Insignificant Bits

This is the worst piece of writing I’ve ever seen in Scientific American. I can only hope it was edited into oblivion, or else Julie Ryan is unqualified to have written her book on infosec. On the techniques for system penetration:

...the UU [unauthorized user] must first learn what kind of system the target is and what the system can do. A proficient UU can do this remotely by utilizing a hypertext transfer protocol (http) that gains World Wide Web access. Web pages usually record the browser being used. The UU could write a program that takes advantage of this procedure, making the Web page ask for even more information. With this knowledge in hand, the UU then writes a program that circumvents the protections in place in the system.

Uhh, what? If only we didn’t have so many hypertext transfer protocols, and if the Web page couldn’t be tricked to ask for so much browser information from us, we could stop this line of attack!

Here is what Java really lacks: a shell.

Bear with me on this one. I’m not talking about something to replace bash in day to day work. But there needs to be a way to get java applications up and running with less work. Practically every time I have to run a standalone java application, step one is grepping through several directories of jars to find the ones with the magic name that satisfy runtime requirements (and hope that each jar thus found represents an implementation and not a set of interfaces). Step two is writing a shell script that creates a huge classpath of said jars, then has a command line like java -cp $STUPID_CLASSPATH org.foo.some.really.long.path.to.the.ClassToRun. These command lines have to die. I can’t believe this language has been around for 8+ years and no one has come up with something better.

So here is what I suggest. First, there’s an interactive shell, like perl without arguments, which starts or attaches to an existing running VM and lets you run snippets of Java code as you like. Like the JS interpreter that comes with Rhino. Second, there is a versioning system applied to jars, much like the SONAMEs in shared libraries. This would only be a hint to the VM that you could override if you wanted to, but in the default case it would specify the version of a given named jar that you would like to load. Third, there would be a place to put all your library jars, like jre/lib/ext but smarter. Next, there’s an easy way to find all of the executable classes within a jar (i.e. ones that have a main function). Finally, there’s some meta data in the manifest that lets you give user-friendly (all lowercase) names to various classes.

Once this framework is in place, the user experience would be something like: 1. put newly downloaded jar in $apps or $lib. 2. go to the java shell window and type “some-app-name”.

I guess this is a pretty unix-centric way of organizing things, but hey, unix works. The classloader would be the hardest part (witness all the problems with JBoss’ unified classloader) but, ya know, wouldn’t it be nice to not have 20 copies of log4j.jar on your hard drive and to be able to run Java apps without reading the instructions to find out what exceedingly.long.reverse.domain.TheClassUses.

After we do this, we get rid of ant.

Hope everyone had a nice Christmas. I write this from the Atlanta airport as I wait for my flight back to DC. Ahh, the airport – it’s like a rash of tiny cities connected by a carpeted park, with TV, and you have to take your shoes off to enter. I could spend hours here, which is fortunate, because my flight won’t board for another hour and a half. Somehow I secured return passage on a turboprop, which will be loud but hopefully slightly more comfortable. That’s the theory, anyway.

So my day off and weekend out of town was decent. I flew down on Christmas Eve night on a relatively uneventful flight, sandwiched between a narcolept and a steroid abuser. Our flight landed but had no gate from which to debark, so we sat on the Atlanta tarmac for about half an hour waiting for a gate. This turn of events did not please the roid rager at all, if the stamping and furious muttering was an indication.

Yesterday we had a small gathering for Christmas dinner, which in my family means fourteen. The kids were hepped up on goofballs. James promptly lost all the darts to the Spider-Man triple-action web blaster that I bought him, but he enjoyed it for the first six minutes anyway.

Last night I made my parents watch the three hour version of the excellent Wes Anderson flick, _The Royal Tennenbaums_. Three hours because the FX channel surrounded each 15 minute island of movie with a sea of commercials. And you could tell from the advertising that an occasion for partying is nearly upon us: from memory we had showings from Southern Comfort, Jack Daniels, Smirnoff, Bombay Sapphire, Jose Cuervo, Montego Bay, Captain Morgan, Bailey’s, and Crown Royal, including one commercial break with the same Cuervo commercial played twice. Remember to drink responsibly and invite me to your party.

Today was pretty boring, just packing, a trip to some local BBQ establishment for spare ribs, and bad Sunday afternoon television. And a healthy amount of time spent wandering around the airport.

People of America: please stop imitating the speech patterns of Paris Hilton and her addle-minded sidekick Nicole. Thank you.

An elderly woman asked me to recommend something from the menu of the restaurant at which I lunched this afternoon.

McDonald’s. I said the quarter pounder with cheese “is okay.” By which I meant the hard, pointy bone fragments inside the “meat” didn’t cut my gums up too badly. I hope that came across.

Ed Felten’s Tiny P2P is so cute! Not sure about his definition of “moderately skilled programmer” though.

SounDriver is playing another show at Jimmy’s tonight. Over half the band is sick and on a diet heavy in Nyquil and quaaludes, so it should be interesting.

I better take a nap now.

Sick at home today. I had just about every possible flu symptom this morning, but now I feel okay. I’m sure symptoms will reappear tonight to frustrate sleep as always. Stupid viruses!

Happy birthday to Angeline (yesterday)! We celebrated by going out to the Black Olive in Fells Point Saturday night for fish and lamb chops. They serve the best calimari ever and it’s not even deep-fried.

My guest bathroom is almost finished thanks to my parents and sister helping out last week. Here’s the picture, and you can weigh in on whether my taste in wall colors and tile worked out (yes I picked them both without input):

Speaking of magic missiles, I tried out World of Warcraft this weekend after everyone in iCE was talking about how great it is. I picked it up Friday night and discovered soon that it wouldn’t limp along on my laptop. That’s okay, I have my MythTV machine which has a decent video card and processor on it — unfortunately, no windows. I figured I would spend Saturday morning shoving an old 8 gig hard drive that has a copy of Win98 on it into the box. Then I thought about using WINE to just run it in Linux, like I did Jedi Knight 2. No dice, so I figured I’d drop $15 and check out TransGaming’s Cedega. Although I have mixed feelings about the company who made a business out of an appropriated open source project, I have to say I’m pretty impressed. Someone in the TG forums maintains a wiki for WoW and after downloading the .deb archive, a couple of DLLs, and editing a config file, I was up and running. The mouse cursor doesn’t work, but otherwise everything runs flawless to the point that I would forget I was in Linux (someone has written an X hack to reset the pointer after you start so the mouse cursor is not a problem). With a nice logitech cordless mouse that I also recently picked up, my $1200 Tivo is almost as good as a $150 X-box.

The game itself is not bad, when it’s not lagging. The designers did a nice job of loading the world geometry as needed so you barely notice when transitioning between sections. The graphics are about as good as could be expected on my class of hardware, but some of the effects — waterfalls and billboarded scenery — are on the cheap side. Also I don’t yet “get” the online portion of it; at my level it’s pretty much a single player game with a bunch of annoying people l33t speaking all the time.