How to care for an URI and feed it?

I am developing an application, which needs to be aware of the concept of URI. A quick Google search yielded the following URLs:

  1. What’s a URI?
  2. MonkeyX’s Hairy Thoughts about semantic Webs

What I really would like to:

  1. Find how to specify a section inside a file, in terms of offset relative to beginning and length.
  2. Locate a Python module, which knows to do everything a mortal needs to do with URIs.

Accessibility of disability related Web sites

I am active in the “Accessible Community” project in Petah Tikva.
This project is part of an effort made in several Israeli cities to improve the quality of life experienced by people with disabilities.

Today there was a meeting of representatives of the “Accessible Community” project from several cities. Among other things, two Web sites were announced:

  1. http://www.kn1.org.il/
  2. http://www.matnachim.org.il/

Of course, I asked about accessibility of those Web sites to non-IE browsers. Both announcers of the Web sites claimed that their Web sites are accessible to everyone.

After returning home, I surfed into those Web sites using Mozilla. I found that the first Web site has a problem of text layout, which causes some frames to overlap. The links, which I checked, did work. With the second Web site I saw no problems in my limited testing. I cannot finish this journal entry without an amusing anecdote. I schlepped a woman, who walks on crutches, to the meeting and back to her home. The woman is very active in the campaign against non-disabled people parking at spaces reserved to people with disabilities. Near her home there is a parking reserved for the car of another disabled person, and it was empty when I arrived there. I stopped my car in the reserved parking place to let the woman go out and then exclaimed “Oh, I am occupying a disabled parking!”. She LOL and almost ROTFLed.

Proposed new terminology: bound platform vs. free platform

When you want to develop software, and choose a platform on which the software is to be run, you have two choices, as follows.

Bound Platform
Your software must run on the same platform as some existing software. You are constrained also in the choice of computer language to be used and the SDK.
Free Platform
Your software will run on its own hardware, with no need to share hardware with any existing software. So you are free to choose whatever hardware&software combination that is convenient for you. You are free to choose OS, computer language and SDK.

Today, my default choice for Free Platform is LAMP (where P stands for Python). If I ever need to develop a very secure solution, I’d look into OAMP (where O stands for OpenBSD). In the future I hope to be able to upgrade to LAMS (where S stands for Scheme).

About the proper way to deal with writers of computer virii and worms

Steven Landsburg proposes to execute writers of computer virii and worms. This is just an extreme expression of the general sentiment that threats to punish writers of computer virii and worms are an adequate way to plug security vulnerabilities, which allow those virii and worms to propagate.

My thesis is that this sentiment is wrong. It is horribly wrong.

When a burglar picks a lock and enters into a building without permission, he is punished (if caught). This is reasonable, because a burglar cannot pick more than one lock at the same time. Any damage he may be doing at a moment of time is limited to a single site. Besides, high quality locks are very expensive.

However, when there is a vulnerability in a software package in widespread use, a cracker has the power to pick the equivalent of one million locks at the same time, by writing a worm which exploits this vulnerability.

If we do not require the software writers to fix this vulnerability promptly by assigning to them responsibility for worm damage, then several installations are at risk. The risk is not only due to crackers. It is theoretically possible, even if rather improbable, for a PC to create automatically self-propagating software by corrupting existing software due, for example, to noise, soft errors (due to overclocking or overheating) or disk crashes.

Besides, the cost of deploying patches which fix the vulnerability, once it is discovered, is very low – unlike the cost of replacing a broken door lock.

Another analogy. Let’s say that a certain bridge was designed and built. The bridge can carry its designed load of pedestrians, cars and trucks as long as they pass on the road passing through it. But an hammer tap on the side would cause the bridge to immediately collapse. Obviously, the bridge designers did not do their job properly. Should we treat as criminal someone, who waits until the night (when there is no transportation on the bridge) and taps on the bridge’s side to trigger its collapse? Probably not, because he is saving us from false reliance upon a bridge, which might suddenly collapse if a strong wind threw a stone at its side.

Yet why do we treat as criminals crackers, who exploit vulnerabilities of widely used software to spread worms, whose payload has only nuisance value? Especially when the software vendor/s in question are not prompt in fixing the vulnerability in question.

35 years with computers

Jakob Nielsen’s Thirty years with computers reminded me that I am about two months shy of my 35th anniversary of computer usage.

My first computer was the CDC 6400, which served the computing needs of the Hebrew University in Jerusalem, Israel. The computer had a lot of magnetic core memory – 32K 60-bit words. That is 240K bytes (or 320K characters, as CDC 6400 represented each character in 6 bits). I communicated with it by means of punched cards, which spoke FORTRAN IV. It communicated with me by means of printouts, for which I had to wait an hour after submitting my punched cards.

The thing which I remember most from that time was the extremely limited power of the programming tools then available. It happened sometimes that I wanted to do something, but the language or the libraries just did not have the requisite feature to support what I wanted to do. Today, almost all languages and libraries are complete in this way.

My vision for year 2039 (that’s 35 years from now) is that the languages, to be used for communication between humans and computers, will be much more powerful. They will make huge strides toward the Software Engineering ideal of having a small change in specs always translate into a small change in the source code of the actual software. Any case, in which a small change in specs yields a big change in the final software’s source code, will be a major news item, a reason to invent a yet more powerful computer language, and lots of rejoicing by bored software developers and language lawyers.

Why is XML much more popular than LISP and Scheme?

As I read Extensible Programming for the 21st Century, I pondered the secret of success of XML. In a way, I am already using XML software (glade, the GUI editing tool, saves the edited GUI description in a XML file, which can later be read by a Python library and used to construct the GUI for a script).

After all, it can be considered to be just another syntactic representation of LISP or Scheme. For example, the transformation between
(+ 1 2)
and

<paren>
   <token name="+"/>
   <token name="1"/>
   <token name="2"/>
</paren>

is trivial.

My guess is that XML succeeds because it allows the developer to add types to S expressions and to constrain them and their contents. This is like imposing hard-typedness on variables and/or their values in a conventional programming language. XML works because the developer can give different names to his expressions besides the equivalent of naming every tag <paren>.

As a proof of concept, it may be a good idea to develop a XML representation of a script in a popular scripting language (such as Python), along with code for transforming the script between its language and the language’s XML representation.

Advice to platform developers

If you are developing a platform or framework or hardware or OS and want other people to develop applications on top of your creation, then the following will make it easier for them and save you from being cursed by your developers:

  1. Ability to script all steps involved in building software.
  2. Ability to run script-based regression testing.
  3. Make your source code available to the developers, so that they can fix bugs which kill their applications, work around annoying limitations which you did not realize, and in general avoid the Stallman’s Printer Driver syndrome.
  4. Make it possible for people with limited budgets to participate in the party, because cool ideas and money do not necessarily go together.
  5. Build in logging and debug support.
  6. Training for developers – courses.
  7. Mailing lists and Web forums for your developers.
  8. Excellent documentation, with several examples, is mandatory!
  9. Mechanism for reporting runtime failures. Due to psychological reasons, it must be as easy and pleasant as possible for software developers to activate it in their software.

The above checklist was put together at November 2001 after having using few platforms for developing cellular applications, which drove me crazy by their utter failure to follow the above principles. I won’t mention names here but my resume is available in my Web site…

Should test cases of GPLed software be under GPL as well?

Pros:

  1. By definition, source code is the form of software, which is easiest to modify. The actual executable is created from it by an automatic build process, which may include compilation and linking. If you modify a complicated piece of software, you want to make sure that your modifications broke nothing. To do this efficiently, you need test cases.
  2. If your modifications are not generally useful, owners of secret test cases won’t test your modifications. The same applies if you were forced to fork the software package in question.

Cons:

  1. RMS didn’t require this so far. RMS’ printer driver problem can be solved without test cases. This has not been a requirement so far.
  2. Some test cases may embody proprietary software usage scenarios, and releasing them to the world, as required by GPL, would reveal too much of the company’s trade secrets.
  3. When you add your modifications to a GPLed software package, users with secret test scenarios will test your modifications, if they are useful for them. If your modifications break the software, they will fix them and you’ll get back their fixes thanks to the GPL.

At any case, there is a case for strong recommendation that test cases be constructed for GPLed software, and that they be released together with it and under the same license (GPL or LGPL).