Fred Brooks on Computer Science

Posted on 2013-08-04 by jcs

Someone posted an old address by Fred Brooks, author of the celebrated The Mythical Man-Month, given on the occasion of his acceptance of the ACM Allen Newell Award in 1994. It’s an interesting talk and one that I hadn’t read before.

Brooks posits the idea that Computer Science isn’t a science. Instead it should be viewed as an engineering discipline and in particular that what we are really doing is toolsmithing. Some may chafe at that definition but Brooks makes a good case for it. He says that our value is in the tools that we build for others to solve their problems with.

He illustrates this by describing the work of his laboratory at the University of North Carolina at Chapel Hill. The laboratory takes an interdisciplinary approach and collaborates closely with colleagues in Physics and Biology. He describes some of the tools that they built during those collaborations and how both sides of the collaboration were better off in the end.

It’s a nice talk and well worth a read. You may find yourself persuaded that his definition of “Computer Science” is the correct one.

Update: Nick Higham points out that I neglected to add a link to Brooks’ talk. Silly me. Here it is.

Posted in General | 2 Comments

Troy Hunt on SQL Injection

Posted on 2013-08-03 by jcs

The invaluable Troy Hunt has an excellent post on SQL injection attacks. We all know the basic ideas behind SQL injection but Hunt shows how attackers actually mount the attacks and why they work. It’s extraordinary that these attacks still work but as Hunt points out they are still the number one exploit in the OWASP Top Ten.

This post is about the SQL injection itself rather than its mitigation. There’s a link to mitigation strategies in the post1 for those who are looking to protect themselves from these attacks.

If you’re writing server side code that interfaces to a database, you should take a look at this post. At the very least, you’ll get an idea of what you’re up against.

Footnotes:

1

The mitigation post is primary aimed at .NET developers but contains good advice for everyone.

Posted in General | Tagged | Leave a comment

Updating to Org Mode 8

Posted on 2013-08-02 by jcs

I just upgraded Org mode to version 8.0.6. I’ve been holding off waiting for org2blog to fix some incompatibilities. Mostly, the transition went smoothly. By following the commentary in the release notes and the new installation instructions I had everything working reasonably quickly. I thought.

Everything was fine until I tried to rebuilt my agenda. The first time I tried it I got a message saying that org-agenda-archives-mode had a void value. I turned to the manual to see what I needed to do but I could find no mention of this variable in the index or any of the appropriate areas in the body of the manual. Nor could I find anything in the release notes. What to do?

Well, of course, Emacs is famously self documenting so I just looked up the variable with 【Ctrl+h v】 and saw that I could set it to nil and get the behavior I wanted. I tried to build the agenda again and got another error message. This time I just went directly to the built-in manual to figure out the right value. This happened a total of 3 times but after the first I was able to resolve the problems quickly. The TL;DR is that I just added 

(setq org-agenda-archives-mode nil)
(setq org-agenda-skip-comment-trees nil)
(setq org-agenda-skip-function nil)

to my init.el and everything was fine.

It’s sometimes easy to forget the power of the built-in documentation. Instead of wasting time looking at the Org manual, all I had to do was look up the problem variables.

Posted in General | Tagged | 8 Comments

Embedded Notes in Text

Posted on 2013-08-01 by jcs

The other day, I ran across this 2009 Norwescon interview with Vernor Vinge. Irreal readers will be happy to know that he’s an Emacs user and writes his novels with it. The interview includes a screen shot of his work on The Children of the Sky.

One of the things that struck me was that Vinge embeds copious notes in the manuscript. His scheme looks homegrown to me. The story text is indented while each line of the notes starts with a ^. It’s easy to imagine a script or some elisp that extracts the story text from the manuscript. Vinge is, after all, a computer scientist.

That got me thinking. I use Org mode for all my writing and sometimes want to embed notes in the file along with the final text. How can I do the same thing that Vinge does? I sometimes embed a line or two of comments by starting them with a #. When the blog post, say, gets exported the lines beginning with # are not exported. For longer form writing with copious notes that’s not convenient. Click on that screen shot in the Vinge interview and you’ll notice that there are more notes than story text. I was looking for a way of doing what Vinge does with his system.

At first I thought I could use the tangle function but that works only with source code for one of the supported Babel languages. After a bit of research I discovered that you could include comments between BEGIN_COMMENT and END_COMMENT tags like this 

#+BEGIN_COMMENT
Some notes
and other
comments
#+END_COMMENT

Sadly, there’s no Easy Template shortcut for it. No problem, I thought, I’ll take a look at the code and maybe advice it or do my own version. Happily, as soon as I started looking I found the answer. You can define your own Easy Templates by adding an entry to the org-structure-template-alist variable: 

(add-to-list 'org-structure-template-alist
             '("n" "#+BEGIN_COMMENT\n?\n#+END_COMMENT"
               "<comment>\n?\n</comment>"))

Now I just type 

<n

and 【Tab】 to be put in the middle of a comment region. This is a nice solution because, like reproducible research, you have everything in a single file and can export it to any of a number of formats including HTML, plane text, LaTex, and even ODT1. As usual, Emacs provides an environment that makes it easy to solve editing and workflow problems.

Footnotes:

1

I haven’t used the ODT export function yet but it could be useful to authors whose publishers require the manuscript be delivered as a Word document.

Posted in General | Tagged | Leave a comment

Tail Call Optimization in Lisp Implementations

Posted on 2013-07-31 by jcs

Early on in my Lisp education, I learned Scheme and became enamored with using recursion as a primary iteration strategy. It’s hard to avoid this in Scheme because it doesn’t have any other general recursion mechanisms besides do.

In Common Lisp, iteration via recursion is not an established paradigm. Mostly that’s because, unlike Scheme, Common Lisp does not guarantee that tail recursion will be “optimized.” You can always do recursion, of course, but you risk running out of stack frames. With tail call optimization (TCO)1 that doesn’t happen.

Even though Common Lisp doesn’t guarantee TCO, most implementations do, in fact, provide it. Sadly, it’s hard—or at least I find it hard—to determine whether a particular implementation provides it or not. You can peruse the documentation, of course, but it seems harder than it should be to find the information. Happily, Marc Simpson, who had the same problem, has us covered. He’s put together a nice post that lays out which CL implementations provide TCO and which don’t.

For my part, I’m glad the SBCL does TCO. So does Clozure, the other CL implementation that I sometimes use. If you are a Lisper, you should take a look at this post and bookmark it even if you currently use only a single implementation. It’s a great resource.

Footnotes:

1

More accurately tail call elimination, but everyone calls it tail call optimization.

Posted in Programming | Tagged , | Leave a comment

The Last Word on XML

Posted on 2013-07-30 by jcs

Jean-Philippe Paradis has a pithy evaluation of XML.

Posted in General | Tagged | Leave a comment

Making My Email Safer

Posted on 2013-07-29 by jcs

As I’ve mentioned before, I’ve been looking for ways to tighten up my email security and, at the same time, move away from Google to avoid being caught in another nasty surprise like the shuttering of Google Reader. Today’s post is a report on where I am now and what I am planning for the future.

By far the best advice I’ve found for keeping your email secure was given by Drew Crawford in his NSA-proof your e-mail in 2 hours post. Crawford’s recommendation is to run your own mail server. That’s not nearly as hard as you might think and it gives you absolute control over the secure storage of your email. Unless the police come to your door with a warrant (or capture the email in flight) your privacy is assured. Even with a warrant, you know “they” are trying to get your email and can fight the warrant. That’s much better than storing your email on Google and having the government serve Google with a secret warrant to get your email without you even knowing about it.

Of course, there are some problems. You’ll need your own domain and a machine to run the mail server on. Crawford assumes a Linux machine and that’s probably the easiest way to get things set up, especially if you want to follow his procedure. The other thing you’re going to need is a fixed IP address (or at the very least some sort of dynamic DNS setup). Most ISPs are going to make you get a commercial account and charge you more for this so it bears looking into before you start.

Setting up my own mail server is my ultimate goal but while I’m working out the details, I’ve moved all my Google mail elsewhere. I found two excellent services that should work well for me and anyone else wanting to abandon Google. The first is FastMail. If you’re looking for something very similar to Gmail, this seems like a good bet. Max Masnick and workhere.io have both switched and posted informative articles on the pros and cons of FastMail. Both are worth a read.

The other possibility is Lavabit the service said to be used by Edward Snowden. They have an impressive list of features including keeping your email encrypted on their server with a key only you know. If you’re extra paranoid, this may be a good bet for you.

My intermediate solution is to move my Gmail traffic to Lavabit. I’ve already redirected all my mailing list traffic (the bulk of my Gmail activity) and will see what else needs to be moved as emails trickle in. I’m pretty happy with this as a stop gag measure until I can get my own email server up.

Posted in General | Tagged | Leave a comment

Making DuckDuckGo Your Default Safari Search Engine

Posted on 2013-07-28 by jcs

Editorial Note: You probably won’t care about this post unless you’re a Mac user but all readers are welcome.

In my continuing quest for a smaller (visible) footprint on the Net, I’ve stopped using Google and switched to DuckDuckGo for searches. I started by adding DDG to my Safari Bookmarks Bar so that I could just click on it when I wanted to search. Of course, most of the time I’d forget and type my search query into normal address bar instead and then have to retype it.

After using DDG for a few days I decided that

  1. I liked it enough to make it my main search engine.
  2. I had to find some way to make it the default.

Sadly, Apple in its wisdom has exactly three choices for a default search engine: Google, Bing, or Yahoo. After a bit of searching (with DuckDuckGo, of course) I discovered a neat hack to make DuckDuckGo the Safari default.

The method is described on this DuckDuckGo help page but the TL;DR is to first tell Safari you want Yahoo as your search engine (this choice is important for reasons explained on the help page) and then set an explicit address for search.yahoo.com in /etc/hosts. The address points at a special DDG server that passes your request on to the normal DDG processing. Now I just type my search terms into the address bar as normal and I’m searching on DDG.

Posted in General | Tagged | 2 Comments

Doing It Right, ISP Edition

Posted on 2013-07-27 by jcs

I wish these guys were my ISP. Although it won’t be news to Irreal’s European readers, Americans may not be aware that British PM David Cameron is pushing a plan to have ISPs filter pornography. Originally, the plan called for an opt out but the ISPs insisted on opt in. Andrews & Arnold, on the other hand, aren’t having any of it. They say that if you want a censored network connection you should move to North Korea or at least seek out another ISP because they aren’t providing any filtering.

That, right there, is enough to get them the Irreal seal of approval but it gets better. They point out that it’s not up to them to censor your Internet connection. That’s something that’s up to individual users to provide for themselves. And by the way, NAT? No they don’t do that either. They think every computer should have it’s own IP address. Now that IPv4 addresses have run out they may be able to deliver only a single IP address to the user who may NAT internally but Andrews & Arnold don’t use it at all. Your IP address remains fixed. If you use IPv6 they provide a /40 block to allocate as you like.

The logging that they do is for network engineering purposes and they make it possible for you to avoid it if you wish. They don’t currently have any monitoring devices on their network and will resist being ordered to install them. The director says that users should feel free to ask him if they have been forced to install them, and says that if he refuses to answer you should draw the appropriate inferences.

All in all, Andrews & Arnold appear to treat their users they way they would want to be treated. Read their policies at the link to see what I mean. It’s a source of sorrow to me that more ISPs (and especially those in the U.S.) don’t do as well.

Posted in General | Tagged | Leave a comment

A Patent Win

Posted on 2013-07-26 by jcs

This is so cool. Joel Spolsky tells how he shot down a garbage software patent with only a 15 minute effort. He did that by using his new Stack Exchange site Ask Patents, a site on which anyone, including patent examiners, can ask for prior art on a patent application. Spolsky says the process is simple and easy. Read the questions and if you see something that you know about, read the patent application—actually just part of it—and do a bit of Google searching to find examples of prior art. Read Spolsky’s post; it’s easier than I’m making it seem.

Spolsky says he hopes that some of the big players will realize that this is a way of messing with the competition and assign an engineer or two to spend a bit of time on the Ask Patents site. As he says, that would be cool.

Posted in General | Leave a comment