Tonight I tried Skype for the first time, and I’m impressed. It has excellent voice quality, using full-spectrum sound as opposed to the ~2.5KHz band of a normal telephone. We had a few drops but not any worse than my cell phone. If you can get used to talking to your computer instead of a phone handset, this can replace the phone for a lot of situations. Oh, and it’s free. As far as I can tell, though, Skype does not encrypt the voice channels so I wouldn’t use it for sensitive communications.
Wachusett Circuit Race, 5/28/2005
May 2005 was one of the rainiest Mays on record in Boston. We had a grand total of six sunny days, and we got rain on a few of those. Most of the weekends were gray, rainy and cold – fine for March, but really disappointing for May. So, when the forecast promised a sunny morning for the Wachusett Circuit Race in Gardner last weekend, I knew the field would be ready to rock. I signed up with two clubmates for the combined Cat 4/5 field, scheduled for 10 laps of the 3.4-mile circuit. Because the fields were combined I knew I’d probably be in over my head, but I have few illusions about my ability to win. After everything I’ve put my body through in the last decade or so, the miracle is not that I race well, it’s that I can roll to the start at all.
“Don’t make me put this baby down!”
That exclamation, appropriated from some friends who also have a three-year-old and a newborn, neatly encapsulates our parenting experience over the last couple of days. Andrew has been pushing the behavioral envelope (as can be expected of three-year-olds) and quickly learned that retribution isn’t quite as swift when I’m gone and Elise is feeding Maggie. We’re trying to establish some inviolable rules, such as no backtalk when we tell him to do something. That includes foreign languages; he’s picked up some street Spanish from his friends at preschool. We’ve had a couple of amusing moments when I applied my formidable high-school Spanish skills to try to tell Elise when he’s cursing and when he’s just making it up. I was amused, anyway; Elise mostly throws the book at him. He had a household-record 18 minute time-out today when he repeadtely talked back and stuck his tongue out.
Bilingual potty-mouth notwithstanding, he’s obviously trying to adapt. He has surprised me a couple of times with his willingness to get along. Yesterday I took him to the local playground and he toted along his new favorite toy, a plastic front loader with boy-sized accessory shovel that makes for an above-average sandbox toy. We found one other father-son team in the sandbox on arrival, and the rival three-year-old was predictably attracted to the toy. When asked if he could share, Andrew replied that he would share “in two minutes.” I took that as an indefinite put-off, a preschool equivalent of “in your dreams, Dad!” But sure enough, after a few turns of scooping and dumping, he volunteered that he was ready to share and carried his toy over to his new friend. We dads watched them play happily for a few minutes, Andrew filling the bucket with his shovel, Lucien dumping the sand into a pile.
Lesson learned: he’s always listening. He won’t always admit to it. I won’t do him any favors by underestimating him.
This just in from the “No Kidding?” department…
Windows file system compression doesn’t have a beneficial effect on large SQL Server databases. Hard to believe, I know, but it’s true. Trust me.
Margaret Elise
Today we welcomed Margaret Elise to the family! She was born at 6:57 PM at Brigham and Women’s Hospital in Boston. She weighed 6lbs, 15oz at birth and measured 18.5 inches in length. She has great lungs and wasn’t shy about letting us know it! Mom did great and in general it was a much less trying experience than with Andrew.
More details to come later – Dad needs to get some sleep! In the mean time you can enjoy a few pictures.
Java declarative security and server-side forwards
Another lesson learned the hard way today: the J2EE declarative security model doesn’t apply when the application forwards the user request to another URL using a RequestDispatcher or an include. This means that your web application can (intentionally or not) bypass an HTTP authorization security constraint by forwarding the user request from a non-protected URL. The servlet spec does not dwell on the point, but section SRV.12.2 does say as much.
At best, this is inflexible. Having a property on the RequestDispatcher that specifies whether or not to perform auth checks would at least allow the programmer to state his intentions. At worst, it’s a security problem. If your application has a forward URL that’s not protected by HTTP authentication (not a particularly smart thing to do, but it happens), a malicious user could use that to gain access to protected parts of your application. So far I haven’t been able to use this techique between two webapps on the same server. When I try to forward a request to a protected URL in another webapp, I get a 404 error – not quite what I expected, but better that no protection whatsoever.
HTTP auth is not commonly used as an authentication strategy application-wide but sometimes we use it to protect administrative features, such as application management consoles. Having this misfeature in-place and not well-explained in the documentation sets programmers up for security problems. Sun, you can do better than that.
Peacocks under the Rhine, Googlesat does Area 51
Today’s defensetech digest held a couple of gems:
- Back in the 50s, the Brits designed a huge nuclear landmine to be used to slow the advance of an invading Soviet army in Germany. Who needs armor divisions in the Fulda Gap when you’ve got Blue Peacock?
- I haven’t dug much into the recently-introduced “satellite” option on Google Maps (except to note that they mislocated my address by about 3 houses)…but other people have.
Java gripes: compiler optimization
Recently I tripped over another stupid mistake – just among us, I’m still waiting for the day when I stop making stupid mistakes and start making the smart ones – in a Java project. This time I spent about 20 minutes in the debugger, watching a paricular method call. One of the arguments in the call was a direct reference to a static final String defined in a class from another package. I had just changed the value and recompiled the class in which it was defined. However, the old value was still being passed in this method call. I stepped through it in the debugger; inspecting the value before the method call showed that the new value was indeed assigned to the variable. However, as soon as I stepped into the method, the old value popped up.
After a while I had a colleague look at the decompiled source, and then it hit us: the -O flag in the java compiler will inline references to static final variables. I not only needed to recompile the class where the variable was defined, I needed to recompile any class that referred to it. You C/C++ types out there are probably screaming about makedepend right now, and you’re right…sorta. Java does not have a popular makedepend-like tool. Thinking briefly about why this is so, I attribute it to the greater complexities of dependencies in Java than #include in C and the relative cheapness of compiling Java classes to bytecode. Couple those with considerations like JVM startup overhead at compile time, and you wind up with the conclusion that it’s cheaper to recompile all the classes all the time than to try to maintain a dependency tree.
Yet another twist on Hoare’s Dictum: “Premature optimization is the root of all evil.” During development, it’s probably best to leave optimization off.
Anyway, that’s not the gripe, just the moral. It’s a good thing we remembered the optimization flag, because I went looking for docs and found…nothing. The javac optimization flag is not in the Sun tool documentation, or any other place I could think to look. That’s the gripe. What else don’t I know about javac?
Drumlin Farm pics
We went to Drumlin Farm this weekend with the Culvers, and we have a few pics to share. This is baby animal season so we got to see piglets, kids (the goat kind as well as human), ewes and chicks. The lambs were especially vocal on Saturday.
On a technical note, the Gallery install is new, so if you have any problems please let me know.
Adelphia Grand Prix, Plymouth, MA
To her credit, Elise didn’t balk when I told her I wanted to do a race.
“Isn’t that dangerous?” She didn’t say.
“What are you trying to prove?” She did not challenge.
“Don’t you want to meet your second child?” She failed to ask.
No, she’s far more tolerant than that. She simply said “You’d better be back by 1 since we’re having people over for dinner.” Leaving me with little choice but to sign up, show up, and hope I could hang on. I haven’t raced in a dozen years, and as I recall I was pretty miserable. But my training habits have come a long way since then and there’s nothing like a race to hold a yardstick up to your fitness. But, as I soon remembered, road racing is about more than just fitness.