Let *Me* Decide What A Good Password Is!

/ joeygibson / 6 Comments

I have had it with web sites that won’t let me put really secure passwords on my accounts. What do I mean by that? I mean sites that won’t allow anything other than letters and numbers in a password. WTF? I have a whole keyboard full of lovely glyphs to choose from; why limit me to 52 letters (upper and lower, assuming the developers are smart enough to know the difference) and ten digits?

By placing non-alphanumeric characters in a password, I am making it much harder to guess or crack. Yet there is a corps of web developers out there who force me to choose less secure passwords, because they won’t let me put punctuation in them. Why they do this, I can’t say. There is not a single compelling reason to exclude punctuation from passwords. Not one. I challenge any of you to give me a good reason for this restriction. In fact, it’s more work for the developers to check for these “offending” characters and scold the user for daring to use them! I’ve been stewing about this for a while, but this morning when I tried to setup an account at podiobooks.com and was told my password was not good enough for them, it sent me over the edge.

So, tech managers, here are your marching orders: Look at your site(s). If you have a restriction on what characters can go in a password, figure out which of your developers wrote that code, and fire them. Then, have someone else rewrite that bit of code the right way.

The Case Of the Too-Hot Transformer

/ joeygibson / 1 Comment

Picture it. Friday night. 22:45. Outside Atlanta, GA. Cold. The wife and I were watching the final episodes of Season One of Burn Notice. Killer show. From the other room came a howl of consternation. Thomas gave it to me straight, “Dad! Can you check our Internet connection? Every website I try to visit gives me an error!” Once the episode ended, I went to work on the problem.

I checked the computer and, sure enough, it wasn’t connecting to the Internet. I then tried to ping one of the computers on the local network and it wasn’t responding, either. I checked the downstairs router and rebooted it, just to be sure. It came back up, but I still couldn’t get through it. I also couldn’t get my iPhone to connect to the router’s WiFi. 

I then headed upstairs to the data center. Actually, it’s my office, but there are a bunch of computers in there. I walked in and immediately noticed that the router (a SonicWall TZ 170) was off. Not good. I unplugged it and plugged it back in. Still bupkus. I then unplugged it and pulled the whole power cord and that’s when I felt it. The transformer in the middle of the cord was hot. I don’t mean slightly warm or somewhat heated. I mean hot as in, “Holy crap! That thing is hot!” 

The quest, then, was to find a replacement power supply amongst the boxes and boxes (and boxes) of old computer stuff that I keep for just such an occasion. I found one that fit and plugged it in. Some of the lights came on, but not all. I unplugged it and reread the label. Oops. The voltage was twice as high as it should have been. I continued looking through my boxes of computer cables and found another with the right size plug and the right voltage and amperage. I plugged it into the router, and up it came. And my wife thought there was no good reason to keep all that junk around. 

So why did the power supply fail/almost melt? I don’t know. It has been running 24/7 since 2004, but I would have expected it to last a bit longer. Oh well, it’s fixed now.

iPhone OS 2.2 – Meh, So Far

/ joeygibson

I happened to be up and working for the man at 2:00 this morning when I saw a note on Twitter saying that Apple had released version 2.2 of the iPhone OS. Being the fanboy that I am, I immediately started the update process. The whole thing, from first click to iPhone ready-to-use, took about 15 minutes. Not bad, and certainly better than some previous upgrades.

Engadget has a rundown of the new features. One of the biggest additions is Google Street View, which lets you see street-level views while working through driving directions. You can also get walking directions from the Maps app, but since I never walk anywhere, that doesn’t really help me. The rearranging of the URL bar and Google box in Safari is another. You can also download podcasts over the air, but I use my 60 GB iPod for podcast listening, so this feature doesn’t do anything for me, either.

Basically, I’m just hoping that they’ve squashed bugs and made the OS more stable. I love my iPhone, but it does have its problems. I don’t know about everyone else, but I have to reboot my phone about once a week to keep it responsive. I know it’s time to reboot when I’m typing on the keyboard and I’m about 6 letters ahead of what’s shown up.

Oh yeah, Steve has still not decided that we’re worthy of copy & paste. Even though about 99% of iPhone customers are begging for C&P, it’s almost like Steve is keeping C&P away from us out of spite. Maybe in 3.0…

I Found My .emacs File! w00t!

/ joeygibson / 1 Comment

As I lamented yesterday, I had lost my .emacs file. I searched all my computers that I thought I’d ever run Emacs on, but couldn’t find it. Then a few minutes ago, I checked my iBook G4, knowing there was no chance of a copy being there, but checking just for completeness. But there was a copy there! O joy! My .emacs and I are reunited at last. What’s funny about this is that I honestly don’t remember ever running Emacs on this laptop, it being such a puny little machine. To safeguard against losing this file again, I have now copied it to every machine I ever use, even if that machine doesn’t have Emacs installed.

OH NOES! I’ve Lost My .emacs File!

/ joeygibson / 2 Comments

I was first exposed to Emacs back in 1991. It took me a while to warm up to it, but I did and I have been using it ever since. Once I started using it on a regular basis, I started customizing it. You can write modules and such for it, but for simple customizations, you can just put them in a hidden file called .emacs in your home directory. As time passed, I would add various changes to my .emacs file, adding convenience functions in Lisp and other bits to make me more productive. As I changed jobs and changed computers, I always made a point of taking this file with me so I’d always have it.

When I switched from Windows to OSX in November of 2006, I didn’t immediately need Emacs, so I didn’t think to copy my .emacs file over. And once I didn’t need the Windows machine any more, I put Linux on it and turned it into a server. But guess what I forgot to do. Yep, I forgot to copy my .emacs someplace safe. I hadn’t noticed it was missing until today. I need to run Emacs for something and when I went to make a change to my .emacs file, that’s when I realized it was missing. I checked my backup drive, which has a bunch of stuff off that old PC, but my .emacs file was nowhere to be found.

Even though I haven’t used Emacs in a while, I need to now, and having that file sure would be nice. But even if I didn’t need to use Emacs right now, I’m still a bit sad to see the file go, since I carted it around for so long. Keeping one file with you for 15 years is quite a long time, wouldn’t you agree?

Grails Podcast Mentions My Closure Post

/ joeygibson / 1 Comment

Like other bloggers with an ego, I have Google Alerts set up to let me know when someone mentions me or my blog anywhere that Google knows about. I got an alert yesterday letting me know that I’d been mentioned on the latest episode of the Grails Podcast. How cool is that? Specifically, they mentioned my [cref groovy-sql-closure-examples Groovy Sql Closure Examples] post. Thanks, Glen and Sven, for the podcast love. 🙂

I’ve been spending some time with Grails latest and have been really impressed with it. I spent a couple of hours on Saturday playing with it, seeing how much of my Rails knowledge was applicable to Grails. Quite a bit of it, actually. I really like what I’ve seen of Grails, so far. I’d probably have to use it on a real project to really get a feel for it, but it looks like it would be a nice environment to work in.

Reading the Dictionary Is Fun

/ joeygibson / 5 Comments

While waiting for my lunch to cook today, I picked up my son’s Oxford Desk Dictionary to look up a word. I had the word “fop” in my head, and I wanted to make certain that I was correct in what I thought it meant. I was correct that it means a dandy, or an “affectedly elegant or fashionable man.” But that’s not where the fun came in. I happened to flip a few more pages, and I ended up learning two new words: funambulist and funicular.

The first, funambulist (fyu-NAM-byu-list), is another words for tightrope walker. The Oxford dictionary didn’t give any etymological info, but the American Heritage dictionary said it comes from Latin. fūnis, which means “rope,” and ambulāre, which means “to walk.” This word kind of reminds me of “pugilist” which is an old word for a boxer, and pugilism, which is another word for boxing. While you do still occasionally hear pugilist or pugilism, I’ve never heard a tightrope walker referred to as a funambulist.

The second word, funicular (fyu-NIC-yu-ler), means “(of a railway, esp. on a mountainside) operating by cable with ascending and descending cars counterbalanced.” I would never have guessed that’s what it meant if I had just seen it written somewhere. It sounds like something related to a funeral, to me. Now that I know what it means, I can describe the cable cars running to the top of Stone Mountain as a funicular cable car system. Neat, huh?

Will I ever use either of these words in normal conversation or writing? Probably not, but I don’t believe that learning is ever a wasted endeavor. Of course, if I ever get on Jeopardy!, they might come in handy.

 

Greek and Spanish Simultaneously: Is It Possible?

/ joeygibson / 3 Comments

Around April in 2006, I started learning Greek, because I wanted to be able to read the source materials of the New Testament (notice I didn’t say the “original” Greek). I worked on this pretty steadily until late 2007. At that point, I put Greek on hold in order to study Spanish with my son. I have continued to take my Greek bibles to church, but my skills have already begun to fade. I’m having to look up way too many things as I read, which makes it less than fun.

So, I need to go back and refresh the Greek, but I don’t want to abandon the Spanish. I’ve made really good progress in Spanish, and I’d hate to lose that progress. What I’m wondering, then, is if it’s possible for me to study both Greek and Spanish, at the same time? I think I can do it. I already spend around an hour at my computer every morning before I start work, so I could easily replace part of that time with Greek practice. I could then work on my Spanish in the afternoon, and in the car (I’m a subscriber to Coffee Break Spanish). Has anyone else attempted to learn two languages at the same time? Do seminary students learn Greek and Hebrew at the same time, or do they learn them sequentially?

I’m going to give it a go.

Wish me luck.

Dear Apple: Some Java Love, Please?

/ joeygibson / 21 Comments

I love your machines. Truly, I do. Back in 1988 I bought a toaster-model Mac SE, with one megabyte of RAM, and I loved it. It only had a nine inch, black-and-white screen, and I loved it. For various reasons, I sort of lost the love for a while, until 2006. I acquired an iBook G4 in a hardware trade with a friend and I quickly became hooked on the sweet goodness that is OSX. That was in August, 2006. Two months later I bought a Mac Pro, which I love so much I sometimes feel the need to kiss it goodnight.

But there’s one thing about the Mac that bothers me: lousy Java support. Sun handles JDK releases for Windows and Sun machines and every Linux system on the planet. Yet, for some inscrutable reason, you have decided to handle Java for OSX yourself. And, not to be rude, but I just have to say that you suck at maintaining Java for the Mac!!! Let me ‘splain.

Sun released the first version of Java 6 for Windows, Linux and Solaris in December 2006. Two days ago, Sun released the tenth update for Java 6, again for Windows, Linux and Solaris. On September 24, 2008, you guys released Java 6_07, which was nice to finally get it, but it’s only for Leopard systems and it’s only for 64bit machines. My Mac Pro is 64bit and Leopard, but my iBook is 32bit and can’t run Leopard. And what about the tons of other developers out there who don’t meet these requirements? I can’t think of a good reason you have restricted Java 6 in this way, but I can think of a few bad reasons. Probably the easiest to come up with is that you’re trying to force Java developers to buy more expensive Apple machines.

What’s really funny about the crappy state of Java on the Mac is comments from Sir Steve himself, several years ago. I was at JavaOne in 2000. Sir Steve was the Mystery Date™ for the keynote speech on Day One of the conference. His Steveness trots on stage, clad all in black, and proclaims that he was going to make the Mac the ultimate platform for Java developers. Apple would be bundling Java 2 SE with OSX. And the crowd went wild. And he did make the Mac a great Java development platform. For a while. I can’t tell you how many conferences I went to after that, Java conferences, where the majority of developers were toting Mac laptops around. 

But then you started falling behind with the releases. And then you started restricting which of your users were worthy of getting updates. What gives, Apple? If Sun can release timely versions of Java that run on a ton of disparate systems, why can’t you release timely versions that run across your own hardware family? It’s absurd that you are only supporting 64bit Leopard system for the latest versions of Java, and even then you make us wait forever. 

So, how can we fix this? I think you should go back to Sun and say something like,

I’m sorry, Sun. We like to meticulously control everything, but in this case, that desire has caused us to hose down our customers. They’re not happy, and we can’t figure out a good way to appease them. Please, Sun, would you take over maintenance of the JDK/JRE for OSX? We’d really appreciate it.

Or something like that. Something needs to happen soon. Although the lastest version sounds like just another update to Java6, there are actually lots of new features that are going to really improve Java. Except those of us on the Mac have to wait for some unknown amount of time before you guys release your own version. And if we’re not 64bit Leopard, we’re screwed.

Please, Apple, help us out with some timely Java love, OK?

Sincerely,

Joey Gibson

Groovy Sql Closure Examples

/ joeygibson / 6 Comments

My [cref why-i-love-closures post about closures] last week generated quite a bit of traffic and comments, both positive and negative. I decided to followup on that post with a few examples of how to add a method that I believe is missing from Groovy’s Sql class that will execute a closure, and will guarantee that the connection gets closed, no matter the outcome of the closure’s contents.

I’m going to discuss three ways to add a method that does what we want:

  1. Wrap the existing class
  2. Modify the MetaClass of the existing class
  3. Use a Category

All three of these are extremely simple. I think it mostly comes down to preference as to which one you might want to use. Before we get started, let me say that Groovy is optionally-typed. What this means is that you don’t have to declare variable types if you don’t want to. I like not having to declare variable types, so I have not done so in any of these example. You might hate that, and think it sloppy/heretical/evil. If so, and you choose to use any of the code I present, feel free to declare your variable types. So, with that out of the way, let’s start with the wrapping approach.

Wrap the existing class

First, we’ll create a class called ISql that wraps an instance of Sql.

import groovy.sql.Sql

public class ISql
{
   public static newInstance(url, user, pass, driver, closure)
   {
     def con

     try
     {
       con = Sql.newInstance(url, user, pass, driver)

       if (closure)
       {
         closure.call(con)
       }
     }
     finally
     {
       con.close()
     }
   }
}

You can see that we’ve got a class with a single static method called newInstance, to mimic the standard way of creating a Sql instance. It takes the same four arguments that the Sql class does, but it takes one extra argument: a Closure. All this method does is create an instance of Sql, executes the closure, passing in the Sql instance, and then ensures that the connection gets closed, through the call to con.close() in the finally block. To use this class, you can do this

ISql.newInstance(url, user, pass, driver) {con ->
  con.eachRow("select * from Foo") {row ->
    println "ID: $row.id"
  }
}

In this test, we call our special newInstance method, passing in the connection parameters, and then tacking on a closure at the end. Inside the closure, we get access to the connection through the con variable, and then we can do anything we would normally do with a Sql connection. In this case, we execute a query and print the value of each row’s Id column. Nothing too exciting, but it works. No matter what happens inside those closures, the connection is guaranteed to be closed at the end. 

Modify the MetaClass of the existing class

The second way to do this is to add a method to Groovy’s built-in Sql class by modifying its MetaClass. Here’s the code to do that:

Sql.metaClass.static.newInstance << {url, user, pass, driver, closure ->
  def con

  try
  {
    con = Sql.newInstance(url, user, pass, driver)

    if (closure)
    {
      closure.call(con)
    }
  }
  finally
  {
    con.close()
  }
}

Everything after line three is exactly like what we did in the wrapping approach. The magic occurs in line one. In that line, we get the Sql class’ MetaClass, and then grab the static property of the MetaClass. We then add another method called newInstance by using the << operator to append a closure taking the right number of arguments. To call it, we have code that looks almost identical to our last example, but instead of using the ISql class, we’re using Groovy’s built-in Sql class with our special method included.

Sql.newInstance(url, user, pass, driver) {con -&gt;
  con.eachRow(&quot;select * from Foo&quot;) {row -&gt;
    println &quot;ID: $row.id&quot;
  }
}

You can see that with the exception of the missing ‘I’, the code is exactly the same.

Use a Category

Groovy also provides something called Categories that allow you to add methods to existing classes, but they are only usable while the Category is in use. It’s somewhat confusing, and is my least favorite approach, but here’s how it works. You create a class with a static method taking the arguments you want to pass, plus an extra argument, usually called “self”, that will get passed the thing on which you’re calling this method. This special required argument must be the first in the list. Here’s our category called SqlHelper

import groovy.sql.Sql

public class SqlHelper
{
  def static newInstance(self, url, user, pass, driver, closure)
  {
    def con

    try
    {
      con = Sql.newInstance(url, user, pass, driver)

      if (closure)
      {
        closure.call(con)
      }
    }
    finally
    {
      con.close()
    }     
  }
}

Notice that the first parameter to newInstance is that special “self” variable. If you don’t include that argument in the method declaration, calling the method won’t work. I should add that you don’t actually pass any argument for “self” yourself when calling the method. This is handled by Groovy, in much the same way Python programs stuff values into a method’s “self” argument. So, to use the category, you have to wrap your operation in a “use” block

use(SqlHelper)
{
  Sql.newInstance(url, user, pass, driver) {con -&gt;
    con.eachRow(&quot;select * from Foo&quot;) {row -&gt;
      println &quot;ID: $row.id&quot;
    }
  }
}

Here, we declare that we want to use SqlHelper by using a “use” block that contains the category in parentheses. Within the curly brackets of the use (also a closure), Groovy will see our call to newInstance on the Sql class, and will figure out that we want to use the one in the category. It will then call that method, passing the Sql class as the self parameter, and all our other arguments as you would expect. With the exception of having to use the “use” block, this code looks just like the second example.

When Something Goes Wrong

I said that in each case, no matter what happens in the closure, the connection was guaranteed to get closed. Someone commented on the last post that he was concerned that the use of closures would somehow obscure where the problem occurred. It doesn’t. You still get the line number of where things went pear-shaped. For example, 

try
{
  ISql.newInstance(url, user, pass, driver) {con -&gt;
    con.eachRow(&quot;select * from boingo&quot;) {row -&gt;
      println &quot;ID: $row.id&quot;
    }
  }
}
catch (Exception e)
{
  e.printStackTrace()
}

In this case, there is no table called “boingo,” and so when I execute this code I get an exception thrown, and from the stack trace, I can see where the problem occurred:

java.sql.SQLException: Invalid object name 'boingo'.
  ...
  at groovy.sql.Sql.eachRow(Sql.java:559)
  at groovy.sql.Sql.eachRow(Sql.java:541)
  ...
  at ISqlTest$_testBadness_closure2.doCall(ISqlTest.groovy:38)

I cut some of the stack dump out for brevity, but you can see that it was a java.sql.SQLException that was thrown, and it references line 38 in the code. That just as much information as you’d get from straight Java in this case, so you should be able to diagnose the problem.

Other Approaches

I should add that you should be able to subclass the Sql class, adding a static method called newInstance that accepts a closure in addition to the four connection arguments. I tried that, but it didn’t work. Actually, it partially worked. The newInstance method I added worked like a champ, but the original newInstance method was no longer visible. I don’t know why, but that’s the behavior I was seeing. It might just be that I’m not familiar enough with Groovy, but I couldn’t get it to work. If anyone knows why, let me know.

To Sum Up

So, those are three ways to add a closure-with-guaranteed-connection-closing method to Groovy. Which of these approaches should you use? Personally, I prefer the second way, adding a method to Sql through its metaclass, but it really comes down to preference. Whichever way you choose should be documented so your teammates understand what’s going on.

I hope that someone on the Groovy team will realize that they left this functionality out of the previous versions and decide to add it for a future version. It really strikes me as odd that this is not in there already, since it seems to fit so well with the language. The fact that various methods inside the Sql class take closures, but not the construction method, makes me think it was just an oversight.