Pitos Blog

Check this post The flatfooted learning society from Joho the Blog:

But, I am a flatfooted “programmer” and always will be. I have limitations that would have kept me from ever becoming a professional. I have an odd inability to handle indirect relationships, e.g., pointers; I did fine with C, but bombed at C++. I have problems with recursion, so although I once did a fair bit of hobbyist Lisp “programming” (I once wrote a beginner’s guide to Lisp as a document extension language), I can’t handle the self-reflexive capabilities that turn Lisp into a super-tool for Paul Graham. I’m terrible at math. I simply could not have become a pro. (from: The flatfooted learning society)

David Weiner, author, speaker, thinker, turns out to be a programmer too! Read his musings of what it’s like being a flatfooted programmer.

But the reason I really cite this is because it reminds me of Google’s new tool to easily create applications for Android. It’s called AppInventor. I’ve studied it a little. It looks interesting and cool but it raises in me an old bias against visual programming environments.

Take a look at this out of context screen shot. I wonder whether you can really program visually. I think it was Dave Winer who said years ago that programming is more like writing and less like drawing. I think I agree.

I wonder what the flat footed developer corps thinks. Does Visual Programming help?

Popularity: 1% [?]

This looks like a really nice and detailed tutorial on how to use Twitter in Rails. Check it out! p.s. if you don’t know what the previous sentence means, don’t worry about it. You must not really be geeky.

Popularity: 1% [?]

I am not sure exactly what this article about Trust means exactly, but it’s thought provoking, don’t you think?

“Trust is present or it is absent. Grab a nerd and he’ll tell you that even the absence of trust is a measure of trust and that particular measure is zero. When trust is non-zero (which is better, believe me) it is based on one of two methodologies — empiricism or transparency (the other T-word).” (from I, Cringely)

Popularity: 1% [?]

If you’ve been in computing for any time you may have been hit over the head by the slogan “Security by Obscurity is No Security”. As I have understood the argument it has a few components:

1. If your security relies on secret tricks, trap doors, and a hope that no one will be able to find out or guess the work around, then you’re fooling yourself. Sooner or later someone will be able to guess the trick, see the code, quit your company and take the secret with them.
2. Allowing your code and methods to be inspected and analyzed by the public (bad guys included) is the only way to learn about weaknesses that you would be blind to and give you a chance to close them. The other slogan which I will tackle some other time is “All bugs are shallow to a thousand eyes” implying that no matter how subtle the weakness, if you allow lots and lots of people to look, they will find them all.

(Actually Wikipedia has a longer and probably more correct summary of the Security By Obscurity concept.)

In the past I was usually quickly persuaded or at least silenced when confronted with these arguments, although at a gut level it never really sat right with me. While the arguments are strong, I had an vague sense that obscurity in fact does help security and often is a useful part of the whole security story. But who was I to argue?

With that background I was interested to see an article in the New York Times the other day, “Cyberattack on Google Said to Hit Password System“:

“[snip...]But a person with direct knowledge of the investigation now says that the losses included one of Google’s crown jewels, a password system that controls access by millions of users worldwide to almost all of the company’s Web services, including e-mail and business applications. The program, code named Gaia for the Greek goddess of the earth, was attacked in a lightning raid taking less than two days last December, the person said. Described publicly only once at a technical conference four years ago, the software is intended to enable users and employees to sign in with their password just once to operate a range of services.[snip...]” (from New York Times, “Cyberattack
on Google Said to Hit Password System“)

This got me thinking, where is the Security By Obscurity crowd now? If you read the whole article you see that there is considerable concern at Google about the fact that the operation of this single sign-on, security system has been revealed.

Not that passwords or digital certificates were compromised, but (apparently) just the operation or algorithm or code for it was compromised. Isn’t this just security by obscurity?

It makes perfect sense to me that these are state secrets for Google and that it’s considered a major breach.

Popularity: 1% [?]

The article “Reflections on Trusting Trust” is often mentioned in conversation and cited. I finally tracked down and read this classic, and it is indeed a classic of computer science. And typically for classics, it’s short, clear, readable and impactful:

“The moral is obvious. You can’t trust code that you did not totally create yourself. (Especially code from companies that employ peoplelike me.) No amount of source-level verification or scrutiny will protect you from using untrusted code. In demonstrating the possibility of this kind of attack, I picked on the C compiler. I could have picked on any program-handling program such as an assembler, a loader, or even hardware microcode. As the level of program gets lower, these bugs will be harder and harder to detect. A well installed microcode bug will be almost impossible to detect.” (from Reflections on Trusting Trust)

Popularity: 1% [?]

I get asked from time to time to recommend ruby, rails, and other developers in the Boston area, either for full time or part time gigs. I’m developing a list of good local job resources - started so far with the help of pal Brian D:

Popularity: 5% [?]

Check out Schwarzenegger Gives California Legislature A Hidden Finger (from TechCrunch:

"

There is absolutely no way I’ll be able to make this relevant to tech. But I’m posting it anyway. Our Governator, Arnold Schwarzenegger, vetoed a California legislative finance bill – AB 1176. The letter is terse and to the point. And the first letter of each line in paragraphs 2-3 are even terser and more to the point.

Schwarzeneggers battles with the state legislature are epic. But this just goes way beyond epic. It’s something for the history books.

I wish I had the time to do this kind of thing in my posts here on TechCrunch.

See the SF Chronicle for all the quotes and denials.

Now, back to our regularly scheduled programing." (from: Schwarzenegger Gives California Legislature A Hidden Finger)

.

Popularity: 10% [?]

Check out this interesting case study of how one awful memory leak was tracked down and killed:

“It’s every developer’s worse nightmare. You’ve bet the farm on a development framework, spent thousands of person-hours developing your application and then find a memory leak. Worse yet, you’ve got a memory leak in an interpreted scripting environment where you have little to no control over how memory is allocated and managed at runtime.” (from Tracking a memory leak in Rails)

Technorati Tags: rails, memoryleak, geeky, programming

Popularity: 14% [?]

As you know from a previous post, I’ve been working on a “domain specific language” for election ballot processing. In my search for information I got a pointer to a book called: Ruby Best Practices. It’s not out yet, but it looks like it will be excellent.

You can get a sample chapter (which contained lots of information relevant to my domain specific language work) here.

In it you will “[... snip] look at a favorite topic for budding Rubyists. I’m going to share the secrets behind building flexible interfaces that can be used for domain-specific applications.”. Hmm. Does that make me a budding Rubyist? I thought I had already budded

Anyway, I really got a lot out of the sample chapter and look forward to when the book is out.

Technorati Tags: DSL, Ruby

Popularity: 13% [?]

I have been working quite a lot on Election Reform  over the last few weeks, at least from the technology side.

To be honest there is just so much I could be blogging about in this narrow specialized space that my cup overfloweth, but also it has been an impediment, not knowing where to start. There’s so much background and new new learning (for me anyway) that it’s been daunting.

Herewith the start of my attempts to further document what I am up to.

One task I’ve taken on is prototyping a “post election audit” system (more on this soon.) Basically at the heart of that beast is a bit of code to analyze an image of a ballot and figure out what the vote was.

For now my programming language of choice is Ruby, although image processing with Ruby may still turn out to be impractical. I’ve been studying up on the task, reading books (see Practical Algorithms for Image Analysis, for example) and studying techniques and image processing code libraries that seem appropriate.

Two of the biggies I have come across are RMagick/ImageMagick and OpenCV. Both have a lot of history and dynamic communities. I don’t know yet which is the best one to use. The investigation continues.

But one idea I have started to implement which is quite fruitful on many levels is a “Domain Specific Language” for Image Analysis. There is a lot of literature on creating DSLs, and in particular DSLs hosted on Ruby. They are easy to do and in this particular domain, add a lot to my productivity and ability to frame and comprehend what the heck I am doing.

I won’t go into hairy technical detail here but I would be glad to share my approach and my code with anyone who asks. Here’s what one of my earliest test programs look like as written in this home-brew DSL:


open_image :one, "432Leon200dpibw431.tif"
open_image :target, "target2.tif"
open_image :t3, "target3.tif"
#
binarize :one
binarize :target
#
find_similar_regions :one, :target, :points
print :points
#
relativize_points :points, :outpoints
print :outpoints
#
deskew :one
write_image :one, "432Deskewed.tif"
find_first_nonwhite_row :one, :nonwhite_row
print :nonwhite_row


See how it talks in very high level primitives about image processing? Also see how the choice between OpenCV and RMagick is totally hidden? I can change my mind later and not break anything Is it kind of readable?

I will build out this DSL just in the direction and to the extent needed for my particular task, Ballot analysis. But you can see that it can go pretty far. How’d'you like it?

Technorati Tags: dsl, ruby, opencv, imagemagick, ballots

Popularity: 13% [?]