Here’s something I came across yesterday that had me in disbelief over someone’s attempt at copyright.
Now, what happens when I view this page (or any subsequent pages) in my web browser? I’m storing a digital copy in my local “repository” (read: browser cache). So right away I’m breaking copyright law. I’m pretty sure that I’m also breaking copyright law by taking a screenshot of the copyright statement itself. Now how’s that for meta!
I just read a great quote, that perfectly sums up the type of person, worker, and friend that I strive to be:
“Have you ever worked with a good manager? They’re full of ideas. They’ll suggest, they’ll coach, they’ll recommend. They’ll cajole and beg and plead if they have to. But they won’t tell you how to do your job, not unless it’s a real emergency, anyways. They hired you, they gave you a task they know you can handle, and they trust you to make the details happen.”
Source: http://blogs.msdn.com/cashto/archive/2009/03/31/it-s-ok-not-to-write-unit-tests.aspx
Sometimes people have a knack for saying things that hit just a little close to home. Case in point, this post.
I’m working on a project right now where the clients have this type of mentality, and I can certainly understand where this post is coming from. I often wonder if any other type of structural engineer (I’m using the word ‘engineer’ loosely here) like software developers, architects, or product prototype designers have similar experiences when dealing with new clients and their projects.
If you are a software developer, please give the post a read and hopefully you will relate to it.
If you are a client, please give this post a read and reflect on its content so that you can hopefully prevent yourself from making the types of insane requests of which it speaks.
To paraphrase what someone smart once said: Sometimes it’s the lazy things in life that count.
Laziness does have it’s rewards, as long as you are sure to pinpoint exactly what you want to be lazy about. Case in point, long system operations. Countless times I have transferred files, (un)compressed archives, or performed long operations and forgotten what I was doing while my terminal window was sitting in the background. I have also had co-workers forget to hand me results because they were distracted by something else, and minutes or hours go by after the system operation has completed.
To solve this problem, you have to think like a lazy person, and how they would combat this situation. Would a lazy person watch the terminal screen for minutes or hours until the operation finishes? Absolutely not. They have more important things to do. Instead, the lazy person would like to be notified when the processing has completed. You could send an email, but mail routing can take minutes to complete (and your email client can be set to check mail once every 10 minutes, defeating the purpose). The next best thing to do is to alert yourself when the processing has finished with an audible alarm.
If you are running Unix or Linux, you can use the command ‘beep’ to have the system send an audible beep whenever you call it. You can alert yourself when the processing has finished by the following command:
$ someLongOperation.sh; beep
If you are working on a system without the ‘beep’ command, or you are not authorized to install it, you need to write your own script. Sending a control character to the ‘echo’ command will produce the same results as above. The script is as follows:
====beep.sh====
echo -en "\007"
====beep.sh====
Now mark this script as user executable and run it.
$ beep.sh
You should hear an audible beep from your computer. Using this script to mark the end of a system operation is as follows:
$ someLongOperation.sh; beep.sh
This will work so long as the beep.sh is in the current directory or somewhere on your $PATH.
Enjoy and be happy about using laziness to increase productivity.
After I installed ruby and rubygems via apt-get, I installed staticmatic.
$ sudo apt-get install ruby
$ sudo apt-get install rubygems
$ sudo gem install staticmatic
I received an error about “makemf”, which meant that I had to install the
ruby 1.8 development code.
$ sudo apt-get install ruby1.8-dev
After that, staticmatic was installed in my system. No errors from gem
at all. But lo and behold, something wasn’t right. On the command line
when I tried to execute staticmatic:
$ staticmatic
I was greeted with…nothing. I checked where the executable was coming
from:
$ which staticmatic
And it found nothing. It is normally supposed to be installed in /usr/bin,
so I checked my path and /usr/bin was in there:
$ echo $PATH | grep /usr/bin
/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/bin
On another system (my Ubuntu desktop system) the executable was installed
in /usr/bin correctly, so I inspected that file (which is just a plan ruby
file). I copied the executable onto my eeepc, producing the code below:
#!/usr/bin/ruby1.8
require 'rubygems'
version = ">= 0"
if ARGV.first =~ /^_(.*)_$/ and Gem::Version.correct? $1 then
version = $1
ARGV.shift
end
gem 'staticmatic', version
load 'staticmatic'
I saved this file in /usr/bin and changed the permissions to 755. I then
ran the executable and the following happens:
$ staticmatic
/usr/lib/ruby/1.8/rubygems.rb:578:in `report_activate_error': Could not find RubyGem newgem (>= 1.1.0) (Gem::LoadError)
from /usr/lib/ruby/1.8/rubygems.rb:134:in `activate'
from /usr/lib/ruby/1.8/rubygems.rb:158:in `activate'
from /usr/lib/ruby/1.8/rubygems.rb:157:in `each'
from /usr/lib/ruby/1.8/rubygems.rb:157:in `activate'
from /usr/lib/ruby/1.8/rubygems.rb:49:in `gem'
from /usr/bin/staticmatic:11
It seems that staticmatic needs the newgem gem. So I installed that:
$ sudo gem install newgem
Which installed newgem and 5 other gems, but no errors were found. So I again tried
to run staticmatic:
$ staticmatic
/usr/lib/ruby/1.8/rubygems.rb:578:in `report_activate_error': Could not find RubyGem cucumber (>= 0.1.8) (Gem::LoadError)
from /usr/lib/ruby/1.8/rubygems.rb:134:in `activate'
from /usr/lib/ruby/1.8/rubygems.rb:158:in `activate'
from /usr/lib/ruby/1.8/rubygems.rb:157:in `each'
from /usr/lib/ruby/1.8/rubygems.rb:157:in `activate'
from /usr/lib/ruby/1.8/rubygems.rb:158:in `activate'
from /usr/lib/ruby/1.8/rubygems.rb:157:in `each'
from /usr/lib/ruby/1.8/rubygems.rb:157:in `activate'
from /usr/lib/ruby/1.8/rubygems.rb:49:in `gem'
from /usr/bin/staticmatic:11
So now it needs the cucumber gem! Geez, you’d think that these would be listed as dependencies
when you install the staticmatic gem. So I installed the cucumber gem, with only one error
resulting.
$ sudo gem install cucumber
Successfully installed term-ansicolor-1.0.3
Successfully installed polyglot-0.2.5
Successfully installed treetop-1.2.5
Successfully installed diff-lcs-1.1.2
Successfully installed builder-2.1.2
Successfully installed cucumber-0.2.2
6 gems installed
Installing ri documentation for term-ansicolor-1.0.3...
Installing ri documentation for polyglot-0.2.5...
Installing ri documentation for diff-lcs-1.1.2...
Installing ri documentation for builder-2.1.2...
ERROR: While generating documentation for builder-2.1.2
... MESSAGE: Unhandled special: Special: type=17, text="<!-- HI -->"
... RDOC args: --ri --op /var/lib/gems/1.8/doc/builder-2.1.2/ri --title Builder -- Easy XML Building --main README --line-numbers --quiet lib CHANGES Rakefile README doc/releases/builder-1.2.4.rdoc doc/releases/builder-2.0.0.rdoc doc/releases/builder-2.1.1.rdoc
(continuing with the rest of the installation)
Installing ri documentation for cucumber-0.2.2...
Installing RDoc documentation for term-ansicolor-1.0.3...
Installing RDoc documentation for polyglot-0.2.5...
Installing RDoc documentation for diff-lcs-1.1.2...
Installing RDoc documentation for builder-2.1.2...
Installing RDoc documentation for cucumber-0.2.2...
The error listed here is in the RDoc, so it doesn’t matter much (mental note, try to fix
this myself and add as a patch to repository). I then tried to run staticmatic again, this
time crossing my fingers, toes, *and* eyes.
$ staticmatic
Usage: /usr/bin/staticmatic <build|setup|preview> <directory>
Huzzah! We have lift off!
In speaking with my mentee today, he asked whether I had any recommendations for real-world programming books. I had to think about this question for a minute because of its apparent misdirection.
Typically, any real-world programming is done with a variety of languages, so I can’t just pick out the books that I have used to learn languages in the past. These books have been obsoleted by newer versions of the language. But that is where the misdirection comes in; why should we look at programming languages when it is the art of programming that is more important in the professional world? And so, I came up with this rather short list of my favourite books that teach a programmer how to be a better programmer.
This books mainly focuses on how software projects are different from construction or other types of projects. The content is taken from a real-world software project and helps the student to understand that professional programming has a lot more to do with communication and politics than it does about the act of typing code into a computer.
This book focuses any student programmer on the tools necessary to use in the workforce. It may not be the exact tool being used by a company, but focusing on one tool allows you to understands its benefits and limitations. Also, things that are rarely used in school, like version control, are discussed as necessary tools for any student.
Refactoring: Improving the Design of Existing Code
This is a quintessential book for taking legacy code and modifying it to increase speed, reliability, readability, etc. I have seen a lot of programmers who have not cut brand-new code for months on end, instead relying on legacy code fixes and upgrades to fill the void. Working with legacy code typically sucks, because it was developed by someone else and, invariably, has little documentation or readability. The maintainer has probably left a long time ago, leaving you with nothing more than the code to understand. While working on legacy code, there may be better, faster ways to write the code or to decouple libraries from the core modules. This will help in the future should a library need to be upgraded or replaced by another third-party.
In keeping with the previous theme, this book helps your descendants understand your soon-to-be legacy code. Readability of code is key, and this book highlights real-world examples of inefficient, unmaintainable code. Out of all the books on this list, this is one of the easiest books to devour, and even seasoned programmers should find this book a good refresher on good and bad habits.
Patterns of Enterprise Architecture
I found this book to be useful when I started using interpreted languages like Python and Ruby. Specifically, Ruby on Rails uses patterns from this book extensively. For example, Rails uses an ORM called ActiveRecord, but I hate just taking someone’s word for it that it is going to work for me. I found out that the ActiveRecord pattern is taken from this book, and I was able to understand the history and meaning of it.
Design Patterns: Elements of Reusable Object-Oriented Software
More companies these days are using design patterns in their code. These patterns are simply best practices that have been vetted by some of the best programmers in the world. After reading this book many years ago, I found it to help with understanding the common coding practices. In professional programming, you are going to write the same type of code repeatedly, but for different projects, so these design patterns help to consolidate those repetitious code snippets into meaningful names.
It seems here in BC, there are doctors conversing with their patients via email, instead of the more traditional in-person style meetings. I love the use of technology to make processes more efficient, and I am fully behind the use of email as a medium between doctors and patients. But the security of email leaves me shaking in my booties.
Many people don’t realize the insecurities in email. First, the connection to send and receive email is not encrypted by default. Certain hosting companies, like Joyent, require encrypted connections by default. Of course, this makes setting up email clients a bit trickier, hence why the average joe-sick citizen is not going to configure their client to use it. With the connection left unencrypted, anyone eavesdropping on the wireless signal or over a wired hub connection (like some cable companies use) will be able to pick up the username and password credentials for your email account. They can then get into your account, read your email, or send email from your name. Some people don’t see this as a privacy concern. I say those people need to wake up and listen to identity theft stories.
The second problem with email is that the transmission of the email content itself is not encrypted. If you solved the first problem I mentioned, that secures the connection and transmission of the email content between yourself and your hosting company. The second part of the transmission is between the hosting company and the rest of the Internet until it reaches the target host. The problem here gets a bit technical, but a simple explanation is that there is no one path to a target host over the Internet. Remember, the Internet was developed to withstand a nuclear war, so your data will travel is any direction as long as it makes its way to the host in a reasonable amount of time. When the data is traveling through the Internet, bouncing around different intermediary hosts, that data is unencrypted and anyone can view the data if they have the technical skill (it doesn’t take much). So all of your information sent between your doctor and yourself is now being broadcast to everyone on your continent. That’s not violating doctor-client confidentiality but it’s getting pretty close. If you don’t think this is a privacy problem, then why did you traditionally go to the doctor and speak to them personally in a small room with no one else around?
The solution to the second problem is difficult and requires a lot of technical skill, especially with today’s email clients. You need to configure your email client to encrypt and sign your messages with a digital certificate (also known as public key cryptography). The problem with this is two-fold: first is that the sender’s email client needs to configure correctly, which is often difficult to do because each client is configured differently. The second problem is that the receiver’s email client needs to be configured correctly to check the signature and decrypt the data with their own private key. If your eyes are going sideways now, just wait until you set it all up. Email cryptography is still too difficult for the average person to configure, so by default people are not going to use it. That is going to leave a lot of people with medical conversations out in the open.
…after all, how would you know?
Batch processing typically involves moving large data files (so called extracts) between systems. These data files include can include financial information, billing information, reports, blah blah blah. The thing I see very often is the verification and authentication of extracts…or rather, the lack of it. I believe in the Bruce Schneier school of learning, where one must be born with the security mindset, as it cannot be learned. As a result, I’m always seeing exploitable problems where others just see efficiency.
The problem I see currently with moving large data files around is that the files are never verified as being complete. Sure, the transfer protocol being used by the underlying operating system says that it does a completeness check, but what if the file was tampered before it was sent? Whether these files move into different directories or over the network, they must be checked each time for completeness and authenticity. A simple solution to all of this is to use checksums, which has been the solution for authenticating downloadable Internet files for many years.
So if checksums are such a simple concept and have been around forever, why don’t all companies use them? The first is money. It takes more development to put in extra checks around the transfer of files, which in turn means a higher cost to the company. Second is that there is a lack of security-mindedness in code development today. This isn’t just about checking that your code is safe from SQL injections, this is about making sure that no part of the system can be subjected to exploit.
Here’s a real-world example. Instead of thinking of transferring extracts between systems, let’s translate that to money between transferred between a bank’s branch offices to the central hub. Since digital money or sci-fi credit systems do not yet exist, the money must instead be transferred by armoured vehicles. So which is the best place for someone to exploit? The banks can have the most secure environment possible, but they must give up some of their security during transport. This is a reasonable risk because there are numerous verification protocols in place before the money leaves and after it has arrived at the central hub.
Bringing the example back into our problem at hand, there is an inherent risk to sending extracts to another directory or over the network. The target filesystem can fail, the network can be sniffed, the target machine can be a zombie. Secure communications can mitigate that (MITM attacks aside) but one can never be certain if the files sent are the exact match to the files received.
Yet another blog, but this one is different. I will be talking about open source technologies, automation, security and all the other things that my company dabbles in. If you are living around the Vancouver, BC area, send me an email! If not, send me an email anyway!