Orcmid's Lair |
||||
|
Archives
Atom Feed Associated Blogs 
|
2004-05-21apport coven defrost petulant diagram arrack longevityThis morning, I am admiring the variety of words that are coughed up in spam headers, designed to trigger some curiosity or response, and also find something that might deceive a filter into misclassifying these little missives as friendly.I suppose it is working -- all of these words are in subjects that made it to my inbox. My favorite quarantined subject for today, beside a pot full of banally unimaginative ones, is "Aren't you tired of these messqages [sic]." Those of this entry's subject have me think of refrigerator-magnet poetry, the little word scrambles that you can find on a Riverside Drive apartment door and on a California Avenue restaurant cash register where we create fly-by literary experiences while waiting for our take-out. A different wiki experience. Which has me thinking about one-time pads, having just set down Tom Clancy's Red Rabbit. I suppose we could hypothesize a scheme where spam zombies are used for secret communication in some nefarious scheme (or a wonderfully crafted hoax e-mail intended for the conspiracy-minded) and the words aren't really words at all, but codes that look like, well, spam. A modern-day tribute to those great World War II personals read over the BBC. What I was really thinking about one-time pads is that they are considered, in the setting of Red Rabbit, as the best device for secure communication involving a shared secret, the pad itself. We're told that one-time pads are a bitch to use (unless you trust your computer to be a secure space, and these days, who does that?) but marvelous to produce with Reagan-era technology, according to Clancy's offerings to the gods of verisimilitude: "A computer system used for taking down the dot-dash signals of International Morse Code was connected to a highly sensitive radio tuned to a frequency used by no human agency, transforming the garbage noise into Roman letters. One of the technicians at Fort Meade remarked along the way that the intergalactic noise they were copying down was the residual static produced by the Big Bang, for which Penzias and Miller had collected a Nobel Prize a few years before, and that was as random as things got--unless you could decode it to learn what God thought, which was beyond the skills even of NSA's Z-division." I like that "no human agency" bit. Of course, the SETI grid is predicated on it not being quite as random as all that, yet maybe e-t has to piggy-back in the entropy to winkle his mail through the spam that we and every other marginal intelligence is spewing into the heavens. I wonder what "apport" is, and can you drink it with "arrack?"
Comments:
Post a Comment
2004-05-20Bad Software? Google ThatGoogle Blog: A Good Way To Get Rid Of Bad Software?. Considering how much I kvetch over intrusive aspects of Blogger, I didn't want to look at this link. There is a request for feedback, and my professionalism is aroused by that invitation. The guidelines are directed toward uninvited intrusive behavior (spyware, pop-ups, browser hijackiing, and such) and I wonder where the line is. My basic question is, how do these recommendations perserve the sovereignty of the user and concede whose computer it is that internet software is a guest on?I think this is a good start, and I would only add that there is more than just installation of software. I also want to know about cookies, scripts, and other functions that happen in a more-dynamic way as part of delivering web-page access. In particular, if default web-page access is pretty locked-down (as is the case for me), what must I open up to have the pages operate correctly in terms of their content-related functions? Inquiring minds want to know.
Comments:
Ewwwwwwww! Ick.
-----Original Message----- From: software-principles@google.com Subject: Re: [#10139605] Bad Software Thanks for writing to Google about our applications guidelines. While we're not able to respond personally to every note we receive on this topic, we're very interested in what you have to say and do read all of our mail. We appreciate your taking the time to write us. Regards, The Google Team
I should explain the ewwwwww! above.
Post a Comment
I think I have become sensitized to unctious expressions from auto-responders. It is great to receive an acknowledgment that my message arrived, although I don't know what use there is in knowing it has been given a number. The rest of it is definitely unwelcome. Feed Back: Text to the effect that "your your message is important to us and we promise to read it but we don't promise to respond" is not only unnecessary, it is meaningless for me. What's the point? There's just no reality to that statement at my end, and I am left where? .... dismissed, I think. Patted on the head. Kissed off. Feed forward: It would be valuable, the next time something is put up for review, to create a discussion list for the comments. Then we at least have the ability to see and discuss the other suggestions that are made. Whether the Google team participates and to what extent becomes a separate matter. My benchmark for this approach is the way W3C working groups accept comments and public discussion of their specifications. Libraries Are About, Umm, Books, Aren't They?Jon Udell: Goldberger vs. Pleas. I live in Seattle, and I want to see what the new main-branch library is going to bring us. While they were tearing down the old main-branch library to make room for the new one, the collection was moved to temporary quarters that I visited last year during an Itek conference in the adjoining Convention Center. The collection seemed to be in dismal shape, especially in science and technology. I want to see what it is like when it is rehoused in the peculiar architectural adventure that is the new edifice. My neighborhood branch library, in West Seattle, recently reopened after renovations for preservation of the 1910 structure and for necessary upgrading with regard to earthquake survival. The interior is more fascinating than the exterior, although the exterior setting and entrance to the library are pleasant. It's a small libary and, while I also grumble about the quality of the collection, I have found books here that I didn't know about. I treasure the discovery of their availability. This local branch is also a good source of escape fiction for the housebound. I am making regular book runs while Vicki convalesces from a recent leg surgery.I remember when the previous Seattle main-branch library was built. There, one day in 1961, I was looking for information on computers and I discovered a shelf of Communications of the ACM. I had never seen the publication, and it was amazing to read the Report on ALGOL 60 and then work back through all of the 1960 issues. I sent in my membership application that day, and I also resolved to go down to the 1961 National Meeting, being held in Los Angeles. This, combined with my having just been fired by the Seattle office of Remington Rand Univac (hence my having time to explore the library) and receiving a notice for pre-induction physical expanded to a major course-change in my nerdy life. I wasn't inducted and I reported to the New York City headquarters of Remington Rand, having converted dismissal to a transfer into a software-development organization where, for a time, I was Univac's Mr. Algol. When I visit the new new main-branch library, I wonder if there remains anything that offers others an invitation into new territory like that which inspired my adventure into the unfolding of computer science.
Comments:
Post a Comment
Blog-Wiki-Notes-Text-DiscussMy Links Page. Scott Watermasysk builds .Text and invents other interesting goodies. Here, Scott asks about something he has tried out and receives some very constructive follow-ups. I like the organized links, and also the idea of some marginal links on some or all pages. The bigger deal is having control over all of that, and see if it can be moved up from the developer/programmer level. I haven't looked at the .Text model, and this is my reminder to do that.
Comments:
Post a Comment
MDA Article: Couple of Misunderstandings. There is an interesting discussion about logical/functional and the so-called platform-independence of Java. I like the juxtaposition of the two messages here because it points out one of the problems we have with modeling and programming being done by the same people. The exchange also points out a risk to me of what the Microsoft alternative to MDA appears to be, insofar that abstractions will be muddled as the result of working from the bottom upward, denying us access to the top (a different layer of abstraction) while perpetuating current problems with greater efficiency. Thinking more about the perception of the Java API as platform-independent, as in the second note at the above link, perhaps it is simply that when what you know is programming, everything is interpreted as a programming problem. It would be great to jar people's thinking about that. For me that raises the question of necessary stages of development of design skills and whether it is essential to work from coding upward or not. Is there really a better perspective, and what is the hands-on experience that evokes and reinforces it?
Comments:
Right on! And this reminds me of recent conversations regarding models, abstractions, and meaning. Sometimes, in math and in programming, meaning is in the syntax. For interoperability then the API's need to be only about syntax. Meaning is inside the payload, not the protocol.
This deserves on-line refs, but I don't have them handy right now.
I think I just ran down my own bunt as it skipped foul over the first-base line.
There's something about having API's be only about syntax that doesn't work. I don't see how there is any assurance of interoperability if API's are entirely syntactic. What am I missing?
You're absolutely right; I totally agree that syntax by itself isn't enough for contracts. So I think the semantics are crucial, but in API's, as with ordinary language, the semantics are loaded onto the words and symbols and syntax. The work of establishing meaning needs to be addressed.
Several years ago I got taken to the blackboard by a software architect for suggesting we do some system interface work in ISL (the interface language for ILU). The criticism was that ISL only provided syntax. I didn't have a good response, we never did deal with the semantics inherent in software interfaces, and we didn't make any progress. [META COMMENT: experimenting w/ blog as medium to develop coherent thoughts.]
Oh my. Was I that forever-to-remain-anonymous software architect? [Meta-Comment: I suspect that a Wiki-like structure is going to be more useful for developing coherent thought, or perhaps none of the above.]
I agree that semantics are crucial and that the work of establishing meaning needs to be addressed. I would not be surprised, however, to arive at a place where we must disavow much content for the first sentence of this paragraph. So, neo-post-modern-reconstructionist software architecture, here we come. I have in mind an example to work on. It starts as the following "precise" (but not-necessarily valid) statement in Java: interface com.orcmid.cs.pa.Num { /* That is, defined in package com.orcmid.cs.pa */ com.orcmid.cs.pa.Num next(); com.orcmid.cs.pa.Num pred(); Boolean is0(); } // Num Because I can't do much with typography and markup here, this use of Blogger comments is not going to work and we must find another venue. Notice there are several matters to ponder already: 1. What is the behavior that is part of the interface agreement, in terms of what an implementation must provide? 2. What is the abstraction in terms of which this is conveyed/explained? What do I/we mean by that? 3. How this behavior is exploited in accomplishing some other purpose by using it in/under the implementation of something we care about -- an application, if you will? 4. What is the (set of) tacit knowledge that applies here, who says, and how can you tell? 5. Where do we start and where do we end with this?
The "Boolean" in the interface declaration, above, should be spelled "boolean".
Post a Comment
One thing to allow for is the fact that there can be mistakes in an expression of something. Then there can be revisions and updating. Assume, for now, that this is in pre-ALPHA state. There is tacit inheritance in the use of this interface and that will have to be dealt with as well. It is one of the places where the tacit shall be made explicit. Finally, there is no question that this interface definition is platform specific. It belongs to a specific framework and while it is abstracted from specific computer hardware, there is no question there is a tacit platform assumption. It is the Java platform and all that entails. I am just putting down some notes that will be best taken up and made into an organized discussion and description. We can do that later. MDA Lock-In?Modelling and MDA Michael Platt recommends Dan Haywood's MDA: Nice Idea, Shame About the ... article, and the related discussion thread. I don't think the arguments against the importance of MDA model durability are all that strong (and Microsoft COM is not as old as Haywood suggests, though his point about platform and infrastructure longevity is well-taken).Something that I find peculiar about current MDA products, though is the fact that they generate vendor lock-in, just as source-code CORBA bindings do. Duhhh? I remember how, at one stage in the 1994-1996 work to combine Document Enabled Networking and Shamrock into the Document Management Alliance (DMA) specification, that one of the main partners lobbied us strongly to adopt SOM and DSOM as the distributed-object layer. All we kept saying was, where's the binary interface? We were talking about an interoperability world into which vendors wanted to ship binaries. At that time, you couldn't do that with CORBA unless you locked into a binding and ORB implementation. With COM we knew we had it already and, although the DMA model that emerged wasn't that great for developers, it did deal with interoperability as far as the integration model was concerned. (We also did it in a way that did not require us to host any Microsoft infrastructure or libraries.) It looks like MDA, as an enterprise-focused tool, has the usual problem about whose MDA you choose to use and how far you will travel with it as MDA is used to target applications across varieties of (distributed) configurations. The problem is that the mapping from Platform Independent Models to Platform Dependent Models and the realization of Platform Dependent Components to provide smooth enactment of your model is serious black art. Something more transparent and open is needed at the design rules and component-introduction level to shake off this new model being just like the old model.
Comments:
Post a Comment
Why Indeed, Awkward SoftwareWhy Awkward Software?. Robert Chassell asks why usability and the human factors around use of, say GNU/Linux, aren't being addressed by the big-company supporters like IBM. I don't know either, although I can tell you that it will take a while.I lived with the DB2 personal edition for about 8 weeks and discovered that attention to installation lifecycle and learning curve of the user is not addressed very well, and this is presumably a mature product. The only worse recent experience was applying SQL Server security patches to the copy of MSDE that is installed with Microsoft Office Extensions. I'm not sure how one can drown out the geek echo long enough to figure out what works for the rest of the people. Most geekware is not anything I want to put in the spotlight either. We should stop assuming software is designed any better for geeks than for anyone else. Maybe producing graceful software simply requires a higher level of skill and attention and, most of all, a commitment to genuine, measurable usability by the intended community of users. That probably requires more practice at simply looking, listening, and asking. Refusing to make it up would be particularly nice.
Comments:
Post a Comment
2004-05-19Distributed Wiki EditingCommunityWiki: DistributedEditing. With regard to the coordination of distributed editing of the same page, there are some promising suggestions here. I like the version-management tie-in.
Comments:
Post a Comment
Distributing Wiki AccessCommunityWiki: DistributingWiki. This discussion is related to distributed editing as well as cached transclusion. I find this to be intriguing. The complication of distributed editing is also taken into account.I want to handle the federated user case in something like this pattern, so that registered users of wikis don't have to introduce themselves newly in each wiki they register on.
Comments:
Post a Comment
Meeting MeetupMeetup: Organizing local interest groups.. I don't know. I tried Classmates.org when it started out, and I finally gave up (though they still spam me regularly and I haven't checked how to stop that). I have seen enough reference to Meetup-coordinated events that I finally signed up. I'm not thrilled. It's an "ick" for me.
Comments:
I was on BookCrossings last night and I compared my experience there with the uncomfortable sensations I have on Meetup.org. It is very distinct. I was interested in Meetup enough to register only because BookCrossings meetings are coordinated there and I was curious. Even then, I didn't tip over and register until Scoble posted an invitation to a Webloggers meeting. And the meetup ambience has me so off-putting that I haven't gone to a meeting yet.
Post a Comment
For me, BookCrossings is the benchmark. Meetup is the anti-pattern. I think the difference should be palpable and also obvious. What do you think? Rampaging CybercrooksFrightening Security. Recently, I was enthralled by an account of how difficult it is to detect and remove zombieware from our machines. Next, I ran into a klez.h deposited deep in the bowels of an administrative MSN directory on my machine. I can recall when my system was vulnerable (I had to do a registry recovery), and it still bothers me that the penetration must have occured through other than e-mail. I have not done the forensics to be satisfied that my system is clean and that I understand the infection vector.Today, David Coursey mentions a discussion where it landed "how really frightening this whole security thing has become. Professional cybercriminals, working on a global basis, are a serious threat and not enough is being done. There is a danger that the value the average consumer places on the Internet could soon be overwhelmed by the threat of what might happen if they do use it. Goodbye Internet?" I use Zone Alarm Pro on my laptop, and I like it a lot except for a certain level of inscrutibility that comes with it being easy to use. (Is that necessary? I wonder.) I will look at the link to Guidance Software too. I confess that I have a concern that, whatever the intentions, cyber-protection organizations depend on the existence of cyber-criminality for their daily bread. How does one secure a safe neighborhood in an inherently unsafe (?) world?
Comments:
Post a Comment
2004-05-18Smart Webbing?ACM News Service: Spinning a Smarter Web. Artificial intelligence researcher Sheila McIlraith of the University of Toronto "notes that the Semantic Web currently lacks a business case. Even if one were to emerge, there is no guarantee that the Semantic Web will become universal. Other challenges facing the Semantic Web include issues over privacy, and how agents can determine the trustworthiness of information when confronted by conflicting data." It is also noted that there is major funding in Europe and that the Semantic Web is taken very seriously there.
Comments:
Post a Comment
Meshing the NetACM News Service: Mesh Networks Winning Converts. Additional material on the appeal of wireless mesh networks points out that the mesh promises automated discovery, routing, and rapid handoffs, without single-points of failure. For those reasons, the ideas also matter to me with regard to self-forming peer-overlay structures for custom purposes.The 2004-05-03 NetworkWorldFusion article provides useful links as well as a list of resources.
Comments:
Post a Comment
Stinking Silver BadgesACM News Service: Why Certifying IT Workers Won't Help. It is difficult to determine what non-anecdotal value arises in this blurb's suggestion that failures can happen anyhow. I suppose it is like rejecting fire insurance because there are still fires. Of course, we don't know of the failures that were avoided through disciplined software engineering.Martin Brampton's 2004-04-27 ZDNet commentary earned some interesting comments, but the article doesn't go very deep. It is a little mind-wrenching to see how Dijkstra's Go To Considered Harmful supports a crucial argument about the irrelevance of certification. While there are appropriate concerns about the reliability of examinations as demonstrations of engineering competence, Brampton proposes no measurable alternative. Indeed, it doesn't look like Brampton proposes to measure anything. Good, we will keep it all in the domain of opinion, the approach that has taken us this far. Bully.
Comments:
Post a Comment
Who Killed Programming?ACM News Service: Is Programming Dead?. In the blurb, Model-Driven Architecture (MDA) is identifed as the next big evolutionary step, still in programming. The enabling standards are considered to be the Unified Modeling Language (UML) and application architectures such as .Net and J2EE. The promise is for genuinely high-level application specification tools, supported by code-generation techniques from platform independent specifications. There is interesting mention of the automatic incorporation of operations that support autonomic computing.The silicon.com Jon Collins 2004-04-23 article lead is "MDA takes craft to new highs." There are no links, but interesting reader comments have accumulated.
Comments:
Post a Comment
Shall We Sophisticated Mathematically Dance?ACM News Service: World Wide Web Consortium Publishes First Working Draft of Web Services Choreography Description Language 1.0. This is a pretty breathless announcement of what is in fact a first working draft available for public review and comment. WS-CDL 1.0 is focused on "sustained and secure peer-to-peer e-business transactions over the Web." Early implementations are being sought.The W3C 2004-04-27 Press Release provides more information and access to the necessary documents.
Comments:
Post a Comment
Inside-Out SecurityACM News Service: Security From the Inside Out. The news blurb emphasizes that multilayered approaches are being employed to protect enterprise systems, although attack against applications is considered a specific area of weakness aggrevated by the lack of security focus during application development.The 2004-04-21 Dan Farber ZDNet article provides more meat. It is not clear to me that the simulated-attack approach to application vulnerability detection is enough. I have been waiting to discover how attack detection system will help in repair/correction. I suppose this is related to the still-mysterious autonomic repair promise. Oh, I can envision denial-of-service attacks that work by attacking the detection and fail-over provisions of a system. Tricky, tricky.
Comments:
Post a Comment
I Want My SecurityACM News Service: Dire Straits. This blurb suggests that 7 major trends are not going to simplify security concerns:elimination of bloated operating systemsIncreased security issues are expected to accompany introduction of distributed systems that rely on the network for communications between components (e.g., Web Services). The April 2004 Information Security article emphasizes that perimeter defenses will be more difficult and also suggests that the heart of the problem is bad software, with no way to account for that in network defense systems. There's also concession that much is being done to reduce the attack surface of software systems. Sounds a little muddled, doesn't it? The point-by-point analysis of trends is worth keeping around for reference.
Comments:
Post a Comment
Sadowsky - Casting a Wider NetACM: Ubiquity - Casting a Wider Net. This interview with George Sadowsky looks at major threads in his career, including work to encourage economic development around the world. One interesting tid-bit applies to urban Wireless in the US:"In India, for example, Michael Best and the MIT labs are experimenting with an inexpensive network that doesn't use any existing standard but instead essentially uses a mesh of computers and antennae to transmit messages on a store-and-forward basis until they get to where they're going. That's a nice model for many areas in rural India because those parts of rural India don't look rural compared to, say, North Dakota, or anyplace that we would consider really rural in the US."There's quite a bit more. Because he joined the Association for Computing Machinery the same time I did (and I was at that conference, too), I'll end with George's observation about that: "I joined ACM in 1961 when I attended the ACM annual conference in Los Angeles, and I've been a member ever since. It was there that I first realized that I would have a long-term association with this profession and that I had better make sure that I keep up with the field as best I could. That has paid off in some spectacular ways, both in terms of reading articles that changed the way I understood certain fields, and in terms of meeting people who were helpful, some of whom are good colleagues to this day. In 1968 a group of us started SICCOC, a Special Interest Committee for the Social Sciences, which became a SIG, but then due to lack of binding with the relevant academic disciplines, transmuted itself in the early 1980s into SIGCHI."
Comments:
Post a Comment
2004-05-17Normalizing Your Webmezzoblue § A Roadmap to Standards. Ethan Marcotte of the Web Standards Project Buzz spotted this amazing article by Dave Shea. It is about making standards-compliant web pages, with a gentle nudge toward XHTML + CSS as the answer.
Comments:
Post a Comment
The Intersection of CS.Punk and HCI.Rock?Trevor F. Smith: Exterior: Browser bowels. Trevor observes that browsers live at an interesting intersection of the OS Highway. I am beginning to think of interactive information systems that way too. Trevor recommends a Dave Hyatt note on the heuristics of browser page loading/display/measurement for a taste of the magical roadway.I must save all of this for discussion with fellow math-droids who think that programming is mathematics.
Comments:
Post a Comment
Snapping Spring This entry is an excuse to experiment with images in the blog (and whatever happens in the site feed).It is Spring in the neighborhood and I was motivated to take a camera walk. I am also making a half-way change to digital photography. (If this were a music CD, the code would be AAD.) I continue to use film and the N8008s that I upgraded to in 1992. My last roll was processed and delivered on CD-ROM, with the only prints being the little index print that provides thumbnails of each frame. Bringing home the CD-ROM has a number of advantages over the double-print order I normally turn in: First, it is less expensive. Secondly, I have digital images already, and I suspect the large ones (JPEGs of around 1.5MB each) are better quality than I can obtain using my desktop scanner with film adapter. Third, I still have the color negatives if I do need to do that. Fourth, I have eliminated the normal preparation barrier before I have something I am willing to put on the web or make prints from. The one disadvantage that I see is that I don't have prints for filing and for mailing -- now that is the barrier. I can make prints, though I am not sure that will be less expensive, in terms of materials and especially effort. I'll see.
Comments:
Post a Comment
2004-05-16Le «blog personnel» de Joe Clark » i let u b u. Spotted by Caveat Lector, a great article on markup as markup and hang the Semantics. I love it too.
Comments:
Post a Comment
The nitty-gritty of how not to use encryptionAttacking and repairing the WinZip "Advanced Encryption" scheme. Here's the skinny on the way software can end up using encryption in an insecure way. Here's detailed information that is representative of the kinds of diligence it takes to incorporate an encryption system into a product or to use one that has been provided. There are caveats around the application of almost every cryptographic technique, and one should be careful to know what they are and to safeguard against misuse of the technique. Finally, it is important to keep asking about the threat one is attempting to mitigate and questioning how a particular security practice actually applies to that.
Comments:
Post a Comment
Using encryption badly is maybe worse than no encryption at all?Slashdot | Attacking WinZip AES Encryption. Although there are some impressive cryptographic techniques available for general use, there is many a slip twixt cup and lip. Here's a cautionary case illustrated by analysis of a well-known software product. This is also a great indirect hint for subscribing to Bruce Schneier's Crypto-Gram too.
Comments:
Post a Comment
Breathless TrendinessIntelliseek's BlogPulse This SmartMobbed site presents some approaches to trend discovery based on blogs, and it also provides a portal to blogs. Umm, I dunno. Something is off about this.
Comments:
Post a Comment
Social Affordance beyond Wiki AffordanceCommunityWiki: SocialAffordance Here is more work on refining the notion of Affordance in the context of wiki.[note to self: Self, remember that a wiki page should tell you what version it is, and one might want to permalink a particular version or the resource that is the always-latest version. This is one way that a wiki is different than a web log, unless blog pages are versioned too, perhaps?]
Comments:
Post a Comment
|
|||
