I Believe Two Things

Clifford Stoll wrote The Cuckoo’s Egg in 1989, telling the true story of how he started investigating 75¢ of computer time nobody had paid for and ended up catching an international hacker passing through his computers to gain access to military secrets. The classic story is a fascinating mix of technical detail and the thrilling action of hunting an invisible criminal through the phone lines.

My favorite passage, though, comes at the very end. After the overseas spy is caught and brought to justice, another hacker slips into Stoll’s system and for a moment the whole process starts over again. Stoll writes:

He got in through an unprotected astronomy computer run by a couple of infrared astronomers. They didn’t care about security . . . they just needed to connect to the network. Because I exchange programs with them, we’d set up our systems to work as one—you didn’t need a password to move from their computer to mine.

…

A couple days later the SOB called me. Said his name was Dave. From Australia. “I broke in to show that your security isn’t very good.”

“But I don’t want to secure my computer,” I replied. “I trust other astronomers.”

And that’s the moral, as true today as in the 1980s. We don’t want to secure most systems. Certainly I wouldn’t want my online bank account accessible to common thieves, but a database of research or a casual blog shouldn’t require elaborate protective measures.

This is just as true in the physical world. I wouldn’t put my valuables in a bank vault with no lock, but the classroom doors where I went to college were always open.

Unfortunately, in software0 leaving any door unlocked can grant access to resources beyond the application itself, so we sink a fortune into securing even the most trivial of software against all imaginable attacks. That’s a high price to pay for protection against the pranks of mischievous hackers.

Found in an old bit of code a former student in my department wrote:

<form action=”…” method=”post” onsubmit=”myfun();myfun2();myfun3();return submitSully;”>

If it just called myfun(), myfun2(), and myfun3(), and then returned Sully, that would be mundane.  But it calls myfun(), myfun2(), and myfun3(), and returns submitSully, and that’s just priceless.

I love a medical school that gives online tests (quizzes, maybe?) and evaluates the results through JavaScript.  I especially love when it uses this logic to do it:

if(correct) return true;
else {
  if(guess < 2) {
    alert("That is not correct.");
    guess = guess + 1;
    return false;
  } else {
    alert("You have guessed incorrectly, but may move on.");
    return true;
  }
}

I hope my (hypothetical) surgeon works the same way.  “You’ve removed three organs.  None of them were right, but you can send him home now anyway.”

I recently tried creating a new database table only to learn a table with that name exists already.

[me@mysql db] > CREATE TABLE log_search (
log_search_id BIGINT UNSIGNED AUTO_INCREMENT NOT NULL
, search VARCHAR(255)
, created_by VARCHAR(128), created_on DATETIME)
 ENGINE=InnoDB CHARSET=utf8;
ERROR 1050 (42S01): Table 'log_search' already exists
[me@mysql db] > DESC log_search;
+---------------+---------------------+------+-----+---------------------+----------------+
| Field         | Type                | Null | Key | Default             | Extra          |
+---------------+---------------------+------+-----+---------------------+----------------+
| log_search_id | bigint(20) unsigned |      | PRI | NULL                | auto_increment |
| search        | varchar(255)        |      |     |                     |                |
| created_on    | datetime            |      |     | 0000-00-00 00:00:00 |                |
| created_by    | varchar(128)        |      |     |                     |                |
+---------------+---------------------+------+-----+---------------------+----------------+
4 rows in set (0.00 sec)

I love naming conventions!  My favorite part of programming is when I start to write a routine only to learn I already wrote it months ago in preparation for what I knew I’d be doing now.

I learned today, as evidenced in my previous post, that I can easily transfer pictures from my LG phone to my iMac using Bluetooth.  Since this was not immediately obvious to me, I’ll now share the steps I took for the benefit of all mankind.

First, I made the phone discoverable (Settings > Bluetooth Menu > Options > Discovery Mode > On)

Next, on my iMac I opened the Bluetooth System Preferences pane and clicked the “+” button at the bottom of my list of devices.  After some searching, it discovered my phone and let me select it.  At some point I got to a screen that implied the only thing I could do with this phone was use its Internet connection.  False!

I ignored that screen entirely — in fact, I quit out of the setup wizard at that point — and went back to the Bluetooth System Preferences pane, which now included my phone in the list of devices.

Clicking the “gear” icon at the bottom of that list, I chose “Browse Device.”

There were my files!

It also looks like I could transfer new MIDI ringtones to my phone in that way, although like a civilized adult I want my phone to make a ringing sound when someone calls me.

Connected?

You can see that the iMac was somewhat conflicted about whether the phone was connected, but otherwise the whole thing went quite smoothly!

Let’s look at an old application my department started in 2001 and developed sporadically until finally launching it in 2007:

[me@desktop old]$ find . | grep -E '(php|js)$' | xargs wc -l | tail -n 1
53063 total
[me@desktop old]$ find . | grep -E '(html|css)$' | xargs wc -l | tail -n 1
9726 total

Now let’s switch over to the replacement application I started in January, 2009 and launched in May, 2009:

[me@desktop new]$ find . | grep -E '(php|js)$' | xargs wc -l | tail -n 1
5955 total
[me@desktop new]$ find . | grep -E '(html|css)$' | xargs wc -l | tail -n 1
2302 total

For those unfamiliar with find, grep, regular expressions, xargs, or tail, that means the old application took 53,063 lines of PHP and JavaScript to do what I did in 5,955.  The old used 9,726 lines of HTML and CSS; I used only 2,302.

So, basically I had fewer total lines of content in the entire rewritten application than its predecessor had merely of markup and styles.  That’s fantastic!

Of course, some of you are thinking that’s just because I write much longer lines of code, right?  And you naturally want me to compute the average number of characters per line used in each application to compare, right?  And you demand — demand — that it be done with a single command chain in UNIX?  As you wish!

[me@desktop old]$ (find . | grep -E '(html|css|php|js)$' | tee temp | xargs wc -l | tail -n 1 | awk '{print $1}' ; cat temp | xargs wc -c | tail -n 1 | awk '{print $1}') | sed 'N;s/\n/ /' | awk '{print $2 " / " $1 " = " $2 / $1}'
1523405 / 51063 = 29.8338

[me@desktop new]$ (find . | grep -E '(html|css|php|js)$' | tee temp | xargs wc -l | tail -n 1 | awk '{print $1}' ; cat temp | xargs wc -c | tail -n 1 | awk '{print $1}') | sed 'N;s/\n/ /' | awk '{print $2 " / " $1 " = " $2 / $1}'
252837 / 8257 = 30.6209

See?  I used only one extra character per line!  On the other hand, I spent a good 30 minutes writing that command: 1 minute composing what I put there and the other 29 trying to figure out a way to do it without either running the find twice or writing anything to a temp file.  (You’ll notice I gave up and threw in a tee halfway through.)

UPDATE: I was too focused on the chaining problem to recognize that I could just have wc calculate the number of characters and lines at the same time.  This would have worked just as well, with no temp file, and with far less complexity:

find . | grep -E '(php|js|html|css)$' | xargs wc -l -c | tail -n 1 | awk '{print $2 " / " $1 " = " $2/$1}'

I enjoyed this query listing permits for a new application called, generically, “vote.”

[bobbojones@production aeacus] > SELECT * FROM permit WHERE application='vote';
+-------------+------------+-----------+----------------------+----------------+
| application | privilege  | principal | principal_type       | subapplication |
+-------------+------------+-----------+----------------------+----------------+
| vote        | vote       | voter     | vote:voter           |                |
+-------------+------------+-----------+----------------------+----------------+

I’m reminded first of when xkcd’s blag depicted “Wikipedia’s entry on blogs, with everything that is not the word ‘blog’ (or a derivative thereof) removed.”

I’m then reminded of a line of my own code from about five years ago that went something like:

$param = $this->_params[$params['param']];

(In my defense, I saw the absurdity immediately and renamed some variables, so the verbatim line is now lost to us, but its spirit remains.)

Since I’m currently working on a new application for our help desk, we’ve been evaluating features in other, existing applications.  We considered, among others, a hosted solution called “Service Now.”

Immediately after logging into the demo site, we saw this traumatizing departure from any known laws of graphic design:

Pie Chart à la Awful

Someone has evidently decided that since 3D pie charts are known to distort human perception of data, what will really make them useful is a layer of translucency.

Overheard in the office (with no evident context):

It’s no work to shut systems off.

I’m sure it’s quite easy, but could you refrain anyway?  I rather prefer when our systems are running normally.

I’ve never really used Subversion’s web interface before, since I’m normally checking out or committing revisions from the command line.  However, this morning I wanted to browse quickly through the entire repository tree, so I opened what I thought was the right page.  The title read:

repository – Revision 404: /

Oh, 404.  The standard “page not found” error.

I went straight to our Knowledgebase to figure out the correct address.  I had it right; I just happened to commit revision #404 immediately before I opened the site for the first time, and Subversion was helpfully pointing that out.

That’s just awful timing.