Friday, June 27, 2008

Pattern Matching can be Fragile

Pattern matching in Haskell is so useful, that I have found myself using it extensively. However, in certain cases it has lead to code that doesn't adapt to change particularly well. Consider the following:

data Foo = Bar String Int Int

f (Bar _ x y) = x + y

In this case, pattern matching has provided a very convenient way for the function f to bind names (x and y) to the instances of the two Int elements in the Bar constructor.

The key point though, is that f has encoded the entire structure of the Bar constuctor even though it only operates on a portion of it - the two Int elements.

This means that should the structure of Bar change by removing the String or by adding other elements, the definition of f will need to change, even though the actual computation it performs is unaffected. More generally, if the number of elements in a Data Constructor is changed, all functions that pattern match on that constructor will need to be modified, whether their body is concerned with those elements or not.

Wednesday, June 25, 2008

QOTD

If you have had Panadeine Forte, Endone and a Morhpine injection and the pain is still so bad that you can't move, then you know you have a problem.

Monday, June 16, 2008

3 Shop Direct Error


I have decided to collect software errors I encounter. Not to necessarily point the finger at specific sites/companies, but to record the evidence I observe about how poor mainstream software development is in general.

This error occurred when I was attempting to view the mobile phones on a specific plan on 3 Shop Direct.

Friday, June 13, 2008

QOTD

Desparate Housewives essentially functioned as a kind of cognitive heatsink, dissipating thinking that might have otherwise built up and caused society to overheat.

- Clay Shirky
From the video below, which I found here.

Thursday, June 12, 2008

Cross Platform Password Management

Previously I used a MacBook as my main computer and authentication credentials were stored in the native Keychain. I now use a number of trusted machines that are a mixture of Macs and Ubuntu linux and I would like to manage and utilise those credentials from any of the machines.

Firefox
Many of the credentials are for web applications, so browser integration will be handy. So first of all I am switching from Safari to Firefox on the Macs to have a similar browser on all platforms. I am using a Firefox 3.0 release candidate. Firefox 2.x looks completely out of place on a Mac.

The Firefox Password Manager stores its data in two files (key3.db, signons3.txt) in your profile directory. These files are portable across my machines (I am happy that Firefox isn't integrated with the Apple Keychain), so I manage and share them via Git. By default, anyone with access to the two files can obtain your credentials, so I have also set a master password to take care of that.

To handle the case where I have multiple logins to the same site, I have installed the Secure Login add-on. So far it has worked really well.

KeePassX
For all other credentials I am using KeePassX. It stores its data in a file you specify. The file is portable across my machines and it is also shared via Git.

Wednesday, June 11, 2008

iiNet Customer Service

I am a customer of iiNet for ADSL2+ and VOIP. Up until today I have been happy with the service.

The story starts a couple of months ago. I needed a static IP address temporarily, so to do that iiNet had to upgrade me from a home plan to a business plan (can't get a static IP on a home plan). That all went very smoothly and for an extra $30/month I had a static IP.

Today I phoned iiNet to change back to the home plan, as I no longer require the static IP.

First of all I had to identify myself and I was asked for my username and password. Their hold messages go on about security, yet the first thing they do is ask me for my credentials over an open channel. I refused, so I needed to provide the last two digits of the bank account they direct debit from. So after figuring out which bank I pay this from, I log into internet banking to get the details.

Secondly, I got hit with an unexpected $20 downgrade fee. Might have been nice to know about that back at the beginning of this process.

Thirdly, once they had finished the procedure to revert my plan, I requested to make a complaint. I was informed that since I was no longer a business customer (30 seconds ago they had switched me from business to home) they couldn't accept my complaint as this was the business section, but they would be happy to transfer me to someone in the home section.

After all this, the guy then asks if there is anything else he can 'help' me with and pleasantly wishes me a nice day???

Tuesday, June 10, 2008

JungleDisk on Linux, Take 2

In my first look at JungleDisk on linux, I missed the fact that it uses WebDAV by default. Not only does this expose all your JungleDisk files to anyone that can connect to the WebDAV server on your machine (port 2667 by default), but it also has file metatdata issues (timestamps, permissions).

On linux, JungleDisk can also be mounted as a FUSE filesystem.

In switching from WebDAV to FUSE, I had a few minor issues:

  • Disabling WebDAV (optional) is achieved by setting the local port to 0. I tried through the GUI, but it didn't seem to get persisted. Modifying the jungledisk-settings.ini file directly did the trick.

  • When using the command line only daemon, I needed to use an absolute path for the mountpoint.

  • When using the command line only daemon I couldn't figure out how to see pending operations (without having WebDAV enabled). So I switched back to the GUI version.

Saturday, June 7, 2008

JungleDisk on Mac OS X 10.4.11

By default JungleDisk mounts to /Volumes/JungleDisk with read/write permissions to all users. So any other user on the machine can access it while it is mounted (a possibility if an SSH server is running or Fast User Switching is enabled).

This situation can be slightly improved by stopping the automatic mounting and manually mounting to a more appropriate directory. Assuming other users don't have permissions to access your home directory:

  1. In JungleDiskMonitor -> Preferences -> Jungle Disk Options, change the "Mount volume on startup as:" field to be empty.

  2. Quit JungleDiskMonitor and start it up again. The JungleDisk volume should not be mounted.

  3. $ mkdir $HOME/jungledisk

  4. $ mount_webdav http://localhost:2667/ $HOME/jungledisk
Now only root can get to your mounted JungleDisk. However while the JungleDiskMonitor is running, any user on the system can mount your JungleDisk by issuing a similar command to the last one listed above.

A question about this has been asked in the forums, but I can't see a resolution yet.

Configuration is located at $HOME/Library/Preferences/jungledisk-settings.ini. While the file is in plaintext, the AWS secret key and encryption/decryption keys are actually located in the login keychain, not in the configuration file.

The cache is located at $HOME/Library/Caches/jungledisk/cache. It is not encrypted. This can be protected by using FileVault, although in a multi-user situation (SSH Server of Fast User Switching), once logged in, the home directory is effectively unencrypted, accessible by root and any other user depending on filesystem permissions. Another option is an encrypted disk image, which has the same sort of mult-user issues once it is mounted. I haven't tried encfs on the mac yet.

Friday, June 6, 2008

JungleDisk on Linux

I have installed JungleDisk on my ubuntu linux machine at work and my mac mini at home. I have set it up to use encryption and have been happily accessing (read and write) the same data from both machines (at different times).

Using the default settings on linux, JungleDisk mounts to $HOME/jungledisk and stores its configuration and cache in $HOME/.jungledisk.

When mounted, it seems that no other user can access the jungledisk directory. I tried as root and got a permission denied error. I was pleasantly surprised by this behaviour.

However, any user with sufficient permissions can access the .jungledisk directory. This contains both a local cache and a configuration file named jungledisk-settings.ini. There are two security issues here:

  • The jungledisk-settings.ini file contains both your AWS secret key and your encryption/decryption keys in the clear.

  • The local cache is unencrypted.
The simple solution was to move the .jungledisk directory into an encrypted encfs directory and create a symlink to it. Problem solved.

EDIT: There is a now a follow-up post.

Bubble Rings (Toroidal Vortices)

Last night on the ABC there was a show called Catalyst that had a story on bubble rings, or toroidal vortices. A toroidal vortex occurs when a fluid flows back in on itself to form a donut shape, like the ring around a mushroom cloud. You can see dolphins making and then playing with them in the video located here.

Thursday, June 5, 2008

Secure File Storage on Amazon S3

I decided to use Amazon S3 for hosted file storage. I would like to store files using rsync as well as storing Git repositories. Some of this data will be private, so I would like it encrypted while it is stored on S3, but decrypted from the perspective of the tools on my computer. I am planning to access S3 from a number of trusted computers running either Mac OS X or linux.

I found a few ways to mount my S3 space as a filesystem:

  • PersistentFS. Free FUSE filesystem for linux, not sure about Mac OS X.

  • ElasticDrive. FUSE filesystem for linux, Mac OS X not available yet. Free for 5GB, significant price jumps after that and the price is per OS installation. However it is a block device and seems to do much more than I need.

  • s3fs FuseOverAmazon. Free FUSE filesystem for linux and Mac OS X.

  • JungleDisk. Mac OS X and linux support. Commercial, but costs only $20, which includes lifetime updates and can be installed on multiple machines. Supports encryption using 256 bit AES. Optional service at $1 per month that provides block-level file updates and resuming file uploads.
I considered trying an encryption layer (encfs, TrueCrypt) over s3fs, but decided to give JungleDisk a go with the hope that it would be simpler.

Sunday, June 1, 2008

JAOO Brisbane, Day 2

A highlight of JAAO Brisbane Day 2 was standing around talking with Erik Meijer, Don Syme, Joe Albahari and some Workingmouse guys. The conversation comparing Java with C# and the JVM with the CLR was a bit of fun. Catching up with Dave Thomas was also good.

The program I followed for the day was:

Keynote: Clean Code, Robert C. Martin
The audience generally seemed to enjoy this presentation. I found the main points to lack justification (no the jury is not in on TDD) and the attempted emotional guilt trip by associating the points with professionalism unhelpful.

Building RESTful Services with Erlang and Yaws, Steve Vinoski
Steve talked about Erlang briefly and little more about Yaws. Most of the talk was about REST.

GData, Google, the Cloud, and You, Gregor Hohpe
Two interesting demos. Firstly the Google Mashup Editor and then the Google App Engine.

Language Orientated Programming with F#, Don Syme
There weren't many people in this session, which turned out to be great because Don made it more informal. Most of the session was centered around using F# for parallel and asynchronous tasks. The implementation is done using Monads (but don't tell anyone :-)). Don happily answered questions from people new to functional programming and others comparing with Haskell. He knows his stuff.

Multi-language Programming, Steve Vinoski
I wasn't in much of this session, but while I was there Steve talked about the Blub Paradox, languages suited for XML processing (Scala got a mention) and Concurrency. The problem of shared mutable state got raised again (amazing how often it pops up) and then Steve talked about Erlang using similar material to his previous session.

Overall, I enjoyed the conference and am very appreciative that Dave, Trifork, the speakers and everyone else involved brought JAOO to Brisbane.