Older blog entries for connolly (starting at number 100)

Capability Security in E, coffescript, python, dart, and scala

A couple months ago, I inherited some Java code and took on the task of fixing a bug in it. The bug turned out to be a consequence of a silent failure; eek! And there were precious few tests and no way to test the parts without being connected to LDAP servers and SQL databases and such. This started me on an exploration of current best practices in testing. And since the job of this code was policy enforcement around patient data, I could finally justify getting my hands dirty with capability-based security. I discovered, as many others have, that both testability and security are well served by some of the same basic object-oriented techniques.

Dependency injection frameworks always smelled like overkill to me, but after watching Miško Hevery on testability, I was convinced. If you're in the mood for text rather than video, see his Guide: Writing Testable Code. Basically, instead of having some policy enforcement object constructor call an LDAP connection constructor, the policy enforcement object takes the LDAP connection as a constructor argument. "Don't call us; we'll call you" is a handy mnemonic. This lets you substitute a mock LDAP connection for testing.

It also forms patterns of cooperation without vulnerability.

For example, take a look at the simple money example in E and the underlying sealer/unsealer pattern.

I have been using these as an exercise to explore some of the recent programming language developments:

The coffeescript translation seems completely natural, to me. Given the right static scope (i.e. without most of the JavaScript standard library), I think it has the same security properties as the E version. And the E idioms seemed to translate quite directly.

Python has not only the API authority issues, but also untold introspection loopholes. Plus, I had to kludge around read-only closures and no-assignment-in-lambdas; and while simulating E's method suite idiom is not too ugly, tools like pyflakes don't recognize the results.

Dart is a big disappointment. Everywhere else I look, Google is pushing capability security. But Dart lacks nested classes, so translating E method suites results in something that is only vaguely recognizable, let alone comprehensible.

Scala works reasonably well. The Java implementation of sealing relies more on  strong typing than the object graph for rights amplification; I might want to think that over some more. Also, It's a little boring to spell out the types. I might have to try it in Haskell. But on the other hand, as Brendan Eich observes:
Dynamic languages are popular in large part because programmers can keep types latent in the code, with type checking done imperfectly (yet often more quickly and expressively) in the programmers’ heads and unit tests, and therefore programmers can do more with less code writing in a dynamic language than they could using a static language.
The balance between static and dynamic languages also shows up in development tools. I had the eclipse with the Joe-E verifier, maven, and mercurial working all together at home one evening. The code really does just about write itself at that point. But when I tried to reproduce it at work, I got so frustrated that I retreated to emacs and python and looking up function arguments manually. The python version of the project has gotten complex enough that I'm starting to miss some of the whole-program consistency that Java tools give, but I'm getting by with a bottom-up approach: flymake, doctest, and the like.


Syndicated 2011-11-23 22:44:00 (Updated 2011-11-23 23:57:11) from Dan Connolly

Medical Informatics, Peer Review, and Open Access

Three issues of JAMIA just arrived, weighing not just on my desk but also on my mind: success is defined by my peers in my new field, medical informatics, as publication in a journal where the readers have to pay for access. After fifteen years as an Open Web advocate, this grates on me.

But I see that change is already underway. While JAMIA is the top journal that I hear about in the office so far, a quick trip to Wikipedia shows that it's second in impact to an open-access journal: Journal of Medical Internet Research.

Syndicated 2011-11-21 14:35:00 (Updated 2011-11-21 14:55:21) from Dan Connolly

Secure Mashups: CSRF-resistent alternatives to WebID

I think WebID is headed in the wrong direction. It separates authorization from authentication, which is widely believed to be a good practice, but proves spectacularly bad practice when it leads to cross-site request forgery.  I have tried to explain my misgivings to the WebID proponents, but I didn't have much in the way of an alternative to suggest. Until today, when I found Sitelier and Belay Research.

While evaluating Spring Security today, I went looking to see if it its role-based architecture is in any way compatible with capability-based approaches and I found this, from the Sitelier guys:

In our view, the web right now is backwards: users have accounts on dozens of websites, all with their own logins and passwords, and our content and personal information is scattered all over the web, out of our control. Sitelier turns the situation around: when you install an app, you're effectively creating an account on your site for the app, which can then save its data (your data) there, so all your online information can live in one secure location that you control.
Replies pointed out related work such as Belay Research and emphasized usability research. Indeed, my understanding since at least as far back as my Dec 2008 post is that the capability approach is the necessary and sufficient solution to the problem of secure mashups; the only question is: given the worse-is-better tendency in software deployment, is there any chance we can move the state-of-the-art that far?

There are also some market forces to consider. If I host my own email, how do get sub-second search a la ad-powered gmail?


Syndicated 2011-07-26 22:26:00 (Updated 2011-07-26 22:26:48) from Dan Connolly

The Voters First Pledge: what do my elected representatives have to say?


I find politics so distasteful that I rarely get directly involved, but on June 4, after I watched Inside Job, I felt compelled to exercise my right to petition government for redress of grievances. I wrote the following to my elected representatives, Moran and Roberts, via opencongress:
Representative democracy in America has clearly been corrupted by big-money interests.

The Fair Elections Now Act S.750 and the The Voters First Pledge look like reasonable steps, to me.

I don't see you among the supporters.

Please sign the pledge, or at least explain to me your position on the bill.

Thanks for your consideration and your service to our country.

Sincerely,

Daniel W. Connolly
I got automated acknowledgement of receipt from both of their offices, but no response since. I don't expect more than a form letter. How long does it take to send one of those? Over a month, evidently.

Sigh.

Syndicated 2011-07-09 17:12:00 (Updated 2011-07-09 17:12:43) from Dan Connolly

Eliminating trackname collisions in multi-CD audiobook with mutagen

I wanted to listen to an audiobook on my android phone, so I ripped it (using banshee) and copied the tracks, but "track 1" from disc 2 overwrote "track 1" from disc 2.

So this little ditty uses mutagen to rename them to "Disc 01 Track 01" and "Disck 02 Track 02" respectively.

I have since discovered that ripping this audiobook with iTunes (which consults Gracenotes where banshee consults musicbrainz) yields track names like 1a, 1b, 1c, ..., 2a, 2b, 2c, ... .


import sys
import os

# http://code.google.com/p/mutagen/wiki/Tutorial
import mutagen

def fix(album):
    for dirpath, dirnames, filenames in os.walk(album):
        for track in filenames:
            audio = mutagen.File(os.path.join(dirpath, track))
            print audio['album'], audio['title']
            t = "Disc %02d Track %02d" % (int(audio['discnumber'][0]),
                                          int(audio['tracknumber'][0]))
            audio['title'] = t
            audio.save()

if __name__ == '__main__':
    album = sys.argv[1]
    fix(album)

Syndicated 2011-07-07 13:14:00 (Updated 2011-07-07 13:14:10) from Dan Connolly

Trying to replace delicious, pinboard.in, and catch with diigo

I keep trying out one more cloud based task/time/knowledge management tool, hoping it will replace several of my too many others. While browsing around the Chrome store looking for tools that sync with android, I discovered diigo. The highlight feature is really slick! I've been hoping for that feature as far back as the Amaya papers and talks from 2000. Plus, it does bookmarking and note taking. But it's not as smooth as I'd like. I wonder if that's inherent in the attempt to do so many things.

A pleasant surprise from diigo: the chrome search bar

Chrome merged the address bar and the search field a while ago. The diigo chrome extension notifies you when you search for things that match items in your library, so you don't have to build a new habit.

Why diigo hasn't replaced pinboard for bookmarking, twitter archiving

The original delicous bookmarklet clearly hit the sweet spot for bookmarking:
  1. Hitting the bookmarklet brings up a little pop-up with the URL and title filled in for you
  2. add your own note... maybe a particularly interesting quote/excerpt (optional)
  3. add some tags
  4. Hit enter/save and you're back to your web page, with the pleasant feeling that your bookmark is stored safely in the cloud (and you can get it back via their export service and/or API)
There were some lightweight features that improved the experience: auto-complete of tags and auto-suggested tags from the crowd. Then the features started getting heavy, going beyond the
critical response times, and on a tip from Gerald, I started migrating my delicious bookmarks to pinboard.in. (This was long before "the vice president of bad decisions at yahoo" threw in the towel.)
The diigo bookmarklet has two critical problems:
  • It takes over the whole page (and takes too much time doing so). So you can't consult the page as you add your notes.
  • When you hit save, it takes you to your library rather than back to the page you were on.
It was the speed of pinboard that convinced me to switch from delicious, not so much the "anti-social" aspects; I did enjoy the collaborative aspects of delicious, until they went overboard and made it too painful to search my own bookmarks. I was surprised to see so much of my community using twitter for link sharing: how do they ever find the bookmarks they made?! Twitter has the attention span of a gnat; it has no interest in helping you find a bookmark you made 2 years ago. Pinboard solved that problem by adding comprehensive twitter archiving to their snappy search offering.
Diigo has a twitter archive feature, but
  • It archives only favorites, not tweets I wrote, unless pay a monthly fee. (Pinboard isn't free, but the fee is one time.)
  • It loses critical context, i.e. who wrote the tweet.
  • It lumps tweets in with notes I wrote in places like their Quick Notes chrome application
That brings me to the goal of using diigo for task management.

Why Diigo hasn't replaced Catch for gtd-style collecting

Catch supports gtd-style collecting and processing really well:
  1. With their android widget or shortcut, touch to start adding a note.
  2. Type a few words to capture what's on my mind... or more often: hit the speech input button and say a few words.
  3. Hit save, knowing catch will sync with the cloud momentarily.
I do most of my processing via catch's web interface, when I have the full bandwidth of a big screen, keyboard, and fast network. But sometimes when I have some time to kill, I use the catch android app to process notes.
I hope the diigo Powernotes android app gets there. Both catch and diigo let me log in using my google apps accounts, but:
  • Early releases required manual sync, which completely defeated the purpose of getting things off my mind, since I had to think about whether I had sync'd or not. I'm glad that's fixed.
  • Catch has "pin note to homescreen," which is handy for journaling; PowerNote doesn't seem to have anything like that. "Pin list to home screen" would be handy.
  • Saving a note without a title fails silently. This is particularly painful since the speech-to-text note taking feature defaults to an empty title. Throwing away the knowledge I just entrusted to it is pretty much the unforgivable sin for a knowledge management app. The feedback feature is really simple and the developer acknowledged my feedback right away, though, so perhaps I'll give it another chance. 
  • I can't find an easy way to list all (and only) the thoughts I collected. It supports filing notes into lists, and one of the options is "Recent notes," but that's a tease: there is no "Recent notes" when I go to view my lists. Diigo bookmarking supports the "read later" bit a la pinboard, but I don't see how to set that bit on notes. It would be handy to have a unified "read later" collection of notes/bookmarks/highlights.

Diigo for shopping? What was I thinking?

I sure wish Amazon helped me record why I'm adding to my wishlist, e.g. who recommended it, which features or review comments I'm particularly interested in. I can annotate items if I switch to viewing the whole list, but the first thing Amazon does after I hit "add to wishlist" is distract me from recording what's on my mind with offers for other products. So I did a little research on home theater systems using diigo. But while shopping does involve research, there's really a lot more to it, and Amazon is a huge machine finely tuned to help with the whole process. Amazon's universal wishlist button helps some. Besides, as we learn from gtd, the most important thing to do after capturing a thought is to put it in context where you will next act on it. And for online shopping, that place is Amazon more often than not.

Diigo community and tools

The diigo community and development team appeals to the hacker, the researcher, and the closet-librarian in me. I haven't found many familiar names/faces in the diigo community yet. The business model (freemium, with a focus on the education market) seems sensible to me, but I don't have much confidence in my ability to pick viable web businesses. (I've been involved in the web pretty much since it started; I wonder if I'd be ahead or behind if I'd invested in the web businesses I liked when I learned about them...)  With a new owner for delicious, it may be time to take another look. The delicious crowd is large enough to display some wisdom in, for example, finding interesting new python programming resources. And I once discovered that a colleague subscribed to my family movie bookmarks.
Diigo says they support the same export format as delicious, but I don't see how I can get all my data back that way, since delicious has no concept of highlighting nor lists. I see a mention of annotations in the diigo API; perhaps all the structure is captured there.

Syndicated 2011-05-16 18:32:00 from Dan Connolly

30 Apr 2011 (updated 1 May 2011 at 04:24 UTC) »

Trying to replace delicious, pinboard.in, and catch with diigo

I keep trying out one more cloud based task/time/knowledge management tool, hoping it will replace several of my too many others. While browsing around the Chrome store looking for tools that sync with android, I discovered diigo. The highlight feature is really slick! I've been hoping for that feature as far back as the Amaya papers and talks from 2000. Plus, it does bookmarking and note taking. But it's not as smooth as I'd like. I wonder if that's inherent in the attempt to do so many things.

A pleasant surprise from diigo: the chrome search bar

Chrome merged the address bar and the search field a while ago. The diigo chrome extension notifies you when you search for things that match items in your library, so you don't have to build a new habit.

Why diigo hasn't replaced pinboard for bookmarking, twitter archiving

The original delicous bookmarklet clearly hit the sweet spot for bookmarking:

  1. Hitting the bookmarklet brings up a little pop-up with the URL and title filled in for you
  2. add your own note... maybe a particularly interesting quote/excerpt (optional)
  3. add some tags
  4. Hit enter/save and you're back to your web page, with the pleasant feeling that your bookmark is stored safely in the cloud (and you can get it back via their export service and/or API)

There were some lightweight features that improved the experience: auto-complete of tags and auto-suggested tags from the crowd. Then the features started getting heavy, going beyond the critical response times, and on a tip from Gerald, I started migrating my delicious bookmarks to pinboard.in. (This was long before "the vice president of bad decisions at yahoo" threw in the towel.)

The diigo bookmarklet has two critical problems:

  • It takes over the whole page (and takes too much time doing so). So you can't consult the page as you add your notes.
  • When you hit save, it takes you to your library rather than back to the page you were on.

It was the speed of pinboard that convinced me to switch from delicious, not so much the "anti-social" aspects; I did enjoy the collaborative aspects of delicious, until they went overboard and made it too painful to search my own bookmarks. I was surprised to see so much of my community using twitter for link sharing: how do they ever find the bookmarks they made?! Twitter has the attention span of a gnat; it has no interest in helping you find a bookmark you made 2 years ago. Pinboard solved that problem by adding comprehensive twitter archiving to their snappy search offering.

Diigo has a twitter archive feature, but

  • It archives only favorites, not tweets I wrote, unless pay a monthly fee. (Pinboard isn't free, but the fee is one time.)
  • It loses critical context, i.e. who wrote the tweet.
  • It lumps tweets in with notes I wrote in places like their Quick Notes chrome application

That brings me to the goal of using diigo for task management.

Why Diigo hasn't replaced Catch for gtd-style collecting

Catch supports gtd-style collecting and processing really well:

  1. With their android widget or shortcut, touch to start adding a note.
  2. Type a few words to capture what's on my mind... or more often: hit the speech input button and say a few words.
  3. Hit save, knowing catch will sync with the cloud momentarily.

I do most of my processing via catch's web interface, when I have the full bandwidth of a big screen, keyboard, and fast network. But sometimes when I have some time to kill, I use the catch android app to process notes.

I hope the diigo Powernotes android app gets there. Both catch and diigo let me log in using my google apps accounts, but:

  • Early releases required manual sync, which completely defeated the purpose of getting things off my mind, since I had to think about whether I had sync'd or not. I'm glad that's fixed.
  • Catch has "pin note to homescreen," which is handy for journaling; PowerNote doesn't seem to have anything like that. "Pin list to home screen" would be handy.
  • Saving a note without a title fails silently. This is particularly painful since the speech-to-text note taking feature defaults to an empty title. Throwing away the knowledge I just entrusted to it is pretty much the unforgivable sin for a knowledge management app. The feedback feature is really simple and the developer acknowledged my feedback right away, though, so perhaps I'll give it another chance. 
  • I can't find an easy way to list all (and only) the thoughts I collected. It supports filing notes into lists, and one of the options is "Recent notes," but that's a tease: there is no "Recent notes" when I go to view my lists. Diigo bookmarking supports the "read later" bit a la pinboard, but I don't see how to set that bit on notes. It would be handy to have a unified "read later" collection of notes/bookmarks/highlights.

Diigo for shopping? What was I thinking?

I sure wish Amazon helped me record why I'm adding to my wishlist, e.g. who recommended it, which features or review comments I'm particularly interested in. I can annotate items if I switch to viewing the whole list, but the first thing Amazon does after I hit "add to wishlist" is distract me from recording what's on my mind with offers for other products. So I did a little research on home theater systems using diigo. But while shopping does involve research, there's really a lot more to it, and Amazon is a huge machine finely tuned to help with the whole process. Amazon's universal wishlist button helps some. Besides, as we learn from gtd, the most important thing to do after capturing a thought is to put it in context where you will next act on it. And for online shopping, that place is Amazon more often than not.

Diigo community and tools

The diigo community and development team appeals to the hacker, the researcher, and the closet-librarian in me. I haven't found many familiar names/faces in the diigo community yet. The business model (freemium, with a focus on the education market) seems sensible to me, but I don't have much confidence in my ability to pick viable web businesses. (I've been involved in the web pretty much since it started; I wonder if I'd be ahead or behind if I'd invested in the web businesses I liked when I learned about them...)  With a new owner for delicious, it may be time to take another look. The delicious crowd is large enough to display some wisdom in, for example, finding interesting new python programming resources. And I once discovered that a colleague subscribed to my family movie bookmarks.

Diigo says they support the same export format as delicious, but I don't see how I can get all my data back that way, since delicious has no concept of highlighting nor lists. I see a mention of annotations in the diigo API; perhaps all the structure is captured there.

Syndicated 2011-04-30 17:41:00 (Updated 2011-05-01 03:38:32) from Dan Connolly

16 Apr 2011 (updated 28 Apr 2011 at 21:17 UTC) »

Closing music sharing loops with Amazon Cloud Player and iTunes home sharing

I enjoy the music that my wife buys, but when I shop, I seem to get overwhelmed before I get as far as the "place your order" button. It's just like in college, when I used pore over the used cassette section, only to realize it was time for my next class before I decided what to buy. Once she buys the music, I'd like to have it when I commute to work or go to the gym.

I pulled my hair out for a while trying to get my Ubuntu linux box to fool her Mac into using it as a time machine server. I couldn't even get apple file sharing working read-write (for saving playlists and metadata). When Apple came out with home sharing, I pretty much threw in the towel and resigned myself to pulling out my MacBook Air whenever I wanted to deal with the world of popular music. But mostly I just didn't bother.

Then, after she had been limping along for a while on external keyboards and mice for her MacBook due to the internal ones having broken down (and the price to service them being out of reach), we swapped out her MacBook for my Macbook Air.

This gave me a fresh shot at organizing the family music collection.

My Ubuntu box has big, cheap disks. I use LVM2 to manage three volumes, which vary based on availability and confidentiality constraints:

  • commons - for creative commons and open source stuff. No constraints; I don't have to worry about who sees it or copies it, and it remains available if I delete my copy.
  • mass-media - for popular music, DVR storage, etc. I don't have license to share this stuff freely, but availability isn't a big deal: if I lose my copy, I can easily get another, though perhaps not for free.
  • family-media - for photos, records, etc. Much of it is confidential and original.

At some point since my earlier frustrations, Ubuntu and Mac OS X have decided to get along; file sharing now Just Works. So I rsync'd all her music to the mass media volume shared it. Unlike the nightmare of merging iPhoto libraries, iTunes has an option to view "only items not in my library". Yay!

The iTunes collection includes some original stuff, such as piano recital recordings and garage band compositions. I'm dealing with my long-standing angst about that by using Musicbrainz Picard to automatically re-tag everything and then move the stuff that's outside the wisdom of crowds to the family-media volume. The collection also includes stuff that my wife imported for photo montage projects; Frank Sinatra and polka music were of great sentimental (or humor) value to the client, but I don't want it in my "shuffle all" mix on the way to work. I'm not sure how to deal with that, yet.

Reducing the redundancy feels good to the closet librarian in me, but... what if the disk goes kerflewey? It's all replaceable, but even the potential of buying it or ripping it again leads me to the aforementioned paralysis/overwhelm.

Enter Amazon Cloud Drive and Amazon Cloud Player.

Not only does the android app eliminate the hassle of firing up a Mac to use doubletwist to sync iTunes to my android phone, but cloud storage provides backup of all our popular music... or at least: all the music that I cherish enough to bother uploading to Amazon.

Syndicated 2011-04-16 03:21:00 (Updated 2011-04-28 20:26:32) from Dan Connolly

Google smiles on KC

The Topeka gag turned out to be not so far off after all: Ultra high-speed broadband is coming to Kansas City, Kansas. I work in the informatics division of KU Med Center, which gets special mention:

We’ll be working closely with local organizations including the Kauffman FoundationKCNext and the University of Kansas Medical Center to help develop the gigabit applications of the future.
While I live in the KC metro area, I live in one of the 'burbs, not KCK, so this won't affect me at home much. But it should be a huge shot in the arm to the KC startup community.

Syndicated 2011-03-31 13:38:00 (Updated 2011-03-31 13:38:46) from Dan Connolly

Adding server operations, DBA to my bag of tricks

I've always been a programmer. Then I learned enough about shipping software products at Convex and Dazel, and then global collaboration at W3C. I have always respected the people who keep the servers runningthe W3C systems team rocks!and now I'm learning a bit of that stuff too.

It's certainly happier than the feedback I've been getting while trying to learn about Oracle administration. (Frank isn't the name this guy used, but he was very frank.)

if I make a cold backup on AIX (big-endian) and I try to restore it on linux (little endian), am I more likely to win or lose?
lose
you need to use rman or [...]
but you guys really should hire a dba
you could afford oracle, and a server for aix, and now a new linux server
you can afford a dba for a few hours
Or else, you could totally screw stuff up, especially the configuration and tuning of the linux DB
[...]
most admins now are giant #$%@# idiots who dont know that sqlplus exists. 
or they are "developers"  which their company put them in charge of the database
and are giant clueless idiots

Syndicated 2011-03-15 16:54:00 (Updated 2011-03-15 16:54:13) from Dan Connolly

91 older entries...

New Advogato Features

New HTML Parser: The long-awaited libxml2 based HTML parser code is live. It needs further work but already handles most markup better than the original parser.

Keep up with the latest Advogato features by reading the Advogato status blog.

If you're a C programmer with some spare time, take a look at the mod_virgule project page and help us with one of the tasks on the ToDo list!