Monthly Archives: October 2013

The natural effects of performance programming versus security

It’s been fun to follow John Carmack – the programming hero of my youth – on Twitter. This from today:

So there is the money quote: “Lots of C/C++ code should be Java/C#”.

Why? It’s slower, it’s garbage collected, it’s tied to a framework, it’s….. what do all of these things do? They make it a lot harder to actually hack!

Look at just about every single Flash or Acrobat or IE vulnerability that comes out month after month. Many of them involve things that are ONLY possible in C – unintentional code execution, buffer overflows, etc.

So C is great, learn C, but then don’t use it for everything thinking you are hot stuff. The core loop of that database driver? Keep it hot. All those GUI elements? How about you keep them safe and boring instead? It may sound kind of crazy to call .Net or Java “safe”, but this really is often the case.

Hacking an ancient Braille printer

My youngest daughter is blind but is otherwise a bright and energetic five-year-old. We’ve been teaching her braille over the past year, something my wife is particularly skilled at. Since it would be handy to be able to print braille materials ourselves, we looked into purchasing an embosser. Unfortunately, they all cost in the $4000+ range or more! My wife poked around and found an old one on eBay for only a hundred bucks. We bought it, figuring we could make it work.

embosser1

Wow, this is quite the contraption. You know you are working with something interesting when the serial number is only 3 digits. (Still not quite as interesting as the coffee roaster from Turkey that I use at the shop, which has a 2-digit serial.) The metal embosser comes embedded in a hard-shell suitcase and weighs about 50 pounds. It makes me think of some kind of Soviet-era missile launch contraption. It has a 5-pin AT keyboard input, a 36-pin parallel port, and a paper feed button. It takes 12-inch tractor-feed paper and sounds like a machine gun firing when it prints, punching out the dots against the backing of a steel plate. I literally can’t use the thing at night as it will wake up the whole house.

embosser2

First, I needed to hook it up to a PC. I had an old laptop with a real parallel port on it, but it gave up the ghost shortly after the printer/embosser arrived. My next option was to use a USB to parallel adapter. I purchased a Belkin one thinking it was a prominent brand that should be well-supported. That turned out to be untrue. The drivers for this were pretty flaky. I was able to get it to fly eventually though. The Mac drivers were a disaster, so I decided to stick with Windows for the time being.

usb-p

I set it up as a “Generic Text Only” printer in Windows and tried sending some text files to it. It quickly became apparent that data had to be streamed to this thing in just the right fashion to keep it happy. The main problem I ran into was that carriage returns causes two lines to be skipped, wasting a lot of space. Using NotePad++, I was able to easily change some of the finer details of the ASCII data I was printing. I Tried unix-style line breaks, and the alternates. No dice. After a bunch of trial runs selecting different paper sized to see what effect they had, I concluded that I had to not send any page margin meta data at all to keep the old thing from flipping out.

embosser-screenshot1

embosser-screenshot2

A lot of searching online yielded a reference to rawprn.exe, a tiny executable compiled from a piece of C++/Win32 API code released by Microsoft in 2000. The original reference is here. This truly streams raw bytes to the printer – straight text with no margin information or page breaks or headers, or whatever. Just what I needed.

// Send the data to the printer.
	if( ! WritePrinter( hPrinter, lpData, dwCount, &dwBytesWritten ) )
	{
		PrintError( GetLastError(), TEXT("WritePrinter") );
		EndPagePrinter( hPrinter );
		EndDocPrinter( hPrinter );
		ClosePrinter( hPrinter );
		return FALSE;
	}

embosser-screenshot3

I intend to modify this utility to replace line breaks with padded spaces, keeping in mind that the width of each line is exactly 42 characters on this device. I’ll also need to issue an actual page forward command after 25 rows so it skips the perforrated page seperator and resumes printing on the next page. I was able to print some documents in the proper contracted “grade 2″ shorthand of braille with good results using this method. I’m going to update this post in a few days when I get a chance to build a fully-functioning script. At this, point, I’m still messing with the files ahead of time by hand.

embosser-screenshot4

On constraints fostering creativity

Here, Knuth gives an example from his own life where he was at his most creative during a time when he “shouldn’t have been”.

If I look back at my own life and try to pick out the parts that were most creative, I can’t help but notice that they occurred when I was forced to work under the toughest constraints. For examples, 1967 was surely the msot hectic year of my life, but that was the year when I was lucky enough to come up with several ideas that are now considered important, like “attribute grammars” and “Knuth-Bendix completion” and “LL(k) parsing.” I actually had not time to do research that year, because The Art of Computer Programming was nearing publication, and my wife and I had two babies to take care of, and I needed t be hospitalized briefly, and I gave lectures in five countries on five different subjects, in addition to the classes I was teaching at Caltech. yet I stole time to look at new things whenever I could; for example, at once conference I remember that I skipped most of the lectures so that I could sit on the beach and do research. I often wonder whether I would have been more productive or less productive if my life and been more stable that year.

My experiences suggest that the optimum way to run a research think tank would be to take people’s nice offices away from them and to make the live in garrets, and even to insist that they do non-researchy things. That’s a strange way to run a research center, but it might well be true that the imposition of such constraints would bring out maximum creativity.

-Donald Knuth, Things a Computer Programmer Rarely Talks About, p.82

I was just telling an artist friend of mine something similar. It seems that times of creativity do go hand-in-hand with times of highest productive output. Many of the best artists just work and work and work and come up with new good stuff along the way. When they stop and take time to “be creative”, they quickly stagnate. This is why sabbaticals, while perhaps providing physical rest, often backfire with regards to coming up with new ideas. The place to hit on new material is in the trenches, with bombs going off around you.

From a programming perspective, I know that I’ve also slipped a bit when things were quiet. In hindsight, being in college about 13 years ago was the easiest time of all. Now I have four children and very few hours or even minutes in the day unaccounted for. But back when I had entire weekends at my disposal, I came up with nothing. Now, I come up with all kinds of new ideas and solutions for problems in the scraps in-between everything else. I think we just have to take whatever we have and run with it.

An example of class delcaration shorthand

Chapter 1 of C# In Depth gives a nice history of how class definition shorthand has evolved. I realized I was still doing a few things the old verbose way. I am all for shortcuts as long as they don’t decrease readability too much. Since all the examples in books usually involve products or customers, I thought it would be a lot more fun to pretend to make be making a video game. Here is the old way of making a Monster class.

public class Monster
{
    private string name;
    public string Name
    {
        get
        {
            return name;
        }
    }

    private int hitPoints;
    public int HitPoints
    {
        get
        {
            return hitPoints;
        }
        set
        {
            hitPoints = value;
        }
    }

    public Monster()
    {
        name = "Giant Spider";
        hitPoints = 100;
    }

    public Monster(string name, int hitPoints)
    {
        this.name = name;
        HitPoints = hitPoints;
    }
}

Notice I have two different versions of the constructor defined there. So I can say:

Monster enemy1 = new Monster("Troll", 200); // I set the name and hit points
Monster enemy2 = new Monster(); // Defaults to Giant Spider. Fairly common I guess.

Now, in C# 4, using parameter shorthand and optional arguments, I rewrite the Monster class as:

public class Monster
{
    public string Name { get; set; }
    public int HitPoints { get; set; }

    public Monster(string name = "Giant Spider", int hitPoints = 100)
    {
        this.Name = name;
        this.HitPoints = hitPoints;
    }
}

Now I can say:

var enemy1 = new Monster("Troll", 200); // I set the name and hit points
var enemy2 = new Monster("Goblin"); // Set just the name. Default hit points.
var enemy3 = new Monster(); // Defaults to Giant Spider.

So now it has fewer lines, more flexibility, and is more readable.

Version naming woes

C# 1.0 –> .NET Framework 1.0
C# 2.0 –> .NET Framework 2.0
C# 3.0 –> .NET Framework 3.0
C# 4.0 –> .NET Framework 4.0
C# 5.0 –> .NET Framework 4.5

Why did someone do this? Sigh.

Also, we have:
2008 –> Visual Studio 2008
2009 –> Service pack
2010 –> Visual Studio 2010
2011 –> Service pack
2012 –> Visual Studio 2012
2013 –> Visual Studio 2013

Sigh again. For anyone curious, no, 2013 isn’t a major new version but pretty much a… service pack. Marketing got a little too excited I think.

I guess in the end though, this is still less confusing then naming all your releases after cats (Apple), or strange alliterative animals (Ubuntu) or candies (Andriod). I don’t think I want to use C# Velociraptor Edition or Visual Studio Mangy Muskrat anytime soon. They could have named Windows 8 “Lemon” though.

‘Google Salted’ adds random words to your search query – with surprisingly positive results

At the office, I work with several other sysads and programmers. We use Google day in and day out to solve a variety of IT problems. One of my friends was recently musing that perhaps our search queries would actually yield better results if they were somehow nudged sideways a bit from what we thought we were looking for.

I decided to take his suggestion and I built a simple search form that tacked on a random word from the dictionary to the end of each query are then redirect to the search results. The page has proven to be a practical success as well as just being fun to use and occasionally entertaining. Thought I had originally thrown the page together in C#, I decided to rewrite it in PHP so I could put it up on public shared hosting for others to try.

You can find the page at Google Salted.

I started with the back end. I wanted a simple page that could be called by an Ajax function on the browser and return a random word from the dictionary. Everything else would be on the client side.

To begin, I downloaded a dictionary from an open-source spell-checking library. It came in the form of a plain text file with about 100,000 lines, one word per line. I imported these into a simple single-column MySQL table. Then, I needed a light-weight query to randomly select one word from the list. This does the trick:

SELECT word FROM words ORDER BY RAND() LIMIT 1

Then the entire contents of GetSalt.php became:

<?php
function GetSalt()
{
$salt = "";
$con=mysqli_connect("localhost","words_user","password","words_database");
// Check connection
if (mysqli_connect_errno())
{
  echo "Error: " . mysqli_connect_error();
}

$result = mysqli_query($con,"SELECT word FROM words ORDER BY RAND() LIMIT 1");

while($row = mysqli_fetch_array($result))
{
  $salt = $row['word'];
}

mysqli_close($con);
return $salt;
}

echo GetSalt();
?> 

Hit this URL, and you get a word back in plain text with absolutely nothing (markup, etc.) wrapped around it.

Now for the front end. There is essentially a text box and search button to click. The rest is just frosting.

<input name="SearchBox" type="text" id="SearchBox" style="font-family:Arial;font-size:20px;height:35px;width:700px;" />
<button id="SearchButton" onclick="search(false);">Google Salted Search!</button>
<button id="LuckyButton" onclick="search(true);">I&#39;m Feeling Very Lucky</button>

Now for what the search actually does when you click the button:

<script type="text/javascript">
// Declare salt variable in document scope
var salt = '';

// Cause hitting enter inside of the search box to trigger a search
$("#SearchBox").keyup(function(event){
    if(event.keyCode == 13){
        $("#SearchButton").click();
    }
});

function search(feelingLucky)
{

// Get random English word
getSalt();

// Wait for the AJAX call to finish before continuing
$(document).ajaxStop(function () {

// Base Google search results URL with query parameter
var redirect = 'https://www.google.com/search?q=';

// Add on the values from the text box, replacing spaces with '+'
redirect += $('#SearchBox').val().replace(/ /g, '+');
redirect += '+' + salt;

// If they hit the lucky button, tack a little more on to the end
if(feelingLucky)
   redirect += '&btnI';
   
// Now redirect the user. Done. 
window.location = redirect;
  }); // End ajaxStop function

}

function getSalt()
{
$.ajax({
    type: 'get',
    url: '/googlesalt/GetSalt.php',
    dataType:'text',
    success: function(data) {
        // Call will return a single word as a string. Set the salt variable to this value
        salt = data;
    }
});
}
</script>

This all pretty simple except for the fact that the getSalt() function executes asyncronously. That is what the A in ajax is for after all. That means that it will just make the call and go right on humming building the rest of the redirect url before the call replies back with a random word. To stop it from continuing until the “salt” word is retrieved, we have to wrap the function in that ajaxStop method.

$(document).ajaxStop(function () {
   Do stuff after all the ajax calls are done.
};

That is the heart of it. Then I styled the page, photoshopped a logo, and added a few niceties like a function that detects an enter keystroke in the textbox and executes the search. By making most of the logic on the client-side, no additional round-trip to the server is needed and queries are kept anonymous and no logged.

Is this just a silly little toy? Sort of, but it has turned out to be a case of engineered serendipity. A few examples below. (I had some better examples, from a couple weeks ago, but they have slipped my mind.)

A colleague of mine had been frustrated searching for information on a strange error related to a recent Windows service pack. He tried the salted search and it added the word “snap” to the end of his query. He was immediately shown a rather buried blog post about how someone had worked around the error using a particular Snap-in on the Windows MMC console. This result was buried under unrelated junk, but introducing some randomness brought it to the top. You would say, “That’s just luck!”, ah, but you’d be amazed how often one gets lucky.

Another friend was trying to dress up his office with a interesting doorstop. The salt search suggested an antique typewriter. Great idea.

Searching for “javascript wait for ajax” just now tacked on the word “meowing”, which led to a good example of how to do the same in a particular ruby framework. Apparently “meow” is a convention used in example code in some circles, kind of like ‘foo’ and ‘bar’. Not particularly useful knowledge, but kind of fun. I think the tool is ultimately the most useful if you are really stuck looking for something. Forcing you to look somewhere in the library that you hadn’t considered can lead you back toward the correct path if you are lost.

Debugging viewstate size in .Net

I’ve been debugging a problem in a web application lately that involves Safari on iOS mangling the .Net viewstate parameter if it gets very large. Part of figuring out what was going on was to see what the ViewState actually was on each round trip and see what user actions were causing it to grow the most and when. I found that putting server-side code in place to spit out the results was not reliable, for a variety of reasons. The simple solution was to just add one line of javascript to broadcast to the developer what the new size really is. Surfing around the site, I was now able to easily see what made it jump from 3k to 40k. Really, you should have something like this in place BEFORE you try applying techniques to trim your viewstate down to a manageable size. Otherwise, you won’t have a good way to measure how much you are accomplishing.

<script type="text/javascript">
    alert('The Viewstate is now '
    + $('#__VIEWSTATE').val().length + ' bytes.');
</script>

Or, if you want a detailed breakdown of what’s in the viewstate on each round trip, instead add:

Trace="true"

To the Page directive at the very top of your .aspx.

Writing programming books and pretending to be immaculate

I’ve begun reading through the very recently released 3rd edition of Jon Skeet’s C# In Depth. As is often the case with books, the introduction itself is over considerable interest. Here, Jon is up-front about the fact that he frequently writes terrible spaghetti code, just like the rest of us. The surface perfection is just that – a surface. This sort of talk is always encouraging to me.

Despite my ever-surprising micro-celebrity status due to Stack Overflow – I’m a very ordinary developer in many other ways. I write plenty of code that makes me grimace when I come back to it. My units tests don’t always come first…and sometimes they don’t even exist. I make off-by-one errors every so often. The type inference section of the C# specifications still confuses me, and there are some uses of Java wildcards that make me want to have a little lie-down. I’m a deeply flawed programmer.

That’s the way it should be. For the next few hundred pages, I’ll try to pretend otherwise: I’ll espouse best practices as if I always followed them myself, and frown on dirty shortcuts as if I’d never dream of taking them. Don’t believe a word of it. The truth of the matter is, I’m probably just like you. I happen to know a bit more about how C# works, that’s all…and even that state of affairs will only last until you’ve finished the book.

-Jon Skeet, C# In Depth, 3rd Ed., p.xxix

The keyboard of my youth

The image in the header is of an old Commodore 64 keyboard from the 1980s. Though I briefly owned a VIC-20, the C64 was really my first computer and I spent many hundreds of hours with it.

I loved the big fat function keys, the color keys across the top, the two sets of ASCII art symbols available with C-SHIFT, and the fact that Pi had it’s own space. I learned to type on that crazy keyboard and to this day I still, when very sleepy, will find myself hitting SHIFT-2 for a double-quote character.

c64-keyboard

An introduction

I’ve been programming computers since I was eight years old do so professionally today. I’ve also been blogging regularly for the past six years, but the two activities have rarely overlapped. The 1000+ posts on my personal blog mostly deal with philosophy, theology, music, and culture. Though my personal involvement with technology and software development in particular is frequently mentioned, it is rarely the sort of material that someone reading a programming blog might find of interest. I also have small and much less active blog related to coffee and there is even less overlap there. So I’ve built this blog here to write about coding in particular. As personal blogging has been an excellent way to further my writing skills and force me to think about challenging topics, I hope this blog will serve to make me a better programmer and also provide an avenue for sharing some helpful information when the content isn’t a good fit for Stack Overflow or other online forums.

I will be back-filling this blog with a few relevant posts from my personal blog, just so it doesn’t seem so empty. I also plan to repurpose a few training documents I wrote up at work these past years as they could be made useful to a larger audience with just a bit of scrubbing.

To any who happen this way – thanks for stopping by! See the About page for contact info and relevant links.