September, 2008

hardware and networking / security2 Comments
27
Sep 08

How can a ISP not be up to date on security ?

A few days back I blogged about wireless security becoming a prominent issue in India. In that I had essentially defended the ISPs given the fact that they could not be expected to ensure security of all the domestic routers that connect into their network.

I received a document in mail today from my ISP explaining the steps I need to take to secure the WiFi network. While it contained a number of useful suggestions, this one completely surprised me. Here’s a snapshot from the document.

WEP ?

Just to feel a little bit confident (or otherwise) about the suggestion, lets review what some other data sources say about WEP.

Wikipedia : Wired Equivalent Privacy

Beginning in 2001, several serious weaknesses were identified by cryptanalysts with the result that today a WEP connection can be cracked with readily available software within minutes.

Microsoft : Improve the security of your wireless home network with Windows XP

64-bit WEP (Wired Equivalent Protection). The original wireless encryption standard, it is now outdated. The main problem with it is that it can be easily “cracked.” Cracking a wireless network means defeating the encryption so that you can establish a connection without being invited.

The authors of one of the more important studies (circa 2006) “Intercepting Mobile Communications: The Insecurity of 802.11” on a summary page “Security of the WEP algorithm” state :

We have discovered a number of flaws in the WEP algorithm, which seriously undermine the security claims of the system. In particular, we found the following types of attacks:

  • Passive attacks to decrypt traffic based on statistical analysis.
  • Active attack to inject new traffic from unauthorized mobile stations, based on known plaintext.
  • Active attacks to decrypt traffic, based on tricking the access point.
  • Dictionary-building attack that, after analysis of about a day’s worth of traffic, allows real-time automated decryption of all traffic.

Our analysis suggests that all of these attacks are practical to mount using only inexpensive off-the-shelf equipment. We recommend that anyone using an 802.11 wireless network not rely on WEP for security, and employ other security measures to protect their wireless network.

Note that our attacks apply to both 40-bit and the so-called 128-bit versions of WEP equally well. They also apply to networks that use 802.11b standard (802.11b is an extension to 802.11 to support higher data rates; it leaves the WEP algorithm unchanged).

Moreover the document refers to only one particular router configuration. So if the consumer (who is unlikely to be so hardware configuration savvy) owns a different router model, he has to figure it out for himself of how to configure his router based on another router configuration.

So it has been known to be insecure starting 2001, and this is the advice going out to home owners from the ISPs. This is somewhat scary. When the agencies that are probably the most likely educators in the realm of security are themselves offering such solutions, implementing security is going to be indeed tough.

Suggestion : Can all the ISPs in India collectively get together and create a security related site, and list out the various configuration steps for all the major models being sold in India ? (and please hire a consultant who makes sure suggestions such as WEP aren’t made).

The original full document containing the suggestions can be found here.

java / programming / python / software14 Comments
25
Sep 08

Python from a Java perspective – Part 2 – How duck typing influences class design and design principles

Update: Modified the title to make it a little shorter.

This post talks about applying Open Closed Principle, Liskov’s Substitution Principle, Dependency Inversion Principle and Interface Segregation Principle in Python, coming from a Java programming background.

Background :
A few days ago I blogged about Commentary on Python from a Java programming perspective. In that post I avoided getting into the specific details with code snippets etc since I wanted to focus on how it feels.

One of the observations I made was that I thought coming from a Java background, that background helped me from a class design perspective. I ran into a couple of posts from the ObjectMentor blog, namely The Open-Closed Principle for Languages with Open Classes, and The Liskov Substitution Principle for “Duck-Typed” Languages. The gentleman behind ObjectMentor is Robert Martin, who wrote a number of articles in the mid 90s related to these design principles. (Links to PDF : Open Closed Principle, Liskov Substitution Principle, Dependency Inversion Principle and Interface Segregation Principle)

Sidebar : A Hat Tip to Robert Martin : Robert Martin used to contribute heavily to a number of newsgroups including comp.lang.c++ and comp.object in the early and mid 90s. I must confess a tremendous debt to him since my view of OO Design in those days was substantially influenced by his writings, and the design principles he talked about and later published as articles. These continue to guide my thinking about Object Oriented Design to this day. A hat tip to Robert Martin. He wouldn’t know me or recall me, but I used to participate in some threads occasionally, and read him regularly and that helped me tremendously learn so much about OOD and how to apply it in C++.

Having had applied these principles a countless number of times,in C++ and Java, I thought it would be an interesting exercise to document how class design changes even when the same underlying design principles are applied to a dynamic language (in this case – Python). The remainder of this post summarises the design principles and the examples that Robert Martin talked about in his articles, and how these get implemented perhaps a little differently when used in static typed (Java) and dynamically typed (Python) languages. His original source snippets in the C++ language can be found in the articles I have hyperlinked to earlier.

Open Closed Principle (OCP)

Software entities (classes, modules,functions etc.) should be open for extension but closed for modification

What this basically means is that the code you write should be in a manner where it does not need to be modified when you need to extend it – the design of the code should allow for the extension to be made by new code being added, not old code being modified.

In the example below Circle and Square are two Shapes which can be rendered. The design essentially sets out with an objective that it should be easy to add newer shapes (say triangles) without modifying existing code. Lets straight away get into the Java version of the code. 

public class Painter {

    public static void main(String[] args) {
        // We sould like the shapes to be drawn in the
        // order of the shape types as found in this list
        List classOrder = new LinkedList();
        classOrder.add(Square.class);
        classOrder.add(Circle.class);

        // The shapes
        List shapes = new LinkedList();
        shapes.add(new Circle(1,1,5));
        shapes.add(new Circle(3,3,7));
        shapes.add(new Square(2,4,3));
        shapes.add(new Square(4,2,4));

        Collections.sort(shapes, new ShapeComparator(classOrder));

        for (Shape shape : shapes)
        {
            shape.draw();
        }
    }
}

// This declaration defines the contract across shapes
public interface Shape {
    public void draw();
}

public class ShapeComparator implements Comparator {
    private List orderedClasses;
    public ShapeComparator(List orderedClasses) {
        this.orderedClasses = orderedClasses;
    }

    @Override
    public int compare(Shape s1, Shape s2) {
        return this.orderedClasses.indexOf(s1.getClass()) -
            this.orderedClasses.indexOf(s2.getClass()) ;
    }
}

public class Circle implements Shape {
    private int x;
    private int y;
    private int radius;

    public Circle(int x, int y, int radius) {
        super();
        this.x = x;
        this.y = y;
        this.radius = radius;
    }

    @Override
    public void draw() {
        System.out.println("Drawing Circle at (" +
                x + "," + y + ") with radius " + radius);
    }
}

public class Square implements Shape {
    private int x;
    private int y;
    private int width;

    public Square(int x, int y, int width) {
        super();
        this.x = x;
        this.y = y;
        this.width = width;
    }

    @Override
    public void draw() {
        System.out.println(
            "Drawing Square at (" + x + "," + y +
            ") with width " + width);
    }
}

The Painter class here defines the order in which the various shapes need to be rendered (classOrder), creates a list of all the shapes (shapes), sorts the shapes list using classOrder and then renders all the shapes.

The ShapeComparator is a class which implements the comparator interface for Shapes (public class ShapeComparator implements Comparator) and implements the compare method which compares two shape instances and decides the relative order between them.

The remainder of the code should be rather self explanatory.

So where is OCP being applied here ? For that you have to imagine a new shape, say a triangle now being introduced into the mix. In this case, Triangle would be a new class which would implement Shape. No existing line of code will change. However the Painter main method will now add the new class in the classOrder list in the appropriate place, and if you want to modify the order in which the types should be rendered, just modify their corresponding class placement in the classOrder list. The essential thing to be noted is that Shape, Circle, Square and ShapeComparator are all “open for extension but closed for modification.”

So what does the corresponding python code look like ?

# Look ma ! No Shape class
class Circle(object):
    def __init__(self,x,y,radius):
        self.x = x
        self.y = y
        self.radius = radius
    def draw(self):
        print "Drawing Circle at (%s,%s) with radius %s" % \
                (self.x, self.y,self.radius)

class Square(object):
    def __init__(self,x,y,width):
        self.x = x
        self.y = y
        self.width = width
    def draw(self):
        print "Drawing Square at (%s,%s) with width %s" % \
            (self.x, self.y,self.width)

if __name__ == "__main__":
    order = [ Circle , Square] # the order in which to draw the shapes
    shapes = [Circle(1,1,5), Circle(3,3,7), \
                    Square(2,4,3), Square(4,2,4)]
    for shape in sorted(shapes,
            # Comparison function is embedded inline using a lambda
            lambda s1,s2 : order.index(type(s1)) \
                     - order.index(type(s2))):
        shape.draw()

What learnings can we get from this ?

The first most apparent difference is – No Shape Class. Where did it go ? Well, static typed languages use polymorphism as a powerful mechanism of extensibility. In other words, in many cases the extensions are likely to be newer derived types. Thus design the rest of your code to work on the base type and introduce the newer derived types later as required without having to necessarily change existing code. However static languages primarily depend upon inheritance as the vehicle for delivering polymorphism. Dynamic languages on the other hand depend upon duck typing. Duck typing supports polymorphism without using inheritance. In this context you need the same set of relevant methods to be implemented in each of the extension classes. The role of the abstract base class or interface as the one which specifies the contract / api has been made redundant. You can still choose to define a base class / interface if you want to, but you no longer have to.

Another thing to be noted is the way the comparator is implemented. While java required us to create a new one method class implementing a required interface, and then required us to instantiate the same and then trigger its functionality, python allowed us to implement it inline as a lambda. In a very different way this is OCP being applied (okay okay .. for those insisting on theoretical correctness thats not true .. but close enough) inside the language design itself. A function is an object in python, and a lambda is a special kind (not a subtype) of a function, and there are capabilities built into python to easily manipulate function objects / lambdas. The sorter method functionality was extended to allow custom comparators by specifying a particular evaluation expression as lambda. In java we actually had to implement the inheritance hierarchy ourselves before being able to leverage the extensibility in the list class for custom comparisons.

In the context of OCP, the learning is that dynamic type languages allow you to build extensibility by leveraging duck typing instead of type inheritance.

Dependency Inversion Principle (DIP)

  • High level modules should not depend upon low level modules. Both should depend upon abstractions.
  • Abstraction should not depend upon details, details should depend upon abstractions

To understand the principle, the reference point should be structured and modular programming scenarios prior to OO. If I wanted to book a tour, the tour booking function would in turn call functions to book a flight, book a car and book a hotel. All four function implementations would be in the parlance of the definition – “details”. And anytime you had to change the way any of them worked it would require a relatively high amount of effort to do the changes. If you applied DIP in such a scenario, you would perhaps have a function say TripBooker which would in turn call methods on other classes which implement the methods in an interface / abstract class to book a flight, car and a hotel. The actual detailed booking logic would now be implemented in another class. Thus TripBooker now depends upon an abstraction which specifies the contract, and it becomes much easier to change or plugin the concrete implementations.

As an aside I must note that I have found code which properly applies DIP creates enormous frustration amongst people coming from a procedural background and lesser oriented to this OO style when attempting to statically browse the source. (Java Eclipse users will understand the quote : “I was attempting to understand the logic. I did F3, F3, F3 and then I reached a interface.”, thats because attempting to decipher the logic invariably leads to an abstraction and the programmer has to now separately figure out which was the detailed implementation which would now get triggered). But thats a learning curve issue – not really an issue with DIP.

In the following example which is largely similar to (but not identical to) the example in Robert Martin’s article, we are having a Lamp with a button. All the class names from the example are retained. These are the two specific details – Lamp and ButtonImpl. The lamp has capabilities to turn on and off, but one would like to to move the exact mechanism of turning on and off (which might be hardware specific) into the detail but treat the ability to turn on and off as an abstraction (ButtonClient). Meanwhile buttons can have a variety of possible implementations one of which is ButtonImpl, which all share the essential characteristic that a button has one state with two possible values, can toggle between the states and have a reference to a ButtonClient to which they can communicate with.

Thus the model instead of having two details Lamp and ButtonImpl, with the details communicating with each other directly, one has the following design :

  • Detail Lamp implements (depends upon) abstraction ButtonClient
  • Detail ButtonImpl implements (depends upon) abstraction Button
  • Abstraction Button has a reference to (depends upon) abstraction ButtonClient

Here’s the code in Java.

public class ButtonHappy {
    public static void main(String[] args) {
        Button button = new ButtonImpl(new Lamp());
        button.toggle();
        button.toggle();
        button.toggle();
    }
}

public interface ButtonClient {
    public void on();
    public void off();
}

public class Lamp implements ButtonClient {
    @Override
    public void off() {
        System.out.println("Lamp turned off");
    }   

    @Override
    public void on() {
        System.out.println("Lamp turned on");
    }
}

public abstract class Button {
    private ButtonClient client;
    public Button(ButtonClient client){
        this.client = client;
    }
    public void toggle(){
        boolean newstatus = ! getStatus();
        if (newstatus) client.on();
        else client.off();
        setStatus(newstatus);
    }
    public abstract boolean getStatus();
    public abstract void setStatus(boolean status);
}

public class ButtonImpl extends Button {
    private boolean status;

    public ButtonImpl(ButtonClient client) {
        super(client);
    }   

    @Override
    public boolean getStatus() {
        return status;
    }   

    @Override
    public void setStatus(boolean status) {
        this.status = status;
    }
}

There’s probably no additional explanation required, so here’s the equivalent implementation in python.

class Lamp(object):
    def on(self):
        print 'Lamp turned on'
    def off(self):
        print 'Lamp turned off'

class Button(object):
    def __init__(self,client):
        self.client = client
    def toggle(self):
        status = self.get_status()
        if self.status : self.client.on()
        else: self.client.off()
        self.set_status(not status)

class ButtonImpl(Button):
    def __init__(self,client):
        self.status = False
        super(ButtonImpl,self).__init__(client)
    def get_status(self):
        return self.status
    def set_status(self,status):
        self.status = status

if __name__ == "__main__":
    btn = ButtonImpl(Lamp())
    btn.toggle()

    btn.toggle()
    btn.toggle()

We can again see here that one class that is missing but is no longer being missed ( ;) ) is ButtonClient and the reason is the same as in OCP – Duck Typing. In terms of the definition of DIP itself – abstractions no longer necessarily have to be implemented. They exist implicitly in the detail classes but are no longer explicitly documented.

Liskov Substitution Principle (LSP)

What is wanted here is something like the following substitution property:

If for each object o1of type S there is an object o2 of type T such that for all programs P defined in terms of T, the behavior of P is unchanged when o1 is substituted for o2 then S is a subtype of T.

Actually LSP is more of a test of whether two classes qualify to share an inheritance or is-a relationship, rather than a prescription for the design itself. In simple terms it sets out a requirement that if you define a new derived class, it should be possible to substitute an instance of a base class in a program (and though it doesn’t state it, an instance of a peer derived class ie a class in the same inheritance hierarchy) with an instance of a derived class without introducing any negative or unexpected side effects whatsoever. A rather simple example would be if we were to attempt to define a derived class of java.lang.String (say ConstrainedString) which now had an additional constraint (max characters – say 20 for a particular instance). To support this constraint a new runtime exception MaxLengthExceededException would need to be defined. It would have to be a runtime exception as you do not have the ability to add to the checked exceptions thrown by the java.lang.String class in ConstrainedString. Now programs that concatenated strings have no notion of having to react to a String overflow situation and this would create undesirable side effects in the program. Thus using LSP one could conclude that it would be incorrect to implement ConstrainedString as a derived class of java.lang.String.

I could not think of a good way of showing LSP in action in code since it is a test of candidate relationship and does not have any structural manifestation itself. However it is still a valid test to be applied in Dynamic Languages as well with one change as recommended in the post The Liskov Substitution Principle for “Duck-Typed” Languages .

What is wanted here is something like the following substitution property:

If for each object o1of type S there is an object o2 of type T such that for all programs P defined in terms of T, the behavior of P is unchanged when o1 is substituted for o2 then S is a subtype of substitutable for T.

Duck typing introduces looser coupling than inheritance but a coupling that has no static checks whatsoever. So the application of LSP in a designer’s mind is a little more interesting. Because the modified LSP is now a rather obvious statement which in loose term says “If A can be substituted by B without any side effects then A is substitutable by B”, on the face of things, it is no longer such a useful principle. But if you explore under the covers, the real interesting part has now shifted from “B is a subtype of A” to “If A can be substituted by B”. In static type languages, the places where A was being used was clearly known and easily searchable or navigable into from IDEs. Because this is now so much more difficult even though you are no longer explicitly attempting to apply LSP, you are on your toes the time far more often to avoid the situations that LSP was setup to warn you about.

A Sidebar : Refactorability : I received some interesting comments on my earlier post Commentary on Python from a Java programming perspective on this thread. My submission is that it requires you to come from a static typing background into a dynamic typing background to realise how much more difficult refactoring is. And the above mentioned implication of LSP in dynamic typing languages just goes out to demonstrate that there are indeed situations where the burden on you as a programmer / designer just went up due to the lack of explicit type information. This is but one of many aspect of many pros and cons between the two (static and dynamic typing) paradigms. To acknowledge it allows you to deal with it and work with it.

Interface Segregation Principle (ISP) :

Clients should not be forced to depend upon interfaces that they do not use

This is a little anticlimactic. The good news here is that thanks to duck typing, the client is actually now making the choice of what interface they choose to use. This is one principle that no longer needs to be explicitly applied. No more discussion required here.

Summary :
As we have seen duck typing does imply some changes to your class design. While the first three design principles continue to be relevant, their relevance is now a little different in your design process. It is important to be aware of these changes to adjust your design models in a more appropriate and idiomatic way. One would typically create lesser complex class hierarchies, especially with all the interfaces / pure abstract classes now no longer mandatory. Not only type information but even some of your abstractions are now less explicit.

blogging / software / web7 Comments
23
Sep 08

StackOverflow is SpiritUnderflow – A plea to not deprioritise content and spirit

I must confess back in the mid 90s I was an avid usenet user. Over the years I have watched the overall development community online interaction landscape changing (mailing lists, web based forums, blogs, wikis, blog aggregators, voting systems etc.). While each change seemed a little questionable at times, these have brought in a tremendous vibrancy in the developer interactions even though I still feel like composing a Usenet GaGa song (just like Freddie Mercury did the Radio Gaga thing). While I wondered as each change was introduced, what it implied, I never felt strongly enough about it to speak loudly. Till Now.

Take a look at stackoverflow. Its seems to be getting a tremendous developer community traction. I wish it the very best and believe it has been successful in many ways in being able to attract so much traffic. But as I move around it, I just feel a little odd. I also feel a little old perhaps. While the following may seem to be a rant it is not. I end the post with a suggestion which I suspect might be helpful to people who might be having similar opinions.

  1. Content gets deprioritised : Here is a list of things that appears in a bigger font than the main content / discussion itself.
    • Vote Up Arrow
    • Vote Down Arrow
    • Number of votes received
    • Asked When
    • How many people answered it
    • How many votes it received
    • How soon it was answered
    • When was it last updated
    • Advertisement blurb text

    Don’t get me wrong. Its not like I am against this information. But so much metadata about the question / answers and displayed so boldly ? I want to come into the site review some questions quickly, review their answers, maybe post a few questions or answers myself, and want to go back on do my work. So much additional information is quite distracting and imho leads to much more inefficient browsing sessions.

  2. Voting is too much in your face : I think voting is useful. Voting allows a democratic mechanism of content prioritisation. But this is way too much in the face. There’s no way I can focus on the content without getting distracted by the votes per answer. One of the limitations of voting is that there is no way to understand why someone liked or disliked your answer. Good old usenet or other non voting channels of communication forced everyone to chip in descriptively which made for a much richer content.
  3. Am I in an election ? Since voting has been made so prominent, try hard as you can it is difficult to get away from trying to find out how many votes your earlier responses got, and how many points you have accumulated. I suspect it also starts driving your behaviour somewhat (more on that later) in a narcissistic pattern which starts shifting your focus from communicating ideas to pitching self (its a subtle difference but a strong one nevertheless). I don’t mind pitching at all, in fact I do it in multiple places including in my blog. But pitching self can be too distracting when carried forward to every question and answer.
  4. Am I a pin up board ? Whats this thing with badges ? Thirty different types of them to be precise. This number is probably ten times what might be useful (Novice, Seasoned, Guru .. or something similar). Why am I even getting these ? And why does how many badges I have need to be carried around wherever my user id is shown. Again, these toys are taking us away from content.
  5. Where is the spirit ? The thing I find lacking the most is the “spirit” of discussion. Now I don’t particularly encourage the use of expletives or do it myself, but I can be exceptionally strong at times in my communication. Some discussions on usenet, online forums, blogs etc. get quite interesting not because of the content alone, but also because of the personalities behind the same. I do not generally see any strong language (not that I particularly regret it per se but its an indication of the lack of spirit). I would qualify most discussions I have browsed as quite good on content but extremely tepid in spirit. This could be due to the contributors keeping an eye on the number of votes their answers are getting (almost feels like a extremely busy place of worship at times instead of a noisy bazaar that I personally would so much want to look forward to).

So should we do away with all this stuff ? Absolutely Not. All I am requesting is that we maintain a sense of balance in prioritising the different aspects of online communication. While there are other of ways in which StackOverflow is superior, I am sure one of the sites it could look as a reference in the context of the points I mentioned above is reddit.com.

Reddit comments page has voting based prioritisation, karma points. But these are never in your face and they don’t overshadow the content. You can actually safely browse through the page and ignore these. There are no other distractions. On any particular topic, one can cover many many more opinions in reddit much faster than in stackoverflow, and in any given browsing session, one can cover many more pages / questions in reddit than one can in stackoverflow.

I suspect there is a good likelihood, my opinions are in the minority but a minority that is not miniscule in size. I am opening a request in stackoverflow uservoice. If you feel supportive of the thoughts expressed above, please support by voting for the request : Provide alternate skin / theme for content focused browsing.

java / php / programming / python / Uncategorized / web16 Comments
17
Sep 08

Commentary on Python from a Java programming perspective

After having worked with Java (and earlier C++) for a number of years, I have been working with Python for the last few months. Since I came to Python from Java, I thought it might be useful to share my experiences, which might be of interest to many programmers. This is not intended to be a language or feature comparison or something that contrasts the various advantages or disadvantages, but is intended to reflect on the softer aspects of how it feels to write Python programs. Hence I have refrained from including code snippets and other programming constructs in this post, but if you believe I am unclear in some of the comments I am making, do let me know and I shall be glad to update the post or write a new one as required.

Programming is Easier and Enjoyable

I think the most dominant impression from the last few months is that python does make programming feel a lot more easier and often more enjoyable. The feeling is not very different between riding a bicycle without gears then riding one with gears. In the latter case one just feels one can cover a lot more distance much more easily though any physicist will tell you the actual effort is not particularly different. It just feels like one has a much bigger toolbox (ie a wider assortment of tools) to work with and therefore the task seems simpler. Why do I think that way ? I believe the following features of python do help (in no particular order) :

  • Concise Coding style : The code typically is much more concise, with much lesser verbosity
  • Dynamic typing : You really do not need to worry about declaring data types and making sure the inheritance hierarchies especially for all the interfaces and implementations well laid out. The various objects do not even need to be in the same inheritance hierarchy – so long as they can respond to the method, you can call it. This is a double edge sword, but that doesn’t take away the fact that programming under dynamic types environment does seem a lot easier.
  • Easier runtime reflection : Java seems to have all the reflection capabilities but I think these are just way too painful to use as compared to python. In python the entire set of constructs (classes, sequences etc.) are available for easy reflection. In case you need to use metaprogramming constructs, python really rocks.
  • More built in language capabilities : Items such a list comprehensions, ability to deal with functions as first class objects etc. give you a broader vocabulary to work with.
  • Clean indentation requirement : It took me about 2-3 days to get over it but, it seems that python code is much easier to read since if you do not indent it correctly it will be rejected.

Need to spend time on understanding how to write code in Python

One of the statements I have heard in different contexts is that Java programmers when they start using python write it as if they are writing a java program using python syntax (unpythonic in python parlance). This actually took me a fair amount of time to understand. I did look at a lot of other python code to attempt to understand this in greater detail. I realised that python offers many more capabilities than java and that as a person who had written java code earlier, I was able to be immediately productive using the constructs in python which mapped onto the equivalent constructs in java easily. However it did take a long time to be able to start using the other constructs. One of the exercises that did help was to get away from the problem at hand and try to work on something entirely different (especially a program which had a strong algorithms element to it with complex data structures), and slowly review each line with how it might be better done in python.I realised it is easy to start coding in python but it takes some effort and time to start using the entire python toolbox effectively. While I reviewed other programs written in python, I did think there was one area where the prior exposure to java helped. Class design. I am not sure if this was an issue with the programs I read and thus there was an issue with the sample references I used. However while these helped me understand how to write code in python differently, I have a strong feeling that the programs I wrote were much stronger in terms of class design. There are many situations especially given the fact that python supports both function oriented programming and object oriented programming, where one wonders what is a better way to design the logic in a particular context. I thought it generally made sense to use proper class based design and use the functional constructs in situations which started getting a little loopy or algorithmic.

No Compile Cycle

Another thing I really enjoy about python is – no compile cycle (its implicit). So while in the middle of my editor, I could exit to the shell prompt, run the source immediately without trying to deal with an ant script in between which compiles java code and then recycles the web application. This has boosted my net productivity quite a bit.

Productivity

So are the statements that one can be 5 to 10 times more productive in python supported by my experience. While I haven’t gotten through the full life-cycle yet, prima facie I do believe 5 times does seem like a good number. However I would introduce the following caveats. It will not happen for your first project .. more like your second project onwards, primarily since it does require a lot of effort to start understand how to write pythonic code and that does take away a lot of those benefits initially. Secondly it does not factor in refactoring. Point refactoring is much much easier in python, but bulk refactoring is much much more difficult since automatic refactoring is tough. Thus when I am refactoring, I sometimes feel I was able to get it done faster in python, but in many other cases I thought I ended up taking a lot more time.

Switched to python completely ?

Not really. But I feel happy I have more options available to me. One thing that really sucks is the poor refactoring capabilities. This is unlikely to be an issue with python alone and is likely to be an issue with all dynamically typed languages. However if you want to use dynamic languages, be prepared to spend some more effort during refactoring since many of the automatic refactoring capabilities you may have gotten used to, may not be available. The other issue is performance. Java wins hands down on performance by a big margin. If I have to ever get back to another project where performance was particularly important and the primary constraint in performance was not network or disk IO but was likely to be the CPU, and it would be acceptable to substantially reduce development productivity in order to get the performance gains, I shall be found to be writing Java code for certain. The next project I work on, I am likely to “first” evaluate whether python fits the bill and switch to other languages if I do not find it appropriate enough.

hardware and networking3 Comments
17
Sep 08

Should Wifi routers be required to mandate strong authentication

An interesting technology related issue has cropped up in India recently especially in the context of what is being suggested as apparent misuse of unsecured WiFi networks by terrorists.

To sum up, there seems to be some evidence linking the usage of unsecured WiFi networks by terrorists. This has led to a situation where Telecom Regulatory Authority of India (TRAI) seems to be requiring that all Wireless Networks be made secure and is directing the Internet Service Providers to ensure the same for all such networks connected to the internet. The ISPs claim (quite reasonably in my opinion) that they are unable to be able to ensure the same since people may connect up PCs from their home via WiFi routers and that they cannot monitor the status of such routers which are under the control of the respective families. More information on this issue here : TRAI plans to prevent WiFi abuse. There is also a thought to declare all unsecured networks are illegal which IMHO places a tremendous burden on families especially those who may not be as computer savvy.

There clearly are competing interests here :

(a) The government needs to ensure that all internet traffic is traceable. There might be a whole number of privacy concerns here but these are perhaps not relevant in this context, since there already seems to be a sufficient infrastructure to trace traffic to the IP addresses, what seems to be missing here is the traceability into the using party given the fact that anyone can apparently easily use a unsecure wireless network connected to the net.
(b) Many families may have installed such WiFi routers for convenient access to the net from their homes. They may not be particularly educated in all cases sufficiently to know and understand the necessity of and how to secure their domestic WiFi networks. Besides declaring unsecure networks as illegal may make it mandatory to require every family sufficient education on how to secure the network. (The current proposal seems to be putting this onus onto the ISPs)

While the following suggestion is unlikely to help the currently installed base of WiFi routers, here’s a thought. Can we not require and mandate that each such WiFi device require some minimum form of reasonably strong password verification before allowing WiFi based routing (ie. one can connect to the device to set the password in the first place), and manufacture this requirement into the firmware of each device (ie. there should be no reasonable way to bypass it). In other words, such devices will implicitly disallow any WiFi based networking except between a PC the router itself when no password has been set (The connection needs to be allowed so that the password could be set to some basic minimum required strength). It could then perhaps makes sense to declare devices which do not conform to these norms as not valid under the law. Moreover It is likely that current WiFi router providers could be required to issue a firmware upgrade for their existing models where such upgrades are feasible.

Its an interesting situation where common good needs to be balanced with that of individuals. This is probably not the only solution. Maybe such Wifi devices already exist and I simply haven’t been following the space adequately enough. I am also certain that strong password authentication is only a start and possibly there are other measures to secure the networks further .. but at least its a start which is unlikely to be controversial either from a user’s or vendor’s perspective. Maybe there are other solutions. While the issue is currently being debated in India, its probably relevant to all the corners of the globe. Any thoughts ?

software / web4 Comments
3
Sep 08

Is google chrome under / partially reporting RAM usage ?

Google Chrome memory utilisation

Google Chrome memory utilisation




You can see both the windows task manager and the google chrome task manager. Google chrome seems to be consistently under reporting the memory utilisation. Is there something more than meets the eye (at least mine) or is there some part of the memory which Windows Task Manager reports (eg. that used by the kernel on behalf of the user process) but google chrome doesn’t or is it Windows over reporting memory usage ? Note : I captured the snapshot after pausing for some time to allow the memory reporting to catch up in both the tools.

Any thoughts or conjectures ?

PS: Sorry the rows are not in the same order in the two tables .. so you might have to mentally sort them to figure out the matching ones.

Update :Just realised that since the overall browser memory utilisation is now captured and shown separately from that of a particular page, it just makes measuring memory utilisation of a particular web page so much more accurate and easier. I wonder how long before the following things happen :

  • Architects / Leads start laying down “thou’s web page shalt not consume more than ## kBs in Google chrome” to the developers
  • My favourite web page is better than yours since it consumes lesser memory (and I have the snapshot to prove it)