Like a lot of programmers, I think, I developed a mode of thinking about and designing a software system as a set of mostly independent components, each with a limited, discrete function, working in concert to produce a complex epiphenomenal behavior. Until relatively recently, though, I didn't think of these systems as potentially spanning multiple processes or machines. It may seem like a trivial observation, but I've come to find it useful to think of complex systems as appliances that use some set of computing hardware to host one or more processes whose combined behavior forms the behavior of the whole system. The benefit of this kind of thinking is that you no longer need to figure out a reasonable way to wedge a web server into, say, your spreadsheet application process code. Instead, you've got your web server, and you've got your spreadsheet. The difficulty is that you may need to launch and coordinate several processes -- or machines -- to get the complete appliance into the right state, such that its different parts are relaying data back and forth and responding to requests properly.

krb5

...Which brings me to my plodding, ongoing experiments in writing an online game. I'd invested quite a bit of time attempting to model the concept of downloadable assets of different types from within my gzochi application code before ultimately deciding that the game server had no business manipulating asset data. That kind of thing, I figure, is the rightful purview of some kind of independent asset management system that's aware of user authorization but not necessarily game state. So I set about figuring out how to manage authorization across processes, and, naturally, Kerberos came to mind. Everything you read about Kerberos steers you in the direction of using it via GSS, the Generic Security Services API. A lot of what you read about GSS suggests that perhaps you ought to consider using SASL, the Simple Authentication & Security Layer. So I did. On first glance, SASL looked like a bad fit -- your SASL-ized applications get to enter into negotiations over which of a set of mutually-supported authentication mechanisms will be used to initiate a session. I guess the idea is that you want secure authentication and you don't care how it happens. But I did care how it happened. So I dropped down to GSS, and found that at first it sort of made sense: Everything is a principal and has credentials, and two principals can create a security context with each other through which they can securely exchange information. But the GSS API designers seemed desperate to avoid explicit representation of anything that might remotely suggest that it's a wrapper around any particular security implementation, much less Kerberos -- no ticket-granting tickets, no service tickets, no distinction between user and service principals. I spent weeks trying to figure out how to model the authentication and authorization flow I had in mind: A client application would obtain a TGT for user with a password, and then use it to obtain tickets to authenticate with the asset server and game server.

When, out of frustration, I dug into the verboten krb5 API, I found it easy to understand -- in the course of trying to get GSS to work I'd figured out the details of key tables and credential caches -- and had something approximating my desired architecture working in an evening. And it's, like, ten lines of code. So I'm kind of on board with what Simon Josefsson says in the appendix of the GNU GSS manual:

...GSS may not be the simplest solution available to solve actual problems, since otherwise more projects would have chosen to take advantage of the work that went into GSS instead of using another framework (or designing their own solution).

I'm with him right up until he says the only circumstance under which you should use GSS is when you're sure you want a Kerberos 5 implementation. Bzzzht!

gzochi

gzochi 0.3 is out -- go get it! The big news in this release is that there's much more scalable and robust support for transaction execution: transactions can time out, get rolled back, and then get retried automatically. This was the functionality that I was most eager / most scared to add to the server, and the fact that it's there and works predictably and quickly is a major confidence boost. The only thing that's missing at this point from, say, a minimum viable product point of view is support for preiodic task scheduling. And I'll be working on that shortly.

Another thing that I think is really significant in this release (even though it's not much code) is the addition of the GLib-compatible reference client, which is something I've wanted to add since starting work on the first gzochi example game. Being able to hook callbacks into a select loop (or something similar) is just so much neater, more predictable, and easier to debug than launching a new independent thread to govern, say, your communication with a server, and having to worry about its interactions with other threads in your application. Weirdly enough, I think this is something that I started to appreciate more fully after writing (and re-writing) multi-step client-server interactions in JavaScript.

As I mentioned in an earlier post, I have indeed begun to start building some actual personal projects on top of gzochi. I don't have anything to show for it yet, except that I've been exposed to a fascinating array of problems that belong to the domain of rich client development: Rendering pipelines, dirty rectangles.

r6rs-protobuf

I've started working on a project that depends on some of the code generation features of r6rs-protobuf (by way of a build-aux helper script) and I realized it's been handling library generation all wrong, at least for multi-.proto builds. The source of the trouble was my decision to map a Protocol Buffers package directly to an R6RS library. That's a fine choice if you can be sure that you know about all declarations of that package, but in a lot of cases, you don't -- for example, when you're applying the compiler to each .proto file in a list. Each file might re-declare that package for its own set of definitions, and since R6RS libraries are effectively immutable -- unlike Java packages or C++ namespaces -- you'll wind up generating a bunch of mutually conflicting libraries that share the same name.

So I've made a new release that changes that behavior. Going forward, the library generator will create a library per top-level definition in each package and name that library accordingly. There'll be a lot more libraries generated, but they'll actually be usable. Get it here.

gzochi

I've just released a new version of gzochi, my online game development framework. You should go get it! This release features resolves the most disruptive bugs from the first release and adds a bunch of cool new things like an interactive remote debugger, support for Berkeley DB, and new concurrent vector and hash table implementations. I think this is the point at which I'm going to start more actively dog-fooding with it, especially given that the Liberated Pixel Cup and the OpenGameArt folks have done such a great job of eliciting content from talented pixel artists.

One thing I'd known but hadn't really internalized: Example code takes forever to write. I added a new example game in gzochi 0.2, a scaled-down, Scheme-based port of the original AberMUD with an Ncurses client in C, and it took me weeks and weeks to get the structure of the code into a comprehensible, reasonably factored state and write all the code comments. Obviousy, there's tremendous benefit in having clear, well-annotated example code -- it's often the first thing people look at when they download your project -- so I think it's probably okay that it took me so long. But considering how quickly I did the rest of the work for the release, I think this might be the last example I add for a while.

A few notes on some older projects:

r6rs-protobuf

In the course of writing the lexer and the corresponding tests for r6rs-thrift I realized that r6rs-protobuf just flat out didn't support "//"-style comments. That's embarrassing -- not least of all because it made the library more or less unusable for real work, and thus nobody must have been using it successfully. But I've fixed that and assembled a new release. Get it here.

SCSS

Antono Vasiljev correctly pointed out that the API method scss:scss->css in SCSS doesn't seem to work with the same arguments as the function in the same name in Chicken's version of SCSS (which I only just found out about). In fact, it didn't work at all, following a redesign of SCSS's stylesheet data structure several versions and years ago. I've brought it up to date -- made it almost robust -- and after I make a few more fixes I'll put together a release of SCSS as well.