Older blog entries for rmathew (starting at number 169)

Moving
I am now moving to rmathew.blogspot.com for blogging. I find Advogato a bit painful to use for blogging. I also do not want to be restricted to only talking about hacking on Free Software.
Google and Maths
"Fuzzy Maths", an article on Google in the latest edition of The Economist, contains this interesting bit:
Google constantly leaves numerical puns and riddles for those who care to look in the right places. When it filed the regulatory documents for its stockmarket listing in 2004, it said that it planned to raise $2,718,281,828, which is $e billion to the nearest dollar. A year later, it filed again to sell another batch of shares -- precisely 14,159,265, which represents the first eight digits after the decimal in the number pi (3.14159265).
Their famous recruitment campaign and their very name further reinforce the impression of their obsession with Mathematics.
10 May 2006 (updated 10 May 2006 at 08:14 UTC) »
Security: The 3 As and the 3 Rs
(I am just collecting my thoughts here; I do not require anything like this right away.)

A useful framework for security should provide:

  • Authentication - verifying that the user is indeed who he claims to be.

  • Authorisation - verifying that the user is indeed allowed to do what he wants to do.

  • Auditing - recording the attempt to do the intended action, its outcome and whether the action was indeed done.

The authentication framework should be able to able to plug into various authentication mechanisms (OS-based, LDAP-based, etc.), be flexible enough to accept various types of credentials (username/password, PKI certificate, etc.) and reliably establish the "Identity" of the user.

The authorisation framework should allow the specification of:

  • Rights - what is allowed.

  • Roles - who is allowed to do it.

  • Realms - where are they allowed to do it.

Role-based authorisation allows for the maximum flexibility compared to the direct checking of the Rights of the given Identity. An Identity could be associated with multiple Roles. Realms establish domains of privileges - for example, a person has administrator privileges on his desktop PC but is just an ordinary user on the LAN. Rights could be positively stated ("Allow Foo") or negatively stated ("Disallow Bar"). Authorisation could be inclusive (at least one Role associated with the Identity has the Right) or exclusive (no Role associated with the Identity should be denied the Right). I personally favour positively stated Rights and inclusive authorisation.

The auditing framework would be used for non-repudiation, so it should have integrity (only the auditing framework could have written out a given audit record) and an almost transactional association with the respective action (record an action if and only if it was actually done).

Of course, in real "enterprise" software we end up with various degrees of compromise on each of these aspects.

Peer to Patent
The US Patents and Trademarks Office will soon try out Peer to Patent as a pilot project. This is great news. It is really important for silly patents to get rejected upfront than be granted and then used to bully everyone into either paying up an extortion fee or engaging in costly lawsuits. Unfortunately, there is still the problem of lots of such silly patents having already been granted and used for corporate "defence funds" (an equivalent of the "Mutual Assured Destruction" strategy) or towards unscrupulous ends.

The Economist has a nice set of balanced articles on patents and other IP-related topics.

Faster Logging
When you have an application that must log information (for auditing, debugging, etc.) but still run as fast as possible, it is rather wasteful to always dump fully-formatted human-readable trace records. It's far better to dump a short binary record indicating the message identifier, parameters for the message (if any), timestamp, process/thread identifier, etc. that can be processed later for human consumption using a separate "trace formatter" tool. This way you save on processing time and disc space but make it slightly inconvenient to view the log files.

On UNIX-like systems, utmp and wtmp records are created and processed this way. I have also seen this kind of logging in IBM's AIX operating system and its CICS transaction processing monitor. Why then do several modern "high-performance" applications still insist on using the slower and more bloated method?

Planet GCC

There is now a Planet GCC aggregating the feeds from Planet Classpath and the blogs of a bunch of GCC hackers. If you know of a blog of a GCC hacker that is not directly or indirectly aggregated here, please let Dan know. Thanks to Dan for this initiative.

Worse than the DMCA
The Intellectual Property Protection Act (IPPA) looks even worse than the DMCA. If you are a US citizen, please do what you can to campaign against this threat to your fair-use rights.

The irritating thing about such laws is that they affect even non-US citizens, since other countries do not want to be seen as harbouring or encouraging "intellectual property thieves" and usually play along with whatever the US comes up with (except for the EU in some notable cases). Even more irritating for us non-US citizens is the apparent willingness of the US lawmakers to please corporates and various lobbyist groups in creating sometimes extremely draconian or irrational laws to the detriment of the fundamental rights of its own citizens (and the US citizens do not seem to mind all this very much). The appalling thing is that the magic word "terrorism" is used as a blanket weapon to silence killjoys who dare to question such travesties.

The proposed PERFORM Act is another example of what I am talking about.

Website Maintenance
I am now using GNU Make and GNU m4 to maintain my website. The main advantages of these tools over others were that I was already familiar with them and they were readily available on the platforms I work on. Some of the things that are now easily possible with the new setup:
  • Having a common header and footer for all the pages. They need to be edited just once and all affected pages are automatically regenerated. I can now add/delete sections of my website at will and the common site-navigation menu in all pages is updated automatically. This has already proved quite useful as I deleted the "Links" section of the website.
  • Allowing a page to specify its section ("Articles", "Books", etc.), the location of the root folder with respect to its own location and the title for the page. This lets the common header and footer correctly specify the location to images, scripts, stylesheets, etc., generate the correct page title and highlight the appropriate section in the common site-navigation menu.
  • Automatically updating the "Last Updated" date in a page footer based on when the page was actually updated, instead of having to manually remember to change that text every time I edit the page.
  • Automatically generating a "news entry" such that its title and body are linked together appropriately for my particular expandable/collapsible sections implementation.
I use the --prefix-builtins option of m4 (just to be a bit safer) and had to use different quote characters in some places because it was getting a bit confused with embedded apostrophes in JavaScript method calls and commas in normal text.
HTML/CSS/JavaScript: Duh!
dorward: Thanks again for your comments. I don't know why it didn't occur to me to use GCC itself as a pre-processor. Some of the simple things I tried out worked well with GCC. I haven't checked out The Dolt yet.

As for condition #2 ("JavaScript disabled, Stylesheets enabled") mentioned in my previous post on this topic, I have found a better solution to the distracting "peek-a-boo" effect inherent in my previous solution. In the HEAD of the page, I have now put:

    <script type="text/javascript"><!--
      hideHiddenDivs( );
    // --></script>
where hideHiddenDivs() is defined as:
  function hideHiddenDivs( )
  {
    if( document.getElementById)
    {
      document.write(
        '<style type="text/css"> div.hidden { display: none; } </style>');
    }
  }
I could have put this scriptlet inline, but there seems to be a problem with the parser of the W3C validator tool which complains about a "</style>" that does not end a STYLE element.
19 Apr 2006 (updated 19 Apr 2006 at 10:07 UTC) »
HTML/CSS/JavaScript
Ankh, dorward: Thanks for your comments. For a sloth like me, it's not easy to once again overhaul the entire site to make it XHTML - I'll let it remain at HTML 4.01 for the time being. By the way dorward, I did not know until very recently that unlike XML, things like "<br/>" are not valid HTML elements. I used to insert "<br/>", "<p/>", "<hr/>", etc. liberally throughout my pages mistakenly thinking it's the "right" thing to do.

A rant: I don't know much of HTML/CSS/JavaScript, but I really wish for the ability to "#include" files (for example, for page headers and footers) and to define macros (for example, to generate a news item's headline and content elements linked to each other). I know these can be overcome by using JavaScript and document.write(), but that's a kludge. I also know that these can be achieved on the server, but I do not want to depend on it - I keep moving my website from one (free) provider to another and I also like it to behave exactly the same way when accessed from my local filesystem as from a remote server. Note that we already have inclusion mechanisms for external stylesheets, scripts, etc. so this is not something too difficult to provide.

Now on to something that I hope you HTML/CSS/JavaScript gurus can help me with: I'm trying to implement a handy expandable/collapsible news entries mechanism for my website somewhat similar to what is explained in this article. I have already implemented most of what I want and it can be seen in action on my site, but it's not "right". In particular, I want this system to behave properly whether JavaScript is enabled or not and whether stylesheets are enabled or not, that is, under the following conditions:

  1. JavaScript enabled, Stylesheets enabled
  2. JavaScript disabled, Stylesheets enabled
  3. JavaScript enabled, Stylesheets disabled
  4. JavaScript disabled, Stylesheets disabled
My implementation works right now under #1.

For doing #2, I make the stylesheet actually declare "hidden" elements as visible, but then use JavaScript attached to the "onload" event of the page to turn them invisible - if the user doesn't have JavaScript enabled, he still gets to see all the content properly. Note that I cannot use the alternative suggested in the article I have linked to; that is, something like:

  <noscript>
    <style type="text/css">
      .hidden { display: block; }
    </style>
  </noscript>
does not work since the W3C validator rejects it - NOSCRIPT cannot occur inside HEAD, but STYLE can only occur inside HEAD. The downside of my approach is that there is a short but noticeable and sometimes distracting phase under both IE and Firefox, where the browser loads and renders the full page and then hides the hidden sections. Isn't there a better way of achieving this while still remaining strictly valid?

#3 poses a slight problem in that I wish that even the "togglers" do not appear if stylesheets are disabled. I was thinking of iterating through the stylesheets defined for the document in the DOM and check if all of them are disabled and omit emitting the togglers if they are. Is there a better way of doing this?

#4 is automatically taken care of by the "solution" to #2, since only JavaScript is used to emit the togglers. The user still gets to see the entire contents.

Perhaps I'm just wasting my time as #2 and #3 are unlikely to happen with real visitors to my pages - #1 is what almost all human visitors are likely to have and #4 is what almost all search engine bots are likely to have. This impractical fussing might explain why I have not become a manager. ;-)

160 older entries...

New Advogato Features

New HTML Parser: The long-awaited libxml2 based HTML parser code is live. It needs further work but already handles most markup better than the original parser.

Keep up with the latest Advogato features by reading the Advogato status blog.

If you're a C programmer with some spare time, take a look at the mod_virgule project page and help us with one of the tasks on the ToDo list!