Thursday, 27 November 2014

1Password earns my money

Passwords are a headache. I tend to reuse a group of passwords, even though it is not good practice. Creating secure, unique passwords for each login I have is too big a burden.

I had been aware for some years of password managers, but they seemed like a chore rather than a help. But watching my QA assistant use one to keep track of passwords made it seem worth trying. After a little bit of research I settled on 1Password for Mac.

After two months all I can say is “Why do I not do this years ago?”

Tuesday, 3 June 2014

Objective-C gets a swift kick

Yesterday Apple announced a new programming language called Swift. It seems to be a replacement for Objective-C. For OS X and iOS programmers this is momentous.

Every time I’ve tried to do some Objective-C programming, I’ve given up before too long, asking myself, “why am I using this type of language today?” Objective-C is powerful but it is an amalgam of C, C++, and SmallTalk. It uses antiquated notions and is generally painful to work with compared to other modern programming languages. It is a language oriented towards system programming, but is mostly used for application programming.

Swift fixes this. Overnight, I read Apple’s e-book “The Swift Programming Language” and I like what I see. It is a modern language, comprehensive, designed to make it easier to produce solid software. I’m amazed at Apple’s ability to keep this language secret for so long. It’s not a language that, like JavaScript, was created in ten days. It must have been in development for a long time, and the people creating it seem to thoroughly know programming language design. It has clearly been used to create some sample applications.

The feeling I get from looking into this language is the same I felt when first looking into Java in the mid 90’s: “Here’s a language that will make programming easier.” I’m looking forward to writing a sample application in Swift in the days ahead.

Best of all: no pointers!

Tuesday, 8 April 2014

Gmail 10 years on

It is 10 years since Gmail changed what email could be. It is good to recall just how much Gmail altered what we expected from an email client. Here’s a good reminder.

In the end, Gmail ended up running on three hundred old Pentium III computers nobody else at Google wanted. That was sufficient for the limited beta rollout the company planned, which involved giving accounts to a thousand outsiders, allowing them to invite a couple of friends apiece, and growing slowly from there.

I recall how excited I was when I got an invite to join Gmail.

Saturday, 29 March 2014

How to Write a Spelling Corrector...

…in 21 lines of code.

In the past week, two friends (Dean and Bill) independently told me they were amazed at how Google does spelling correction so well and quickly. Type in a search like [speling] and Google comes back in 0.1 seconds or so with Did you mean: spelling. (Yahoo and Microsoft are similar.) What surprised me is that I thought Dean and Bill, being highly accomplished engineers and mathematicians, would have good intuitions about statistical language processing problems such as spelling correction. But they didn't, and come to think of it, there's no reason they should: it was my expectations that were faulty, not their knowledge.

I figured they and many others could benefit from an explanation. The full details of an industrial-strength spell corrector are quite complex (you con read a little about it here or here). What I wanted to do here is to develop, in less than a page of code, a toy spelling corrector that achieves 80 or 90% accuracy at a processing speed of at least 10 words per second.

Read it here.

Tuesday, 25 March 2014

Why I like using Amazon Web Services

Amazon Web Services (AWS) are fast, cheap, and reliable. Usually you have to pick two out of three, but with AWS I get all three.

One of my uses for AWS is a MySQL database for tracking customer sign-ups and log-ins in Poker Copilot. It is a simple way to monitor usage patterns.

I’ve been moving around South America for the last ten weeks, running my business from hotel Internet connections. Every time I try to access this database, I find my access blocked, because access has to be granted to an IP address (or IP subnet) on a case-by-case basis. Each time I access the database from a different IP address I need to go into the AWS web-based console, and add my IP address (or to be precise, my CIDR/IP). Then, and only then, can I access the database.

It’s annoying. Because it is secure. Well, part of a secure configuration. And I like it. If I set up an MySQL instance myself on a rented virtual server, I’d need to set up this stuff. And I’d do it wrong, because setting up and maintaining a database server is not what I usually do. It’d be an after-thought.


Saturday, 22 March 2014

Learning by Teaching

Java 8 was released this week. I’ve been using an early access version of Java 8 for some months. Indeed, I wrote SeeingStars in Java 8.

Java 8 includes many new features, APIs, and additional syntax. Best of all it includes lambda expressions. This is possibly the biggest update to Java ever.

I’m finding it tough to learn and remember all the new stuff in Java 8. Then I recalled reading that when you teach a concept you become very knowledgeable on it. That is, teaching something is a good way to learn it very well yourself. So in light of this, I’ve restarted the Java Newsletter. For a while each week I’ll be covering a new feature in Java 8. If you use Java, I recommend signing up here.

Saturday, 1 March 2014

Lessons from Apple's SSL Bug

There’s a summary here of Apple’s recent SSL bug in iOS.

This sort of subtle bug deep in the code is a nightmare. I believe that it's just a mistake and I feel very bad for whoever might have slipped in an editor and created it.

Here's a stripped down that code with the same issue:

extern int f();
int g() {
int ret = 1;
  goto out;
ret = f();
return ret;

If I compile with -Wall (enable all warnings), neither GCC 4.8.2 or Clang 3.3 from Xcode make a peep about the dead code. That's surprising to me. A better warning could have stopped this but perhaps the false positive rate is too high over real codebases?

I fired up AppCode, the world’s best Objective-C IDE, which happens to also support C. I added the code snippet above, and it instantly and correctly highlighted the line “ret = f();” as unreachable code.

Lessons I take from this:

  • Use a state-of-the-art IDE that has excellent real-time code analysis tools. Don’t ignore the warnings it gives unless you have a really good reason for doing so. And even then use a error suppression technique.
  • Don’t ignore compiler warnings. Oh right, I already wrote that. It’s important, you see. Start ignoring warnings, and then when a really important one appears you won’t notice because it will be just one of dozens of warnings that you conditioned yourself to ignore.
  • Before committing code, run static analysis tools on it. Fix the issues detected.
  • If possible, have a formal code review on any code you’ve changed that is dealing with security, memory management, or threading.

There is much data and research that shows that these techniques lead to much higher quality software.