afongen
Sam Buchanan's weblog.

I never noticed this.

I'm working on my iBook with headphones on, and just dragged something to the trash. The little clicking sound it makes is in stereo! There's a subtle echo. How very cool.

First Crack

A favorite recent addition to my blogroll is Garrick Van Buren's First Crack, a podcast about coffee, technology, music, and whatever else strikes his fancy. He first caught my attention with a — what do I call it? show? episode? podcast? — about copyright issues and the Intellectual Property Protection Act, near and dear to my heart. His interview with The Winter Blanket introduced me to some great local music. Good stuff.

Garrick recently interviewed Greg Beale, a coffee roaster at Dunn Bros.. I brewed myself a pot of freshly roasted Guatemalan coffee, kicked back, and thoroughly enjoyed myself. It was just so damn cool to hear. I worked as a coffee roaster for a few years and am still in love with the process. So much of how I roasted was a sensory experience: I relied on sight, sound, smell to know how the beans were developing and how to nudge them along. Listening to the interview brought it all back: the green beans as they drop into the roaster and rhythmically churn around, the subtle shifts in the sound as the beans warm, the satisfying crackle and smoke of the second crack when the beans are released into the cooling tray.

I've got to start roasting at home again soon.

Version 2 will never come.

Rafe Colburn writes about how every one-off becomes an application. I have a related problem: I believe myself when I say that the quick one-offs that I write will be replaced by a full-blown application in a matter of days or weeks. I should have learned by now that it never happens. Years later, there they are, still plugging away, taunting me. I have to run my small projects past a coworker on a regular basis so she can stop me from saying, "this will work for now and the real app should be along shortly." Because no, it won't.

Seasons Greetings. Or, Let's Get Some Perspective.

A couple weeks ago I mentioned the Committee to Save Merry Christmas. I did not have kind words but didn't write much because I thought that if we ignored them they might go away. I mean seriously, people, get over yourselves. But no: conservative Christians have picked up the meme with a vengeance. In response, Saint Paul Pioneer Press columnist Laura Billings has been going to town. Her last two columns, "Partisan shoppers dreaming of a Red and Blue Christmas" and "'Merry Christmas' needs no help" are spot on. I am tempted to pull out quotations to entice you, but they're worth reading in full. (They'll probably end up behind a ridiculous subscription requirement, so keep BugMeNot close by.)

Steve Ross wrote something on The Gutless Pacifist, one of those thoughts that makes me get up and dance around because it speaks so clearly to what I'm thinking:

I have a few points of reference for these folks:

  • When store clerks say "happy holidays" rather than "Merry Christmas," you are not being persecuted. When you are tossed into prison for saying "Merry Christmas," you are.
  • When the government is barred from putting nativity scenes on government property, you are not being persecuted. When you are sentenced to hard labor for belonging to a house church not sanctioned by the government, you are.
  • When you are not allowed to say a Christian prayer over the loudspeaker at a public high school graduation, you are not being persecuted. When you are killed by an angry mob for leading someone in prayer to Jesus, you are.

Gmail invitations

I've got a few more Gmail invitations if anyone's interested. Drop me a line at gmail-invite@afongen.com

Update: the invitations are gone.

Local Netflix

Crazy. On the way into work today, I dropped two DVDs in the mail to Netflix. The mailbox said that mail is picked up at 2:00. I just checked my Netflix RSS feed and see that they received the DVDs at 7:00.

It's nice to have a local warehouse. It's also nice that the post office isn't too busy this time of year.

Perl Advent RSS Feeds

I don't always remember to check the Perl Advent Calendar on a daily basis. That shouldn't be a problem anymore, as I finally noticed the RSS feeds.

Quick Links

More things that have been in my bookmarks too long.

Santa Switches From Cocoa to Java

Noted Cocoa Programmer Contemplates Switch to Java. I'm delighted to see that Apple plays a prominent role. Although…

The only cloud that darkened the otherwise illuminating visit occurred when the topic of Java 5 and Mac OS X came up. Santa's brows furrowed, and he reached for a rather imposing PDA. It was difficult to see clearly, but it appears he placed coal icons next to several names.

It's funny, nowhere in that article do they mention how they use Perl. Depends on who you talk to, I guess. It shouldn't be too surprising that upper management is all about the Java, while the software engineers admit that they also use Perl extensively to help get the job done. Santa's workshop is no exception in its diversity of languages and platforms.

Practical mod_perl under Creative Commons license

Practical mod_perl is now available under a CreativeCommons Attribution Share-Alike License, which in appropriately practical terms means that it's a free download and that under certain conditions you can distribute the book and even make derivative works.

I love Practical mod_perl. I bought it when I still thought there was a reasonable chance that we might expand our use of mod_perl at work and I needed solid guidance on how to configure and use mod_perl more effectively. I'd read, reread, and thoroughly enjoyed the mod_perl Developer's Cookbook, which nicely filled major gaps in my knowledge but didn't help enough with topics like server setup strategies. Practical mod_perl fits that bill. If you are a mod_perl developer, keep both these essential books nearby. Especially Practical mod_perl, because if you have to reach too far for it you'll strain something: it's huge!

If you are considering mod_perl, the release of the book as a free download should help you get a feel for what it's like and what it can do for you. Try the book, then buy it.

Sadly, at one point I looked around and realized that I was the only mod_perl developer at work and that I probably always would be. With great reluctance, wailing and gnashing of teeth, I abandoned the platform. Bloody shame, too, since the alternative at the time was PHP. Don't get me wrong, I like PHP for a certain class of problems, but at the time working with things like web services (be they SOAP, XML-RPC, or REST) was so much more pleasant in Perl than PHP. mod_perl's tight integration with Apache opens up so many doors and is so exciting and fun it leaves me speechless.

Now, of course, I'm working with Java. Don't even get me started.

Google Suggest

I was wondering when they'd start doing this, given the address completion in Gmail (which admittedly has a much smaller scope): Google Suggest. Very nice indeed. If you're curious how it's done, Simon Willison gives a quick rundown. I think he's right: this is just the tip of the iceburg.

Google is raising the bar on what people can expect from a web application. Until a year or two ago, when someone asked me to write something like this, I said no. Just no. It was possible with available remote scripting libraries, but inconsistently enough that it wouldn't be worth it to the people asking me to build the feature. When asked more recently, I've hemmed and hawed. Yes, I could do it, and believe me it would be fun and I'd like to, but again: not worth it for what they asked me to do and the timeframes in which they wanted it done. The few times I did suggest remote scripting, it was turned down. No one expects that from a web application, after all. :-)

Now, though, Google is demonstrating to the world the sort of thing that can be done. Others like Oddpost have paved the way, of course, but a large company like Google is bringing it to the masses. Good thing, too, since I'm now in a position of having to demonstrate that yes, a web application can be responsive and do more than most people have seen.

And you know what else? It's making me excited to work with JavaScript again.

Good times.

Update: Drew McLellan expands on this idea far more usefully than I.

Fangs

Fangs is a screen reader simulator for Firefox that generates a textual representation of a page similar to how a screen reader would read it.

I am of two minds on this. On the one hand, because Fangs is a simulator, for many issues you'll still need to test with real screen reader. We know about problems with Fahrner Image Replacement only because of testing with actual screen readers. For issues that don't require a real screen reader to test, what does Fangs offer that we can't get with a text-only browser like lynx or a tool like WAVE? It's early yet, maybe we'll see. It's an interesting and potentially useful project.

Use JAWS with Firefox.

Good news for JAWS users: a JAWS Screen Reader Adaptation for Mozilla Firefox.

Objective: The goal of the Sharkware Development team is to create compatibility between Freedom Scientific's JAWS Screen Reader and the Mozilla Firefox next generation browser.

The JAWS Screen Reader Adaptation project is aimed at making JAWS more compatible for the Mozilla Firefox Next Generation Browser so that users of JAWS and those dependent on low-vision tools have a choice other than Microsoft Internet Explorer.

Description: This project has resulted in a JAWS script and a Firefox extension that enable JAWS to function with Mozilla Firefox in a similar manner to how JAWS functions with Internet Explorer. Our product gives support for simple navigational functions as well as more complex functions that allow for alt text reading, link recognition, etc.

Excellent. Truly excellent.

Via Tristan Nitot [fr].

Quick Links

Quick links:

Thunderbird 1.0

With all the hullaballoo about Firefox, you may have missed that Thunderbird 1.0 has also been released. I haven't tried Thunderbird for a long time, might just give it another go.

Phone to Flower

OK, this is just too damn cool: "Scientists said on Monday they have come up with a cell phone cover that will grow into a sunflower when thrown away."

Materials company Pvaxx Research & Development, at the request of U.S.-based mobile phone maker Motorola (MOT.N), has come up with a polymer that looks like any other plastic, but which degrades into soil when discarded.

Researchers at the University of Warwick in Britain then helped to develop a phone cover that contains a sunflower seed, which will feed on the nitrates that are formed when the polyvinylalcohol polymer cover turns to waste.

Jackson Street Roundhouse

Sam and Owen in a train We took Owen to the Jackson Street Roundhouse on Saturday, a cool little railroad museum not far from downtown Saint Paul. Funny how after years of living in Saint Paul, I had no idea that it existed. Not that I would have been terribly interested before I had a kid to take there. They have a number of restored / preserved railroad cars on display, an impressive Lego rail village, a number of wooden train sets set up, caboose rides … lots of fun. Last Saturday and next they've got some Christmas activities, which is what drew us there. Owen's really into trains, so he was in heaven.

Tip: the caboose ride is cool, but if it's busy enough for them to add a passenger car, ride in that. You can't see much from the caboose unless you're lucky enough to snag a spot in the upper level.

The Vulcans stopped by while we were there, spreading the warmth and handing out buttons & coloring books. I believe that next Saturday the Winter Carnival royalty will be there around noon.

Owen and Santa While there, we passed Santa a couple times. He beckoned to Owen, who by now knows who Santa is but wasn't willing to just rush up to him. After a while, he warmed up to the idea and sat on Santa's lap while Kiara took a picture. I think how we're handling the Santa thing is just deal with it matter-of-factly, sharing stories and songs, taking advantage of the happy merging of fantasy and reality that kids at this age are blessed with. We'll see how far that takes us. :)

House of Flying Daggers

We don't see many movies in the theater anymore, but we're sure as hell going to see House of Flying Daggers. Zhang Ziyi? Andy Lau? Takeshi Kaneshiro? (we named our cat after him) Directed by Zhang Yimou, who brought us Hero?

Wow. I don't think we have a choice in the matter.

On a related Hong Kong film note, the original Infernal Affairs is at the Oak Street Cinema this week. Not that you're likely to care unless you live here.

Another Scene From My Life With Kiara

Kiara and I are sitting on the couch, drinking tea. Every now and then I hold a small bag in her direction.

"Jelly Baby?"

Quick Links

I'm sorry, but this headline just tickles me.

"Minnesota State Colleges and Universities chancellor named to higher education post".

Is the chancellor of the state higher education system not by definition in a higher education post? What's he been doing all this time?

The press release explains that the chancellor "has been elected by his colleagues in the Midwest United States as Chair of the Midwestern Higher Education Compact." Oh, okay. I get it. Sigh. Why not a headline like "MNSCU Chancellor Named Chair of Midwestern Higher Education Compact"? Is there some rule in PR that you shouldn't write headlines that say what you mean?

Nevertheless, cool. I think the Chancellor's been doing a good job of getting involved in things like this. Since part of his role is to raise the profile of the MNSCU system, it's not only good for his personal, professional reputation, it means he's doing his job well. Hopefully you know me well enough to know that I'm not sucking up, people. I don't do that.

Misuse Cases

One of the problems in writing secure software is that security is too infrequently considered as part of the requirements or design phase, while of course it needs to be planned throughout the software development process. I have never worked on a project in which there were clearly documented security requirements. Security ends up being part of the process, but only because I'm a bit of a freak about these things. The danger is, of course, just what you always hear: that security is considered so late in the process that it entails a re-architecting and missed deadlines. If deadlines cannot slip and security is an afterthought … well, the problem with that should be obvious.

Off the top of my head, a few ways that identifying security requirements can help:

Lately I've been knocking around the idea of misuse cases as a way to elicit security requirements. I was introduced to the concept by a series of articles by Gunnar Peterson outlining a secure development process (PDF: parts one, two, three). You may already be familiar with use cases, a technique for identifying and describing functional requirements of a system, what the software should do. Misuse cases describe what a system should not do. For each feature or use case, a development team explores how that feature could be deliberately abused or misused, and from these explorations develop misuse cases and security requirements.

Here's a basic use case diagram; a misuse case is identified with inverted colors:

basic use case diagram for 'Add Comment' with an 'Add Comment Spam' misuse case and two mitigating use cases

In this basic diagram, I started with a use case, "Add Comment." An obvious (and frustrating) abuse of the system is comment spam. This prompted the creation of two new use cases, "Moderate Comments" and "Run IP Blacklist," to prevent the Add Comment Spam misuse case. Already, just by identifying potential misuses of a system, we've built out the requirements to make the system more sound.

Granted, this is neither the best example of a use case nor of a security concern that I could have come up with, but you get the idea.

The heart of a use case is not the diagram, but the textual description. Guttern Sindre and Andreas L. Opdahl, among the first to formally describe misuse cases, suggest a template (PDF) adapted from popular use case formats. It's worth reviewing.

Here's the problem, though: I am wary of creating excessive documentation and worry that misuse cases could be taken too far without improving security. Of course, any documentation can be carried to an extreme and prevent actual development getting done. If a project calls for use cases, then I think that misuse cases can help identify security requirements early in the development process and keep them there throughout. I think I'll hang onto the idea.

Perl Advent

The 2004 Perl Advent Calendar is available, starting with the DateTime module. I am often bothered with how difficult it can still be to work with dates and times. DateTime makes it more than tolerable.

I just stumbled again into Apocalypse 12, dealing with objects in Perl 6. I've stayed away from recent apocalypses because they require understanding everything that's come before and I don't have the time to invest in digesting them — especially as I don't do much Perl programming right now. I'm still tempted to read Perl 6 and Parrot Essentials but reluctantly put that off, too. Someday…

In the meantime, I content myself with the bite-sized snippets of Perl goodness at the Perl Advent Calendar. What a way to celebrate the season!