February 18, 2012
Digestion

There doesn’t seem to be a lot of consensus on adding security to web services. For example, here are two ways advertised for Rack (the Ruby framework on which Sinatra is built):

Rack::Auth::Basic implements HTTP Basic Authentication, as per RFC 2617.

Initialize with the Rack application that you want protecting, and a block that checks if a username and password pair are valid.

Rack::Auth::Digest::MD5 implements the MD5 algorithm version of HTTP Digest Authentication, as per RFC 2617.

Initialize with the [Rack] application that you want protecting, and a block that looks up a plaintext password for a given username.

opaque needs to be set to a constant base64/hexadecimal string.

Oh. So I can send the password across the net in plain text, but I do at least have the ability to encrypt the password in the database (because I can re-encrypt the plaintext one in Rack::Auth::Basic to check it against.) Or I can have it encrypted across the net, but because Rack::Auth::Digest::MD5 needs a plaintext password I have to keep the passwords in clear text in the database. 

Actually you can use encrypted passwords with digests: there is a passwords_hashed property, but you only find this out by reading the source code.

You see, this is where Microsoft win. On two counts:

  1. Although many more lines of code are needed to implement authentication in a WCF service (check this compared to this), it is at least documented.
  2. Although you can’t do digest authentication with WCF properly, in most cases I would be running on IIS and use Windows security, and I wouldn’t need to handle authentication at all in my application. When a user leaves, the sysadmin just disables their Windows login. That’s it.

11:59am
February 7, 2012
Perceptions

Been doing some boilerplate REST code, using the excellent Sinatra on Ruby/Linux and WCF on Windows.

I did the Ruby stuff first and it seems really straightforward (once you have read the source code for the framework, because, like all open source stuff, the documentation is useless), and I’m quite impressed that I don’t need to create acres of object hierarchies just to generate some XML from the database. 

Because my test data is - well, crap, really - and I couldn’t be bothered to fix it properly, I added a new column to a table to remove natural-key duplicates.  My gut feeling, given the amount of typing I’d had to do to create the WCF service in the first place, was that it would take ages to add this new column to that, and not long to add it to the Ruby service. As it turned out though, this commit has fewer changes than this one

9:47pm
January 11, 2012
Raspberry Blown

The Raspberry Pi becomes more of a joke every day. Today they offer some rather limp excuses for why they can’t manufacture it in the UK.

TL;DR: it boils down to (a) UK manufacturers wanted to be paid for their work (b) the Government wants us to pay tax (c) all this eats into our margin.

Margin?! They are a charity so why does their margin matter? As a charity they get buckets of tax relief anyway.

I maintain that there is no need to teach computer programming in schools. Use of the programming features found in the leading commercial product, Microsoft Excel, is more widely applicable for 90% of the jobs that the brighter kids will end up doing.

They want to encourage these kids to go into technology and want tax relief and Government funding for computer programming lessons. But when they get a chance to support British industry they ignore it because it’s cheaper to use foreign labour at below UK minimum wage in appalling working conditions. When they get a chance to pay some tax to support the funding they so passionately desire, they whine about it and pay taxes to foreign governments instead.

I’m enjoying this technical disaster movie. Stay tuned ….

9:50am
December 10, 2011
"Informally, the programs were called “ropes” because of the durable form of read-only memory into which they were transformed for flight, which resembled a rope of woven copper wire. For the lunar missions, 36K words of “fixed” (read-only) memory, each word consisting of 15 bits plus a parity bit, were available for the program. In addition there were 2K words of artfully timeshared “erasable” or RAM memory. Allowing for the identical Apollo guidance computer (AGC) in the Command Module (CM), containing a program called COLOSSUS, it is correct to say that we landed on the moon with 152 Kbytes of onboard computer memory."

Apollo 11 and Other Screw-Ups

5:18pm
December 10, 2011
Railings

Some private reactions to my dismissal of the Raspberry Pi involved the simplicity of setting up development environments in Linux.

The most hyped business development framework on that platform at the moment has to be Ruby on Rails.  There are a lot of issues with its philosophy, but in general it is quite a good framework, if you ignore its database generation and employ a professional to design and build the database.

Setting it up has always been a nightmare though. I decided that I would go through the pain again, with the latest version of Ubuntu and the latest versions of Ruby and Rails, and document it. I won’t include rants about all the false starts before I got to this point.

I use Oracle’s VirtualBox for all my VM experiments. It’s free, and to my mind more efficient than the paid alternatives (Parallels and VMWare) which I’ve tried. It has a limitation on the Mac that you can only create 32-bit guests, but for experimental use that’s not a major limitation.

So I downloaded the latest 32-bit version of Ubuntu Server (don’t bother with the full desktop version for rails development, you’re better off using your normal machine and browser for testing.)  I installed a basic setup, with only OpenSSH Server ticked in the optional installations (so that I could access it by ssh from the MacBook host.) I installed all required updates, then builtRuby from source:

First thing we need is the build environment (C and utilties)

   sudo apt-get install build-essential

Then a load of stuff forming the ever-increasing list of things needed by Rails but not automatically installed by it, causing wacky runtime errors on first test (sorry, I did promise no ranting :-)

   sudo apt-get install sqlite3 libsqlite3-dev \
      zlib1g-dev libssl-dev libyaml-dev \
      libreadline6-dev nodejs

Then get the source

   wget htt p://ftp.ruby-lang.org/pub/ruby/1.9/ruby-1.9.3-p0.tar.gz 
   tar zxvf ruby-1.9.3-p0.tar.gz 
   cd ruby-1.9.3-p0/ 
   ./configure --prefix=/usr/local/ruby

(I like to put ruby in its own part of /usr/local, because the makefiles provided in the source build don’t have an ‘uninstall’ target, so this makes it easier to remove manually.)

   make
   sudo make install

We then need to add the path into the system profile

   sudo vi /etc/profile.d/ruby.sh

adding the lines:

   PATH=$PATH:/usr/local/ruby/bin
   export PATH

After logging out and back in, we should now be able to see the executable

   ruby --version

Before installing the Rails gems, make sure the gem system is up-to-date (note the path modification doesn’t work for sudo)

   sudo /usr/local/ruby/bin/gem update --system 
   sudo /usr/local/ruby/bin/gem install rails

And after all this, you should get a working Rails

   rails new cwoir 
   cd cwoir 
   rails server

This really is a lot of faff. It’s very different to the last time I did it (Ubuntu 10 and Rails 3), and that was a pain as well. The Ubuntu and Rails communities both seem to delight in breaking everything at regular intervals, and going back to my point about the Pi, I can’t see how this is easier than downloading the Express versions of Visual C# and SQL Server from Microsoft on to a Windows PC. I know quite a lot about Linux, I know how to build things from source, modify the system, etc. A beginner wanting to explore programming would surely be put off by all the incantations above, just to get to a stage where you have a working tool.

1:19pm
December 5, 2011
No pi for me

The Raspberry Pi is just wrong on so many levels.

The BBC micro (which appears to be its inspiration) was not a cheap, entry-level computer. It was the most expensive micro on the market. This is more like the Sinclair MK14 and I predict that it will sell in around the same numbers.

The computer fraternity always bemoan the fact that ICT (Government Orwell-speak for computing) as taught in schools is just “using Word and Excel.” But that is what 90% of the pupils will need to know about computers. And you can do more programming in Excel than on this thing.

Computer programming is a job. Some call it a profession: I think it’s a skilled trade. But whatever it is, it’s not a fundamental part of schooling. We don’t demand that schools teach kids how to sell cars or lay bricks.

A better way to speed up the death-march computer projects of the 2020s would be to get kids to read books like The Mythical Man Month or Data and Reality. The technical bits of those can all be skipped as they are years out of date, but the rest is still very relevant, and in my experience, understood by a very small percentage of those involved in commissioning, managing or coding computer systems.

10:25pm
November 28, 2011
Windows Phone 7

My wife has just got the new Nokia Lumia 800. It is a really nice looking phone, to my eyes the only one that actually looks smarter than the iPhone, and Windows Phone 7 is a really slick system. But unfortunately there is a lot of functionality missing.

Firstly, you can’t transfer stuff to or from it with Bluetooth. That’s pathetic - even the old 6310i could do that.

You can’t get any non-media file on to the device at all, because you can’t save attachments from email. You can only add MP3 ringtones in a really complicated way, and can’t add SMS tones at all - you’re stuck with the manky set that’s supplied.

And you can’t sync contacts to Outlook (unless you use Exchange Server) - you have to put all of them on a Windows Live account first. Unbelievable that they don’t support their own email client.

These flaws are such a pity because the Nokia’s a nice phone and WP7 has the makings of a brilliant OS. But in its current version it could not replace my iPhone.

8:22pm
November 23, 2011
12-factor

A lot of this is good sense for any application, and a lot of it is the stuff I’ve been advocating and implementing (where permitted) for years. I’m interested in the idea of environment variables instead of config files. I’ve always been uncomfortable with the ‘config not checked in’ idea, and I’ve suffered from the flaws, but I’m still not sure env vars are the answer. Given the quality of most of the rest of the site though, I’m prepared to look into it.

9:57pm
November 23, 2011
Restoring the MacBook

What they don’t tell you (this is Lion by the way, I never tried this with Snow Leopard):

When you restore from a Time Machine backup to a brand new drive, it doesn’t recreate the recovery partition. And then you can’t recreate the recovery partition. So unless you did a USB key recovery image beforehand (I did (http://support.apple.com/kb/HT4848)), you will never be able to restore again.  Once the recovery partition is gone, you can’t use the above link to create a new USB recovery image, because it requires the recovery partition to be in place.

9:54pm
October 23, 2011
The Mythical Man-Month

You wouldn’t think anything new could be said about this classic work. But I particularly liked this bullet point:

System architects once were the people who said “no” to features to maintain design consistency and coherency. Now architects are the people who buy and bring in external frameworks and technologies (killing any chance of consistency or coherency). Kind of like the Fahrenheit 451 quote “I remember firemen used to fight fires.”

9:13pm
Liked posts on Tumblr: More liked posts »