Monday, May 26, 2014

Another win for ChromeBox

I had my niece and nephew over for some pool and pizza today. They were playing on my daughters' ChromeBox and teaching them how to play games etc... it was a beautiful site and a fantastic advertisement. Not to mention it was reassuring that I made the right purchase for them.

Mavericks 10.9.3 killed my keychain

I have no idea what just happened but it appears that the latest update to OSX (10.9.3) just ate my keychain and, not to be undone, while I was trying to enter my password it would not connect to the internet as the WiFi password was also deleted and so nothing meaningful was working until I could get past the iCloud password request and get the OS running long enough to get the WiFi started and then restart iCloud.

What a mess!

And to think I just had a conversation with my father about how bad Windows 8.1 was. I cannot imagine what sort of things he'd have to say if he went through this.

Sunday, May 25, 2014

Flow Based Programming - groups

The Flow Based Programming model is essentially sending strongly typed messages between nodes that are running in separate threads. (at least in my model). The entry and exit point of each node is typed and has a queue; they act with the ability to fan-out and fan-in.

When one node is sending typed messages to another node... the messages can be consumed serially and without being interfered with by other linked nodes. Meaning a fan-in input can consume all of the input group from one fan-out before accepting input from other groups or other nodes.

The producer of the group needs to identify the group, make a connection to the target subscriber (one to one), and if granted permission to start sending... starts, until the publisher runs our of data at which time the publisher sends an end of group message.

Creating the pipes is the first challenge. (i) using the same pipe for grouped and ungrouped messages will be a bit messy; the channel itself cannot tell the difference between the message types prior to consuming the message. (ii) creating a group message channel and then spawning a dynamic channel has some benefit (iii) creating the channels with big enough queues can be a serious challenge so that the pending channels have been queued up (iv) redirecting the messages to a typed queue offer other challenges. Whatever the implementation it's important to keep the processing and reprocessing to a minimum.

SQLite4 is a great idea

There were two interesting ideas in the design document. (a) SQLite4 is not a replacement for SQLite3. (b) they are implementing pluggable backends. (c) it's all one key/value store.

That 4 is not a replacement for 3 is nice in that I can be reasonably assured that my existing code has some running room before I have to find an alternative.

Pluggable backends, however, is causing me some concern. One thing I like about the folks at SQLite is that they code is highly reflective and opinionated. Meaning that they've thought about it long before they executed and put it in my toolbox. Now pluggable backends will provide a vector for all sorts of not so considerate code to make it into my project.

Finally, that the engine is based on a key/value model really has me thinking. Why not just put some sort of wrapper around redid and call it a day (actually that's an epic for the reader).

PROLOGUE: I find it interesting that all manner of new languages are starting to make progress in the mainstream and to great effect. I certainly agree that the work product needs to compile on many more platforms, be linkable into other languages and platforms, and so on, however, I have read some recent articles that are compelling. Bolt, leveldb, lmdb, datomic and maybe a few others.

Friday, May 23, 2014

Chrome Reading List

When is Google going to implement a "reading list" like feature in their Chrome browser? I hope that the reading list feature is not patented! It's just too close to the bookmark. Which I also hope it not patented? The integrated reading list is really helpful and is simply without friction. While I have been able to use goo.gl and bit.ly they are nowhere near as smooth as the Apple Reading List.

Thursday, May 22, 2014

Comcast is digging up my lawn

I'm not sure exactly how Comcast can afford to provide Internet service phone service and cable service for half the price of the incumbent in my neighborhood. Advance Cable Communications is charging me $209 a month for an average product. Comcast is willing to charge me half that price for the exact same service plus an amazing network bandwidth. Being naturally skeptical I find myself wondering when the shoe is going to drop.

If I had the sort of clout required to investigate I would be very interested in knowing where the different subsidies are taking place in order to justify the price difference. I have a hard time believing that it is strictly based on the economy of scale or the margins that the incumbent is operating under.

Using deferred robs your go program of speed

The benchmarks RN and even with the latest version of go 1.3 beta it appears that the defer command is slower by significant numbers. Apparently the implementation of the defer command allocates memory which must be garbage collected which actually has performance side effects.

Sadly I have a few hundred the first date that must now be re-factored. 

Comment your code or Commit every change?

I do not know which is better, however, I believe that the two should be linked. That the commit is taking place on a decoupled system means that you have no direct visibility to the comment and when the comment is in the code they tend to get stale. (of course there is always literate programming).

UPDATE: my editor needs a proper blame view where the blame column might be commit comments instead of person. (literate programming is starting to feel better) I read that Donald Knuth writes 2 to 3 programs a week in this way.

Wednesday, May 21, 2014

ChromeBox is a Success

You cannot mistaken a ChromeBox from a late model laptop and while "it's really important" (a jab at the Microsoft Surface 3) that some of the new tablets are also full of power and functionality you have to ask yourself if it's really all that important.

My chromebox is currently playing the web-spotify client and I'm writing this post at the same time. I suppose I could have a few additional windows open but to what end. Earlier this evening I had a few terminal sessions running and a few browsers windows. And it was all working like a champ.

I suppose I would like a little more memory for the browser but for the simple things in life who cares. Right now all I need is a text editor and a terminal session and I'm in the sweetspot. (I suppose a Chrome Pixel would be nice if someone were to buy one for me but for the moment this will do just fine)

Sunday, May 18, 2014

Life without a proper laptop

My MacBook Air has given up the ghost. After 4 complete reinstalls the machine refuses to encrypt the boot partition which leads me to the conslusion that there must be a problem with the drive. It formats and accepts the installation of OSX but that's as far as it goes. (this post is being written on my iPad mini and while typing into the blogger app is functional it's just not pleasant.)

There was a time when I was hoping that my iPad was going to be a complete laptop replacement but now that it's truth time I'm not certain it's going to work. And while Apple is asking all of it's app makers to sandbox their apps I'm not sure it's going to be any better than the iPad experience.

I do not think that the Nexus or the Kindle would be any better. I do have high hopes for the chromebox.

Thursday, May 15, 2014

it's a good release when...

You know it's a good release when the number of return visitors drops sharply after a release.

Wednesday, May 14, 2014

Secure Software Development Lifecycle


Justification:

While there are a number of obvious attack vectors for would-be black hats - most are never considered or defended against until there has been an incident. This is not to say that a huge investment is required from day one; as we have learned from the copy protection cat and mouse of the 1980s - it is expensive and with diminishing returns. But if we do a few things up front and in the beginning then we raise the cost for the attacker thus we become a less desirable target.

Secure Software Development Lifecycle:

  • frameworks are good


References:

salted password hashing
https://crackstation.net/hashing-security.htm

OWASP cheat sheets
https://www.owasp.org/index.php/Cheat_Sheets

Twenty-three Evergreen Developer Skills
http://blog.zeusprod.com/2014/02/twenty-three-evergreen-developer-skills.html?m=1

Google vs Facebook - trunk
http://paulhammant.com/2014/01/08/googles-vs-facebooks-trunk-based-development/

7 Habits of Dysfunctional Programmers
http://www.ganssle.com/articles/7habits.htm

10 Commandments of egoless programming
http://www.codinghorror.com/blog/2006/05/the-ten-commandments-of-egoless-programming.html

Only the beginning
http://www.usatoday.com/story/tech/2014/01/13/target-retail-industry-hacks-2014/4460441/

bad code - silent circle
http://blog.erratasec.com/2013/08/when-did-we-start-trusting-bad-code.html?m=1

truecrypt
http://volatility-labs.blogspot.it/2014/01/truecrypt-master-key-extraction-and.html?m=1

managers should code
http://www.drdobbs.com/architecture-and-design/engineering-managers-should-code-30-of-t/240165174

appliance and framework
http://queue.acm.org/detail.cfm?ref=rss&id=2566628

removing passwords
http://arstechnica.com/security/2013/12/microsoft-joins-fido-group-hoping-to-replace-passwords-with-public-key-cryptography/

Intrusion Detection: Support Vector Machines and Neural Networks
http://www.cs.uiuc.edu/class/fa05/cs591han/papers/mukkCNN02.pdf

Network Intrusion Detection Using Tree Augmented Naive-Bayes
http://www.znu.ac.ir/members/afsharchim/pub/cicics12.pdf

Falcon
http://www.fico.com/en/

Good fun with bad crypto
https://intrepidusgroup.com/insight/2014/01/good-fun-with-bad-crypto/

RBAC with unique urls and rotating keys so filtering outside application

Secure REST
http://blog.cloudfoundry.com/2012/10/09/securing-restful-web-services-with-oauth2/

tcpdump tutorial
http://www.danielmiessler.com/study/tcpdump/

ip tcp http
http://www.objc.io/issue-10/ip-tcp-http.html

This is by no means a complete list. It's represents my current reading list.

Tuesday, May 13, 2014

Why is JavaScript successful in the enterprise

What metrics are executives using to claim that server-side JavaScript is a highly productive platform for developers?

CoreOS - auto update goodness

So long as CoreOS does not embed any malware, is not compromised, and remains in business then it is the killer Linux distribution of 2014 and is far superior to Project Atomic. The idea that the kernel is going to be updated either automatically or upon next reboot is going to take some time to get used to. It also means that I have to keep my eyes glued to their site to make sure that any new changes are accounted for.  It also means that CoreOS must maintain backward compatibility forever. It also means that the tools like etcd, fleet, locksmith, and systemd must always be backward compatible.

But for me... I have been waiting for Docker 0.11.0 to arrive. After a reboot this afternoon. There it was. Amazing.

Sunday, May 11, 2014

What is Google Scale?

It's Mother's day and I'm thinking about "Google Scale". People talk about the next big thing and what that means in terms of scale and invariably the optimistic continues on to world domination at scale. Nuts!

I'm thinking about scale because that's the place where I work and play. I'm always chasing the scale monster and right or wrong I think I've made a discovery.

The number of compute nodes you need to solve a problem is proportional to the population.  (a) not everyone is online at the same time. (b) not all of the data is needed all of the time (c) failure happens (d) people are born with no data and when they die most of their data loses value.

So if you want to Google scale your business there is going to be some magic number of hardware and other resources you'll need assuming that all users need instant access and that number can be massaged based on availability and the number of applications actually running... but in most cases I would expect it's one computer for them to use as a client and one small fraction of a server to respond to requests whether it's search or word processing.

Saturday, May 10, 2014

Flow Based Programming - toolchain

With the team at NoFlow going public with an early beta I have had a chance to further develop some ideas that were previously just cloudy thought bubbles.

Assuming that the development team is morphing into a multidiscipline team of logic designers and component programmers then the question is where does one begin when there is an empty pallet? This is a particularly difficult question when the designer needs building blocks to connect and when the programmer needs requirements in order to construct the components. The chicken and the egg argument has never been so clear.

In my vision I see that everything is made up DNA. There is a network DNA and a component DNA. Depending on signatures; instances of each can connect and interact. (in a very, high school, biomechanics way). Therefore, the designer can layout the network using very basic component and pathway definitions; and later refine the network with more precisely named channels and add individual requirements for each component in order to help the component programmer.

The empty components are put into a work queue that the component programmers work from. The programmers take the requirements, implement them and the necessary test cases. I, personally, prefer that the components limit the usage of conditionals and loops because that makes them harder to test. I do not limit the use of 3rd party libraries because I expect that those tools have been adequately tested. (life experience suggests that this is wrong but at least I'm taking a stand with several ways out)

So that sums it up. (1) Simple point of entry to describe the work. (2) Simple way to implement and test the details. (3) Simple way to refine everything.

PS: One thing that I like about the NoFlow project is that they are pretty close.  The intent of the NoFlow project is to map the application network, however, the interface is dependent on the existence of the components. So somewhere in there they designer and programmer already collaborated to build components that were later assembled. To the contrary I want to capture the design before implementing any code or engaging programmers.

Friday, May 2, 2014

guests are like fish ... they smell after a few days

... or something like that. I've been using fishshell for a few months and while I like the command line, history, color, and config I really hate that it's not compatible with bash. As a result none of the interesting tools, like GVM (golang version manager), which I depend on daily function properly because the syntax is just too different. About the only thing I can do is launch fishshell from bash but that's just a hairball.

Therefore, as much as I like some of the other features... fishshell stinks.

As much as it pains me bash is still the strongest contender. (zsh and all of it's candy is not as good as fishshell but even so the syntax is different enough).  It's clearly time to upgrade bash, make a compatibility layer to the others, or build a new shell to rule them all. (tcl, lua, go, something else)

another bad day for open source

One of the hallmarks of a good open source project is just how complicated it is to install, configure and maintain. Happily gitlab and the ...