Riiiight here.

New numbers to serve as a reminder than more than 1 in 3 users are NOT using Internet Explorer at this point. And climbing.

Soapbox time! Caught this article this morning.

http://www.usatoday.com/money/smallbusiness/startup/week5-your-office.htm

People working remotely for their businesses. This particular American works remote … from Kenya. No insult to Kenya, I think that is fantastic! Now …. Hello NH! You know half the state (geographically speaking) has no broadband! I moved here from TX back in ‘97. I had to pay fierce fees for an ISDN BRI service, which for you younger folks may not know, was the cat’s meow back then. Since that time, my town and its surrounding area is the technological equivalent of a time machine in reverse. I can’t even get ISDN anymore. Perhaps we need some engineers in the government to shake the “granite” out of the nest? What is wrong? Not having such utility is a nail in the coffin for competitiveness. Not to mention “Distant Learning”, which only works if one has broadband. Doing homework at night … rural (and not-so-rural) kids are at a digital disadvantage. USA is number 15 or 16 in the world for broadband service (and this is averaged). In broadband availability and speed, we fall behind some countries that quite frankly have little or no sewage infrastructures! How can that be? If the current free market policies existed during the roll outs of electrical, and telephone services …. guess what … we would probably have no electricity and phones. The governments (federal, state) should have mandates that any ISP provider needs to provide equal and sufficient broadband access to all residents.

As a coda to Cyber Security Month in October, UNH IT (like the ring of that?) will be hosting a Web Security Jam on November 18th at 2pm (at an undisclosed location)… a bring-your-own-jelly gathering of developers, sys admins and anyone else interested in modern web security topics. As always, we learn fastest and best from each other.

UNH faculty and staff are welcome and are asked to email me for an invitation. That’s right, please use that link and invite yourself by mailing me. We’d like to know how many people plan to show up and I also want the chance to personally harass you into also presenting. We would love you to share any tiny nugget of wisdom you have on keeping websites and applications secure. We also want to make sure you are a UNH employee to attend this sensitive event, at which you’ll be frisked. Kidding on the frisking.

We will however announce the location of this event by mail to those of you who invite yourselves. Please let me know if you have any questions. Last year we heard about SQL injection, cross-site scripting, security-focused code reviews and other topics. Let’s see where it goes this year.

I’m in the planning stages of a Perl application where I need some sort of database engine back-end with pretty basic requirements. I’ve surprised myself in picking what, today, has become an unconventional choice; DBM. For long time Unix practitioners, DBM is well known and there have been many re-implementations of the original idea (NDBM, SDBM, GDBM, etc.). Whatever the iteration, the basic idea is the same; a library of routines that are loaded into the application’s own address space and provides a basic key/value based mechanism for storing and retrieving records. See Wikipedia DBM article for a brief explanation and history of DBM.

Of course many application developers have forgotten all about DBM, assuming that it is an obsolete technology. The assumption today has pretty much become that the database back-end engine will of course be a relational DB with an SQL query language interface. But between applications that need all the power and features of a full-blown relational database, and those that only need low-level read/write operations of general purpose file system, there is a middle ground that a DBM-like database engine fills very nicely.

As it turns out DBM style databases are not dead at all but are actively being developed. QDBM (Quick DataBase Manager) is just one of several modern DBM-like open source database libraries available for deployment. The QDBM web page graciously lists a short description of some of its “brothers” where author Mikio Hirabayashi writes:

There are many followers of UNIX DBM. Select the best suited one for your products. NDBM is ancient and you should not use it. SDBM is maintained by Apache Project, and GDBM is maintained by GNU Project. They are most popular and time-tested. TDB is maintained by Samba Team. It allows multiple simultaneous writers. While CDB does not support updating at a runtime, it is the fastest. Berkeley DB is very multifunctional and ACID compliant. It is used in many commercial products. Finally, QDBM is balanced of performance, functionality, portability, and usability.

For my own project I’ve decided to give Berkeley DB a try. It appears to be feature rich, well supported, and perhaps most importantly, is already installed on the system where I will be deploying my application.

For more information about the DBM approach to database management for applications, and about Berkeley DB in particular, I recommend checking out the first chapter of the Berkeley DB Programmer’s Reference Guide. It’s an interesting read and spells out the case for when a DBM style database is, and is not a good fit an application.

Just read an unexpected article by Garrison Keillor (American author and humorist) that pays tribute to the accomplishments of scientists, inventors, nerds in general, and in particular, to John W. Backus, Computer Science pioneer, who died in 2007 at the age of 82.

Backus directed the team that invented Fortran, the first widely used high-level programming language. Fortran was the second programming language I learned (after Pascal).  In the following semester I learned an assembly language (TOPS10).  Learning assembler certainly gave you an appreciation for the magic performed by a high level language like Fortran.  While the original Fortran language was crude by today’s standards, it was a real breakthrough of early Computer Science.  As expert assembly language programmers, the engineers on the development team put all of their skills and favorite tricks, into the first Fortran compiler.  When examining the resulting assembly language output generated by their first Fortran programs, they would often be surprised at the novel code that would emerge when the compiler unexpectedly combined two or more techniques from different practitioners.

Backus also co-invented the Backus-Naur Form (BNF) meta-syntax. This notation provides a precise and elegant method for defining the lexical and syntactic rules of a formal language such as programming language or data structure syntax.  My introduction to BNF in a Sophomore level programming class was another a-ha! moment for me as a developing programmer.  Learning BNF was relatively easy, you can learn it in an hour or two.  But by methodically applying a simple set of rules, it was possible to design the syntax of a complex formal language and specify it precisely using BNF.  From there it was then fairly straightforward to mechanically translate that BNF specification by hand into a program that could automatically parse and recognize the syntax you designed.

After our introduction to BNF, our assignment was to use BNF as an aid in the design and creation of a program that would correctly translate a number (such as 2.387) into proper English (Two thousand, three hundred, eighty seven). The program was to be written in Algol (my first exposure to that language) and after exorcising the compile time errors, it was the first non-trivial computer program I had ever written that had no logic errors on its first execution. At the time, without the road-map provided by the BNF, I would have been at a loss as to how to even begin to solve the problem in any programming language, let alone one that I had just been exposed to the week before. This was powerful stuff!

Could you imagine spending 20% of your time doing peer reviews of other colleague’s code? Well according to I, Cringely that’s what happens at Google.  There are a number of other practices that are not the usual norm as well.  Interesting reading.

Some 6 years ago, I left my job as a UNIX application admin at a Major Insurance Provider. I had spent some years there policing development, test and production environments for large groups of programmers, build managers, quality assurance engineers, and users. The platforms were AIX and Solaris, but that’s irrelevant.

A good portion of that time was Hell.

It turns out that living in a busy intersection of computers and power users is like being a traffic cop without a uniform. Half of these people will run you over by accident and the other half will run you over on purpose. They all know enough to be dangerous and many of them know far more than the cops. And they all have the purest of intentions, not to mention deadlines to meet.

Recently I was assigned WordPress admin duties here and set up test and production environments for our designers and editors. Somewhere along the way I forgot how challenging it can be to support power users in their quest to make increasingly cool stuff while not breaking things. I’m even quoted in an email somewhere boasting how ‘darn easy’ WordPress is to administrate. Silly boy! That may be true when you run a single environment blog site, but not so much when you have a creative team trying out various themes and plugins, FTPing everything but the kitchen sink to the servers, and generally exercising their Freedom to Compute across multiple environments. Who can blame them? That’s the job of a creative team.

Without a formal quality assurance department here (hope that’s not a shop secret), admins also become testers and de facto change managers on top of being command line jocks (or on the Windows side, find-the-well-hidden-checkbox jocks). This is a lot to shoulder. Managers here juggle such a number of initiatives and services that they need to operate at a higher level much of the time, and trust their teams… teams which are far leaner than in larger IT shops.

Change management is all about environmental protection. Keep production as sacred as possible without killing productivity. Provide enough freedom in development and test environments not to shackle designers and developers. Keep everyone in the ecosystem informed and happy. Everything old is new again for me, and although I am having occasional flashbacks to Hell, at least I have a small notion of how to stay above the flames.

But ‘darn easy’ it isn’t, and never was.

Yet another website about programming is Software Engineering Tips, written by an anonymous (as near as I can tell) genius. It’s full of opinions, wisdom, and humor, and may make you laugh, squirm uncomfortably,  nod your head in vigorous agreement, or punch the screen. Or all four of those things in some combination.

If you’re looking for security wisdom, D. A. Norman has some.

The numerous incidents of defeating security measures prompts my cynical slogan: The more secure you make something, the less secure it becomes. Why? Because when security gets in the way, sensible, well-meaning, dedicated people develop hacks and workarounds that defeat the security. Hence the prevalence of doors propped open by bricks and wastebaskets, of passwords pasted on the fronts of monitors or hidden under the keyboard or in the drawer, of home keys hidden under the mat or above the doorframe or under fake rocks that can be purchased for this purpose.

He’s not particularly fond of complex password rules. Fortunately, he didn’t make fun of ours. Because he found Northwestern’s.