Whoever’s making commercials for Bacardi is a genius.  I usually don’t even drink rum, but this new commercial certainly has me thirsty for a mojito.  The music is by “Matt and Kim”, the song is called “Daylight”.  They’re on Green Label Sound (who seem to be some sort of musical offspring of PepsiCo/Mountain Dew – and also have some sort of relationship to an artist I’ve heard of before – Flosstradamus). Matt and Kim have an official website too!  You can download an honest to goodness MP3 of the song from the label’s site.  And finally there’s full access to a video of the commercial on YouTube!  Unbelievable, I guess after all those years of having to search out your favorite commercial’s songs, lyrics, videos, etc. are over and done with.  Now all this media is at our fingertips and I’m pretty sure the folks running the show at the companies that come up with the commercials, that make the products and that create the music … finally get it!  Thank you social media!

Here are the lyrics for anybody who’s trying to decypher the words:

(more…)

I’m currently working on a project that happens to need a JavaScript and a PHP implementation of the Excel PMT function.  I won’t bore you with the details (but ask if you’re intrigued), but it has to do with Loan Modifications that are all the rage nowadays thanks to Obama Administration initiatives that will hopefully help Americans save their mortgages, prevent foreclosures, support real estate prices and generally speaking save the world from sure doom.

So after being handed an Excel spreadsheet that made heavy use of the PMT Excel function (and never having used said function), I proceeded to research this beast.  Let me tell you, there are lots of very confused people searching for solutions on how to implement it in various languages, trying to figure out how the function works, etc, etc, etc. I even came across some folks that think Excel / Microsoft is behind a sinister plot to undermine the world’s economy via a wrong implementation of the function.  Rest assured, I think Microsoft understands the Time Value of Money – TMV for those who still remember anything from their Finance class in college.  So I figured I’d do a little writeup of what I figured out to save somebody else the headache.

(more…)

I just got pointed to @elliottkember’s page about a challenge he calls “The Kember Identity” – basically a search for a 32-character string which, when passed through the MD5 function, returns a 128 bit value – which when converted to its hexadecimal string representation, is identical to the original string.

I’ve been trying to wrap my head around exactly WHY Elliott Kember is trying to find such a value, except perhaps for the lucrative naming rights to such a weird trivia bit.

The funny thing, is that the 32 character input string, as input to the MD5 function, is a 256 bit input.  The output, before its encoded as a hexadecimal string, is 128 bits.  So while the effort being throw by various people at this challenge is admirable, its not really a search for a true MD5 identity value.

Additionally, if I remember my Applied Cryptography correctly (and if I don’t and by some chance Bruce Schneier happens upon this blog post, I am sure I’ll be turning red even if I never find out about it)… the MD5 function processes its input in 512 bit chunks.  So any input that’s less than 512 bits, essentially gets padded to 512 bits to make all the gears spin.  If I think about it this way, then there’s really no such thing as a possible MD5 function “identity value” given that in a strict interpretation, the domain and the range can’t overlap.

Elliott states that the exercise is a “proof of concept” on the front page of his site.  I suppose its an interesting exercise – perhaps in seeing how quickly a problem can be implemented in as many languages as possible with the help of twitter, the web, etc, etc.  I applaud Elliott for thinking of it.  I just hope it doesn’t land him an entry in Urban Dictionary that defines a Kember Identity as a case of mistaken identity.  Oh, and let me know if any geniuses out there introduce similar challenges for SHA, RIPE-MD, etc, etc.  Also I haven’t considered the possibility that this might all be British humor of some weird variety.  Clue me in if it is.

I read about a “quiz” by a psychology professional named Paula Pile in this CNN Health article.  Her Facebook Compulsion Inventory is basically a PDF list of questions that folks circle the answers to and add them up to get a score.  Then her prognosis is based on a range of scores.  I had some code for this sort of thing just hanging around in my code drawer, so I decided to put it to good use.  I take no credit for the content of the quiz, its Copyright Paula Pile 2009.  Lets see if I get a statistically interesting sample and break it down by age and gender. Name and Email are optional, I’ll use them to contact folks that leave them if and when a statistically interesting sample is actually analyzed.

Take the Facebook Compulsion Inventory quiz.

Once I’ve got a bunch of results, I’ll post some charts and such.

Martin Zwilling (@startuppro) wrote about opportunities to tackle Internet privacy and I posed a question to him – “how do you authenticate an online something with an offline entity?”  The reason being that I’ve been thinking about privacy on the Internet as well, but from a slightly different perspective.  I’m not so concerned with things like the seemingly infinite lifetime of something said/posted to websites, or identity theft, or the resale of customer information that lots of shady companies and websites are engaged with.  Well, I am personally concerned about my own information of course, but not in the sense of the business problem.  I’m more interested in authenticating actions, statements, uploads and everything else an “offline entity” could do online.  By “offline entity” of course I mean everything from a teenager who’s friends post as him or her when they forget to lock their computer and ruin their reputation – to a public figure or celebrity being impersonated – to a corporate entity like CNN purchasing @CNNbrk (which some people thought was run by CNN in the first place).

Several things have prompted this line of thought for me.  First, a friend of mine asked me how to mitigate negative press about a design brand he runs.  He was asking if it was possible to get things off the first page of a google search about this brand.  Of course, thats not something that can be solved, but an authenticated coherent statement from this brand regarding bad publicity might actually help mitigate the situation.  There’s been several incidents of this type, for instance the Domino’s video prank incident and its effect on the value of the brand for instance.

Second, for a recent project I’ve been thinking about how to authenticate somebody that comes to complete and manage an online listing for an offline company.  In this scenario, listings are created for companies, the initial information is populated from an existing public records database.  These companies have a vested interest in expanding their listing and participating on the website.  However, how do you invite them to participate – who do you email or send a postcard to, and once they come to the site, how can you be sure that somebody appropriate at the company got that postcard and that its not a mail clerk from their building that’s signing up to destroy their reputation on this listing site?

I guess what I’m getting at is this – how do you know that something done by me online is really done by me?  Do we take PGP signing to the next level and set up a company that can authenticate a signed post online based on the assumption that only the real me has my private PGP key?  Do we set up a company that allows mailing of secret information to physical addresses that then authenticate an invitation to a website via this shared secret “token”?  I’m sure there’s opportunities to start a company that would do something interesting in this space.  Perhaps even tackling the problem Martin is talking about in the process – what if we could submit our private data to websites in an encrypted packet that can only be decrypted by entities that we give permission to?  Something that tracks how many times something’s been decrypted and used for instance, perhaps an intermediary or an escrow sort of service for information?

Any ideas? Its hard to resist signing this blog post with my PGP key, but perhaps a Wordpress plugin to authenticate posts that way isn’t that hard to make and maybe that’s a small step I’ll take in this direction sometime soon.