Monday, January 31, 2005

Demo Perils

I am copying an excerpt from this blog by a Sun employee.

It was about a Dtrace demo which went a bit out of hand.

-----------------------------------------------------------
Last week, I had the opportunity to give a DTrace demonstration for a
highly technical -- and highly influential -- audience at a Fortune 100
company. When I demonstrate DTrace, I typically do a couple of invocations
on the command line before things become sufficiently complicated to merit
writing a DTrace script. And it was when I went to run the first such
script (a script that explored the activity of xclock) that it happened:


# dtrace -s ./xclock.d
Segmentation Fault (core dumped)
#

If you've never had it, there's no feeling quite like having a demo blow
up on you: it's as if you peed your pants, failed an exam and were punched
in the gut -- all at the same horrifying instant. It's a feeling that
every software developer should have exactly once in their lives: that
unique rush of shock, and then humiliation and then despair, followed by
the adrenal surge of a fight-or-flight reaction. In the time it takes a
single process to dump core, you go from an (over)confident technologist
to a frightened woodland creature, transfixed by the light of an oncoming
freight train. For the woodland creature, at least it all ends mercifully
quickly; the creature is spared the suffering of trying to explain away
its foolishness. The hapless technologist, on the other hand, is left with
several options:

1. Pretend that you didn't write the software: "Boy, will you get a load
of those fancy-pants software engineers? Overpriced underworked morons,
every last one!"

2. Explain that this is demo software and isn't expected to work: "Well,
that's why we haven't shipped it yet! I mean, what fool would run this
stuff anyway? Other than me, that is."

3. Make light of it: "Hey, knock knock! Who's there? Not my software,
that's for sure! Wocka wocka wocka!"

4. Suck it up: "That's a serious problem. If you can excuse me for a
second, let me get a handle on what we've got here that we can demo."

I always aim for this last option, but on the rare occasion that this has
happened to me (and this is -- honest -- probably the worst that a
customer-facing demo has gone for me) I usually end up with some
combination of the last three, often with plenty of stuttering, some mild
swearing ("Damn! Damn!") and profuse sweating.

-------------------------------------------------------------

You guys ever given demos? Ever goofed up??

Rahul


Re: Nerd Level

80 -> "High-Level Nerd. You are definitely MIT material, apply now!!!."

I'm actually quite surprised I scored this high. I consider myself just "slightly nerdy". I would think that being a "Windows man" would count big against being nerdy.

Btw I am proud to be a nerd.. are you?

I'm neither proud nor ashamed. But I don't think I'd advertise it.

Nerd Level

Found this link somewhere

http://www.wxplotter.com/ft_nq.php?im

Fill in the form to gauge your nerd level...

Btw I am proud to be a nerd.. are you?

I got a "High-Level Nerd. You are definitely MIT material, apply now!!!" though it seemed a bit high considering it is easy to guess the -less nerdy- answers and there were quite a few. So don't cheat incase you are tying it!!

Sunday, January 30, 2005

Re: Solaris vs Linux

The only reason I want to try out Solaris 10 is dtrace. I have already worked on UltraSPARC machines running solaris, and I believe the x86 version should be no different.

What experience have you had with Solaris? Any different from Linux? Ever worked on some BSD version. Hrishi had mentioned that you guys had some really old Sparc boxes at IIT.

Dtrace has been the most widely publiscised of the S10 features. Loads of devs must have downloaded it. And a Linux port have surely been started!!

Btw some other features are a new file system ZFS and some predictive healing capability which should be really interesting.

What is your level of expertise in Linux? From Kernel dev to Novice User(thats me). So expect loads of questions!!

The install is intuitive; it co-exists with Linux (so I hear) -- you need 12GB of free space. Except maybe the grub part. In any case, a simple installation guide is very much there on their site. If you need it, I can mail you a copy of the pdf, or I could put it on Hrishi's site.

I got the pdf from Hrishi's site. Thnx. The instructions seemed a bit too simple. And that was scary.

I'm not sure if I'll be able to dload S10 and should take quite some time. Any of you guys installed it? Especially asking as I need to use grub.

Saturday, January 29, 2005

Re: Solaris vs Linux

The only reason I want to try out Solaris 10 is dtrace. I have already worked on UltraSPARC machines running solaris, and I believe the x86 version should be no different. (Like Linux, most of the Solaris operating system has been designed to be portable; luckily for the engineers at Sun, only very necessary sections are architecture-specific.)

The install is intuitive; it co-exists with Linux (so I hear) -- you need 12GB of free space. Except maybe the grub part. In any case, a simple installation guide is very much there on their site, but it won't deal with the coexistence I guess. If you need it, I can mail you a copy of the pdf, or I could put it on Hrishi's site.

Regarding the Solaris/Linux comparison pdf, I personally think it is an excellent discussion. However, I have one thing to say -- security is more in the hands of the system administrator, and less in those of the OS developer. And Solaris is extremely difficult to manage well! So, despite the fact that Solaris offers more security than Linux, I would currently recommend Linux to most lesser-than-FBI applications. A much more relevant white paper would have some sort of a metrics to compare ease of administration.

Anyway, fingers crossed till Linux gets its own dtrace :-)

Re: Solaris vs Linux

A while back Rahul and Hrishi had a discussion/argument about Solaris and Linux. Looks like some guys took their lead and released a whitepaper (pdf) comparing the two.

What were you debating about anyway?


The PDF did make some good points. All factors other than hardware support were clearly for Solaris. But somehow the conclusion did not suggest Solaris as it should have. That was a bit wierd. On the link providied by Mohn, right-click and Save Target As.. The PDF downloads from www.sun.com . So maybe this PDF is not totally unbiased!! So that makes the document loose a bit of credibility.

Btw the search for codeword doesn't seem to work. Any ideas?? Will have to look back to see what questions I had asked then.

Do any of you know any major advantages of Solaris over Linux or vice-versa?

I will definitely like to install solaris on my desktop, but have not gotten installation steps. Hrishi, have any docs from IIT? Would any of you try?

Gentoo is the Linux distribution I prefer. This is their recent newsletter. One of the top items is Gentoo/OpenSolaris stuff. So it seems like some open source guys are noticing OpenSolaris after all!! The news letter also has a pic of Gentoo running on the latest mini-Mac.

Coding competition??

There is "AN ALGORITHM INTENSIVE TIME CONSTRAINED ONLINE PROGRAMMING CONTEST" at IIT Kharagpur.

Visit http://www.bitwise.iitkgp.ernet.in/index.php for more info.

Dinesh and I have teamed up and registered for the competition.

Coding is in C/C++ so that should please Hrishi too. Talking about Time Constrained its 12 hrs long!!

Lets see how we perform!!

PS- Do you thing they not consider Java for perf reasons?? AARGH!!

Friday, January 28, 2005

Linus hired by Microsoft

Don't have a heartattack. Hypothetical memo sent by Microsoft-hired-Linus to Bill Gates in 2008.

Solaris vs Linux

A while back Rahul and Hrishi had a discussion/argument about Solaris and Linux. Looks like some guys took their lead and released a whitepaper (pdf) comparing the two.

What were you debating about anyway?

Wednesday, January 26, 2005

C# vs C++

Via Eric Gunnerson - one of the designers of C#. It's obviously biased, but he makes some points for C++ as well.

---
At the class a took a while back, the instructor asked me to talk a little bit about the benefits of C++ vs the benefits of C#, since I had worked in C++, then in C#, and now in C++ again.

I talked for about 5 minutes on why C# was better, in the following themes. Note that I'm speaking about the whole programming environment, not just the language.

Automatic memory management

There are several facets of this. When I read or write C++ code, I keep part of my attention on the algorithmic aspects of the code, and another part on the memory aspects of the code. In C#, I usually don't have to worry about the memory aspects. Further, in C++ I need to figure out who owns objects and who cleans them up, and also figure out how to clean up in the presence of error checking.

Exceptions

Without a lot of dedication, using return codes is a bug farm waiting to happen. In the C++ world, some functions return HRESULT, some return a bool, some return another set of status code, and some return a number and use an out-of-range value as an error indicator. Oh, and some are void. You not only have to write the correct code there, you have to successfully convert back and forth between the various kinds of error handling.

You also lose the opportunity to write more functional code. I end up writing something like:

CString name;
RTN_ERROR_IF_FAILED(employee.FetchName(name));

instead of writing:

string name = employee.FetchName();

And, of course, exceptions are fail-safe in that you get error reporting without doing anything, rather than having to do everything right to get error reporting.

Coherent libraries

The C++ code I'm writing uses at least 6 different libraries, all of which were written by different groups and have different philosophies in how you use them, how they're organized, how you handle errors, etc. Some are C libraries, some are C++ libraries that are pretty simple, some are C++ libraries that make heavy use of templates and/or other C++ features. They have various levels of docs, all the way from MSDN docs through "read the source" docs to "a single somewhat-outdated word doc".

I've said in the past that the biggest improvement in productivity with .NET comes from the coherent library structure. Sure, it doesn't cover everything in Win32, but for the stuff it does cover, it's often much much easier to use than the C++ alternative.

Compilation Model

C++ inherited the C compilation model, which was designed in a day when machine constraints were a whole lot tighter, and in those days, it made sense.

For today, however, separate compilation of files, separate header and source files, and linking slow things down quite a bit. The project that I'm working on now takes somewhere on the order of a minute to do a full build and link (that's to build both the output and my unit tests, which requires a redundant link). An analogous amount of C# code would take less than 5 seconds. Now, I can do an incremental make, but the dependency tracking on the build system I use isn't perfect, and this will sometimes get you into a bad state.

Tools

Reflection is a great feature, and enables doing a ton of things that are pretty hard to do in the C++ world. I've been using Source Insight recently, and while it's a pretty good IDE, it isn't able to fully parse templates, which means you don't get full autocompletion in that case.

Code == Component

In C#, you get a component automatically. In C++, you may have extra work to do - either with .IDL files or with setting up exports.

Language Complexity

C++ templates are really powerful. They can also be really, really obtuse, and I've seen a lot of those obtuse usages over the years. Additionally, things like full operator overloading are great if you want a smart pointer, but are often abused.

And don't get me started on #define.

The alternate view

So, if what I say above is true, the conclusion looks pretty clear - use C#. Not really much surprise considering who came up with the list.

But there are things that C++ has going for it, and it really depends on the kind of code you're writing which language is a better choice. In broad strokes (and in my opinion, of course), if you're doing user applications (either rich client or web), choosing C# is a no-brainer. When you start getting towards lower-level things like services or apps with lots of interop, the decision is less clear.

So, what do I think you get in C++? A few things spring to mind.

Absolute control over your memory

I think you actually need this level of control much less than you may think you need it, but there are times when you do need it.

Quick boot time

Spinning up the CLR takes extra time, and it's likely to alway take extra time (unless it's already spun up in some other manner). You don't pay this penalty in the C++ world.

Smaller memory footprint

Since you aren't paying for the CLR infrastructure, you don't pay for memory footprint.

Fewer install dependencies

You can just install and go, and your users don't have to install the proper version of the CLR.


So, that's pretty much what I said in the class. What did I miss?
---

What dyou think? In a lot of cases, C# could just as easily be Java.

Monday, January 24, 2005

Revenge of the <T>

Jarwars - Episode III

via this Bruce Eckel post. Check out the comments for potential causes of Auto-Boxing leading to Null Pointer Exception.

Saturday, January 15, 2005

Re: Did Microsoft lose the API war ?

See this screenshot of Google Desktop in action. Notice the address bar. Thats what tells me a local web server is started on port 4664. Also since results are shown in a web browser, html has to be puked from somewhere. Any of you guys have other info/ideas?

You're right. I googled "Google Desktop search" and the first few articles mention that it does indeed have a local web server. Dyou think a web server is needed just because they are trying to present the results in the Google Web Search like interface i.e within the browser, using html? As in, since everything is being done locally on your machine, it would seem like they don't HAVE to take that approach.

Mohn mentioned a whole plethora of protocols enabled in IE. How many are supported my major browsers, and how many are standards. Coz co's will not use IE only functionality within their sites/web-apps (hopefully not in the next gen apps).

All these (DHTML, CSS, (X)DOM, XML, XSL) are W3C standards. As far as I know, IE was the first to support XML, XSL and (X)DOM within the browser. Also Netscape 4's DHTML, CSS and DOM support was pathetic compared to IE4. Only with Mozilla and now Firefox, have they caught up and surpassed support for these standards.

Of the others I mentioned (Iframes, DHTML behaviors, XML data islands and XMLHttpRequest), I only know for sure that Iframes has become a standard. The others I haven't checked, but XML data islands and XMLHttpRequest functionality is there in Firefox (and soon to be in Opera, I believe).

A thing that needs to be said is that the W3C puts out standards and expects the browsers to support them. But the browsers themselves come out with innovative features. Slowly, the other browser will see that it is a great feature and support it. Eventually it becomes a standard. This was the case with Iframes. IE3 (maybe 4) came up with it, the others added it and eventually it became a standard. DHTML behaviors is an amazing concept. It enables you to create componentized scripts and apply them to elements on a page similar to a CSS class. IE5 introduced it. Unfortunately, it hasn't been standardized and I don't think Opera/Firefox support it.

Anyway, the point was that, IE4 completely overshadowed Netscape4. Then Netscape was open sourced. During that time MS came out with IE5 and 5.5 with even newer/better features for "rich" functionality. Yeah, they weren't standards, but they were useful. So a lot of people started developing higher end features for IE and more basic features to handle Netscape.

Do any of you know how Gmail works internally? We had this prof who told us a bit. Like server farms are maintained. And each email is saved in three locations on diff servers. Mohn - You think Gmail uses DHtml? Tried to analyse the source? Any info on the working of Google actually?

They have a LOT of data redundancy to counter failure. Not only for gmail but also for their search. I mean they index ~8 billion pages. For that they need a LOT of servers (I read somewhere it might be something like 100K+ servers). Check out The magic that makes Google tick. He's talking about search specifically, but I would think that everything he says would apply to gmail as well.

Regarding the client. Yup, it's a lot of dhtml. Have you viewed the source? They've gone out of their way to hide it. Anyway, check out "About the Gmail engine and protocol" on this page at the very bottom. It explains some basic stuff.

Any idea on the gaming front? MS is releasing a new XNA platform or something that unifies dev.

Haven't heard about XNA. On the gaming front, MS is losing money on every XBOX they sell. They sell the hardware at a loss. They make money through games. So the more developers you get to publish on your console the better. That's why PS2 is the leader. Sony gets everyone to make games for them. MS, for a new guy, has done a decent job. Nintendo seems to be losing out the most.

Dinesh has an iPod Mini. You can dump mp3 songs (read illegally dloaded) onto it. I am not sure if they are converted to AAC on the way. Don't think so coz the transfer was really really fast. As fast as it seems possible in Usb 2.0. Never tried retrieving the mp3's back again. Maybe iTunes songs are in AAC format.

Yeah, I checked their site. They support MP3 in addition to AAC. But iTunes only sells in AAC format. The point is that they still prefer their own format and a lot of people aren't happy about it. And I still think iPod is way overpriced. $400 for 40 gig hddrive, small cpu, sound chip and some control features? It will be hard for others to topple them, but the price will definitely come down.

Apple released some cool products recently. The mini Mac and iPod shuffle. Sure would want to own some apple product some day.

Around this time every year at MacWorld they come out with all the cool products. But after the hype, nothing much changes in the big(ger) picture. As in, they still cater to a niche community. Don't get me wrong, their products look fantastic, but they are generally very expensive and don't seem to "play well" with others.

I think as discussed earlier, by forward compatibilty they mean that no new bytecodes were added to the language. The syntax has changed, but it is optional in Java 5.0 and is just a wrapper for doing the old things in a new way. The core language remains same. Had they added Generics without erasure, there would have been a break in compatibility. There is no way in which I can run 5.0 code on a <5.0 VM as the lib's will simply not be present.

So, all old java code will work on the newer 1.5 jvm. New java code, developed with generics and newer types won't work on pre 1.5 jvms. This is exactly the case with .NET. I don't see any reason why you can't add NEW bytecodes. Don't change any existing bytecodes. How would there be a break in compatibility?

Which features of ASP.NET? Lots of dev stuff is going on with Jsp and related web tech in Java. Some advanced UI rendering libs are being built like Jsf though I am not sure thats a good defn. But by itself the Web Platform is very mature with loads of really advanced features. If I am right ASP was a joke comparatively.

Basically, you can do everything in ASP that you can with ASP.NET, but it was a mess to code, debugging was a nightmare and it was based on COM which was torture. ASP.NET has made the development experience much better. I don't know anything about the web tech in Java, but from what I've read, it seems similar to ASP i.e. complicated. Can Rahul provide some details about what's required to develop a dynamic site using Java tech? Is JSP enough or dyou need other thing like JSF, Struts, Servlets, EJBs etc...?

Also could Mohn provide some info on Web Services later some day? Are Java and .NET webservices compatible today? Longhorn wants to focuss majorly on Web Services. That should be slightly worse than the Web strategy.

Web Services is a standard that comprisis of UDDI (Directory), WSDL (spec) and SOAP (protocol). Any platform that supports web services will definitely be compatible because they will agree on these three things. That's the whole point. If you expose a web service using Java, I will be able to invoke it using .NET and vice versa. I posted a link to an article (Objects, Components and Web Services) recently. The objects and components will be platform dependent. The web services are environment neutral.

One of the "pillars" they have mentioned for Longhorn is "Indigo" which is the communications area. This seems to focus on web services and making it easy to use them. Dunno much details about it though.

Friday, January 14, 2005

Objects, Components and Web Services

Fuzzy Boundaries: Objects, Components and Web Services

Images could have been bigger, but a well written article nonetheless.

Re: Did Microsoft lose the API war ?


Any of you used Google's Desktop search.

I haven't downloaded it (yet) because first, I don't have so much stuff that I can't find it using Explorer and second, I read some bad reviews about it - mostly having to do with making your system slow to a crawl.


My system hasn't begun crawling till now. Creation of the first index does take some time. In any case give it a shot. You will definitely find more stuff than you ever wanted. And its fun to try some 'delicate' keywords. (single quotes as I have been writing SQL queries of late!!). You can always uninstall the app later.


Are you sure Google is starting a local web server? Why would they need
to?


See this screenshot of Google Desktop in action. Notice the address bar. Thats what
tells me a local web server is started on port 4664. Also since results are shown in a web browser, html has to be puked from somewhere. Any of you guys have other info/ideas?

Talking about web servers check this


Microsoft threw everything they could at IE. And I'm not talking about UI or security etc..., I'm talking about support for DHTML, CSS, (X)DOM, XML, XSL within the browser. Plus they introduced Iframes, DHTML behaviors, XML data islands and XMLHttpRequest in IE 5.


Mohn mentioned a whole plethora of protocols enabled in IE. How many are supported my major browsers, and how many are standards. Coz co's will not use IE only functionality within their sites/web-apps (hopefully not in the next gen apps).

Do any of you know how Gmail works internally? We had this prof who told us a bit. Like server farms are maintained. And each email is saved in three locations on diff servers. Mohn - You think Gmail uses DHtml? Tried to analyse the source? Any info on the working of Google actually?


I dunno what the current numbers are but a couple years back, Windows and Office made something like 60-70% of their revenue. The other businesses weren't doing very well.


Any idea on the gaming front? MS is releasing a new XNA platform or something that unifies dev. Dinesh could probably provide loads of info on this. And other game dev stuff.


Plus, I think Apple is making a huge mistake (same that they made with their computer business), in only being compatible with their AAC format. You have to convert everything to AAC. Why would you want to when others can play them?


Dinesh has an iPod Mini. You can dump mp3 songs (read illegally dloaded) onto it. I am not sure if they are converted to AAC on the way. Don't think so coz the transfer was really really fast. As fast as it seems possible in Usb 2.0. Never tried retrieving the mp3's back again. Maybe iTunes songs are in AAC format.

Apple released some cool products recently. The mini Mac and iPod shuffle. Sure would want to own some apple product some day.(read apple.com product not juice)


I would actually say that MS is not that big with kids


Actually just overall exposure to the OS by using it is a good starter. Many co's/products just do not get noticed by the public eyes.


What I was confused about was backward compatibility vs forward compatibility. With generics I think Java is trying to accomplish this.


I think as discussed earlier, by forward compatibilty they mean that no new bytecodes were added to the language. The syntax has changed, but it is optional in Java 5.0 and is just a wrapper for doing the old things in a new way. The core language remains same. Had they added Generics without erasure, there would have been a break in compatibility. There is no way in which I can run 5.0 code on a <5.0 VM as the lib's will simply not be present.


Java 5.0 has made up a lot of ground


One problem is how long will co's take to adopt the newer version. One article mentioned that co's wait around 2 years. (I'll provide a link when net is ON).


The one place maybe that they are lacking is ASP.NET like functionality. It seems they haven't come out with anything to counter that. Any work going on towards that?


Which features of ASP.NET? Lots of dev stuff is going on with Jsp and related web tech in Java. Some advanced UI rendering libs are being built like Jsf though I am not sure thats a good defn. But by itself the Web Platform is very mature with loads of really advanced features. If I am right ASP was a joke comparatively.


In another defense of MS, it has to be said that they bend over backwards
to make Windows backwards compatible.


Some really good info provided which cleared a lot of MS stuff (almost). What was the author (Joel Spolsky) talking about? Was it a small set of real internal, unsupported features that just manage to break applications??

Also could Mohn provide some info on Web Services later some day? Are Java and .NET webservices compatible today? Longhorn wants to focuss majorly on Web Services. That should be slightly worse than the Web strategy.

Hey I am still blurting!!

Thursday, January 13, 2005

Re: Hacking Websites

Holy shite. I think I just hacked Blogger Dashboard. I'm getting the "You suck" message on the control panel. lol

Hacking Websites

I attended a talk recently at ADNUG (Austin .NET Users Group) which was supposed to be about Garbage Collection. Unfortunately, the dude who was supposed to give the talk couldn't make it in time so they had another guy present in his place. He didn't care much for Garbage Collection and instead gave a talk on hacking websites.

He talked about three basic ways people hack web sites...

1) Manipulating hidden form input elements
This one seems so simple. The web is a stateless protocol so everytime you need access to some data, you have to hit the server and retrieve data from a database. To avoid this, one trick many people use is to put this information in a hidden form input element. These elements are not shown in the browser but you have programatic access to them through client side scripting. So for example, a shopping cart has a final price value. This data can be stored in an hidden input element. If you change the quantity of an item, instead of hitting the server, changing the price and returning a new page with a updated price, you can just update the price client side.

Consider this simple example. When you change the quantity, the price is calculated on the client side, instead of hitting the server.

< script>
function updatePrice()
{
    var quantity = document.frmCart.txtQuantity.value;
    var price = document.frmCart.hdnPrice.value;

    var updatedPrice = quantity * price;

    document.frmCart.hdnPrice.value = updatedPrice;

    spnPrice.innerText = "$" + updatedPrice;
}
< /script>

< form name="frmCart" action="checkout.asp">

    < input type="hidden" name="hdnPrice" value="30">
    < input type="text" name="txtQuantity" value="1" onChange="updatePrice();">

    < span id="spnPrice">$30< /span>

< /form>

So a hacker can just save this page, manually change "hdnPrice" to any value he wants and then submit the page to checkout.asp. This is such an easy way to cheat. I mean who would ever use something like this on their site? Believe it or not, the presenter said that it's quite common. He said some dude was able to get airline tickets for 50 cents using this technique from a major airline company.

So, the solution he gave, was that you should put security first and forget performance. Take that hit on the server. Or if you must use client side scripting use it for more trivial things and not for financial stuff.

2) SQL injection
This is a bit more sophisticated in that you need to know SQL quite well. I don't, so I'll just give the simplest example. Maybe after Rahul and Dinesh finish their data module, they can invent new advanced attacks ;-)

Many sites have forms where they ask the user to enter some data and then use that data to make a query into a database. A very common example of this is the Login form. I'm sure everyone who uses the web has seen this one. You have two input boxes to enter your username and password. Generally, the page on the server will take these two pieces of data and form an SQL statement like so...

Dim strUserName = Request.QueryString( "txUserName" )
Dim strPassword = Request.QueryString( "txtPassword" )

"SELECT COUNT(*) FROM users WHERE username='" + strUserName + "' AND password='" + strPassword + "'"

This is a basic statement that counts the number of rows in the table (users) that have username=strUserName and password=strPassword. Here we are not validating the username and password the user enters. So if he knows SQL, he could enter ' or 1=1-- for username and leave the password blank.

This will result in the above SQL statement becoming

SELECT COUNT(*) FROM users WHERE username='' or 1=1-- AND password=''

This will always return true since 1 is always equal to 1. Everything after -- is a comment. So you can gain access to a site without entering a valid username and password.

The speaker gave more advanced examples where he was able to figure out the structure of the table (ie. what columns it contains) and using that information was able to access data contained in those columns. The SQL was advanced so I couldn't follow it, but it was this same technique.

Solution: Be paranoid and ALWAYS validate data coming from the client. And as far as possible use Stored Procedures. Besides getting a performance boost (since they are compiled vs SQL statements that are interpreted), they use typed parameters.

3) Cross site scripting.

This one is where you get your scripts to run on someone else's site. A lot of times sites will have forms for users to enter data and then they just display that data on the page. For example, consider a message board. In a very simple one, there is one page with message posts and at the bottom there is a form to fill out your username, subject and message. When you submit, the page probably enters this info in a database and then just spits out what you just entered along with the other messages. Now what if you include some html or script in your message? For example, if you entered < script> alert( "You suck" ); < /script>. When the page is displayed you will get a message box with your very welcoming message in it. Every visitor to the web page will get that message.

That was a simple dumb example. Here is another simple one. Browsers are pretty linient when it comes to html being well formed. As in, they won't choke if you pass in an opening tag and leave off the end tag. So if you had written < div> and not closed it in the message above, the page would show everything up to the < div> tag. The rest of the page would be blank. Or you could enter an < img> tag and link to some porn image. This will be posted on their site.

But you can see how it could potentially be more damaging. You can gain access to cookies through client side scripts (document.cookies) and you can change the location of the browser (document.location.href="www.mysite.com"). So you can combine these to retrive cookie information and pass it on to your site. This gets more sophisticated, but it's all possible.

The solution for this is to never ever blindly send back whatever the user has entered. ALWAYS encode the data before sending it down to the client. So instead of sending down < script> alert( "You suck" ); < /script>, you should encode it to &lt;script&gt; alert( "You suck" ); &lt;/script&gt; and then send it down. Many server side platforms offer utilities that do it for you. The encoded text will DISPLAY the script on the page, but won't execute it.

Anyway, hope this gave you some ideas of how sites are hacked. Now go forth and practice. And make sure to use someone else's computer.

You guys heard of any other techniques?

Re: Did Microsoft lose the API war ?

Any of you used Google's Desktop search. Amazing desktop app which starts a web server locally. I really wonder how they made the app !! Will more
apps be developed in this way?


I haven't downloaded it (yet) because first, I don't have so much stuff that I can't find it using Explorer and second, I read some bad reviews about it - mostly having to do with making your system slow to a crawl. My dad has it on his PC and he's said its been quite sluggish of late. I can't confirm if Google Desktop search is the culprit, but the timing seems more than just coincidental.

Anyway, desktop search became the hot new thing end of last year. Every big major "search" company and his brother released beta software for searching your hard drive. Most look to do the same thing. I guess they all create some sort of continual index of your drive. That's why they must hog system resources. Google presents its results in the browser using the same UI as it's website. I think Microsoft's solution is a Windows app (big suprise right?). Are you sure Google is starting a local web server? Why would they need to?

Also we discussed a bit on Rich Internet Applications before. It is easy to develop those such apps in a manner independent of the OS.. read flash. So that was one very valid point of the future apps being more internet oriented. That should hurt MS a lot.

I somehow just can't see Flash ever being taken seriously as a development platform. It's fine for animation, cartoons, cards, movies etc... but for actual applications, I'm skeptical. I have read about and seen demos/prototypes of potential applications that could be developed with Flash MX+, but no real apps. To me it feels quite unnatural inside of a browser. So I don't see Flash specifically as a huge threat to Microsoft. We have discussed this before and I know you disagree.

What the author mentioned, and I agree with, is that the Web as a platform is a threat. A few years ago, people didn't take HTML, CSS, Javascript, DHTML etc... seriously. It could not compete with the "richness" of Windows apps. And it is true today, but as he says, people have become tolerant of it. The web is not just a place to publish documents anymore... its become a development platform.

It's ironic that it turned that way because during 96-98 period, when Netscape was still leading, Microsoft threw everything they could at IE. It was a really great browser back then (much much better than Netscape). And I'm not talking about UI or security etc..., I'm talking about support for DHTML, CSS, (X)DOM, XML, XSL within the browser. Plus they introduced Iframes, DHTML behaviors, XML data islands and XMLHttpRequest in IE 5. It's just that since these wasn't standards back then, no one ever bothered to use them. Now, afer 5-6 years, when the major browsers support them, things like GMail are coming out which look quite revolutionary. Now suddenly you can replicate some "rich" functionality within the browser and you don't NEED a Windows app.

The author mentioned about Windows and Office being the main money-earners for MS. I had heard that before. But there other apps must be profitable too!! Any of you have an idea on the other hot-selling MS apps?

I dunno what the current numbers are but a couple years back, Windows and Office made something like 60-70% of their revenue. The other businesses weren't doing very well. In recent years, they've had some success with their Servers (SQL, Sharepoint, Biztalk etc...), development tools and MSN, but it seems like a drop in the bucket compared to the big two.

Its funny how the author mentioned Apple and Sun. Apple has just had a great year selling iPods and hope to translate that to better sales of
other products.


Yup, iPod is the best thing that could happen to Apple. It's the "cool" thing everyone wants. I think it's completely overpriced. You can get similar products from Creative and others at half the price. Plus, I think Apple is making a huge mistake (same that they made with their computer business), in only being compatible with their AAC format. So far it hasn't hurt them, but imagine if you want your existing music (which mostly likely has been illegally downloaded and is in MP3 format) to play on an iPod? You have to convert everything to AAC. Why would you want to when others can play them? Right now it's all about the coolness factor.

MS obviously is out there promoting the WMA format. It's not a standard but they are big and bad enough to get everyone else to support them (Check out playsforsure - Isn't it the dumbest name ever?). Sound familiar? Almost an exact repeat of what they did to Apple with Windows. So lets see what happens this time.

BEA is a Java company which make application servers and lots of very high end server stuff. They are the largest competitiors of IBM on a lot of Java apps. The reason given was simple. Kids don't get to play with BEA software. Seriously!! Devs were not exposed to BEA tools till in the co. and so were a little averse to learning new stuff. Why MS has has such a large developer community was that a lot of kid used MS. So that is an advantage for Java and Linux today. Java is being taught in a lot of courses and Linux has taken a lot of devs' mind share and "heart share".

Great point. I would actually say that MS is not that big with kids. Their languages aren't taught in (good) CS curriculums - Java is. Java is seen more of a standard and a good "academic" language/platform. If MS gets any exposure it's through C++. They are a big player with VC++. You won't see .NET anywhere. But they are doing something about it. The only reason I have Visual Studio .NET is because I got it for 30 bucks at my University computer store. They have some deal with Microsoft for students. The .NET framework and C# compiler are free.

As I must have mentioned a zillion times before, parts of the Java API which are changed to newer versions are not removed. Just marked as deprecated, but can still be used. Mohn had mentioned about a break wrt .NET 1.0 and 1.1. I was of the opinion that the .NET style of newer releases was better but the blog changed my views on the topic (but not completely).

From what I understand, the .NET method is the same. Nothing is removed. It is just marked deprecated. Everything you write with v1 will work with v2 of the framework - like Java. What I was confused about was backward compatibility vs forward compatibility. Backward is where older code works on newer framework. Forward is where newer code works on older framework. Forward is hard to accomplish 100% because if you add new things in v2, it will obviously NOT work on v1. With generics I think Java is trying to accomplish this (Can Rahul confirm this?). .NET generics is adding new types which WON'T work on v1.

I hope I haven't confused matters further - Check this page out on .NET backward/forward compatibility. They explain it nicely - about what a breaking change means and also about configuration files.

The Java camp was stagnating before .NET came into the
scene. Java 5.0 was released very fast to fix the imbalance, but still has
a long way to go.


Java 5.0 has made up a lot of ground. I don't see it as being a huge feature gap anymore. The one place maybe that they are lacking is ASP.NET like functionality. It seems they haven't come out with anything to counter that. Any work going on towards that? At the same time you can say that Java is leading with newer things like AOP etc... Maybe not as a standard from JCP, but it's there. I haven't read anything about it from the .NET side.

In defence of MS, how long is it possible to stretch an API without a fresh start? They must have had some minimum years to support. MS needed a
new API, to deliver the next generation OS. But some degree of backward
compatibility is a must. Mohn - could you clarify the degree to which the
backward compatibility will/will not be supported?


In another defense of MS, it has to be said that they bend over backwards to make Windows backwards compatible. Even with Longhorn, all your .NET, Win32, VC++, VB and even older apps will work fine. In a demo they showed VisiCalc running on an early build.

And another thing is that the "MSDN camp" are not Windows developers. Guys in the "Raymond Chen camp" are developing Windows and they will do everything to remain backwards compatible. The "MSDN camp" are writing about all the greatest bleeding edge things that sit on top on Windows. There are no API's invoved there.

And you raise another interesting point - How long can MS just keep on developing Win32? It's not like they didn't have anything better to do, so they decided to develop .NET and now Longhorn (XAML etc...). They were getting killed by Java. It was much superior to anything they had. .NET was a necessity for them to be able to compete and stop developers from jumping onto the Java bandwagon.

And yet anothing thing to mention about backwards compatibility. They have something called "Interop" in .NET where you can call all the Win32 API's without doing anything special (as in Java where you need special wrappers?). So when you are writing .NET apps, the entire Win32 library is available if necessary. Plus you can interact with your VB and VC++ apps through COM wrappers if needed.

They might lose the API war, but you can't say it was because they weren't backwards compatible.

In conclusion .NET defeated Java (as of today), but MS MAY have lost to MS.

I would say, .NET is good competition for Java, but MS will loose to the Web platform.

MS has a dilema. They want developers to use their platform (IE, ASP.NET) to develop for the web, but at the same time they want to protect Windows. So what it comes down to at the end is that MS is trying for the best of both worlds. They want the convenient development methods of the web but want developers to write Windows apps. These are contradictory strategies and I think this is what will hurt them in the end.

So I blurted a lot more!

Wednesday, January 12, 2005

Did Microsoft lose the API war ?

I'll just discuss a few things in the blog "How Microsoft Lost the API
War" by Joel Spolsky at http://www.joelonsoftware.com.



Here's a theory you hear a lot these days: "Microsoft is finished. As soon
as Linux makes some inroads on the desktop and web applications replace
desktop applications, the mighty empire will topple."

However, there is a less understood phenomenon which is going largely
unnoticed: Microsoft's crown strategic jewel, the Windows API, is lost.



Any of you used Google's Desktop search. Amazing desktop app which starts
a web server locally. I really wonder how they made the app !! Will more
apps be developed in this way? Also we discussed a bit on Rich Internet
Applications before. It is easy to develop those such apps in a manner
independent of the OS.. read flash. So that was one very valid point of
the future apps being more internet oriented. That should hurt MS a lot.


The author mentioned about Windows and Office being the main money-earners
for MS. I had heard that before. But there other apps must be profitable
too!! Any of you have an idea on the other hot-selling MS apps?


Its funny how the author mentioned Apple and Sun. Apple has just had a
great year selling iPods and hope to translate that to better sales of
other products. Sun on the other hand is going to go ahead with (what i
suppose is) the biggest risk ever!! So the entire arena is really hotting
up. I don't remember where I read about why BEA will not being able to
really sell a lot. BEA is a Java company which make application servers
and lots of very high end server stuff. They are the largest competitiors
of IBM on a lot of Java apps. The reason given was simple. Kids don't get to
play with BEA software. Seriously!! Devs were not exposed to BEA tools
till in the co. and so were a little averse to learning new stuff. Why MS
has has such a large developer community was that a lot of kid used MS.
And so obviously used that as a platform OS to develop on. With IBM the
argument is different because they are also a huge services company. Some
other arguments were also made. So that is an advantage for Java and
Linux today. Java is being taught in a lot of courses and Linux has taken
a lot of devs' mind share and "heart share".


The Raymond Chen Camp and The MSDN Magazine Camp section was amazing. Some
very valid arguments were made wrt the break in the Win API. There are a
few points in this regard.


Like all other blogs, I'll converge to Java vs .NET. As I must have
mentioned a zillion times before, parts of the Java API which are changed
to newer versions are not removed. Just marked as deprecated, but can
still be used. That a lot of devs feel is not very good. It does ensure
backward compatibilty but isn't that beautiful.


Mohn had mentioned about a break wrt .NET 1.0 and 1.1. I was of the
opinion that the .NET style of newer releases was better but the blog
changed my views on the topic (but not completely).


MS may have lost the API war wrt to Win32 but they have really taken the
fight to Java. The Java camp was stagnating before .NET came into the
scene. Java 5.0 was released very fast to fix the imbalance, but still has
a long way to go.


At this moment I think .NET is leading compared to Java. I have actually
advised guys to try out .NET rather than Java if they are not interseted
in the politics. Features like STL.NET which Mohn mentioned about should
really attract C++ devs. Dinesh is a good test case for this. Dinesh -
Will you prefer to use .NET or Java? Dinesh has been coding a lot in Java
for different reasons but it will be intersting to know what he would
personally prefer. I have heard about .NET code being written for custom
apps. How much is being used for apps for the general market I do not
know.


In defence of MS, how long is it possible to stretch an API without a
fresh start? They must have had some minimum years to support. MS needed a
new API, to deliver the next generation OS. But some degree of backward
compatibility is a must. Mohn - could you clarify the degree to which the
backward compatibility will/will not be supported?


So is the Linux API (if it exists) a valid alternative? Firstly they do
not have a large user base now and should take quite some time for a
feasible user bas to be set up. The sub components in Linux distro's are
changed too often. With rapid development cycle's I do not think backward
compatibility is given high priority. Hrishi - could you clarify/comment
on this? Wrt open-source Java, guys like me say that compatibility,
platform independence may be broken. Open source guys say that the newer
broken Java if good, will cause automatic adoption, something that I do
not totally agree. So overall I do not think that Linux is viable for
desktop apps??


So the future seems the Web. And don't host your application on your own.
Give it to Sun.


In conclusion .NET defeated Java (as of today), but MS MAY have lost to
MS.


So blurted a lot. What d'you all think?



Sunday, January 09, 2005

Re: Advice for Computer Science College Students


I've heard about Jython and the .NET version (IronPython), but never looked at either one. Does Jython just produce Java bytecodes and thats it or can you also use the Java API? And what dyou think of these ports? Dyou think they are useful?


Jython creates Java class files and also allows usage of the entire Java API. See a simple example here.

One line from the example -
from java import awt //this allows usage of java.awt.*

Actually I am not sure we can call Jython a port of Java or vice-versa. Jython seems more like a simpler front-end for Java. As compilation is necessary, that advantage of the scripting lang is removed.

I do not think Jython is that useful. Newer Java IDE's can make life very simple. Especially VB style drag and drop GUI building. Python by itself seems to have some advantages.

Actually there is another scripting language based on Java called Groovy. I have heard quite a bit if groovy recently. But been to lazy to actually read anything on the topic. Groovy is also currently undergoing standardization through the Java Community Process.


What is Tcl/Tk? How is the Python GUI library using it?


I had mentioned Tcl a few posts back in this thead. Tcl stands for Tool Command Language and it is a scripting language. Tk adds GUI functionality to Tcl. I suppose that rather than creating a totally new GUI, python may have used some of Tk.

Saturday, January 08, 2005

Re: Advice for Computer Science College Students

I did read up a bit on Python. What I got was a lot on the libraries. Could Mohn post a small example of creating a simple Class.

Here are two simple programs which we had as projects. They are reasonably documented so you shouldn't have a problem figuring them out.

This first one is quite simple. It sends a request to a domain name and outputs what server (IIS, Apache, Unix etc...) the site is hosted on. The Java version is almost exactly the same.

from sys import argv
from httplib import HTTPConnection
from httplib import InvalidURL

# -------------------
# printHTTPServerInfo
# -------------------

# Prints the name of the web server the specified URL is hosted on
# url - url of website
def printHTTPServerInfo( url ):
    try:
        connection = HTTPConnection( url )

        try:
            connection.request( "GET", "/" )

            response = connection.getresponse()

            server = response.getheader( "Server" )

            if server == None:
                print "Could not detect what server \"%s\" is hosted on" % url
            else:
                print "\"%s\" is hosted on %s" % (url, server)
        finally:
            connection.close()
        except InvalidURL, ex:
            print "\t--> Not a valid url. Expected format: 'www.hostname.com'"
            print "\t--> %s" % ex
    except Exception, ex:
        print "\t--> An error occured"
        print "\t--> %s" % ex


# Application entry point
if len( argv ) != 2:
    print "Usage: GetHTTPServerInfo "
    print " where is in the format 'www.hostname.com'"
else:
    printHTTPServerInfo( argv[ 1 ] )


The next one is a bit to do with AOP concepts. I had posted something a while back and gave an example using Java. This is more or less something similar. But in this case, you can optionally inject your own functions before and after the method call. One thing to notice is that Python makes it very easy (much more so than Java etc...) to add "dynamic" functions to a class - ie. functions that you don't define when writing the class. If you're interested I can post an explanation for what's happening.

# -----
# Proxy
# -----

class Proxy:
    """
    Intercepts all the method calls to some other class instance, delegating to the same method of the "proxied" class.
    In addition, it allows the user to specify functions that should be invoked before/after the delegation call.
    """

    # --------
    # __init__
    # --------

    def __init__( self, delegate_instance, before = None, after_ok = None, after_exception = None ):
        """
        Initializes a new Proxy object
        params:
        delegate_instance - the object to delegate method calls to
        before - the method to run before calling the called method
        after_ok - the method to run after calling the called method if it is a success
        after_exception - the method to run after calling the called method if it is a failure
        """

        self.delegate = delegate_instance
        self.beforeMethod = before
        self.afterMethodSuccess = after_ok
        self.afterMethodFailure = after_exception

    # -----------
    # __getattr__
    # -----------

    def __getattr__( self, name ):
        """
        Intercepts the specified method call
        params:
        name - the name of the method called
        returns:
        the invocation handler
        """

        self.methodName = name

        return self.InvocationHandler

    # -----------------
    # InvocationHandler
    # -----------------

    def InvocationHandler( self, *args, **kwargs ):
        """
        Invokes called method and any specified methods before and after method call
        params:
        *args - the positional arguments to pass to called method
        **kwargs - the named arguments to pass to called method
        """

        method = getattr( self.delegate, self.methodName )

        if self.beforeMethod != None:
            self.beforeMethod( method, *args, **kwargs )

        try:
            result = method( *args, **kwargs )

            if self.afterMethodSuccess != None:
                self.afterMethodSuccess( method, result, *args, **kwargs )

            return result
        except Exception, ex:
            if self.afterMethodFailure != None:
                self.afterMethodFailure( method, *args, **kwargs )

            raise ex


About size of projects, an application server Zope has been created in Python. So that kind of sets a very high limit for the size of Python projects.

Python is definitely being used for many large and diverse projects. BBC has a project where they plan to put their entire TV and radio archives online. They are using Python to develop some new networking protocols because apparently the current ones won't be able to handle the load.

Python has also got a Java port called Jython. So any code written in Python is converted to Java .class files. The author of the book also mentioned that a .NET python version may be released some day.

Ya I've heard about Jython and the .NET version (IronPython), but never looked at either one. Does Jython just produce Java bytecodes and thats it or can you also use the Java API? I would think that the whole point would be to enable using the libraries since Python already has a lot of features that the JVM/CLR provides - garbage collection, exception management etc... And what dyou think of these ports? Dyou think they are useful?

The python GUI library also uses Tcl/Tk in some way.

What is Tcl/Tk? How is the Python GUI library using it?

The next module is on Databases, queries and internals. What stuff do you guys know on the topic. So far the most complicated queries I have ever tried are "SELECT * FROM MYTABLE"!!

Not a lot. Just the basic SELECT, INSERT, UPDATE, DELETE stuff and a bit on Stored Procs (not writing them, just using them). So good topic to post stuff on!

We should have a discussion on the How MS lost the API war blog which Mohn linked to. What did you guys think of it?

I read it when he posted it, so its been a while. I'll go over it again and post my thoughts. Why don't you start? And Hrishi, Dinesh and Nikhil - we'd love to read your 2 cents too.

Re: Advice for Computer Science College Students


What is the size of a python project after which it becomes unfeasable?

Generally, these scripting languages are not suited for large apps because they quickly become unmanagable. But people don't seem to have a problem with Python for huge apps. It has a huge library framework a la Java/.NET.

Python is an OO language. It's not strict like Java... more like C++ in that you can have functions and data NOT associated with a class. Plus, apparently it has a close relation with C/C++. So if there is some functionality that is not available you can create it with C/C++ and "expose" it in Python.


I did read up a bit on Python. What I got was a lot on the libraries. Could Mohn post a small example of creating a simple Class.

About size of projects, an application server Zope has been created in Python. So that kind of sets a very high limit for the size of Python projects.

Python has also got a Java port called Jython. So any code written in Python is converted to Java .class files. The author of the book also mentioned that a .NET python version may be released some day.

The python GUI library also uses Tcl/Tk in some way.

I wonder how easy it is to use MVC patterns or any others in Python code!!

Some other stuff...

My Networking module just got over. The next module is on Databases, queries and internals. What stuff do you guys know on the topic. So far the most complicated queries I have ever tried are "SELECT * FROM MYTABLE"!!

We should have a discussion on the How MS lost the API war blog which Mohn linked to. What did you guys think of it?

Friday, January 07, 2005

Re: Advice for Computer Science College Students

Lots of blogs queued up in my head!!

Great! They're much needed. This place is becoming pretty lonely again.

What is the size of a python project after which it becomes unfeasable? And will co's adopt it? The advantage of faster development will sort of
be reduced by a need for better testing.


That's the thing. Generally, these scripting languages are not suited for large apps because they quickly become unmanagable. But people don't seem to have a problem with Python for huge apps. It has a huge library framework a la Java/.NET. It doesn't seem as well organized or documented, but it's there. Plus Python is Open Source so there is a huge community behind it with a lot of external libraries.

Tcl can be accompanied by other tools - OTcl and Tclcl. OTcl provides Object-Oriented functionality to Tcl. Tclcl helps in linkage between OTcl
code and C++ code. Does Python support OOPs, and/or C++ linkage?


Python is an OO language. It's not strict like Java... more like C++ in that you can have functions and data NOT associated with a class. Plus, apparently it has a close relation with C/C++. So if there is some functionality that is not available you can create it with C/C++ and "expose" it in Python. As you can imagine this is a pretty advanced topic - I just scanned through the page. Anyway, this is a pretty huge feature considering they have the OS community to keep adding features.

Another possibility is that co's develop in Python but convert the code to compiled before being deployed. (I have made dumber suggetions before!!)

Nope not dumb at all. You're talking about prototyping. At one time VB used to be popular for that. It was so easy to cook something up (RAD) and do some initial testing. Once it was accepted, convert it to a C++ app and ship it. But it seems a lot guys just stick with Python all the way through.

Wednesday, January 05, 2005

Re: Advice for Computer Science College Students


Sriram Krishnan posted a reply to the "Advice for Computer Science College Students"


Definitely read the reply when I get connected to the net!!


I'll just comment on one thing. He's mentioned Python and given it a glowing reference

Python is a dynamic language. It is strongly typed, but all the checking is done at
runtime. Nothing is done at compile time. When declaring variables you don't give them a type. A type is automatically inferred when it is assigned something. So if you've made a mistake, like use a variable is a way it wasn't supposed to be used, you will only become aware of it at runtime, if at all. I say if at all because only if your execution path leads to that piece of code will it throw an exception.

What Python has going for it is rapid development. Since there is no compile step, development is faster. But is this a valid tradeoff?


Very recently I used another scripting language Tcl. Actually used it as
part of a larger project to study a tool - Network Simulator (NS2).
Basically I am no authority on scripting languages either. I'll probably
post on that some time later. Lots of blogs queued up in my head!!

What is the size of a python project after which it becomes unfeasable?
And will co's adopt it? The advantage of faster development will sort of
be reduced by a need for better testing.

Tcl can be accompanied by other tools - OTcl and Tclcl. OTcl provides
Object-Oriented functionality to Tcl. Tclcl helps in linkage between OTcl
code and C++ code. Does Python support OOPs, and/or C++ linkage?

NS2 is a Network Simulator (I know its obvious!!). The project is used to
create virtual Networks on which tests can be run. C++ is used to create
compiled entities used within simulations, like Nodes, Links, etc. Users
generally use OTcl to create the simulations for which rapid development
is necessary.

Another possibility is that co's develop in Python but convert the code to
compiled before being deployed. (I have made dumber suggetions before!!)

In the end maybe its just a question of mindset. Probably I too will "see
the light" someday.

Rahul

Re: Advice for Computer Science College Students

Sriram Krishnan posted a reply to the "Advice for Computer Science College Students" article - Why Joel is wrong (or) Advice for *Indian* Computer Science Students. His reply is interesting for two reasons - 1) He's a 21 yr old dude doing CS. 2) He's studying in India.

I'll just comment on one thing. He's mentioned Python and given it a glowing reference (sarcastic or not). I've noticed Python getting a great reputation of late and picking up steam on the web. A lot of smart guys are recommending it (Bruce Eckel being one of them). I have to say, I don't get it. I did a bit of Python last semester. Very little, so I can't say anything about it with a great deal of authority. But from what I saw, I didn't get why it was such a big deal. If anything I thought it was super super easy to make a ton of mistakes.

Python is a dynamic language. It is strongly typed, but all the checking is done at runtime. Nothing is done at compile time. My biggest beef with Python is that you don't declare variables. You just use them as and when needed. A type is automatically inferred when it is assigned something. So if you've made a mistake, like use a variable in a way it wasn't supposed to be used, you will only become aware of it at runtime, if at all. I say if at all because only if your execution path leads to that piece of code will it throw an exception. And I won't even get started on the potential for nightmarish logic errors. If you misspell a variable, it's not a compile time error. It'll work fine.

What Python has going for it is rapid development. Since there is no real compile step, development is faster. But is this a valid tradeoff? As I've mentioned, I've not had enough experience with Python so everything I've said can't be taken too seriously. But so far, I'm not convinced. In time, maybe I will "see the light" and learn to appreciate it.

Re: Post blogs by email

Can we post pics on blogspot btw?

Short answer is yes, but it's not very convenient. You have to download a client app (actually two apps) to do it. Google bought a photo organizing software company called Picasa some time back. Now they're trying to integrated all their properties. They have another app called Hello that works with picasa from which you can post to your blog.

Post blogs by email


I am testing this feature of blogger wherein I send an email to blogger
and it gets posted as a blog.

You can set it up at Setting >> Email.

Hopefully I'll start posting more often now.

Rahul

Ps. So do not get suprised if my blogs are more email-like.

Also I wonder how they'll support MIME messages with pics and all. Can we
post pics on blogspot btw?




Monday, January 03, 2005

Advice for Computer Science College Students

An essay by this dude for aspiring programmers.

Here are his points...

---
1. Learn how to write before graduating.
2. Learn C before graduating.
3. Learn microeconomics before graduating.
4. Don't blow off non-CS classes just because they're boring.
5. Take programming-intensive courses.
6. Stop worrying about all the jobs going to India.
7. No matter what you do, get a good summer internship.
---

You can skip point 6 ;-)

This guy has quite a reputed and popular blog. If you go over some of his archives you can see the quality of the topics (ex How Microsoft lost the API war). A publisher is actually putting out a book of his essays.

Anyway, regarding the essay itself, I think he makes some great points.

Points 1, 3 and 4 are basically there to encourage you to be a more "rounded" individual. Don't just know one thing... try to expand your horizons type thing. This is fine, but I don't see it being a NECESSARY quality for aspiring programmers.

Point 2, it's something we have discussed briefly before. Languages like Java, C#, Python etc... are becoming more popular and shield you from lower level stuff. Many colleges (in the US) are shifting or have already shifted to using Java as the language of choice. And since most CS curriculums hardly focus on languages, you don't get any exposure to C or even C++. This is both good and bad. Good in that the professors don't need to focus much on the language - Java is easy enough to pick up and you have less potential to blow your head off that very little time is spent teaching the language and more on actual course material. Bad in that you don't know what's actually going on under the hood. As a CS major you would be expected to know it and you aren't taught it. Like I said, this is the trend in US colleges. I think in India C/C++ is still in heavy use in colleges and even some older languages?

I can't agree enough about point 5. We have also discussed this before and he sort of reiterates our arguments - the practical vs theory stuff. However, it should be noted that he is looking at this from purely a software development perspective. Computer Science is a vast field and theory plays a large part in it. There isn't a lot of room for this theory in everyday programming, but it is important if you're looking for that kind of work. I'm sure the Google Labs guys are heavy on this stuff.

Point 7 is just about getting some real world experience before getting out of college. There's a huge difference between what you learn in college and how it's applied practically. It helps to see that and try to connect the two (if possible ;-)).

Saturday, January 01, 2005

Happy New Years

Happy New Years to all of you!!

and the look is fine.