( ? , qUeStIoNMaRk )

Joel wrote, as usual, a thoughtful and witty article on the web, standards, interoperability and the upcoming mother of all flame wars; this is a must-read for everyone concerned with web-related software development (web designers, web programmers, information architects, marketeers…) .

As usual, the idealists are 100% right in principle and, as usual, the pragmatists are right in practice. The flames will continue for years.

Joel goes into a lengthy explanation, driven by an extra-terrestrial catchy case study, of what are the possible “cardinalities” of “market standards” (One-to-One - all is fine and simple, One-to-Many - yet fine, Sequence-to-Many - a story of pain and backward compatibility, Many-to-Many - you know, PurePain ™), why a standard without a reference implementation it’s not that standard, and why in the long run being conservative in what you do, and being liberal in what you accept from the others potentially ends in deployment issues kicking your conservative yet liberal butt. In the meanwhile you get also acquainted with some real-world compatibility issues between rabbis from different ultra-orthodox communities:

If you’ve ever visited the ultra-orthodox Jewish communities of Jerusalem, all of whom agree in complete and utter adherence to every iota of Jewish law, you will discover that despite general agreement on what constitutes kosher food, that you will not find a rabbi from one ultra-orthodox community who is willing to eat at the home of a rabbi from a different ultra-orthodox community. And the web designers are discovering what the Jews of Mea Shearim have known for decades: just because you all agree to follow one book doesn’t ensure compatibility[…]

As a very brief personal memorandum: Real Standards must have Real Reference Implementations (because “reality siphons off excess complexity“¹) and although Postel’s Robustness Principle is (imho) still much valuable for the wide spread of the internet/web it has been able to sustain so far, it should be carefully balanced - “in medium stat virtus” - with having very, very strict standards and “components” positively obnoxious about pointing them all out to you; maybe we (as developers/engineers) should resort to some sort of “carrot and stick” principle.

NOTE ¹: The full citation from David H. Gelernter’s Mirror Worlds (a wonderful and fascinating book narrating a vision of computing and information of extraordinary elegance - that is by other words a good combination of simplicity and power) is:

“Information structures are, potentially, the most complicated structures known to man. Precisely because software is so easy to build, complexity is a deadly software killer.
The same problem exists for hardware machines, but it lacks comparable significance. Physical reality is the overflow valve that siphons off excess complexity before the whole system blows.[…]”.

Via Lambda the Ultimate: ACM Classic Books Series. The ACM posted PDF versions of some books in its Classic Books Series, which are available to anyone who creates a free ACM Web Account.

Among the currently available books, LtU readers are likely to be particularly interested in Hoare and Jones’s Essays in computing science, Adele Goldberg and David Robson’s Smalltalk-80: the language and its implementation, and Dahl, Dijkstra, and Hoare’s Structured programming.

Long time readers will also know that I highly recommend Papert’s Mindstorms: children, computers, and powerful ideas to anyone interested with the effect computers might have on education. Papert’s Logo remains to this day the best children oriented programming language, but even if you disagree with me about this, his book is a must read.

Among the soon to be released there are Dijkstra’s “Selected writings on computing: a personal perspective” and Yourdon’s “Classics in software engineering”; tasteful food for your (computer scientist/software engineer) brain.

DISCLAIMER: quite long, programming related post.

A few days ago Marco Ramilli reviewed a useful password strength checker written in JavaScript. The JavaScript "score" function is (here without any DOM manipulation-"side effect"):

function passwordStrength(password)
{
   
    var desc = new Array();
        desc[0] = "Very Weak";
        desc[1] = "Weak";
        desc[2] = "Better";
        desc[3] = "Medium";
        desc[4] = "Strong";
        desc[5] = "Strongest";

        var score   = 0;

        //if password bigger than 6 give 1 point
        if (password.length > 6) score++;

        //if password has both lower and uppercase characters give 1 point     
        if ( ( password.match(/[a-z]/) ) && ( password.match(/[A-Z]/) ) ) score++;

        //if password has at least one number give 1 point
        if (password.match(/\d+/)) score++;

        //if password has at least one special caracther give 1 point
        if ( password.match(/.[!,@,#,$,%,^,&,*,?,_,~,-,(,)]/) ) score++;

        //if password bigger than 12 give another 1 point
        if (password.length > 12) score++;

    return {"score": score, "desc": desc[score] } ;

}

This function can be written in a fairly more compact manner taking avdantage of some nice JavaScript programming fatures. (Remembering that JavaScript is the World’s Most Misunderstood Programming Language)

First you can declare the array with a single assignament:

var desc = ["Very Weak", "Weak", "Better", "Medium", "Strong", "Strongest"]

Second you can avoid repeating the "if (condition) score++" (if you are lazy like me you should hate writing the same code over and over), have the tests stored in an array and executed via "eval" in a "for (element in collection)" statement, this way you keep the tests separated from the score evaluation; this is no big deal in a so simple and short program, but it’s a good practice (and attitude) to have rules and rules engine logic separeted.

var tests = [
    "(password.length > 6)",
    "( ( password.match(/[a-z]/) ) && ( password.match(/[A-Z]/) ) )",
    "(password.match(/\d+/))",
    "password.match(/.[!,@,#,$,%,^,&,*,?,_,~,-,(,)]/) )",
    "(password.length > 12)",
]

for (test in tests){
    if eval(test) {
        score++;
        }
}

Now the password strength checker function can be rewritten as:

function passwordStrength(password)
{
   
    var desc = ["Very Weak", "Weak", "Better", "Medium", "Strong", "Strongest"];
   
    var tests = [   
        "(password.length > 6)",
        "( ( password.match(/[a-z]/) ) && ( password.match(/[A-Z]/) ) )",
        "(password.match(/\d+/))",
        "password.match(/.[!,@,#,$,%,^,&,*,?,_,~,-,(,)]/) )",
        "(password.length > 12)",
    ];
   
    var score = 0;
    //every passing test gets the score incremented of 1 point
    for (test in tests){
        if eval(test) {
            score++;
            }
        };
   
    return {"score": score,"desc": desc[score]};
   
}

This is a more compact formulation than the original one, which means less bytes down the tube which turns to less bandwidth consumption, and it is also more manageable (the initial disclaimer is always valid: the example is quite simple so you get no big savings, it’s more about the attitude).

A note on eval: (ab)use of eval is somewhat considered harmful and watched with despise in some circles, so you can easily substitute the expression eval(test), relying on a more explicit use of the "metaprogramming" facilities of the language, with:

(new Function("return " + test))()

Here you build an anonoymous Function whose body is made out of the return statement (otherwise, as no return statement is specified in the test body, the return type of the function would be undefined, kind of void for the Java-inclined) and the test body; the function is then called () and the test gets evaluated.

By having "rules engine" and rules separated you can further improve the code robustness: an implicit assumption is made on the number of tests and descriptions  you provide, i.e. you must provide N tests and N+1 descriptions. How can this become more flexible? You can broad the initial assumption by stating you can have an arbitrary number of tests (each one with a separate score) and an indipendent number of level descriptions. For example’s sake you have 4 descriptions (you throw away the "Better" and the "Strongest" ones), 6 tests and the last one gets you 2 points if passed.

First you have a simple design decision to make: how you relate the strength description to the score?

Opting for a simple design you can fully specify the mappings (defining the minimum score for each description), e.g. using a dictionary / hashmap like {0: "Very Weak" , 2: "Weak", 3: "Medium", 5: "Strong"} for the descriptions. Hence you have:

var desc = {0: "Very Weak" , 2: "Weak", 3: "Medium", 5: "Strong"}

The score for each test can be specified taking advantage of an hashmap in wich the body of the test is the key and the score the value.

var tests = {
    "(password.length > 6)": 1,
    "( ( password.match(/[a-z]/) ) && ( password.match(/[A-Z]/) ) )": 1,
    "(password.match(/\d+/))": 1,
    "password.match(/.[!,@,#,$,%,^,&,*,?,_,~,-,(,)]/) )": 1,
    "(password.length > 12)": 2,
    }
   
To take into account the custom score for each test you also have to make a fairly trivial change to the "rules engine", instead of score++ you have:

score += tests[test];

Now that the score has been calculated you have to retrieve the description; descriptions are "indexed" in the hashmap by their minimum score level, so you have to retrieve the entry with the maximum possible key value less or equal than your actual score. This problem can  be solved by a helper function that starts with retrieving the entry for the actual score and in case of failure (i.e. desc[score] evaluates to undefined) it calls recursively itself with the score decremented by one unit, and so on until it eventually reaches a valid key. A note on  the ? operator and associative arrays in JavaScript, the test fails for the value undefined, to which the expression desc[score] evaluates if there is no entry for the key score.

function desc_f(score)
{
    return desc[score] ? desc[score] : desc_f(score-1);
}

Now you can substitute desc[score] with desc_f(score) in the return statement of passwordStrength and your’re done with satisfying the evolved requirements.

function passwordStrength(password)
{
    var desc = {0: "Very Weak" , 2: "Weak", 3: "Medium", 5: "Strong"};
       
    var tests = {
        "(password.length > 6)": 1,
        "( ( password.match(/[a-z]/) ) && ( password.match(/[A-Z]/) ) )": 1,
        "(password.match(/\d+/))": 1,
        "password.match(/.[!,@,#,$,%,^,&,*,?,_,~,-,(,)]/) )": 1,
        "(password.length > 12)": 2,
        };
   
    var score = 0;
   
    for (test in tests){
        if eval(test) {
            score += tests[test];
            }
        };
       
    function desc_f(score)
    {
        return desc[score] ? desc[score] : desc_f(score-1);
    };
   
    return {"score": score,"desc": desc_f(score)};
   
}

If you  didn’t get overly bored you should have appreciated the power and simplicity offered by a "responsible use" of JavaScript. If you really didn’t get overly bored and you feel like expereminting something on your own, you can implement your own strategy for description-score mapping; there is plenty of room to introduce arbitrarly complex strategies.

These ramblings have been inspired by some (off|on)line chat with Giulio Piancastelli (who suggested me the Function() alternative to the "evil eval"), his Kata Four in JavaScript post and by these nice presentations on JavaScript Metaprogramming: @media Ajax by Dan Webb and  @Columbus Ruby Brigade by Adam McCrea.

In the meanwhile I get the time to write down some (not so badly) articulated thoughts on the interesting event I attended in Ravenna on October 13th “Strati in Rete” (inside “Strati della cultura” for ARCI’s 50th year anniversary) I’d like to share (for no good reason at all) my notes. I met and took a chance to nicely talk about internet and participation with Alessandro Bottoni (future value of past failings - GNU Arch and BazaarNG), Frieda Brioschi (valorization of expertise and competence in wikipedia), Livia Iacolare (her experience with intruders.tv), Antonio Sofi (participation and new media distribution models - radiohead’s In Rainbows and Magnatune) , Alessio Jacona (the right channels for the right audience - how the participation is changing the way companies “talk” to their customers), Valentina Orsucci (second life and metaverses possible innovations in [e]learning processes and a nice “Prisoner’s Dilemma” based experiment in the classroom) and Elena Zannoni (open source and technology adoption in Public Administration), and other people I forgot to mention.

Kudos to Luca for the organization.

Disclaimer: the notes are (highly) rough and my handwriting is hieroglyphic at best, this whole thing is a kind of experiment.

Strati in rete Notes 1/4 on Flickr
Strati in rete Notes 2/4 on Flickr
Strati in rete Notes 3/4 on Flickr
Strati in rete Notes 4/4 on Flickr

It’s official after lots of rumors Apple unveiled the “/webapps directory“.

Part fun. Part function.

[…]

The Internet and multi-touch.

With web apps, the power of the Internet meets the brilliance of multi-touch. And suddenly, iPhone and iPod touch can do that much more.

The Internet and multi-touch.

With web apps, the power of the Internet meets the brilliance of multi-touch. And suddenly, iPhone and iPod touch can do that much more.

Flick through lists of news articles on Digg. Play games like Sudoku and Bejeweled with the touch of a finger. View movie times, train schedules, and blogs.

Web apps don’t just extend the functionality of iPhone and iPod touch, they do it in style. Since web apps are websites designed specifically for the 3.5-inch screen, you’ll find the viewing experience amazing.

UPDATE (First impressions): The webapps collection is not yet that much crowded but it features yet a pretty useful variaty of apps from the usual “suspects2.0″, Facebook, digg (reddit where are thou?), a few feed readers and others, to the most crowded (as you may imagine) enterteinment directory and a pretty collection of useful utilities and search tools (events, travel info, local attractions, local business). From the available images all this apps show to have been “redesigned” to prefectly fit the iPhone screen and take full advantage of the touch interface. It’s pretty clear this selection makes an inviting appetizer for all the so-called-social geeks out there (if the iPhoniness-per-se wouldn’t have been proven yet enough attractive).

But the real interesting news come to the Developer side; the Web Development for iPhone section spells out a clear message:

Developers can create Web 2.0 applications that look and behave just like the applications built into iPhone, and provide seamless integration with iPhone applications and services including making a phone call, sending an email, and displaying a location in Google Maps. Third-party applications created using web standards can extend iPhone’s capabilities without compromising its reliability or security. Accessory developers can create products that attach to the dock connector, the stereo headphone minijack, and carrying cases.

So you can expect a flourishing of third-party applications that will feel as the native ones (althought built on html, css and javascript) and you won’t worry about screwing up your iPhone installing a broken and messy third-party app, which makes it a well argumented (yet questionable) decision on what to open and what not to.
I took a look at the sample iPhone webapp - Puzzler and you can see the aformentioned claim holds still: Puzzler is a web standards based application that you can fairly run in Firefox without any issues and you can verify it’s just a few (about two hundred) lines of javascript code and nearly nothing html and css (the application is actually very simple on the “presentation” side) - random thought: a nice companion to the Puzzler webapp would be a Conway’s Game of Life simulator.
Much of the success of a mobile platform depends on a right balance between the will to “play well” with others players and the ability to attract and keep customers; iPhone’s user interface proved to be very effective on the “attract-customers” ability, now that the opening to third-party applications has happened the jury is finally out, and we will se if the degree of openess adopted by Apple is enough to catch on developers and users and go beyond its gadget’s coolness.

I found on flickr three great “motivational” posters by Bill De Hora. This one should be in every introductory book/course on software engineering/programming:

This should be in front of the entrance of the software lab/office:

And the last one is definetely my favourite:

This is a brief placeholder for further investigations. Metaverses are a interesting potential technology toward seamless virtual collaboration. On this topic the Crouqet Project has developed an open source prototype system, called OpenCroquet. Of the features and uses presented, I find the capability of annotating artifacts really appeling to the collaborative creation of knowledge. Here it is the annotation architecture and a brief demonstration. A nice experiment has been made where students explore a number of worlds (portals) and then collaboratively create an idea map in Croquet space about how Croquet might be used as a learning environment.

From the home page…

FreeOSZoo provides ready-to-run images of QEMU virtual computers, pre-installed with a Free Operating System and a set of popular free software. To get started, you only need to install QEMU and download a single file from the FreeOSZoo project.

FreeOSZoo is targeted at end-users, who run proprietary Operating Systems because they are not aware of the existence of Free Operating Systems like GNU/Linux, FreeBSD and other free alternatives. For this audience, FreeOSZoo is the perfect tool for testing an Operating System without modifying their computer.

Here is the page collecting the qemu images.

Virtualization is a quite powerful and useful abstraction: the availability of self-contained ready-to-roll system image really lowers the barrier to test, study, hack, develop operating systems. Assuming you are using a quite powerful machine (e.g. a 2.0 GHz P4 with 512 MB RAM Memory is suggested to have a smooth run) testing a complete software stack (operating system, database, web server, programming environment) is a push-botton experience or, in other words, it is one click away from you. It is also a huge step forward in the repeatability of software experiments, and hence in the scientific accurancy of software development; “provare et reprovare” in Galileo’s words.

This is also a nice chance to take a look at some forward-looking experiments in operating systems design as Plan9, a complete rethought of Unix concepts in a network oriented environment by the Lab who gave us Unix. The Plan9-updated image doesn’t work, or rather I didn’t find a 30-second way of getting into rio, the Plan9 window manager, however you’ll be able to download Plan9 image from the official site and boot it as a live cd to step into a quick view of the OS.

Getting the purpose of a software system right is an evergreen theme in software engineering, and one of the fuzziest issues in this beautiful discipline. My friend Marco some times ago posted a great toon on the subject, with a brief and sharp commentary.
On sunday Dilbert posted an awesome strip on the tensions between engineers, customers and requirements:

• engineers want customers to express requirements clearly, possibly in a non-ambigous language (a set of differential equations wuold be perfect ).
• customer wants engineers to guess what they are thinking their problem is.

This would seem a self-referencing non-terminating problem (sounds huge), but Dilbert has the perfect solution:

• As the designed software can do whatever the engineer designs it to do, the engineer should design a software to tell himself customer requirement.

Striking clear, not?