The case of the 500-mile email

Read the FAQ about the story.
The following is the 500-mile email story in the form it originally appeared, in a post to sage-members on Sun, 24 Nov 2002.:

From trey@sage.org Fri Nov 29 18:00:49 2002
Date: Sun, 24 Nov 2002 21:03:02 -0500 (EST)
From: Trey Harris 
To: sage-members@sage.org
Subject: The case of the 500-mile email (was RE: [SAGE] Favorite impossible
    task?)

Here's a problem that *sounded* impossible...  I almost regret posting the
story to a wide audience, because it makes a great tale over drinks at a
conference. :-)  The story is slightly altered in order to protect the
guilty, elide over irrelevant and boring details, and generally make the
whole thing more entertaining.

I was working in a job running the campus email system some years ago when
I got a call from the chairman of the statistics department.

"We're having a problem sending email out of the department."

"What's the problem?" I asked.

"We can't send mail more than 500 miles," the chairman explained.

I choked on my latte.  "Come again?"

"We can't send mail farther than 500 miles from here," he repeated.  "A
little bit more, actually.  Call it 520 miles.  But no farther."

"Um... Email really doesn't work that way, generally," I said, trying to
keep panic out of my voice.  One doesn't display panic when speaking to a
department chairman, even of a relatively impoverished department like
statistics.  "What makes you think you can't send mail more than 500
miles?"

"It's not what I *think*," the chairman replied testily.  "You see, when
we first noticed this happening, a few days ago--"

"You waited a few DAYS?" I interrupted, a tremor tinging my voice.  "And
you couldn't send email this whole time?"

"We could send email.  Just not more than--"

"--500 miles, yes," I finished for him, "I got that.  But why didn't you
call earlier?"

"Well, we hadn't collected enough data to be sure of what was going on
until just now."  Right.  This is the chairman of *statistics*. "Anyway, I
asked one of the geostatisticians to look into it--"

"Geostatisticians..."

"--yes, and she's produced a map showing the radius within which we can
send email to be slightly more than 500 miles.  There are a number of
destinations within that radius that we can't reach, either, or reach
sporadically, but we can never email farther than this radius."

"I see," I said, and put my head in my hands.  "When did this start?  A
few days ago, you said, but did anything change in your systems at that
time?"

"Well, the consultant came in and patched our server and rebooted it.
But I called him, and he said he didn't touch the mail system."

"Okay, let me take a look, and I'll call you back," I said, scarcely
believing that I was playing along.  It wasn't April Fool's Day.  I tried
to remember if someone owed me a practical joke.

I logged into their department's server, and sent a few test mails.  This
was in the Research Triangle of North Carolina, and a test mail to my own
account was delivered without a hitch.  Ditto for one sent to Richmond,
and Atlanta, and Washington.  Another to Princeton (400 miles) worked.

But then I tried to send an email to Memphis (600 miles).  It failed.
Boston, failed.  Detroit, failed.  I got out my address book and started
trying to narrow this down.  New York (420 miles) worked, but Providence
(580 miles) failed.

I was beginning to wonder if I had lost my sanity.  I tried emailing a
friend who lived in North Carolina, but whose ISP was in Seattle.
Thankfully, it failed.  If the problem had had to do with the geography of
the human recipient and not his mail server, I think I would have broken
down in tears.

Having established that--unbelievably--the problem as reported was true,
and repeatable, I took a look at the sendmail.cf file.  It looked fairly
normal.  In fact, it looked familiar.

I diffed it against the sendmail.cf in my home directory.  It hadn't been
altered--it was a sendmail.cf I had written.  And I was fairly certain I
hadn't enabled the "FAIL_MAIL_OVER_500_MILES" option.  At a loss, I
telnetted into the SMTP port.  The server happily responded with a SunOS
sendmail banner.

Wait a minute... a SunOS sendmail banner?  At the time, Sun was still
shipping Sendmail 5 with its operating system, even though Sendmail 8 was
fairly mature.  Being a good system administrator, I had standardized on
Sendmail 8.  And also being a good system administrator, I had written a
sendmail.cf that used the nice long self-documenting option and variable
names available in Sendmail 8 rather than the cryptic punctuation-mark
codes that had been used in Sendmail 5.

The pieces fell into place, all at once, and I again choked on the dregs
of my now-cold latte.  When the consultant had "patched the server," he
had apparently upgraded the version of SunOS, and in so doing
*downgraded* Sendmail.  The upgrade helpfully left the sendmail.cf
alone, even though it was now the wrong version.

It so happens that Sendmail 5--at least, the version that Sun shipped,
which had some tweaks--could deal with the Sendmail 8 sendmail.cf, as most
of the rules had at that point remained unaltered.  But the new long
configuration options--those it saw as junk, and skipped.  And the
sendmail binary had no defaults compiled in for most of these, so, finding
no suitable settings in the sendmail.cf file, they were set to zero.

One of the settings that was set to zero was the timeout to connect to the
remote SMTP server.  Some experimentation established that on this
particular machine with its typical load, a zero timeout would abort a
connect call in slightly over three milliseconds.

An odd feature of our campus network at the time was that it was 100%
switched.  An outgoing packet wouldn't incur a router delay until hitting
the POP and reaching a router on the far side.  So time to connect to a
lightly-loaded remote host on a nearby network would actually largely be
governed by the speed of light distance to the destination rather than by
incidental router delays.

Feeling slightly giddy, I typed into my shell:

$ units
1311 units, 63 prefixes

You have: 3 millilightseconds
You want: miles
        * 558.84719
        / 0.0017893979

"500 miles, or a little bit more."

Trey Harris
-- 
I'm looking for work.  If you need a SAGE Level IV with 10 years Perl,
tool development, training, and architecture experience, please email me
at trey@sage.org.  I'm willing to relocate for the right opportunity.

Getting name of object in javascript

http://stackoverflow.com/questions/332422/how-do-i-get-the-name-of-an-objects-type-in-javascript

Getting name of an object in javascript

Vacuum Old Indexes

http://stackoverflow.com/questions/813839/how-can-i-remove-unused-indexes-in-google-application-engine

Deleting Unused Indexes

...

When you are sure that old indexes are no longer needed, you can delete them from App Engine using the vacuum_indexes action:

./appengine-java-sdk/bin/appcfg.sh vacuum_indexes myapp/war
This command deletes all indexes for the app that are not mentioned in the local versions of datastore-indexes.xml and generated/datastore-indexes-auto.xml.

Memory Management - JavaScript

avoid memory leak setting This = null ?
Hello Glen,
thanks for sharing your knowledge with us, this was pretty much helpful.
What about the memory leak?
Would it be enough if i set all properties of an object to null, the object itself to null and at least This to null? Would the garbage collector be able to destroy my original object and also the reference This?
Thanks+regards,
Christoph

Last edited Feb 9, 2009 12:41 PMReport abusive comment
+1Hide replies to this comment ▲
Hi Christoph,

That sounded like a good plan, so I put it to a test. I created an object with "var This = this" in it, then a destroy method that set This = null (you shouldn't be able to access that closure from outside the object, so you need a destroy method).

The HTML page itself created 500,000 instances and stuffed them into an array (window.cache); then I looked at the memory delta. Then the HTML page deallocated everything by calling the method that set This = null, and also set the window.cache reference to null, just as you suggested.

The results in Firefox 2 were promising. The initial memory consumption was about 43K, then it shot up to 373K. After deallocation and waiting a few minutes, the memory was back down to 86K. So not a total prevention of the memory leak, but not bad.

In IE7 and Chrome, the results were less promising. IE7's memory consumption shot up to 910K (!) and only came back down to 744K, and the tests were inconsistent as well. Collection seems to be immediate in IE but the memory leak is gigantic. I even added a line to set window.cache = null and this may have improved the result somewhat, but I was still left with 583K consumed. (The next test brought it to 374K. Weirdly inconsistent.)

Chrome never reclaimed memory, and I waited around about 20 minutes for the collector to run. However, it only ever consumed ~83K total memory (meaning it needed about 44K for those objects).

The good news (sort-of) is that both Chrome and IE reclaimed all the memory when I navigated to google.com after the test. (Firefox did not.)

Certainly an interesting test, but the end result is that (especially with IE) it seems that you can't get much of the memory back in a fully Ajaxian situation -- you have to navigate away at some point, or performance will certainly degrade.

But, like I said in the post, the vast majority of applications won't create that kind of consumption, so reclaiming closures isn't a huge issue most of the time.

Hero

Flying around discovering powers as a prank. Using them to stealquickly, tryin to get away with it. Getting closer and closer to being cornered by the police. Getting discovered by the police due to using technology blogs/microfeeds that are in correlation with acts of crime. Kidnappg/hurting friends and family.

Google App Engine Clean Friendly URLs

http://www.tuckey.org/urlrewrite/

http://stackoverflow.com/questions/2297056/pretty-urls-in-google-app-engine

http://code.google.com/appengine/docs/java/config/webxml.html

Dojo pubsub and connect: Event Driven Development

http://www.ibm.com/developerworks/web/library/wa-dojoconnect/?ca=drs-

Protagonist Antagonist Video Game Story

User controls a protagonist to over come antagonists in video games. However while the protagonist awakens to a new world he willing fights enemies to start out of ignorance. However at every defeat, the user does not care for our fallen protagonist. Instead, it is the antagonist, or various enemies in the game who help bring our protagonist back. Our antagonists are the ones whom teach the protagonist and help the protagonist grow, progression only at each of their deaths. Reluctantly the protagonist not knowing why must kill all antagonists. Those who are friends, mentors and teachers. Prophecy of wolf defeats bear, protagonist much change and become a werewolf to bite bear and win. In the end, the protagonist cannot overcome and get close enough to finish the bite. Bear realizes this and knows protagonist will never win, turns around and offers their self so that the protagonist can progress, knowing otherwise both will be locked in this struggle for an eternity and, having become friends, does not wish this to happen. While user is disconnected, they joke, talk, have their laughs. User takes control. Protagonist doesn't want to kill antagonist, but for some reason knows he must. Protagonist walks up to antagonist, embraces, and while crying, bites. Antagonist explodes into a thousand stars, the protagonist has progressed again.

The protagonist was young and naive, with no experience just waking up in this world, believing he needed to defeat all antagonists. Antagonists, knowing of the incoming aggression, defended themselves accordingly, but while defeating protagonist, always brought him back out of compassion since he was one of their own - just another sprite/avatar in the world. Coming back multiple times, protagonist develops a memory, but doesn't know what drive is forcing him to progress and kill all of the antagonists. He doesn't know why they help him, why they set themselves up for death. There is no guilt, only sadness, since this is the activity all their lives entail. Each antagonist challenges him, forcing him to learn and become stronger to overcome. They are kind, helpful, and push him along further and further. And when they're done, the protagonist is forced to leave them behind.

Partial Application Development - Javascript

http://msdn.microsoft.com/en-US/scriptjunkie/gg575560.aspx

Internal jQuery Explained - 10 Things Learned and Explained by Paul Irish

http://net.tutsplus.com/tutorials/javascript-ajax/10-things-i-learned-from-the-jquery-source/

!function( window, document, undefined){

}(this, document);

(function loop(){

doStuff();
$.load('url.php',function(){
//callback
})
setTimeout(loop,100)

})()



http://net.tutsplus.com/articles/lectures/11-more-things-i-learned-from-the-jquery-source/

http://paulirish.com/2009/perf/

Intelligent Music Search API

http://the.echonest.com/

http://www.apple.com/itunes/affiliates/resources/documentation/itunes-store-web-service-search-api.html

What should a developer know before building a public web site?

http://stackoverflow.com/questions/72394/what-should-a-developer-know-before-building-a-public-web-site

The idea here is that most of us should already know most of what is on this list. But there just might be one or two items you haven't really looked into before, don't fully understand, or maybe never even heard of.

Interface and User Experience

Be aware that browsers implement standards inconsistently and make sure your site works reasonably well across all major browsers. At a minimum test against a recent Gecko engine (Firefox), a Webkit engine (Safari, Chrome, and some mobile browsers), your supported IE browsers (take advantage of the Application Compatibility VPC Images), and Opera. Also consider how browsers render your site in different operating systems.
Consider how people might use the site other than from the major browsers: cell phones, screen readers and search engines, for example. — Some accessibility info: WAI and Section508, Mobile development: MobiForge
Staging: How to deploy updates without affecting your users. Ed Lucas's answer has some comments on this.
Don't display unfriendly errors directly to the user
Don't put users' email addresses in plain text as they will get spammed to death
Build well-considered limits into your site - This also belongs under Security.
Learn how to do progressive enhancement
Always redirect after a POST.
Don't forget to take accessibility into account. It's always a good idea and in certain circumstances it's a legal requirement. WAI-ARIA is a good resource in this area.
Security

It's a lot to digest but the OWASP development guide covers Web Site security from top to bottom
Know about SQL injection and how to prevent it
Never trust user input (cookies are user input too!)
Encrypt Hash and salt passwords rather than storing them plain-text.
Don't try to come up with your own fancy authentication system: it's such an easy thing to get wrong in subtle and untestable ways and you wouldn't even know it until after you're hacked.
Know the rules for processing credit cards. (See this question as well)
Use SSL/HTTPS for login and any pages where sensitive data is entered (like credit card info)
How to resist session hijacking
Avoid cross site scripting (XSS)
Avoid cross site request forgeries (XSRF)
Keep your system(s) up to date with the latest patches
Make sure your database connection information is secured.
Keep yourself informed about the latest attack techniques and vulnerabilities affecting your platform.
Read The Google Browser Security Handbook
Read The Web Application Hackers Handbook
Performance

Implement caching if necessary, understand and use HTTP caching properly as well as HTML5 Manifest
Optimize images - don't use a 20 KB image for a repeating background
Learn how to gzip/deflate content (deflate is better)
Combine/concatenate multiple stylesheets or multiple script files to reduce number of browser connections and improve gzip ability to compress duplications between files
Take a look at the Yahoo Exceptional Performance site, lots of great guidelines including improving front-end performance and their YSlow tool. Google page speed is another tool for performance profiling. Both require Firebug installed.
Use CSS Image Sprites for small related images like toolbars (see the "minimize http requests" point)
Busy web sites should consider splitting components across domains. Specifically...
Static content (ie, images, CSS, JavaScript, and generally content that doesn't need access to cookies) should go in a separate domain that does not use cookies, because all cookies for a domain and it's subdomains are sent with every request to the domain and its subdomains. One good option here is to use a Content Delivery Network (CDN).
Minimize the total number of HTTP requests required for a browser to render the page.
Utilize Google Closure Compiler for JavaScript and other minification tools
SEO (Search Engine Optimization)

Use "search engine friendly" URL's, i.e. use example.com/pages/45-article-title instead of example.com/index.php?page=45
Don't use links that say "click here". You're wasting an SEO opportunity and it makes things harder for people with screen readers.
Have an XML sitemap
Use <link rel="canonical" ... /> when you have multiple URLs that point to the same content
Use Google Webmaster Tools and Yahoo Site Explorer
Install Google Analytics right at the start (or an open source analysis tool like Piwik)
Know how robots.txt and search engine spiders work
Redirect requests (using 301 Moved Permanently) asking for www.example.com to example.com (or the other way round) to prevent splitting the google ranking between both sites
Know that there can be bad behaving spiders out there
If you have non-text content look into Google's sitemap extensions for video, etc. There is some good information about this in Tim Farley's answer.
Technology

Understand HTTP and things like GET, POST, sessions, cookies, and what it means to be "stateless".
Write your XHTML/HTML and CSS according to the W3C specifications and make sure they validate. The goal here is to avoid browser quirks modes and as a bonus make it much easier to work with non-standard browsers like screen readers and mobile devices.
Understand how JavaScript is processed in the browser.
Understand how JavaScript, style sheets, and other resources used by your page are loaded and consider their impact on perceived performance. It may be appropriate in some cases to move scripts to the bottom of your pages.
Understand how the JavaScript sandbox works, especially if you intend to use iframes.
Be aware that JavaScript can and will be disabled, and that Ajax is therefore an extension not a baseline. Even if most normal users leave it on now, remember that NoScript is becoming more popular, mobile devices may not work as expected, and Google won't run most of your JavaScript when indexing the site.
Learn the difference between 301 and 302 redirects (this is also an SEO issue).
Learn as much as you possibly can about your deployment platform
Consider using a Reset Style Sheet
Consider JavaScript frameworks (such as jQuery, MooTools, or Prototype), which will hide a lot of the browser differences when using JavaScript for DOM manipulation
Bug fixing

Understand you'll spend 20% of the time coding and 80% of it maintaining, so code accordingly
Set up a good error reporting solution
Have some system for people to contact you with suggestions and criticism.
Document how the application works for future support staff and people performing maintenance
Make frequent backups! (And make sure those backups are functional) Ed Lucas's answer has some advice. Have a Restore strategy, not just a Backup strategy.
Don't forget to do your Unit Testing. Frameworks like Selenium can help.
Lots of stuff omitted not necessarily because they're not useful answers, but because they're either too detailed, out of scope, or go a bit too far for someone looking to get an overview of the things they should know. If you're one of those people you can read the rest of the answers to get more detailed information about the things mentioned in this list. If I get the time I'll add links to the various answers that contain the things mentioned in this list if the answers go into detail about these things. Please feel free to edit this as well, I probably missed some stuff or made some mistakes.

Thumbnail Generation - Reddit Image Entropy

http://www.reddit.com/r/pics/comments/e9y6d/how_is_thumbbnail_formed/c16hwe0

You sure? The algorithm is pretty simple:
def image_entropy(img):
"""calculate the entropy of an image"""
hist = img.histogram()
hist_size = sum(hist)
hist = [float(h) / hist_size for h in hist]

return -sum([p * math.log(p, 2) for p in hist if p != 0])

def square_image(img):
"""if the image is taller than it is wide, square it off. determine
which pieces to cut off based on the entropy pieces."""
x,y = img.size
while y > x:
#slice 10px at a time until square
slice_height = min(y - x, 10)

bottom = img.crop((0, y - slice_height, x, y))
top = img.crop((0, 0, x, slice_height))

#remove the slice with the least entropy
if image_entropy(bottom) < image_entropy(top):
img = img.crop((0, 0, x, y - slice_height))
else:
img = img.crop((0, slice_height, x, y))

x,y = img.size

return img
Basically, A) if the image is taller than it is wide (like the parent image), it B) goes through the image, slicing off 10px at a time off the image, either off the top or the bottom, based on which slice has a lesser entropy.
EDIT2: The really simple way to do this is to find a 19px chunk with really high entropy (with a really high sample of colors), higher than the entropy of anything (width-10) above or beneath the thumbnail. The sample just needs to be 10px if it's aligned correctly. A note: stick comments like the above are really easy to do, because the thumbnail has a really high entropy (read: lots of varied colors) compared to the rest of the comic (black and white and simple colors). The real trick would be to select the thumbnail that integrates really well with the rest of the picture.
Really, you just need one band, however: either a bottom band at least 10px and aligned to 10px that is less entropic than all the bands (width - 10)px above it, or a top band that is either as entropic or more entropic than all the 10px bands (width-10)px below it.
Of course, it doesn't need to be that drastic, but that will guarantee that the sub-image is selected as a thumbnail.
Well done!
P.S. Here is the entropy of the comic, or how much an image changes. Note how much higher, almost pure white, the entropy of the picture of boobs is when compared to the rest of the image.
P.P.S. To give you an idea of how reddit calculates the entropy, I think that mathematica (the source of the entropy image) calculates entropy for a given pixel based on its neighbors, while the reddit one calculates it as one 10px strip.
EDIT: Here's a proper way of seeing how reddit "sees" the thumbnail.

Analytics: Expedia on how one extra data field can cost $12m

http://www.silicon.com/management/sales-and-marketing/2010/11/01/expedia-on-how-one-extra-data-field-can-cost-12m-39746554/

Javascript Canvas Game Physics Demo Examples

Keyboard Interaction
http://skookum.com/blog/simple-game-physics-barcampclt/

Mouse Interaction
http://mikerotondo.com/ninjaleap/

Collision Detection
http://killerduo.com/

Full RTS
http://pornel.net/gamejam/

Application Cache - Cache Manifest Example

http://demos.hahana.co.uk/app-cache-demo.html

In the html: http://demos.hahana.co.uk/app-cache-demo.html

<!doctype html>
<html manifest="app-cache-demo.manifest">

In the file: http://demos.hahana.co.uk/app-cache-demo.manifest

CACHE MANIFEST
app-cache-demo.html
images/hahana-magneto-small.png

HTML Templating and OWL data visualisation

http://ontologyonline.blogspot.com/2008/10/html-templating-and-owl-data.html

http://jowl.ontologyonline.org/

Raphael JS SVG

http://raphaeljs.com/index.html

http://www.alistapart.com/articles/svg-with-a-little-help-from-raphael/

Making Ajax Websites Crawlable

http://code.google.com/intl/cy/web/ajaxcrawling/docs/getting-started.html

Improving Performance of Web Applications

http://www.ibm.com/developerworks/web/library/wa-webappperformance/

Querying Google App Engine GAE for Key Property

http://gae-java-persistence.blogspot.com/2010/01/querying-with-key-parameters.html

javascript visualization

http://js1k.com/demo/171



http://sixrevisions.com/javascript/20-fresh-javascript-data-visualization-libraries/

Locally testing a Google App Engine iPhone/Android web app

http://thecoderscanon.com/?p=115

by default the launcher runs the app on the interface localhost, which is only accessible on the machine it is running on. This means that a browser on the computer I am developing on can access the website, but not my iPhone on the same network.
In order to make your GAE web app accessible on your local network, configure the launcher to use the address 0.0.0.0 instead of localhost. To do this, open the GoogleAppEngineLauncher, go to Application Settings for your app, add the following to the Extra Flags section “-a 0.0.0.0″, and restart. You will now be able to test your web app on an any device logged into your local network.

--port=8888 -a 0.0.0.0

iPad/iPhone touch events

http://manifestinteractive.com/iphone/touch/

< meta name="viewport" content="width=320; initial-scale=1.0; minimum-scale=1.0; maximum-scale=1.0; user-scalable=0;">

http://www.ryanscherf.net/demos/swipe/


http://www.engageinteractive.co.uk/blog/2008/06/19/tutorial-building-a-website-for-the-iphone/

http://www.engageinteractive.co.uk/tutorials/iphone/

http://www.bracketslash.com/app.php

http://cubiq.org/iscroll

Top Aligned Forms are filled out faster

http://uxmovement.com/design-articles/faster-with-top-aligned-labels

CSS3 Playground

http://css3.mikeplate.com/

HTML 5 Periodic Table

http://joshduck.com/periodic-table.html

Hacking a USB Drive

http://spritesmods.com/?art=diskgenie

http://www.reddit.com/r/programming/comments/d63kf/hacking_a_passcode_encrypted_usb_hard_drive/

Quakecon Speech

http://www.gamedev.net/community/forums/topic.asp?topic_id=266373

Partial Key Generation

http://www.brandonstaggs.com/2007/07/26/implementing-a-partial-serial-number-verification-system-in-delphi/

Web Design: Screen Patterns

http://designingwebinterfaces.com/designing-web-interfaces-12-screen-patterns

HTML Cheat Sheet

http://diveintohtml5.org/peeks-pokes-and-pointers.html

Goolge app engine + java + spring + REST + JSON + Flex

http://www.wetfeetblog.com/goolge-app-engine-java-spring-rest-json-flex-part-1/87


Objective

Once you are finished with this article, you will be able to implement REST services in Google Apps Engine using JAVA, Spring 3.0 and JSON. In the next part you will learn how to add flex application to consume the services.

Step one – Getting all required libraries: Google App Engine SDK, Spring and JSON serializer

If you are using Eclipse (my favorite IDE), you can install google plugin from here. If you choose to go another route, you need to download the sdk, create the project and join us back in the next section. Once you install the plugin, restart eclipse and you can see these buttons



you can proceed to the next section.

Step Two – Create new project

Go to new project wizzard



and select Web application project under google. you should get to the project settings screen



choose your project name (can be anything, not necessarily you google application name) and you base package, click finish and you should see the following project structure:



Step Three – Add Spring Support

Go to springsource.org and download latest 3.0 release, unzip it into a folder where you keep your java libs. Copy the following Jars into war\WEB-INF\llib directory:

org.springframework.asm-3.0.x.jar
org.springframework.beans-3.0.x.jar
org.springframework.context-3.0.x.jar
org.springframework.core-3.0.x.jar
org.springframework.expression-3.0.x.jar
org.springframework.oxm-3.0.x.jar
org.springframework.web-3.0.x.jar
org.springframework.web.servlet-3.0.x.jar
Also grab your favorite version of log4j.jar and commons-logging-1.1.1.jar. The trick with the commons-logging is to rename it to something like commons-fix-logging-1.1.1.jar, google app engine replaces this jar with its own version with crippled packages, by providing different name we keep both versions and make spring happy. Once you copied the jars, open project preferences and add those jars to the build library path.



Now lets get to the fun part – configuring spring.

Lets get rid of the generated servlet – just delete it. And open web.xml. My generated one looks like this:



xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" version="2.5">

Rest_json_flex
com.lureto.rjf.Rest_json_flexServlet


Rest_json_flex
/rest_json_flex


index.html




The final version should look like this:



xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" version="2.5">


log4jConfigLocation
/WEB-INF/log4j.properties


org.springframework.web.util.Log4jConfigListener



rest-json-flex
org.springframework.web.servlet.DispatcherServlet
1



rest-json-flex
/api/*



index.html





As you can see I have moved log4j.properties from src to WEB-INF location. I like all my config files in one place, you can leave it in src or move it somewhere else, just adjust the path accordingly. Second section defines Spring dispatcher servlet, then we map this servlet to /api/* path. All requests with this pattern will get routed to spring dispathcer servlet.

Step Four – Add JSON support

I looked around for good java JSON library and found couple good candidates. Since Spring uses Jackson JSON I decided to go the same route. Grab the library from here and put jackson-core-1.2.1.jar and jackson-mapper-1.2.1.jar file into projects WEB-INF/lib directory. Choose your favorite license when you downloading the jars.

Step Five – Configure Spring

To configure Spring servlet we need to create servletname-servlet.xml file for spring bean configuration. Our file has to be named rest-json-flex-servlet.xml.



xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:p="http://www.springframework.org/schema/p"
xmlns:context="http://www.springframework.org/schema/context"
xsi:schemaLocation="
http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/context
http://www.springframework.org/schema/context/spring-context-3.0.xsd">




























First we tell String to scan “com.lureto.rjf” package for any bean annotations.





Next we define message converter to convert messages sent to the server into beans using MappingJacksonHttpMessageConverter












The last part tells spring to render messages sent from the server to the client using JsonView. Here we need to do some bug fixing, as you may have noticed the classes used are from “com.lureto.rjf.spring” and not from “org.springframework.web”.















MyContentNegotiatingViewResolver.java – at the moment of writing this the 3.0.0.RC1 version of ContentNegotiatingViewResolver has bug with the list being singleton.


package com.lureto.rjf.spring;

import java.util.Arrays;
import java.util.List;

import javax.servlet.http.HttpServletRequest;

import org.springframework.http.MediaType;
import org.springframework.web.servlet.view.ContentNegotiatingViewResolver;

public class MyContentNegotiatingViewResolver extends ContentNegotiatingViewResolver {

protected List getMediaTypes(HttpServletRequest request) {
List result = super.getMediaTypes(request);
if (result.size() == 1)
result = Arrays.asList(result.get(0));
return result;
}


}


JsonView.java – is a copy org.springframework.web.servlet.view.json.MappingJacksonJsonView with one change:


@Override
protected void renderMergedOutputModel(Map model,
HttpServletRequest request,
HttpServletResponse response) throws Exception {
model = filterModel(model);
JsonGenerator generator = objectMapper.getJsonFactory().createJsonGenerator(response.getWriter());
if (prefixJson) {
generator.writeRaw("{} && ");
}
objectMapper.writeValue(generator, model);
}


I had to change response.getOutputStream() to response.getWriter(), since jetty’s implementation of setting content type and encoding uses writer, if you try grabbing a stream after that, you will get an exception.

Step Six – Lets write a little bit of code

First lets define a model object that we will send across the wire. Here is my User.java class:


public class User {

private long id;
private String email;
private String name;

public long getId() {
return id;
}
public void setId(long id) {
this.id = id;
}
public String getEmail() {
return email;
}
public void setEmail(String email) {
this.email = email;
}
public String getName() {
return name;
}
public void setName(String name) {
this.name = name;
}
}


And implement the controller to send and receive data. Here is my UserController.java:


package com.lureto.rjf;

import java.io.IOException;
import java.util.ArrayList;
import java.util.List;

import org.apache.log4j.Logger;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.ModelAttribute;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;

@Controller
@RequestMapping("/user")
public class UserController {

private static Logger logger = Logger.getLogger( UserController.class );

@ModelAttribute("users")
@RequestMapping(value = "/", method = RequestMethod.GET)
public List listUsers() throws IOException {
List users = new ArrayList();

User user = new User();
user.setId(10001);
user.setEmail("user.one@gmail.com");
user.setName("User UNO");

users.add(user);

return users;
}

@ModelAttribute("user")
@RequestMapping(value = "/", method = RequestMethod.POST)
public User saveUser( @RequestBody User user ) throws IOException {
logger.debug(user);
return user;
}
}


Lest go step my step through this and look at what all these little thing do.
We have marked our class as @Controller which indicates to sprign framework that this is a controller class. @RequestMapping(“/user”) indicates that this controller will handle requests that start with /user, /api/user to be precise, since spring servlet is configured to handle /api/* mappings.


@ModelAttribute("users")
@RequestMapping(value = "/", method = RequestMethod.GET)
public List listUsers() throws IOException {


Here we define a methow which will be invoked when /api/user/ path gets called with GET method. If you running standard config http://localhost:8080/api/user/ would be the url to hit in the browser. @ModelAttribute(“users”) tells spring to put the object returned by this method into users model attribute for the view. Since we have wired everything in xml configuration, if we return the object it will be rendered by default view which serializes beans into JSON strings.
Our method for receiving json objects looks like this:


@ModelAttribute("user")
@RequestMapping(value = "/", method = RequestMethod.POST)
public User saveUser( @RequestBody User user ) throws IOException {
logger.debug(user);
return user;
}


@RequestBody annotation tells Spring framework to take request body and convert it into a bean using message converter. We have a single message converter defined in xml configuration file to be MappingJacksonHttpMessageConverter.

Conclusion

As you can see there is little code to write. In next Spring release the 2 bugs we fixed ourselves will probably be fixed, so this project will have only 2 source files, 3 xml files and 2 properties files. All the work is done by Spring framework, we just need to worry about the business logic and model.
Full project can be downloaded from here.
In the next part we will add flex project, so we can read the json object returned and post user object to the server.

UPDATE – October 27, 2009


Uncaught exception from servlet
java.lang.NullPointerException
at com.google.apphosting.runtime.security.shared.RuntimeVerifier.isInspectable(RuntimeVerifier.java:302)
at com.google.apphosting.runtime.security.shared.intercept.java.lang.Class_.getEnclosingMethod(Class_.java:237)
at org.codehaus.jackson.map.util.ClassUtil.isLocalType(ClassUtil.java:88)
at org.codehaus.jackson.map.deser.BeanDeserializerFactory.isPotentialBeanType(BeanDeserializerFactory.java:613)
at org.codehaus.jackson.map.deser.BeanDeserializerFactory.createBeanDeserializer(BeanDeserializerFactory.java:61)
at org.codehaus.jackson.map.deser.StdDeserializerProvider._createDeserializer(StdDeserializerProvider.java:248)
at org.codehaus.jackson.map.deser.StdDeserializerProvider._createAndCacheValueDeserializer(StdDeserializerProvider.java:181)
at org.codehaus.jackson.map.deser.StdDeserializerProvider.findValueDeserializer(StdDeserializerProvider.java:100)
at org.codehaus.jackson.map.ObjectMapper._findRootDeserializer(ObjectMapper.java:1069)
at org.codehaus.jackson.map.ObjectMapper._readMapAndClose(ObjectMapper.java:1002)
at org.codehaus.jackson.map.ObjectMapper.readValue(ObjectMapper.java:818)
...... SNIP ......


After deploying to app engine I found out that jackson json library is using some unsupported introspection calls and had to make a fix inside jackson library to make it run inside google app engine. I have updated the jars inside the project to catch the exception and let parser to continue on its way. Here is the fix:


public static String isLocalType(Class type)
{
try {
// one more: method locals, anonymous, are not good:
if (type.getEnclosingMethod() != null) {
return "local/anonymous";
}

/* But how about non-static inner classes? Can't construct
* easily (theoretically, we could try to check if parent
* happens to be enclosing... but that gets convoluted)
*/
if (type.getEnclosingClass() != null) {
if (!Modifier.isStatic(type.getModifiers())) {
return "non-static member class";
}
}
} catch ( Exception exc ) {}
return null;
}

Military Spending

"Every gun that is fired, every warship launched, every rocket fired signifies, in the final sense, a theft from those who hunger and are not fed, those who are cold and are not clothed. The world in arms is not spending money alone. It is spending the sweat of its laborers, the genius of its scientists, the hopes of its children."
-Dwight Eisenhower

Why to never ask favors from designers

http://www.familybiking.com.tw/lost_cat.html

Growing up - Joys in simplicity

So I've finally realized that having something really cool is, of course... really cool. But, at the cost of simplicity, sometimes aren't worth the sacrifice. Today I was debating features vs cost of implementation and maintenance, asking myself "is it really worth it".

I hope that I will always, and forever, never skip out on the cool feature just because it's more work. Unfortunately, when it's not your time you're spending, but someone else's cutting corners happens. Building simple but extremely cool apps, is the best thing I've found. The most complicated and sophisticated solution doesn't always beat the simple one - there is joy in simplicity!

Intro to Programming Game (Sort of)

pretty nifty, teaches fundamentals =)

http://armorgames.com/play/6061/light-bot-20

Spring Roo - GWT Tutorial

http://satukubik.com/2010/05/21/hello-world-using-spring-roo-1-1-0m1-under-sts-2-3-3m1/

The first day’s Google I/O keynote shows how much work has been done to integrate Spring Roo with GWT. Despite the fact that the demo is not smoothly done, this is kind of interesting combination. If before we have to do all the work to integrate Spring + Hibernate + GWT manually, now the work has already been done. Even nicer, it has tight integration with Eclipse, my favorite Java IDE .

Unfortunately the information on how to start creating and playing is not integrated and I spent quite some times to finally run a very simple application using all the technologies. Let me share my experience here…

What you need first is an STS 2.3.3M1. It’s not that easy to find, so here is the link: http://www.springsource.com/products/springsource-google-download. Unfortunately, you have to fill the forms as I can’t find another way to download it without filling the form. Warning, you need STS 2.3.3M1 not release 2.3.2.
Next you have to run the installer. I had no problem for this and at the end, the STS is nicely installed on my computer.
Run the STS and put the workspace location as you like.
If you start a new workspace you’ll get something like this:
Just close the Welcome page and you will get something like this:
You’ll need to install DataNucleus Eclipse Plugin and Google Plugin for Eclipse. To do so, go the third tab under the dashboard and select both extensions. Install it and restart the STS.
We can start creating a new project. Create a Roo project with name ‘hello’ and top level package ‘com.hello’. Wait a bit for Maven to download all the dependencies.
You can use Roo Shell to start adding entities to the project. Do following command:
1
persistence setup --provider DATANUCLEUS --database HYPERSONIC_IN_MEMORY
2
entity --class ~.server.domain.Employee --testAutomatically
3
field string --fieldName userName --sizeMin 3 --sizeMax 30
4
gwt setup


After that, you should right click on the project and select Google -> Web Toolkit Settings…. And then just click OK. I don’t know what happens but without it the application complain that it can’t find GWT SDK.
Again, right click on the project. Select Maven -> Enable Dependency Management.
Now you can run the application by right click on it and select Run -> Web Application. There you go you got the GWT version of the application.
Alternatively is to run mvn gwt:run from console or from Eclipse.


http://code.google.com/webtoolkit/business.html

Inline Images

embedding images inline the html document...

short overview:
http://www.websiteoptimization.com/speed/tweak/inline-images/

image -> data converter:
http://www.motobit.com/util/base64-decoder-encoder.asp

example (paste into your browser address bar):

data:image/gif;base64,R0lGODlhEAAOALMAAOazToeHh0tLS/7LZv/0jvb29t/f3//Ub/
/ge8WSLf/rhf/3kdbW1mxsbP//mf///yH5BAAAAAAALAAAAAAQAA4AAARe8L1Ekyky67QZ1hLnjM5UUde0ECwLJoExKcpp
V0aCcGCmTIHEIUEqjgaORCMxIC6e0CcguWw6aFjsVMkkIr7g77ZKPJjPZqIyd7sJAgVGoEGv2xsBxqNgYPj/gAwXEQA7

On a side note, koushy smiles
http://koushy.innerturbulence.net/misc/smilies/gallery.php

Government Data

http://www.data.gov/catalog/geodata

CSS IS HARD: CSS Order Priority

http://hungred.com/useful-information/css-priority-order-tips-tricks/

"Calculate the number of times the ID attributes in the selector.
Calculate the number of times the CLASS attributes in the selector.
Calculate the number of times the HTML tag names in the selector.

Once you done that you will have 3 digit. Each digit is meant for each description above. Next, arrange them from left to right starting from the first description to the third one. And you will have something like this."

Canvas examples

http://www.phpguru.org/static/html5-examples

http://blog.thejit.org/2010/05/30/news-from-the-javascript-infovis-toolkit-2-0-world/

http://thejit.org/

Websockets and jQuery

Oh to make it more accessible to the noobs again... this plugin comes with a full demo including java servlets AND jetty 7.01 server...


Just run "WebSocketServer" and you're done. Enjoy

http://code.google.com/p/jquery-graceful-websocket/

The Daily Show: British Election - Glenn Beck + Nazi

http://www.thedailyshow.com/full-episodes/wed-may-12-2010-michael-patrick-king

What should be jQuery's new slogan

Write less do more is too modest...

more like...

Making javascript accessible to noobs since 2006

i love it


*side note, cool plugins*

http://www.denbagus.net/jquery-ui-developers/

*and google font plugin*
http://code.google.com/webfonts/preview

i luv regex ^^

Because typing certain things out takes way too long... or at least isn't as fun =p

WDNW -> TDNW System

http://www.dilbert.com/strips/comic/2010-04-25/



http://www.dilbert.com/strips/comic/2010-04-25/

GAEPF Update

Stable Version (I think)

new edits to this version:

performance enhancements
- ajax loading
- caching
- some code optimizations (not many ><)

multiple stylesheet themes
- clean
- dark
- blue

Just Because...

Don't know why but i found this hilarious...



Challenge of the day, making this picture a metaphor for everything

GAEPF Update

Currently the entire environment is stable... not sure how long that'll last.

Learned another valuable lesson of why code reuse is essential, not only am i wasting time writing new methods, but having wrote them a few weeks ago I've innovated past them in my learning and now they're horribly out of date, yet still required and cannot be removed/managed/maintained easily. Fail.

Integrating jQuery jscrollpane and rewriting my structure to better support this plugin. New slogan for jQuery "making javascript accessible to noobs since 2006"

The User’s Manifesto: in defense of hacking, modding, and jailbreaking

http://www.crunchgear.com/2010/04/18/the-users-manifesto-in-defense-of-hacking-modding-and-jailbreaking/

Now, this isn’t a license to do whatever you want, to whomever you want, at all times. There are several things that limit your freedom, and it is your responsibility to be aware of them: You may have signed a legally binding contract; the effects of your use may extend beyond what you can reasonably expect to be called your own home or person; there are laws governing certain kinds of use. Essentially, know that your device does not exist in a connective vacuum, and you do not live in a social or legal vacuum.

Let us say that you bought a hammer. The hammer is clearly designed for hitting nails, and it is sold at a hardware store, next to nails. Are you really restricted to using it for hitting nails? Do you need to buy a special license to photograph it, or use it to tenderize meat? Of course not. But if you stand outside hitting a bell with it all day, your neighbors may rightfully complain. And you can’t go around beating people with it, because that’s assault. I really don’t see why a more complicated device, more versatile, sure, but still a piece of hardware bought at a store, should be subject to fundamentally more stringent restrictions. Your use of the tool or device that you bought is limited only by law and your discretion. Acme Hammer company doesn’t get a say in what you do — and for that reason, they are not liable if you do decide to start hammering people.

That said, you may have signed (perhaps without noticing it) a legally binding contract. If you did so, read it. EULAs are meant to be not read, of course, because they are legal language presented to an end user, and the degree to which they are binding is probably going to be a topic for debate for years. Better to be safe: if you can’t read it, research it online and see what the gist is, or call support and ask. If you find that you have a reasonable chance of actually breaking a law and having that illegal act pursued by the company, reflect on that.

But also reflect on the fact that nobody thinks twice about crossing a street at 3AM when there are no cars, because jaywalking laws have no authority when the conditions they are meant to govern are not present. Can we say the same thing of license agreements? We can leave aside the complex philosophical debate that goes along with Law, Justice, and so on — we’re talking about simple cases here. Are you the kind of person who will wait at a “Don’t Walk” sign on an empty street? Then you probably live in Seattle. Also, you’re probably not the jailbreaking type and you’re likely infuriated by what I’ve written so far. At any rate, the most extreme consequence for modding is usually a broken warranty and discontinued support. Oh no!

To illustrate this, here’s the relevant portion of the iPad license agreement:

You may not and you agree not to, or to enable others to, copy (except as expressly permitted by this License), decompile, reverse engineer, disassemble, attempt to derive the source code of, decrypt, modify, or create derivative works of the iPad Software or any services provided by the iPad Software, or any part thereof…

…This License is effective until terminated. Your rights under this License will terminate automatically or otherwise cease to be effective without notice from Apple if you fail to comply with any term(s) of this License. Upon the termination of this License, you shall cease all use of the iPad Software

Some will say that because of these you do not “own” the device you bought. But few will say what they mean, viz. that there is in fact no way for you to buy just the Apple hardware — you are actually prohibited from doing so, and are told told to please return the device for a full refund if you do not agree to the EULA for the software. Fortunately, such a flippantly restrictive license is as easy to ignore as it is to create. Make no mistake — such an act is surely “a violation of the rights of Apple.” A violation they will never know about, because there is no way they could ever know. They have as much effective jurisdiction over your home and person as they do over the dark side of the moon. Many EULAs (Sony’s, for example) establish similar unlimited control, which one may (and often will, without knowing) also ignore with impunity as long as the license-granter or other users are not materially effected in any way. It is telling that the punishment for violating the license is effectively voluntary.

China - War of Internet Addiction

http://techcrunch.com/2010/04/18/the-chinese-matrix-and-the-war-of-internet-addiction/

The following is an English translation reprinted with permission by Kaiser Kuo and Jean Shao.

When we work hard for a whole day come home to an apartment with a monthly rent of 2000 RMB, we face such a distorted version (of the game as the fight for interests lingers on), all we can feel is helplessness. You make no mistake, yes, we are indulging, but not in the game itself. It’s the feeling of belonging, and four years’ friendship and entrusting (in this virtual community we cannot give up)…We persevered no matter what …

We know it’s impossible, but we still swim tirelessly to the North Pole, to the edge of the (global) map, to the place where there is no water, but we still can’t see that icy land! In the past year, I, just like others who love this game, diligently go to work on a crowded bus, diligently consume all kinds of food with no concern of whatever unknown chemicals (they may contain). We never complain that our wages are low, we never lose our mental balance due to those big townhouses you bought with the money you took from my meager wage. We mourned and cried for the flood and earthquake, we rejoiced and cheered for the manned space flight and the Olympics. From the bottom of our heart, we never want to lag to any other nations in this world, but in this year, because of you, we can’t even play a game we love whole-heartedly with other gamers all over the world.

We swallowed all the insults (as we are forced to go to overseas servers and caused other gamers’ inconveniences). Why can’t we be entertained at the cheap rate 40 cents an hour? Just because we are here?”

You taught me since my childhood that a house of gold or silver is never as good as my own tumbledown home, but what’s the reality? You forced me to live temporarily in my own country. Why is it so hard to grant me to simply dwell in my own country spiritually?

Thanks to all you so-called Brick Owners (砖家, a homophone for 专家, expert) and Shouting Beasts（叫兽, a homophone for 教授, professor), aren’t there enough eulogies, cosmetics and anesthetics? Everyday, you have nothing else to do but enjoying your prestigious social status, and pointing at us from an ethical high ground. Have you ever wondered why five million gamers are collectively taking this Net poison (as you so describe our addiction to the virtual game), and the deep-rooted social reasons that are covered?

We naively believed that here there are only gardens, that we can touch the ideal if only we work hard enough. When we look up to those servers on the top of the pyramid, we are forced to hold the Happiness bestowed from you. We retreat into the so-called freest Internet on earth, communicate at low cost, and salve the pains in daily life with the game. It’s just like this, but they, for the sake of interests, they are exploiting in every possible way…we are so accustomed to silence, but silence doesn’t mean surrender.

We can’t stop shouting simply because our voices are low; we can’t do anything simply because our power is weak. It’s okay to be chided, it’s okay to be misunderstood, it’s okay to be overlooked. But it’s just I no longer want to keep silent.

Although there have been many other machinimas and remix videos released in China in the past few years, this video differs in that it is in some ways a call to arms, or more precisely a call to not remain silent, as a protest to current conditions.

Although flashmobs may technically be illegal in China, flash mobbing in games has proved to be an outlet by Chinese netizens for expressing dissatisfaction in the past. The winning of this particular video at the Tudou Video Festival this year in China is a window into this growing sentiment against staying quiet when it comes to internet censorship in China.



Read more: http://techcrunch.com/2010/04/18/the-chinese-matrix-and-the-war-of-internet-addiction/#ixzz0lYfnfd2n

Video http://www.warcraftmovies.com/movieview.php?id=137397&stream=&h=8267fcb0891e593f5326740dc02b5275

Randomness in game design

http://playthisthing.com/randomness-blight-or-bane

When Chance isn't Random: Regression to the Mean

In reality, the reliance by games on chance does not necessarily mean that the game's final outcome is random. In a game with chance elements, there will typically be dozens or hundreds of random tests over the course of the game -- many, many times in which dice rolled, or an algorithm that uses a random number as an input applied.

Paradoxically, the greater the number of random tests, the less effect chance has on the outcome. Over time, random systems regress to the mean.

Consider a single die-roll: there is exactly a 1/6th chance of each possible result. Now consider a 2D6 roll (that is, rolling two six sided dice and summing the numbers rolled): There is a 1/6th chance of rolling a 7, but only a 1/36th chance of rolling a 2 or 12. A single die-roll produces a flat curve, with all outcomes equally probable; a 2D6 roll produces a bell curve, with numbers toward the center of the curve more probable, and the extremes less likely. Adding more dice increases the sharpness of the curve.


http://playthisthing.com/randomness-blight-or-bane

GAEPF Update

Back end looks completely stable, most of the portlets are completed by now

local datastore is at 2179
dev env is at 1728

started migrating to the production environment and rebuilt the collection
prod env is at 1866

i need to figure out why my youtube crawlers keep returning null, investigated this issue a while ago and apparently on the google app engine the dev api keys conflict and we quotas break. might just scrape rather than use the gdata api

Hacking the Power

http://www.engadget.com/2010/03/09/1024-bit-rsa-encryption-cracked-by-carefully-starving-cpu-of-ele/

1024-bit RSA encryption cracked by carefully starving CPU of electricity
By Sean Hollister posted Mar 9th 2010 2:47AM



Since 1977, RSA public-key encryption has protected privacy and verified authenticity when using computers, gadgets and web browsers around the globe, with only the most brutish of brute force efforts (and 1,500 years of processing time) felling its 768-bit variety earlier this year. Now, three eggheads (or Wolverines, as it were) at the University of Michigan claim they can break it simply by tweaking a device's power supply. By fluctuating the voltage to the CPU such that it generated a single hardware error per clock cycle, they found that they could cause the server to flip single bits of the private key at a time, allowing them to slowly piece together the password. With a small cluster of 81 Pentium 4 chips and 104 hours of processing time, they were able to successfully hack 1024-bit encryption in OpenSSL on a SPARC-based system, without damaging the computer, leaving a single trace or ending human life as we know it. That's why they're presenting a paper at the Design, Automation and Test conference this week in Europe, and that's why -- until RSA hopefully fixes the flaw -- you should keep a close eye on your server room's power supply.

http://www.engadget.com/2010/03/09/1024-bit-rsa-encryption-cracked-by-carefully-starving-cpu-of-ele/

The Apple of my eye

Ummm simply put... an amazing article

http://gamehaxe.com/2010/04/10/bravo-apple/

Bravo, Apple

Finally, Apple is doing away with those arrogant upstarts who think then can write a few lines in a high level language and call it a program. Their new developer agreement requires:

3.3.1 – Applications may only use Documented APIs in the manner prescribed by Apple and must not use or call any private APIs. Applications must be originally written in Objective-C, C, C++, or JavaScript as executed by the iPhone OS WebKit engine, and only code written in C, C++, and Objective-C may compile and directly link against the Documented APIs (e.g., Applications that link to Documented APIs through an intermediary translation or compatibility layer or tool are prohibited).

This has a couple of good points – firstly banning stupid languages (used by those people who are not smart enough to learn c++), and secondly getting rid of translation layers. Apple has clearly put a lot of thought into their APIs, so why would anyone want to put a layer on top of them – it’s just going to make things harder to use.

Languages
There has been a lot of talk recently about compiling “foreign” languages, such as haxe, as3, javascript, java, .net based languages, into binaries that will run extremely well on the iPhone. But like all foreigners (who are responsible for all the terrorism in the world) these languages should be cleansed from all iPhones to maintain the iPhones mono-lingual purity. Putting such insidious diversity into a beautifully designed device can be shown to confuse consumers, most of whom don’t even know their device and been compromised by these so call “high level” languages.

By raising the barrier of entry, and only permitting “real” programming languages (ie, “C” based ones), Apple ensures that the quality of apps will remain at its current lofty levels. “Natural Selection” will then weed out those people who are too lazy or too stupid to learn a proper language. In fact, I think Apple has not gone far enough here and should dabble in a bit of “Intelligent Design” by requiring that all developers who wish to submit apps hold at least a 4 year degree in computer science. Just imagine a world where any kid can work out of his garage and build an application with an original language, or bit of hardware, that snubs its nose at the establishment – anarchy would ensue. Therefore, it is important that the responsible companies out there vet such potentially disruptive ideas before they can cause too much damage.

It can’t be said that Apple don’t like new langauges, after all, they championed the greatest NeXT Step in programming ever, Objective-C, it’s just that all the other languages are utter crap. Some of then do away with the beautiful square bracket, some use commas to separate function arguments and nearly all the modern ones perform “Garbage Collection”. What a joke! Apple solved this problem years ago be simply not creating garbage in the first place. Again, it is only those too lazy to learn about how to use allocation pools and correct reference counting that need anything as dirty as Garbage Collection.

The new langages, such as haxe, are so terse that you do not even know when you are using a delegate. How can anyone possibly understand that code like:
addEventListener(KeyboardEvent.KEY_DOWN, function(event) { trace(event); });
Is supposed to do? I mean where is the delegate? Where is the class that implements the UITextFieldDelegate protocol? (And why must these languages continue to call things “Interfaces” when they are clearly “Protocols” ?)

I think Apple are right to ban code generators, such as the haxe c++ backend. While these produce code that could in theory be produced by hand, the code it robotic and lacks the “soul” of hand written code. To err is human, and without the quirks introduced bu a human coding c++ we may as well hand the future over to SkyNet and let the machines run everything.

Layers and Tools
Thankfully, Apple has also done its research into programming techniques as well as programming languages. The problem with programming these days is that where are too many layers and tools to learn, and they are taking us back to a simpler times where you are “close to the metal”. Apple rightfully shuns these extra layers, and focuses only on code. Once you understand Objective-C, Interface Builder, NIB, XIB, Frameworks, .app layouts, provisioning, xml, plist, controllers, delegates, owners and outlets, then you can create pure lovely code, without any of that layering crap getting in your way.

Programmers must beware of code that essentially “lies” by pretending that the beautiful, native API actually looks like one of the ill-conceived APIs from another language. For example, why would anyone want to view a native UIView image as the practically unsable as3 “equivalent” (I use the term loosly) of BitmapData? I don’t think there is a single successful application ever written that uses this BitmapData class.

Isolating your code from the native API will cause your code to lose its identity. If you can compile it for another (obviously inferior) device then your code will become tainted by the lower class device, even it it performs identically on the Apple device. How quickly people forget that the upper class should not mingle with the lower class.

I hope Apple’s ban extends to the gzip “translation layer”. Programmers should not be using this library because it has security implications, and they should simply use the streaming classes and do the decompression in their own code. If more programmers thought like Apple, then there would be a lot fewer security holes in software.

Don’t get me started on Game Making programs. Thank god these are banned – imagine letting a non-programmer create an App. What next, Artist creating games? Don’t make me laugh.
Conclusion
Apple has made a huge stride forwards by tightening the definition of what a real developer is, and I’m looking forward to what’s next. I think they have a little way to go – for example, what about all those people using foreign editors, rather than XCode? Surely if XCode is not good enough for a developer, then that developer is not good enough for Apple. The best way I can see for them enforcing this is for them to install a “watchdog” application the the developer’s machine, and send screenshots back to Apple periodically. That way, if the developer does not conform to the coding purity required by Apple, they could be identified and sent to a camp to help them concentrate on being better programmers. Win-win, what a great idea.

http://gamehaxe.com/2010/04/10/bravo-apple/

GAEPF Project

Going to be keeping a record of my progress here, good luck to me?

Currently Stable:
Controllers & Data types are pretty much completed.
Front end classes are completed
working on portlets + front end design and slicing the back end to expose in the front
going to be working on the image viewport tonight, hopefully nothing breaks... again.

Stuff to do:
encapsulate all data import/analysis processes.
complete design
crowd source discussion and data fine tuning

Where is it... we need it... does it match my dress

Google, HTML5, and Quake II

Google decides to get quake 2 running in the browser (html5 canvas/audio/javascript) for fun...



http://googlewebtoolkit.blogspot.com/2010/04/look-ma-no-plugin.html

Hacking Weak Passwords

How I'd hack your weak passwords - LifeHacker

"So, how would one use this process to actually breach your personal security? Simple. Follow my logic:

• You probably use the same password for lots of stuff right?
• Some sites you access such as your Bank or work VPN probably have pretty decent security, so I'm not going to attack them.
• However, other sites like the Hallmark e-mail greeting cards site, an online forum you frequent, or an e-commerce site you've shopped at might not be as well prepared. So those are the ones I'd work on.
• So, all we have to do now is unleash Brutus, wwwhack, or THC Hydra on their server with instructions to try say 10,000 (or 100,000 – whatever makes you happy) different usernames and passwords as fast as possible.
• Once we've got several login+password pairings we can then go back and test them on targeted sites.
• But wait… How do I know which bank you use and what your login ID is for the sites you frequent? All those cookies are simply stored, unencrypted and nicely named, in your Web browser's cache.

And how fast could this be done? Well, that depends on three main things, the length and complexity of your password, the speed of the hacker's computer, and the speed of the hacker's Internet connection.

Assuming the hacker has a reasonably fast connection and PC here is an estimate of the amount of time it would take to generate every possible combination of passwords for a given number of characters. After generating the list it's just a matter of time before the computer runs through all the possibilities – or gets shut down trying.

Pay particular attention to the difference between using only lowercase characters and using all possible characters (uppercase, lowercase, and special characters – like @#$%^&*). Adding just one capital letter and one asterisk would change the processing time for an 8 character password from 2.4 days to 2.1 centuries.



Remember, these are just for an average computer, and these assume you aren't using any word in the dictionary. If Google put their computer to work on it they'd finish about 1,000 times faster."

http://lifehacker.com/5505400/how-id-hack-your-weak-passwords?skyline=true&s=i

April Foooooooools

Google Docs to store ANYTHING... yes anything...
Coming soon! Store anything in Google Docs

The next generation of Google storage arrives in May and we’re looking for testers.

Find your keys and more
Ever wish you could CTRL+F your keys? Store your keys and other objects you commonly lose with Google and you’ll never have to worry about finding them again.
Fast pickup and delivery
We’re testing a new mail courier network integrated with our Street View fleet. We’ll show up within 3 hours to pick up anything you choose to store in Google Docs, guaranteed.
Competitive pricing
At $0.10 per kg, you can store a grand piano for the price of lunch.

http://www.google.com/google-d-s/promos/storage.html

Google to go Nuclear - TechCrunch

“Google has acquired a company that has created a new process for highly efficient isotope separation, we’ve confirmed from multiple sources. The primary use of this technology, say experts we’ve spoken with, is uranium enrichment...

'The story Google is putting out there is that the new technology will be built for clean energy production. But all of the research and development they’re doing in this area is being conducted outside of the U.S., and the enrichment facility is also outside of the U.S.'

And more chillingly: 'It would be trivial for anyone with this technology to build a nuclear weapon.'

Google, which has been shaken by its inability to counter Chinese censorship and hacking efforts, may be engaging in enrichment research as part of a new effort to simply protect itself from outside threats.

One source pointed out that if Google were its own country, its revenues would place it at 74th on the list of countries sorted by gross domestic product. 'The U.S. government clearly won’t protect Google from China, so Google is taking the logical step of protecting itself with a physical deterrent.'”

http://techcrunch.com/2010/03/31/exclusive-google-to-go-nuclear/

A different kind of company name - Google Blog
Early last month the mayor of Topeka, Kansas stunned the world by announcing that his city was changing its name to Google. We’ve been wondering ever since how best to honor that moving gesture. Today we are pleased to announce that as of 1AM (Central Daylight Time) April 1st, Google has officially changed our name to Topeka.



http://googleblog.blogspot.com/2010/04/different-kind-of-company-name.html

Correlation != Causality?

Continuing today's theme of amazing charts

http://statfail.com/

The recession won’t be over ’til…

Here are the facts: There have been four generations of Pokémon games. The release of each has been followed by an economic upturn. Coincidence?

http://statfail.com/

Infographics?

Doghouse Diaries: In the amount of time it takes you to read this...

http://www.thedoghousediaries.com/?p=1690

A brief, yet helpful, lesson on elementary resource-locking strategy...

An interesting article I found on the dangers of locking resources explained in a nice real life example.

The main points:
"I explained to her that it’s an elementary principle of concurrent system design that you minimise your lock phases: acquire a resource, use it and release it as quickly as possible, so that the resource can be used by other agents...I explained as politely as I could that separation of concerns is one of the most fundamental of all the principles of system design, and that for me to reschedule my own tasks and take on other agents’ responsibilities would be a gross violation of encapsulation. I explained that, instead, when she accepted the get-the-boys’-drinks interrupt, she should have relinquished her lock and passed the cheese back down to my end of the table before going swanning off off on the drinks mission."

Full link: http://reprog.wordpress.com/2010/03/30/a-brief-yet-helpful-lesson-on-elementary-resource-locking-strategy

And also a nice response found on reddit =)

"Handling interrupts while locking resources is not just sub-optimal but it's highly dangerous. Imagine if both parents were so careless and, for example, when she handled the drinks-for-the-boys interrupt he was in the middle of geting himself something to drink. Further imagine that while having the drink source resource locked he handled an interrupt from the boys for some cheese on their food. BLAMMO! You're deadlocked! Everyone starves and you've got a dead family on your hands.
Not only is his strategy of releasing locks before handling interrupts speed efficient, it's also important for survival. They really dodged a bullet with that cheese thing. I can't believe his wife was so reckless with the safety of her entire family."