Cristian Vat, Deathy, and other alter-egos

So I should have presented the second A(Authorization)  in my AAA series at the latest Geekmeet in Timisoara today.

However I changed my mind at the last minute and went with a quick introduction to so called “language barriers”, mostly common sense uses of client/server-side languages. And then I showed not so common sense uses like running PHP through Quercus(PHP5 interpreter in Java) and SSJS(Server-Side JavaScript).

Hope I stirred at least some weird ideas from the people present Below is the presentation which is up on slideshare and some useful links and/or reading material on the topics:

Quercus:

http://quercus.caucho.com/

http://www.workhabit.com/labs/resin-backed-php-drives-4x-performance-improvements-drupal

SSJS:

http://almaer.com/blog/the-development-circle-of-life

http://www.aptana.com/jaxer

http://ejohn.org/blog/server-side-javascript-with-jaxer/

http://ejohn.org/projects/bringing-the-browser-to-the-server/

http://appjet.com/

https://phobos.dev.java.net/

http://ajaxian.com/archives/mod_v8-2

It’s been an interesting few days at the end of the year and then right at the start.

A short timeline of things I saw as interesting and relating to the process of change:

DMFail:

A few days before the end of the year a site called DMFail launched at http://dmfail.com/

The premise is simple, publish twitter messages which should probably have been direct messages but because of a common typo ended up in the public timeline. While some considered it bad for posting these things it was fun and the data was public anyway. It even ended up on Techcrunch and then a lot of people noticed it.

Then something happened. Apparently the Twitter guys noticed this and considered failed DMs a problem so they went on and changed/fixed Twitter direct messages! Change happened, the site closed and we were left with a few fun memories and a better twitter.

MD5 considered harmful today: Creating a rogue CA certificate at the Chaos Communication Congress:

Since some years md5 is no longer considered a good hashing function but there still are people using it because if it’s not broken enough you don’t fix it. Some users of md5 included SSL Certification Authorities including RapidSSL (Part of Verisign).

On 30th of December at the 25th Chaos Communication Congress a team stepped on stage and started their presentation. The presentation about how using the md5 known vulnerabilities and other aspects of RapidSSL they managed to create a Rogue Certification Authority SSL Certificate, perfectly valid and which could be used to sign other certificates. This was a major problem and caused a lot of commotion.

So md5 was already though to be a bad choice but now everyone had proof. And then change happened again, Microsoft released a Security Advisory about the issue and more importantly the direct affected party RapidSSL quickly went and fixed the problem and also wrote a blog post explaining the situation. The response time for the fix was very fast by any standard and we were left with a very good technical article, a video of the presentation and overall better security and understanding from the companies issuing ssl certificates. Change for the better.

Twitter again, Twply makes a mess:

1st of January, new service Twply launches as a way to send your twitter @replies to your email inbox. The only information it needs is your twitter username,password and an email address. It spread quite rapidly since it used your account to send its ad when you signed up. While there was a mention of it doing this on the registration page it was quite hidden and they were accused of spam and bad practices by some.

Because of some email server problems they had to take it down and put the site up for auction and it was bought in a matter of minutes/hours, along with all your twitter login details and email addresses. Launched, sold, bough in the same day. And then the privacy issues/comments started coming in.

But change happens again, I just read some tweets stating that there’s a plan to release OAuth for twitter, at least in beta, very soon. What we wind up with is: people more aware of the danger of giving login details to third parties, a few interesting discussions around privacy, someone wound up with $1200 for Twiply and very soon a better Twitter with OAuth support for better API integration.

Summary:

I see a clear pattern here: Want to change something which is wrong, make that very public and maybe even abuse it. Then change happens.

It’s a short post because the FBI Code Cracking Challenge was damn short.

Plus: It was old school cryptanalysis which is good for the little grey cells.

Minus: Too short, too simple(simple alphabet cypher) and the damn URL they put in there was making things very easy.

It was fun nonetheless but only lasted for like 10 minutes and the solved page was again simple and dull.

Would have been nice: A sort of time counter from when you accessed the page until you got to the solution. Number of people who solved it, number of people who attempted. If it’s a challenge/contest I want to know my place

Anyways, rant over.

I love the bleeding edge, for the most part..

I love the way the latest Firefox/Minefield nightly build works. Javascript works fast with the new TraceMonkey and memory usage also seems to be ok. All in all I like the new/future firefox.
I HATE that a lot of addons don’t work with the nightly builds, not even the web developer toolbar which I’d really love to have when testing a site on a future browser. Of course, I can download the .xpi, change the install manifest to accept the 3.2.* firefox version, and then it works..apparent well without any bugs. But it still is a small hassle which I’d like to avoid. Bleeding edge means incompatibility..
Update, and another frustration: Where is a public schema for the http://www.mozilla.org/2004/em-rdf namespace used in mozilla install rdf files? There’s documentation at https://developer.mozilla.org/en/install.rdf but we live in a time where editor autocomplete/validation for xml files is/should be pretty common…if you have a xml schema that is..

I love python and the latest python3000 is something I’ve been waiting for a while. But I wanted to take it slow and just play around with the latest python2.6. Everything works fine… until you find you can’t download mysqldb only for python2.4 and python2.5 and I’m sure I’d have had this problem with other packages if I tried. And again..bleeding edge means incompatibility..

Of course you take risks when using the bleeding edge, but I’d rather carry the risk of using an extension which hasn’t yet been approved on the nightly build firefox I installed willingly. That way I can carry on my work normally for the most part AND report any extension problems if I find them (and the developers can fix them faster).

Make me love the bleeding edge again.

Yeah, I know it’s been a long time since any post, but here I am again so let’s get to it.

It so happens that in some applications I have mysql database tables with log information. Usually some simple text message or more structured describing an action of a user.

For looking at normal log files “tail -f” is irreplaceable, but I didn’t find anything similar for a database table.

So here it is, a simple python script for monitoring a table and printing the tail whenever something changes. Bear in mind the code is horrible, too many parameters and it could probably be improved,… but it works fine for what I needed it to now. Enjoy.

#!/usr/bin/env python
import MySQLdb
import time
from optparse import OptionParser

parser = OptionParser()
parser.add_option("-u", "--user", dest="username", help="mysql username", type="string")
parser.add_option("-s", "--host", dest="hostname", help="mysql hostname", type="string")
parser.add_option("-p", "--password", dest="password", help="mysql password", type="string")
parser.add_option("-d", "--database", dest="database", help="mysql database", type="string")
parser.add_option("-t", "--table", dest="table", help="mysql database table", type="string")
parser.add_option("-k", "--keycolumn", dest="keycolumn", help="db table keycolumn", type="string")
parser.add_option("-i", "--interval", dest="interval", help="refresh interval", type="int")
(options, args) = parser.parse_args()

table = options.table
keycolumn = options.keycolumn
interval = options.interval

# Opening database connection and getting the last value for the key field
conn = MySQLdb.connect(host=options.hostname,user=options.username,passwd=options.password,db=options.database)
cursor = conn.cursor(MySQLdb.cursors.DictCursor)
cursor.execute("SELECT "+keycolumn+" FROM "+table+" ORDER BY "+keycolumn+" DESC LIMIT 1")
row = cursor.fetchone()
lastvalue = str(row[keycolumn])
# Print the latest row
cursor.execute("SELECT * FROM "+table+" WHERE "+keycolumn+"='"+lastvalue+"'")
row = cursor.fetchone()
print row
# Loop infinitely and print new rows.
while(1):
  time.sleep(interval)
  cursor.execute("SELECT * FROM "+table+" WHERE "+keycolumn+">'"+lastvalue+"' ORDER BY "+keycolumn+" ASC ")
  rows = cursor.fetchall()
  for row in rows:
    print row
    lastvalue = str(row[keycolumn])

The strict requirement is that you must give it the name of a column that is always present and keeps increasing in value (primary key with auto-increment if you have one). Probably more changes to follow but I wanted to share it so I don’t forget

Shows up like this:

It’s been a week since I went to Euruko2008 so I think it’s about time to note my impressions.

First of all I liked revisiting Prague after a few years. It’s a nice city to visit and especially to drink some beer

This year’s Euruko was one of the best conferences I’ve ever been at. This although I wouldn’t call it a conference, it seemed more something between a barcamp and a conference. And that’s what I liked most about it. I saw a lot of interested people ( the attendance was a lot more than I expected ), talked with some of them and saw some good presentations.

Of course there were some language barriers ( japanese slides anyone? ), and the not-so-interesting or well-prepared presentations but that’s good!. For one thing it wasn’t boring or monotonous and I had the possibility to try out some things from the previous presentations.

Catering and beverages were very well organized such that they surprised me. Also big thanks to who made the “Euruko This way ->” posters and put them on the streets. I might have gotten lost without them, but even if not they were a nice touch

And finally, although Sun was a Platinum sponsor I really think they were sublime. They knew their place and didn’t just blatantly promote their stuff like I saw with other sponsors at other conferences. I really enjoyed the presentation about JRuby and the NetBeans T-Shirt.

The JRuby talk is probably one of the best things I’ll keep from the conference. Charles Nutter really knows how to present  and he really did present some interesting things. A slide came up saying “JRuby 1.1 is released!” and I was immediately downloading it and finding if all gems I needed were supported. A bit after I saw Charles presenting the glassfish_rails gem and of course I immediately ran gem install on it and tried running one of the projects I’ve been working on with Silviu and Cosmin. AND IT WORKED! The rails app just started and worked without any changes to configuration or anything. And it wasn’t tested on anything but MRI before. So thumbs up for JRuby and I’ll try to use it at work for some of the smaller projects to test drive it. Finally I’ll be getting payed to write ruby

A very good article on Put Things Off I read is Writing things down: 13 reasons to switch back to paper today

I highly recommend the article, not really to make yourself start using paper and pencil today and throw all your gadgets/software, put because sometimes it’s useful to remind yourself how you did things some time ago. At the least you used paper in school and even though it’s not impossible it’s very hard to forget how to use it.

Although I don’t agree with all the points in the article here are my favorites:

1. It’s cheaper - the “hardware” is cheaper, and the “software” you already got for free in school.
2. It’s faster ( although at this moment I think I type faster than I can write ) - for most people it usually is faster. If you want bullets for something you just almost without thinking dash a few lines, you don’t need to look for a toolbar/menu or move one of your hands to a mouse to click a button.
3. It encourages creative thinking + It means a break from the computer screen

The third point is what I think is most important. No matter how geeky I think every person enjoys a break from the computer screen and suddenly they think differently. Maybe that’s just what’s needed to review all the things you need to do or to “think out of the box” for that hard problem you were trying to fix. It also frees you from most user-interface limitations and thus you can be more creative.

There are also problems with paper which are mostly solved by software:

• Reminders
• Collaboration
• Capacity

Regarding Reminders.. Why are we so busy we need reminders? Just get a grip and exercise your memory. If you really have too many things to remember each day then you have deeper problems and should reorganize your life.

Regarding Capacity and Collaboration(at least in localized teams) we have a solution: WHITEBOARDS! They can hold more information, they encourage creativity and most of all they encourage collaboration. You can have a whole team in front of a whiteboard, standing up, discussing a certain problem, and even writing on it at the same time. In my opinion every office in the world should have a whiteboard, or more. Or just plaster as many walls as you can with whiteboards like Google

I’m actually thinking of getting one at home and convincing the powers that be to buy more for work. It’s really the best thing without involving a computer, and with smart/interactive whiteboards you are bridging the gap with the computer.

I only took a bite of JobShop on Tuesday because some people also have to work, and this post is also late because of work

Got there a few minutes before 12:00, just in time for Marius Ghenea. He held a presentation on entrepreneurship, start-ups, financing, and usual trends in business. A lot of good information and structured well. The only thing which could have made it better, and I wanted, were more examples from his own experience. And he didn’t have any problem starting to talk without his presentation when the power went out for a while ( note to the organizers ).

After the official end of the presentation I had a walk around the place and met some friends to talk to. And what do I see when I come back? Marius Ghenea with a group of like 5 students around him, continuing with a Q&A session. That can be the best part of a presentation in my opinion. I think after a presentation the presenter shouldn’t run away to the airport, he(she) should just move some distance away. If there are people who are really interested about what you have to say, and really want to ask you some questions, they’ll follow you! And also in a session like that you can be more relaxed and talk in more detail than in a presentation which has to be general since you don’t always know your audience. He’s also put the presentation on his blog so go ahead and grab it.

Then we ( me, Silviu and Cosmin ) went to Andrei Rosca’s presentation. While he was setting everything up I noticed there was a wireless signal. So I took out my laptop and dared Silviu to live-blog(or something like it). Surprisingly he accepted the dare and you can read Silviu’s account of the presentation.

I really enjoyed Andrei’s presentation, mostly because it seemed more hands-on, no charts, just simple steps to follow in your business and in your life. And of course a universal advice is “JUST FUCKING DO IT”. I really like this kind of presentation which just calls for action and presents small bits of practical information. However I think listening to both styles of presentations close but not right after another is the perfect solution. A big thank you to the organizers of JobShop because they made this possible.

And to end this, a few bits of information from Andrei’s presentation, commented:

“Romania is the only country where brilliant ideas aren’t stolen.. probably because they mean work” - this is so much like the “Good ideas: A dime a dozen”(Rob Adams) which Marius Ghenea talked about.  It’s comforting if you have what seem to be good ideas but ultimately it’s sad because it’s true: most people avoid real work.

“I don’t think anything is impossible” - I agree, however I’d expand it with “If it’s impossible it will take a little longer”.

Again meaning of course the third try at making a blog. Everyone is entitled to a third chance, only after the third strike are you out…

I really let my old blog fall to pieces always blaming the lack of time to blog. And of course now I’m slapping myself and if you ever said something like that you should to. If you really want/need to do something, you can make time! And having a positive attitude also helps

So what’s this blog going to be about? About me of course, about what (technical/social) things I do. I’m going to try to keep personal stuff mostly out but that can’t be completely so. However, for short things which I don’t consider to need a post of their own I have other social thingamajigs available.

Yes, I am Romanian and semi-proud to be so. However I’ll only post in English, since I want to exercise my writing skills, I think it brings a broader audience, and if you don’t know English I probably don’t want to know you.

And I’m beginning now because there are some interesting events coming up, some where I’ll hopefully be present to give my impressions. I was at ITFest on Saturday, unfortunately only for the last presentation.. But that’s ok since after Filip’s presentation a few of us got together and discussed more. Silviu has more on the topic.

Moving on, on Tuesday and Wednesday I hope to see Marius Ghenea, Andrei Roşca and other interesting people at JobShop. The last JobShop was really hectic for me, I hope this year I’ll be able to enjoy the presentations and the people.

And of course I can’t forget Euruko 2008 which is less than 2 weeks away and where I’ll be going with Silviu and Cosmin. I’m going to make sure they don’t completely enter ruby zombie mode, and they’ll make sure I get home safely after sampling all the beer I’m going to find in Prague

It’s already looking like a busy month, and the year is just starting.