIOSses. Reflash or buy new, but buying new is a problem, too.)

  • Install new boot and other internal media (new hard disk or SD for boot and data) and install a new, safer OS.

I'd recommend a Linux OS such as Debian, Ubuntu, or Red Hat Linux, but, really, the marketplace has been infecting those with unsafe applications, practices, and features for the last fifteen years.

Eventually, I want to recommend installing a Linux or BSD OS and installing MSWindows in a VM on top of that, but that is not yet ready for prime time, and Microsoft and Intel seem to think they have financial incentives in working behind the scenes to make that not happen.

If you have to use a Microsoft OS, just don't keep important data on it, especially not without backup.

  • Make a plan about where to store your data.

As much as it galls me to say so, yes, I'm suggesting NAS and cloud if you have any really valuable data.

At bare minimum, keep copies on USB drives that you properly unmount before removing. (Click the "remove" button and wait until the OS says it's okay.) And do not keep the USB drive inserted in the computer while you work.

Do not keep any valuable data on your workstation. (I say, but I can't afford to do otherwise right now. I'll have to take my own advice and collect my data onto an external device, as soon as I get some résumés sent out. But I'm using an OS I'm fairly confident I can still trust.)

  • Take a little time to review what you think you know about computers on a regular basis. Learn an alternative OS.
  • Take time to understand your data, what you have, and what it's worth.
Now that we have that out of the way, now is the time to think about recovering that locked-up data.

  • First, mount the media device (hard disk, SD, USB) on a known-safe machine. 
  • Then look around and see what was actually encrypted and what was just moved somewhere.
  • Then go look for tools for un-erasing data. The attackers may not have encrypted the partitions, and probably has not tried to find deleted files to encrypt. So you will likely be able to recover up until the last save, even if the encryption really is unbreakable.
  • Finally, if you still have data that is highly valuable and not recovered, now you know how much you will be willing to pay a legitimate professional to try to get it back by brute-forcing the encryption keys.
That last list is the one you wanted me to tell you first. But that would not be helping you to be secure the next time, and the next time is already waiting for you.

Thursday, May 11, 2017

Visions and Pioneering and Responsibility to Family

I was talking with some members of the Forth community on comp.lang.forth about using floating point numbers in a Forth language, and thinking about how I really don't much care for floating point math in programming languages.

Arbitrary precision is much more what most people want. It's a little slower than floating point, but it has fewer surprises. (There are still some surprises induced by the fact that computers do not easily extend precision, where we on the other hand are quite happy to grab another piece of paper and keep going until our wrists get sore or we fall asleep -- or get bored.)

Fixed precision is much faster and much lighter on computer resources. With 64 bit math on modern computers, we can easily do math to 18 decimal places. That would cover most peoples yearly budgets, easily.

But, for all that fixed precision would cover most daily calculation needs, it requires us to keep track of precision ourselves. That's why arbitrary precision and floating point are useful.

Floating point would be a bit easier if it weren't for all the bit fields that have to be extracted from memory that don't fall on easily addressed boundaries.

Then I had this idea about having the exponent be in one integer and the fractional part be in another. That would give ridiculous range for 16-bit CPUs (like 10 followed by more than 16,000 zeros). The fraction part would give us one part in 65536, or a bit more than four digits on the right of the decimal point, which isn't enough for some things, but is plenty for others.

On 32 bit CPUs, the range would be even more ridiculous, but we would have about nine digits on the right of the decimal. Which is why floating point fields don't fall on even boundaries.

On 64 bit CPUs, the range would be beyond ridiculous. Billions of zeros. But the fractional part would be more than 18 digits, which is pretty decent.

The discussion on comp.lang.forth focused on the problem of knowing just how wide a floating point number on the top of the stack of recently used numbers is. When working on the stack, you need to know the size of the numbers that are on the stack so you can get them off the stack and get around them to other numbers, and so forth.

It occurred to me that a floating point number that could tell the programmer how wide it is would be rather useful.

And this first-blush byte format came to mind, just before I went to bed:

8888 8888
length = 0
(8 bits)
exponent (24 bits)fraction (32 bits)

And, in fact, it kept me up a bit, re-thinking things:

8888 8888
(high bit),
length = 0
(7 bits)
exponent (24 bits) fraction (32 bits)

And then it was

8888 8888
(high bit),
length = 0
(7 bits)
(8 bits)
(16 bits)
(high bit),
length = 1
(7 bits)
exponent (24 bits) fraction (32 bits)

Where length of 0 would be a special case, with the whole floating point number contained in a single 4 byte (32 bit) unit.

From length 1 on, the length would be the count of 32 bit units containing the fractional part (or mantissa, I have to figure out details later), and the three bytes after the length byte would be the exponent.

Checking the IEEE floating point specs on Wikipedia, none of the most common formats have more than 15 bits of exponent. The standard 32-bit format has only 7 bits of exponent, and the standard 64-bit format has only 11 bits of exponent. So 24 bits of exponent is plenty.

Maybe I can scrape the top two bits of the exponent off for flags of some sort. 22 bits of exponent still gives an exponent range of 10 followed by two million zeros.

Speaking of zeros, being able to specify up to 127 times 32 bits of mantissa means ( 127 × 4 == 508 bytes, or 1016 nibbles) better than 1100 decimal digits worth of accuracy in decimal terms.

That's going to be enough to satisfy most mathematical needs for primary grades through college, except for certain engineering purposes.

Mathematically, it's a loose fit, but, with everything falling on nice byte boundaries, it's going to be a lot less work up front.

A similar approach could be used for decimal or other base digits, which is something to think about later.

It will be a little slow, since it will be implemented in software, but you can extend the numbers, mid calculation, to avoid losing precision.

And, randomly associating, a similar approach could be taken with text strings, if we had a better way of representing numbers in the middle of text (a topic which I really want to rant on sometime).

You can probably get a sense of what this has to do with pioneering (ergo, new or less-explored computer/data techniques), but what does this have to do with visions and responsibility to families?

I really should not be typing this.

I really should be running around like a chicken with its head cut off trying to scrounge up work for when my savings runs out in another month.

I am being irresponsible.

I woke up this morning at three thirty, still thinking about this stuff.

And I was thinking about Nephi, in the Book of Mormon, 1 Nephi 17: 9, asking God where to go to get ore to make tools to build the ship with.

Now we have to understand the story. Nephi had been helping his father get their families moved across the desert towards the sea. He had done his part in making sure that the women and children had enough to eat. They had found a nice place on the sea shore to settle down and maybe be safe from the Babylonians and others whom the prophets had been foretelling would be coming to take Jerusalem down for real this time.

Now, he was getting inspired to take the whole group on a long adventure into the unknown, across the sea to a land he and his father had seen in dreams.

His older brothers were upset, and we can understand why.

I am being inspired to take my family on a long adventure into uncharted territory with my writings and other dreams, visions, fantasies, and delusions such as the above. My family is understandably upset.

(Delusions. Ask pretty much anyone, and they will tell you that someone like me should not working with all the wonderful technology that is out there for the using. We have floating point. We have arbitrary precision math. We have the Unicode character set. We have programming languages and CPUs.

What need have we of more of these?

(Other than that it is a deliberate mess, designed to keep the riff-raff like you and me from using it to make the world a better place.)

Well, Nephi asked God where he should go to get ore for tools.

I have been asking God where I should go to get funding.

There is a bit of difference.

Nephi had done his part in securing food and a place for his family. My family and I are on the brink.

He was looking for ore for tools. I am looking for money for a place, for food, and for tools.

This is scary business.

Visions, pioneering, and responsibility to family.

Tuesday, April 18, 2017

Why Tarō Can't Communicate -- 太郎は人の話が通じないのは何だ!

(Test Question -- 試験問題)

Choose the correct answer:

(1) What is your job?
  A: My job is an English teacher.
  B: I teach English.
You've seen this in the newspaper ads:
× A: My job is an English teacher.
○ B: I teach English.
But this is wrong.

Here's the real answer:
△ A: My job is an English teacher.
○ B: I teach English.
Here's an even better answer set:
△ A: My job is an English teacher.
○ B: I teach English.
○ C: I am an English teacher.
○ D: My job is teaching English.
△ E: My job is to work as an English teacher.
○ F: I work as an English teacher.
It is true that A is not the best phrasing for the assumed intent. 確かに A は推測の意味にしては、最適な言葉並びではありません。 It is also true that E is way too wordy. E は正に言葉が多すぎます。 But they are not without meaning. しかし、意味がないとはいえませんし、 and the assumed intent is within the range of possible interpretations. その推測の意味は可能な解釈の範囲の内に入ります。

The best interpretation of 
My job is an English teacher.
would be something like
My job is something that teaches English.
and this is not incompatible with the assumed meaning.

My job is an English teacher.

There is a problem of semantics.

A job is a thing and an English teacher is a person.

So it makes a person seem to be a thing.

So it would not be the preferred expression.

Not totally wrong, but not preferred.

But you can't explain this when you are focused on preparing students for the test. There's no time.

And this is the problem.

Too much of current curriculum is focused on tests.

Tests cannot test everything like this. Therefore, they cannot teach everything like this.

Students need time to read things that there will never be time to test.

And they need time for discussion, time to talk about the things they have learned.

If there's too much test prep homework, there's no time to learn.

That's why Tarō can't communicate.

More on this subject here:

Friday, April 7, 2017

The Danger of Charity

I have been seeing bits and pieces of this news about rejecting homeless shelters, and I am feeling no small shame and anger at my fellow Utahns. Community after community is rejecting the building of shelters and other facilities for those who are less fortunate than themselves.

If it were rejecting homeless shelters in order to use the money for providing more people with meaningful work where they can earn enough to pay the rent and feed their families, I could maybe see that. But I don't think that's what's happening.

Dawn Armstrong posted a gentle plea to people everywhere (and especially in Utah) to quit trying to keep the homeless people at a safe distance.

I know that's an awkward way to interpret things, but it's what you are saying when you say you don't want a homeless shelter in your neighborhood:
Keep them at safe distance!

Is homelessness a disease?

Are they somehow tainted by their association with the road?

Or is it that they must have done something terribly wrong to warrant losing their homes, and you, heaven forbid, should not have to associate with people like that?

Maybe you think of the Brian David Mitchells out there. Somebody posted such a comment on Dawn's blog. I think, maybe, I overreacted in my comment on that post. Dawn was much kinder.

Maybe I'm overreacting still, posting this in my blog.

But, statistically speaking, your family is no safer with, say, your business associates, neighbors, friends, relatives.

Most abuse is perpetrated by people who are known by the victim.

I think that's why Jesus finds no moral quandary in teaching us to be good Samaritans. Avoiding the good deed makes us no safer.

(If I had time, I'd work out a lengthy discussion of why charitable behavior ultimately makes the world safer for both your children and you, but it's two in the morning here.)

Would I be playing too rough if I questioned whether you were more concerned about your property value than with your family's safety?

They. The homeless. Dawn is not the only one for whom the "they" means "we".

If you'll stop for a moment's sober reflection, you'll remember that the only thing that stands between you and them is a little luck. If you can stand to admit your dependence on deity, there, but for the grace of God, go we.

The disease which is destroying our modern world, the source of the violence that expresses itself in terrorism and the conundrum of religious warfare is precisely the us vs. them approach to economics, and to life in general.

Them is us. They are we.

[JMR201704071335 added:]

I know it's easy to be scared. But if they are not safe, neither are we. Nor ours.

[JMR201704071335 end-added.]

Tuesday, March 14, 2017

"We Only Contact Applicants Who ...."

I don't like to sell myself. Somehow, I think the work I do is more important than who I am. That doesn't make sense, of course, because the work that I do is who I am, or, at least, is the expression of who I am.

What do Steve Jobs, Bill Gates, and Donald Trump have in common with Willy Loman? What does success really mean? Why should people sell success or buy it?

Anyway, teaching English in Japan is not a job for people who don't like to sell themselves. Sure, you can (contrary to my earlier understanding) get certified. But then you are stuck with a different job, one which is mostly neither teaching nor English.

(In some senses, it could be called glorified babysitting, but that's too many distractions in one rant.)

If you don't get certified, you end up having to renew your contract every year, because Japanese laws don't allow the company to keep renewing a temporary contract. After three years, they have to take you full time or tell you to move on.

That's not exactly what the law is supposed to say, but that's the effect.

My interpretation is that that law essentially attempts to protect the jobs of the people who do meet the "qualifications" and get hired as full-time, permanent employees.

And I personally think that the correct solution is to kick the illusion of security to the curb and get rid of the permanent employee status. Any company can fold, and, when it does, everyone finds out their job was just temporary.

Anyway, I spent all of last Friday working up an on-line résumé on a job search site called Gaijinpot that specializes in foreigners who want to work in Japan. This morning, I realized I had let the nicely done (if slow) interface lull me into regurgitating my work history, which is not what I wanted the companies I applied to last Friday to see. It does not tell them that I am focused on teaching.

Okay, I'm not focused on teaching. I'm focused on writing a novel, now. And having to look for work is a serious distraction.

(This is the common complaint of artists everywhere, but, again, that's too many distractions for one rant. And the distraction is not actually a bad thing unless I let it be a bad thing. Distractions actually help creativity. Even though they push the finished product further off into the future, they help refine the product.)

I need to make a copy of my résumé for backup and clean it up, refine the focus, sell my accomplishments.

(I have a focused résumé online, uhm, that is, relatively speaking, focused. For me, it's focused. :-/)

Well, I realized something else this morning, something that moved me to rant mode:

All three companies said they would only contact those applicants whose résumés passed their initial screening process.

That means I have no way of knowing that they even got my résumé. For all I know, Gaijinpot's server may have gone temporarily off-line, and that error message I got about the server timing out may really mean that my résumé was never sent.

Without some sort of confirmation that the submitted résumé actually made it to the company I intended to submit it to, I have no way of knowing they even got it. I can only wait for an event I have no reason to believe will actually happen. And I don't know how long I should wait.

This is bad information protocol. A program written this way would die on you every time you turned around.

Well, I can call and bug them about my résumé. All the counseling about job search tells you to follow up, anyway, so I really should follow up:
Me: Did you get it?

HR: We said we'd contact you if we want to interview you.

Me: Oh. Sorry. That's not what I read. I read that I should assume that you really didn't want to see my résumé at all.
Okay, so asking, "Did you get it?" is probably the wrong way to start.

But submitting the résumé on-line to a company that says they won't respond unless they want to respond is probably not the best thing to do, either.

Should have reviewed my résumé before I sent it.

And I should have sent it directly. After calling them first. I should know this, considering the number of training sessions I've been through.

(But I've never actually gotten a job doing it the way the training sessions tell you, which means that the one thing you should never do in a job search is rely on some sort of set procedure. Which means that software and job search are not a good match, after all.)

Maybe I can make sending the wrong copy an excuse to sent a decent copy instead. We'll see.

Job search sites really, really should provide, in their web UI, some sort of feedback button that the HR person can hit to send an e-mail saying, at bare minimum, "Yes, we did get the résumé, and if we don't reply within n days, you should assume you didn't pass the first screening."

A company whose HR department can't provide bare minimum information exchange protocol may not be worth applying to.

Except that that is precisely the sort of company that currently owns the market for foreign English teachers in Japan. Which is one of the reasons I want my novel to find readers -- so I can hope it will find buyers if I finish it.

If I can't hope to pay the rent with my writing, I should focus on teaching, in spite of the non-optimal stuff that I have to put up with in order to do so.

Speaking of my novel, here's the current (second) draft in progress again:

And here's the (roughly) two-thirds-complete first draft:

If you like it, tell your friends about it. Don't worry about whether the publishers will be scared away, if I have to, I'll self-publish. Maybe start with an electronic edition and a link to my paypal account if I can't find something better.

If the IRS hasn't found a way to throttle that, too.

But if I know people are reading it, I will find some way to properly publish it.