Met Runar, Discussed Software

I met with Runar (he’ll have a blog soon, I swear) today, and we discussed open source, Python, and all related goodness over coffee and vegetarian lunch free-riding on the ‘sNice wireless network.

We spent about 3 hours there, just talking about Runar’s project, “sqlstring”, my ideas about inferred typing and static source code analysis in Python, Python’s niceness in general, user interface toolkits, AJAX being a big, nasty hack, and web application frameworks in Java and Python. Our discussion really degrenerated into praise of vim once we discovered that we were both happy users. Text editors really bring people together.

Runar kind of convinced me that trying to infer all the types of objects is very “unpythonic,” which I guess is true since it discourages the crazy stuff you can do with Python. Maybe the best thing to do is judiciously eval code, as was my original impulse for getting nice completion out of Python? Not sure.

Or maybe I should just give up the idea and accept the fact that vim plus ipython is just about as good as it gets. That seems like a cop-out, though.

Regardless, Runar seemed somewhat willing (only half-willing) perhaps to give a small talk for Free Coders on Python, I’ll see if I can convince him that it’ll be fun. I suppose I could give the talk myself, but I already do all the talkin’.

User interfaces with GTK+ and Glade

I’ve been hacking up a user interface for my motion capture/computer vision project called “Hand2Hand,” found here.

At first I was gonna do the user interface in Python and have the image processing done in C, but then I decided that the user interface was simple enough that I should just give GTK+ in “pure C” form a try. Of course, I used Glade, which drastically reduces the amount of annoying code for things like Vboxes and Hboxes and Containers you have to write. In fact, using Glade, interface design becomes somewhat straightforward in C. Which is weird, because C seems like it was never built for user interface design, but the g_signal system makes it easy to catch events that occur in your program, and GTK+ is high enough abstracted that you can do pretty well. I don’t know how well GTK+ scales for large programs (i.e. many dialogs, many lists, etc.)–in that case, I think I’d definitely pick a higher level language.

Looking forward to how this application may turn out. OpenCV looks like a pretty awesome library.

Annotated and Hyperlinked Notes on Professor Dewar’s talk on Software Copyrights, Patents and Free Software

Below are a few notes I took at Professor Dewar’s talk the day before yesterday. I also annotated them a bit with relevant hyperlinks.

When I find a copy of Dewar’s slides posted online, I’ll link to those as well.

  • Libertarian thought: property rights are central. If you regard ideas as property, Ayn Rand’s position isn’t surprising.
  • Jefferson: private letter to Isaac McPherson 1813. “He who receives an idea from me, receives instruction himself without lessening mine; as he who lights his taper at mine, receives light without darkening me.”
  • Jefferson faction won on this issue, Intellectual Property Clause.
  • Copyright extension case, now life + 90 years.
  • England: history of copyright, fundamental moral right?
  • Software: special case of copyright infringement and trade secret violation simultaneously!
  • Computer Associates vs. Altai (source vs. object code copyrights, interesting read here).
  • Borland copying a macro language (interesting, if old, article by an MIT student), Supreme Court.
  • Derived works: fair use provisions. But fair use goes to juries, and it’s very vague.
  • Software will never fall into public domain, due to perpetual derived works.
  • Patent an invention, but not an idea, but in practice you can patent either. Europe turned down this law.
  • “Obvious” patents. Juries can’t really judge how obvious they are.
  • You can copyright a non-obvious combination of obvious ideas. Intermittent wind shield wipers.
  • Does a program express inventions and ideas? Is software is distinct from physical stuff?
  • Big risk for free software–patents can ask for damages. And patent is secret until it’s granted (this may not be true, I can’t really tell for sure: “To protect your privacy, we suggest that you delete such information from any documentation you send the office. Alternatively, you may request that the submissions be kept out of the public file, if appropriate. (See MPEP Sections 724. 02 to 724.06.) Please remember that all patent application files are published and made available to the public 18 months from the filing date, unless a non-publication request is made in the application. Additionally, all patented application files will become available to the public upon the grant of the patent.”).
  • Open Source business model can work–selling support and services, while keeping code GPLed.

Outfoxed and trust networks, revisted

I think everyone should revisit Outfoxed, if you’re interested in a truly interesting new approach to bookmarking and web browsing that actually takes advantage of all this “Web 2.0” hype and nonsense.

I just mentioned this to Free Coders on the mailing list yesterday.

The application of “trust-based networks” is very wide. I think it’s the “trust” factor that makes eBay successful (perhaps even viable!). New services like Pandora and Last.fm recommend music by trusting that users who rate music are being honest. eBay users buy from trusted sellers by assuming that those who rate the sellers are honest. These assumptions may be fallible, but they’re better than nothing. And it’s only natural that this trend would spread to web browsing.

I think trust networks should be applied to political organizing, both to reduce risk of people showing up just to start trouble, and also to enhance the perceived value of a meeting based on the combined trust of its attendees. I’m going to think about this a bit more in the next few days.

(Meanwhile, I got in touch with Runar from the Google talk with Alex Martelli, who is working on an awesome library for Python called sqlstring. Check it out. I’ve also been thinking about expanding on my earlier ideas on Python inferred types; we’ll see if I find the time.)

Found out how I got hacked originally

I run a tool on my server which creates charts based on basic server vitals, like free disk space and CPU load averages.

It’s called cacti, and it’s great.

Except, apparently this security hole allowed the hacker who originally broke into my server to get in. He was able to execute arbitrary commands via the good old URL string hack. (He did the same thing as is described in there: wget’ed his own script which added a new user for himself and added him to sudoers, and then connected via ssh).

In my latest upgrades, I saw that this cacti bug’s been fixed.

Scary stuff. Computer security, these days. How does a php script have code which can run an arbitrary command? My Java Servlets never have a way to run command line apps by way of specific arguments in the URL string. Sigh. In *nix we may have [basically] all-or-nothing security (that is, if you discount ACL support)–but knowing this, please prefer “nothing” to “all”, for crying out loud!

False alarm

I thought my server was hacked this weekend, but I think in reality someone on Peer1’s network took my IP address by accident, caused an IP conflict, and because I detected ssh running on a non-standard port, I assumed I had been rooted. In fact, when I returned to my machine today, I found no such rooting, and chkrootkit reported nothing. What really freaked me out was that I found vsftpd running on port 21, but wouldn’t accept any of my usernames/passwords, so I really assumed I had been rooted. But here I am, and nothing has been changed.

Whew, I guess?

Got bored with Descartes and Spinoza, wrote a patch to powernowd

While I was studying, I noticed that I wasn’t exactly happy with the cooling/cpu frequency scaling on my laptop. I use a nice program called powernowd which scales my CPU speed up and down depending on various factors related to system load. But I didn’t like how my setup was kind of “all or nothing.” When I am plugged into AC, I switch to “performance” mode which just runs me at 100% CPU frequency all the time (making my laptop hot, my fan noisy, but my machine fast), whereas when I’m unplugged I switch to “userspace” mode, which lets powernowd kick in, and he jumps about from 400mhz to the full 1.6Ghz based on load, keeping the machine cool but also making it feel a bit sluggish since if I’m overloading my CPU at 400mhz it’s already “too late” to pump it up, it will have already felt slow for at least an instant.

So I have this conflict: hot and responsive, or cool and sluggish. I thought, well, I must be able to come to a compromise.

I decided to take a look at powernowd’s code, and it turns out it’s written quite straightforwardly. Within 30 minutes of tinkering, I had a patch that did what I wanted. With another 30 minutes, I polished it and made it quite commitable.

Basically, I added a new mode called “COOLING” to powernowd, which runs your CPU a few notches below your full frequency (which I call your “cool_spot”), based on the following approach:

  • if you have two frequencies available, you normally run with the lowest.
  • if you have three frequencies available, you normally run with the second from highest.
  • if you have four frequencies available, you normally run with the third from highest.
  • if you have five or more frequencies available, you normally run with the fourth from highest.
  • if your load goes above your specified trigger (“highwater” in the code), you jump to highest frequency. When it lowers (“lowwater”), you go down to your cool_spot, but not below it.

On my machine, I have 5 frequencies (1.6Ghz, 1.5Ghz, 1.4Ghz, 1.2Ghz, and 400Mhz), and so I normally am running at 1.2Ghz. This new COOLING mode runs while I’m plugged in, and keeps my machine nice and cool but still lets it immediately respond when I want to do something, like a workspace switch.

I then hacked the init.d script to have a BATTERY and AC mode, and switch between AGGRESSIVE and COOLING modes accordingly. Now, when I’m unplugged, I get the best battery life and pretty good performance, and when I’m plugged in I get a cool notebook with good performance.

I’ll probably post the patch after my midterms…

Development under Windows: why so painful?

It’s really weird. Lately, I’ve been doing so much development in a *nix environment, that doing the development in Windows is really painful for me. I don’t have any of my good old UNIX tools, I don’t have hotkey-optimized user interfaces, I don’t have speed and control. But more than anything else, I don’t feel like I know what’s going on under the hood.

Today, to take a break from reading Philosophy, I decided to work a bit on this little Java Servlet project I’ve been hacking on. (Will be “released” later.) At some point this past summer, I decided to remove Linux from my main desktop machine and just consolidate all my Linux data onto one machine–this made my life easier so I didn’t have three total (one Windows, two Linuxes) places where my shit could be. But the sacrifice is that my laptop screen is small, so sometimes I want to develop with a big screen and thus want to use my desktop.

Web development, especially, makes sense for me under Windows, since I’m comfortable with the major graphic and web design tools (Photoshop, Dreamweaver, Illustrator) and don’t think the Linux “equivalents” (GIMP, Bluefish, Inkscape) are good enough.

But I decided–may as well have the code open on Windows too, since it’s not C hacking I’m doing, but Java. So I installed Eclipse, and the J2EE, and got cracking.

But under Windows, there are all sorts of gotchas. When my UNIX tool craving gets really bad, I need to drop into cygwin, which isn’t so bad. But without good workspace switching (I have VirtuaWin, but it kinda sucks), and without a customizable window manager, I am really much slower. But here’s the other weird thing I ran into. After awhile of coding, I realized that Eclipse wasn’t reading my JavaDoc information for the JDK (no cool descriptions in my autocomplete tooltips). So I go snooping around the preferences file and can’t find anything, I enable a billion options but no luck. But then, eventually, I realize that it’s very possible Eclipse is using a different JDK. In fact, I look in the dialog, and Eclipse is using some J2SE environment that some other application installed, not the J2EE I installed right before Eclipse. And that J2SE is missing the Java API source code and JavaDoc comments.

The reason this seemed so non-obvious to me is because I’m not used to systems which are completely fucking disorganized. Say what you will about Linux not being user friendly, but, by God, you won’t find it likely to find two different JDKs installed on my machine, and even if you do, only one will be getting used (thanks to Debian’s “alternatives” system). Every application on Windows statically compiles, includes its own libraries, and spews its shit all over the file system and registry. No database tracks it, so your system is a fucking nightmare.

I couldn’t even do a reasonable search to find the JDK I needed, either. It turns out it was in C:\Program Files\Sun\j2sdk1.4_02, which may not sound so bad, but considering on Linux I just think, “Where are libraries stored? /usr/lib” and then in there I think, “What is what I’m looking for called? j2sdk” I quickly find any Java environments in /usr/lib/j2sdk1.x-sun.

On my Linux system, which has not that much installed, I just ran a du -hs /usr/lib/ and got 1.7GB. That means on my relatively lightly-loaded Linux system, 1.7GB of raw 0s and 1s are sitting there waiting to be used as SHARED libraries. Meanwhile, on Windows, there could be any amount of duplication of the equivalent libraries, floating around in various Program Files directories.

I can’t believe there are acutally some Linux critics that believe we should be going in this direction, eliminating things like emerge, apt, and rpm and instead just have statically-compiled binaries that come with their own binary libraries and have users duplicating this stuff across their system. Not only is it insane from the point of view of giving control to the user, but it’s also just plain wasteful.