If you are building a platform of unhackable devices then you need to control the gateways to hacking; i.e. the tool chain and the application distribution channel.  So the clause above’s purpose is to due just that; e.g. if you want to hack code to run here you gotta pass thru our interpreters, our compilers.    But they wrote something stronger.  They wrote is that you have to write in language A,B, C, or D.  Only.    Your not allowed to write in language X, Y, or Z – even if you cross compile X, Y, or Z into A, B, C, or D before you deliver.  I don’t get it

For clarity: this means you may not write a program in say Python, and then run that program’s source text thru a Python to C translator before compiling it before submitting for Apple’s approval.

One of the things that lead me to Lisp was noticing how most of the programs I wrote weren’t in the language the compilers offered me, but instead we would design a custom language better suited to the task at had.  For example the rule system that drive a compiler’s optimizations, get some delicate thing to work on multiple systems, or the custom notations that generate the object system.  Once I accepted how central that is to software architecture, I wanted a language that respected and encourage that.

I’m not terribly surprised that Apple has decided to run the audacious experiment of creating a platform that strives for devices are no longer computers once in the hands of the end user.  Devices which the end users can not hack upon.  I think it’s kind of vile and it worries me that they may succeed, but it doesn’t surprise me.  I should write another post about how potent such a platform will be if they can sustain it.

They aren’t the first to go down this path.   It’s what the locked phones do.  This is what some of the game consoles do.  And I guess if you fully embrace my presumption that the right metaphor for modern websites (aka applications) is that they are massively multi-player games, then it’s only inevitable that game industries habits would move in the rest of the application stack.

By way of amusement this clause would appear not prevent you from doing a less interesting but still common architectural trick.  I.e. where you write in a dialect of language A, call it A’; and then cross compile from that into A before running thru their tool chain.  So if you can cast your need for a domain specific language into a dialect then you can sort of wiggle around the restriction.   To my surprise there is an important example of this, Caja.  Caja is a dialect of Javascript with some extremely desirable security features.  It’s used by Yahoo and Orkut (for example) to assure that third party widgets are tightly constrained in the damage or snooping they can do to other portions of the web page.

And I guess there is always C++; you can do some very wonky things at compile time in C++.

There is a minor bit-o-confusion on the Macintosh. The edge nodes all use tun devices, rather than real ethernet devices, to plug in. You’ll need to install tun devices by hand. Then these devices will not show up in the various System Preferences. Don’t worry about that.

The n2n processes (both edge and supernode) will report status via UPD if you poke a UPD packet into at 127.0.0.1:5645 (aka localhost:5645) as so:

$ echo """" | ncat --idle-timeout 1s --udp localhost 5645
----------------
uptime    1212
edges     2
errors    0
reg_sup   21
reg_nak   0
fwd       0
broadcast 76
last fwd  25 sec ago
last reg  5 sec ago
Ncat: Idle timeout expired (1000 ms).
$

You will probably need to install ncat, which is part of nmap.

Each edge node in an n2n community’s pseudo ethernet needs a MAC address. Analagous to private IP addresses there are private MAC addresses. This mess will gin up a stable MAC address for your edge node based on the first mac address found on your machine.

N2N_FAKE_MAC=`ifconfig -a | awk '/ether/{print $2}' | head -1 | sed 's/^..:..:../10:00:00/'`

If you want an edge node to route all traffic thru you community’s VPN and then out to the rest of the network you need to do two things. Some edge node needs to volunteer to act as a gateway and each client that wants to use that gateway needs to configure their routing appropriately.

First, gateways typically run natd. Happily on the Mac you need only enable internet sharing in the sharing control panel to get that going.

Secondly, edge nodes that want to route over the VPN and out that gateway to the rest of the internet will then need to mess with their routing tables. That’s risky; mess up your routing table and you lose connectivity. You can find out what the default route for packets is by asking:

route -n get default

Note the result down since you’ll need it to switch back.

You can change the default route by doing (presume for a moment that your gateway node is running at 192.168.13.1):

route change default 192.168.13.1

But wait; that will break your N2N vpn, because your traffic to your peers will try to flow thru the new default. So you need to add specific routes to the supernodes and other edge nodes first. I don’t know how to get the list of edges; so I set them up by hand.

You switch back by resetting you default route, and tearing down the one off routes to other n2n nodes. Of course if, all else fails, reboot. Your on your own.

You can see the entire routing table by doing: “netstat -nr“.

…php
…php?d=/home/<myusername>/enthusiasm.cozy.org/
…php?d=/home/<myusername>/enthusiasm.cozy.org/&ef=wp-settings.php&edit=1
…php?d=/home/<myusername>/enthusiasm.cozy.org/&ef=wp-settings.php&edit=1
…php?d=/home/<myusername>/enthusiasm.cozy.org/&e=wp-settings.php
…php?d=/home/<myusername>/
…php?d=/home/

Today one of my many fans, i.e. my wife, noted that my RSS feed wasn’t working.   I’m a professional, so I provided the Guild’s standard response: “Works for me.”   Actually it wasn’t working for the desktop blog reading software she uses, while it was working for my desktop blog reader.   Finally run the RSS validator on it which announces there is a <script> tag in the feed.  Eh, what! I don’t see that doing view source in my browser.  Hm.

Finally I pull the feed with curl and that version has the problem.   Prepended on the RSS feed is a script that while compressed and obfuscated.   The obfuscation means it’s got lot of unique tokens in it, i.e. CeHxprJ, lJeVYuCF, UYwXC, and google finds a copy of the script here: http://pastebay.com/82974  but, that link has disappeared, presumably because that paste bot has a setting that will discard postings after 24 hours.

The infection in my blog was in wp-settings.php.  A second <php> block had been inserted at the front of the file.  That injected the script into every page, not just the RSS feed.  Here’s the start of that code.   As you can see it isn’t injected into every page; only certain browsers and then only if there aren’t any cookies yet.  That explains why I didn’t see it in my browser and I assume how “generous in what they accept” RSS readers explains why which people were getting my posts.


I removed it.  All the rest of the php files had md5 checksums that match the distribution of wordpress 2.9.1.   Of course I am, presumably, still vulnerable to what ever infected the blog to begin with.

Bleck.

WordPress tempts you into thinking that you can post by email.  But the built in mechanism is flawed in enough ways to make it dead to me.  E.g. –  can only handle simple mail formats, it can only hand unencrypted POP3, and finally didn’t work at all.

But, happy day the wordpress plugin Postie works for me.

It’s a bit complex to get all the toggles set right.  For example I rarely send email in rich text format, but in this case it’s worth it since the converter will handle all the formating.  Including images.  Floating images!

WordPress tries hard, but the image editing is really too tedious, and its editor is fine; but not as good as the one in my mail program.  And, my mail program there has grammar checking.

Getting all the settings right is delicate.  By default you need to email from the same account you WordPress user id is associated with.  And, you may need to change the email address associated with your admin account for that to work; since I assume it picks the first account it finds.   You will want to check that your blog knows what time zone it’s in, that’s on the general WordPress settings page.  There is also a setting in Postie, but fix the blog’s setting first.   It helped to toggle the “preferred text type” in the postie message settings to “html.”  And you’ll need yet another email account.

Initially I had all the email originated postings filed under “drafts,” and I recommend that until you think you have all the bugs worked out.  But, I’m somewhat sad admit, I still fiddle with the final result by hand.  In particular it isn’t quite getting the paragraph breaks right.

Since I did that kind of work starting in college and then very intensely for the years after the Macintosh was released I’ve had the fun of watching as people tried every possible variation of how they might make a UI work.   I think that search space is pretty well mined out.   Stuff is rediscovered all the time.  Rarely somebody stumbles on a new idea.  Most of the time the computers get faster so things become possible that were just too slugish to do before.

In recent years as I’ve become interested in how we manage our attention I’ve become increasingly interested in UI schemes that help with that problem.  I’m a huge fan of Readablity, a bookmarklet that attempts to glean out only the text you want to read from your web page.  And I like the hack for the Mac Spirited Away that automatically hides applications that have fallen into the background on the desktop for some period.  I desperately wish I could find a similar hack that would replace, on demand, the entire screen with the content area (and only the content) of the topmost window.

Those are all examples of hide the clutter when I’m doing something, and they are directly analogous to the hide the cursor when I’m typing.   There is a dirth of good schemes for automatically hiding when I’m reading.

Anyhow the new scheme that Google recently deployed of hiding the clutter on their homepage until you move the mouse pointer is, amusingly, a direct extension of the hide the standard mouse pointer when typing (and he is typing right?).   My silly brain screamed out “bug!” when I first saw this; complete with a diagnosis that the code for mouse pointer hiding was hiding too much stuff.  The same part of my brain then tried to puzzle out how code got the clutter into the top most overlay which includes the mouse cursor.

Who knows?  Maybe it will become standard practice to hide other clutter, in addition to the mouse pointer, upon typing.

• Continuous deployment.
• Tell a good change from a bad change quickly
• Revert a bad change quickly
• Work in small batches (at IMVU, large batch = 3 days worth of work)
• Break large projects down into small batches
• Have a cluster immune system
• Run tests locally. Everyone gets a complete sandbox
• Continuous integration server – tests to ensure all features that worked before still works
• Incremental deploy – reject changes that move metrics out of bounds
• Alerting and predictive monitoring – wake somebody up if metric goes out of bounds. Use historical trends to predict acceptable bounds.
• Conduct rapid split tests: A/B testing is key to validating hypotheses
• Follow the AAAs of metrics: actionable, accessible and auditable

But for heaven sakes!  Nothing on this list is particularly insightful or new.  All these things were true in 1980.  Have we learned nothing?  Is the schooling around software development so weak that these are news to people?  This list ignores the much more fundamental question of when those rules get broken.  Hint: about half your time will be spent in that state.  But what’s key is knowing when that is a good witch v.s. a bad witch.  The only customer/user input or feed back loop in that list is A/B testing.  That is particularly bogus!

Feeling cranking.   The old joke for the 1970s about the software industry:  ”I am blessed to have stood on the toes of giants!”

Update: via @gully this cartoon is great too, I’ve added one frame here as an illustration

If you keep your eyes open you will notice assorted tools for self binding.  To do lists, reminder services, and date books are simple examples.  There are software applications that will lock out your internet access.  There are savings plans that include a penalty for early withdrawal.   In Arizona you can sign onto a list that requires the casino to deny you access.

Some of the promise keeping aids involve enlisting a third party.  There is a horrible scheme that addicts fall into where they enlist a friend and license him to punish them in some awful manner if they break their promise.   For example they might write a letter which will ruin their professional life if revealed and then give it to the third party.   Once you introduce the third party there is all kinds of risk for abuse.  The third party might extract a promise from a victim during an irrational moment by coercion.  A light weight example of that is how the salesman at the health club pressures customers into signing up for a subscription.   And then, there are chastity belts.

Some of these promise or binding technologies are designed to remove the temptation entirely.  For example: living in the dry town, never buying the liquor, and avoiding the pub.  And those come in degrees – for example moving the ice cream to the back of the freezer.

I’ve been stewing on what might be the lightest weight service a third party could offer to help individuals with this class of problems.  And I have a theory.  It’s based on the time-lock example used for bank vaults.  In that case the bank want’s to remove any possibility of opening the vault for some period of time – usually while the bank is closed.   While obviously the bank’s intent is to keep criminals from stealing their money they actually promise not to open the vault under any circumstances.  They are self binding.   They could of locked the vault with a one time password and given it to a trusted officer of the bank.   They don’t trust themselves.   Apparently the only thing they trust is the people who built the vault.  It’s interesting that if you look at pictures of these time locks they are usually in transparent cases so anybody can visually inspect the mechanism.  They are over engineered and simple which encourages that inspection.

Say you wanted to lock up a present for christmas day.   You put it in a safe, put it under the tree, and christmas morning you hand the key to the recipient.  But what if you want to wrap up a present for yourself and you don’t trust yourself not to open it too soon.  Now what?  You could ask the help of a friend, but that’s got other complications.  Can you solve this problem without a third party?   You could if you could buy a time-lock.   I’d love to know of a vendor.  I’ve not found one.   I find that bizarre; surely there are lots of people who’d like to lock things overnight etc.

Anyhow, I’ve built one for you.   It’s based on a bit-o-crypto.  You lock up things up by encrypting them, and later when the timer runs out you can decrypt them.   Frustratingly this does involve a third party, my little service.   You get the means to encrypt by going to the service, and later once the timer has run out, you go back to get the means to decrypt.   This depends on public/private keys.  You use the public key to encrypt and the private key to decrypt.

For example say you want to make it much harder to play that damn addictive video game until next tuesday.  You go grab the public key for next tuesday and lock away the damn game by encrypting it.   Next tuesday, or sometime after, you go grab the private key and decrypt the stupid game.

Of course this requires that you trust me to keep the service running and not loose the keys it gin’d up.  I wouldn’t recommend trusting me, yet.  For example I really haven’t tested it much .

Here’s the service http://hang-on.appspot.com/.   I’d love to hear suggestions for things to do with this, or ways to improve it.