Liudvikas Bukys

Ole Eichhorn has written a great essay on “the lost art of desk checking,” sharing how slow and painful experiences with debugging led to habits of deliberate and careful pre-planning and checking.

My own parallel experiences: Okay, I’m doing to date myself here too. I’m also 49 years old, but didn’t start programming until Senior High. First experiences were with Basic on a Xerox Sigma 7 (thanks, Xerox), and a Wang 2200B. Not much learned there.

I learned more during summer vacations, when I paid real money to the University of Rochester to use their mainframe. I discovered that my first APL programs actually worked. I tried my hand at IBM 360 assembly language programming, but debugging was expensive - each assemble/link/run cost over $2. So I started editing the binary object decks on a keypunch instead, reducing the cost of a link/run to something under 80 cents.

While I followed the technology curve and have all the modern development environment power tools, there’s nothing like designing cleanly and understanding what’s going on. To quote Eichhorn:

To write code I just look at my screen and start typing, and to fix code, I just look at my screen some more and type some more. So now, finally, I‘m done with desk checking, right?

Wrong.

I desk check everything. Thoroughly.

And this, to me, is a major league black art which is lost to all those who didn’t have to hand-punch cards and wait a week for their deck to run. It is a lost art, but an essential art, because all the tools which make entering code and editing code and compiling code and running code faster don’t make your code better.

Like many others in 2008, I am cheap, don’t buy TVs very often, subscribe only to basic cable, and have questions about the impending February 17 2009 shutdown of analog over-the-air TV channels.

My prediction for 2008 is that confusion will reign because part of the answer is provided by cable, satellite, or telephone service companies, and their incentive is to maintain confusion because that’s an effective “up-sell” technique.

The simple story is that over-the-air (OTA) analog goes away, replaced by OTA digital. For OTA consumers, it’s just a matter of getting an ATSC tuner (built-in to a newer TV, or standalone with a government-subsidizied coupon).

The part that is different for every locality and service provider: what to do with analog TVs on analog cable systems. For every locality there is a simple cable story: the cable company could tell you their plans for analog channels, e.g. “We’ll continue to carry local channels for our analog customers through [let’s say] 2012.” But the cable companies will generally avoid that story. (I tried to extract it from TWC and they failed the first test, answered the wrong question entirely.)

Why would they tell you a simple “analog on cable is OK for N years” story when they would rather upgrade you to a new digital cable set-top box, and while they’re at it, try to replace your phone too?

So, even if it’s true that analog cable customers will live just fine on the analog cable plant for quite some time, you’ll only see it either in extremely fine print, or omitted as a choice at all in most promotional materials.

Now, it is also true that for bandwidth utilization reasons, the cable companies would like to convert their cable plant to all-digital. If they somehow manage to convert all their cheap $8/month basic cable customers to some fatter bundle, all the better for them. The good thing is that digital OTA tuners will provide competition, so the cable company had better have something that competes with free digital for cheap customers, or they’ll just lose the low end altogether. (The only reason I have basic cable is because my analog OTA reception is poor. Once digital OTA becomes cheap (it’s not yet, standalone tuners are too expensive), I’ll be a digital OTA customer unless cable really makes it worthwhile not to switch. It’s a race to the bottom for my dollar.)

Once they start losing a significant number of customers to digital OTA, then they will start publicizing cheap basic analog and constructing cheap basic digital. But they will wait as long as possible.

Local Rochester-area political blogger Thomas Belknap recently railed about HR 811, interpreting its requirement of a voter-verified durable paper ballot as a small-minded banning of an attractive future of modern networked reliable electronic voting machines. I could not resist posting my disagreement into the comments on his blog, and perhaps I am going to convince him, as he edited out my most provocative snide political shots and left in some of my more reasoned comments.

As a security person, I must point out that if machines do not produce a reliable auditable record, then all you have is a fait accompli fraud-blessing device. That’s the short version of the security argument.

I’m willing to go along with NIST that, as of today, all-electronic systems are an important research topic, not a settled present alternative:

The approach to software-independence used in op scan is based on voter-verified paper records, but some all-electronic paperless approaches have been proposed. It is a research topic currently as to whether software independence may be able to be accomplished via systems that would produce an all-electronic voter-verified, independent audit trail (known as software IV systems).

A durable paper ballot requirement is not a retrograde goof, nor a rejection of e-voting. It’s a reflection of current reality, that all-electronic e-voting implementations are asking for trouble. Codifying an allowance for all-electronic systems today would just open the door to arguments about what’s good enough cryptographically, arguments that will be settled by folks even less competent than our representatives. Codifying the well-understood voter-verified paper audit trail as a requirement puts an immediate crimp in the shopping spree for fancy-looking machines that are rotten inside - a shopping spree that will continue if this law isn’t passed, creating an ever-larger lump of sunk investment in pretty bad technology.

A paper audit trail today isn’t a rejection of e-voting, it is progress toward a more robust implementation that in the future will, no doubt, also include other alternative durable auditable records.

For credible background on the security geek consensus, see the above-quoted NIST draft, the US ACM policy recommendation, or Bruce Schneier (University of Rochester physics alumnus!). Or anything by Ed Felten or Avi Rubin on this subject. In this case, our representatives seem to be listening to informed advisers.

Regarding politics: All parties’ oxes have been gored at one time or another by voting fraud or rumors of fraud, so this does seem like an issue on which a consensus could form.

Way back in the 1970s, I attended a banquet at RIT, for incoming or prospective students. My assigned seat placed me next to another intended Computer Science major.

I had cut my teeth in high school on some Basic programming (on a Xerox Sigma mainframe and a Wang 2200B), then self-taught myself APL and IBM/360 assembly language (paying for access at UR to an APL terminal, and editing object decks on the keypunch to save money while debugging assembly language programs).

My dinnermate at the banquet had had no such experience. So in choosing her major and concentration, she had to depend on the layman’s descriptions she heard during a college visit. You see, application programmers write programs that actually do things. Meanwhile, system programmers work on the operating system.

What’s an operating system? Well, it doesn’t do anything itself, it’s just there to help people write application programs.

Why did she choose Computer Science with a system programming concentration? “I like to help people.”

My installation of Microsoft Internet Explorer 6 (version 6.0.2900.2180.xpsp_sp2_gdr.050301-1519) has developed the unfortunate problem of frequently (about once a day) trashing its ability to render correctly: painting its window contents at various places all over the display, rendering in the wrong font, leaving turds all over its window while scrolling. Once it starts I have to kill iexplore.exe to make it stop. I believe it is fully-patched.

In my mind the appearance of this problem is correlated with the appearance of two new aggressive JavaScript interfaces: The much-improved BlogLines feed selector, and the very-irritating Yahoo Finance streaming quotes feature (which slows down every refresh even when set to “off”). That may just be coincidence.

It does mean there’s some serious undiscovered memory corruption going inside IE6 somewhere.

It’s a good time to switch to FireFox and/or IE7.

The existence of cheap and presumed-reliable storage services such as Amazon S3 will cause a burst of innovation in personal and corporate storage options. A particularly good fit: content-addressible storage schemes such as plan9 venti and git, that offer frugal use of bandwidth (important when metered), and attractive features like version snapshots “for free.” A little searching shows one talented software developer thinking along these lines already: “Brad Fitzpatrick: wsbackup — encrypted, over-the-net, multi-versioned backup.” There will be more.

The New York State School Tax Relief (STAR) program is an identity theft “accident” waiting to happen. Homeowners apply for property exemptions on their primary residence, and file with their local tax assessors. (In the first year or so of this program, total chaos ensued in assessor’s offices all over the state.) Extra tax exemptions for senior citizens are means-tested, and require homeowners to submit their SSN or a copy of their income tax returns to the local assessor.

• In New York City, they want SSNs from everybody. Just because it’s authorized by law (in the NYC Administrative Code) doesn’t mean it’s a good idea. Everywhere else, they’re only collecting SSNs or income tax returns from low-income seniors.
• It’s hard to justify leaving so much personal financial information sloshing around assessor’s offices all over the state. And which is worse: copies of tax returns in piles in sleepy small-town assessor’s messy offices, or huge indifferent big-city assessor’s chaotic offices? Need to know? Mind your own business.
• As their normal traffic is public information, assessors are not necessarily tuned to protecting private personal information. For a recent example of a public record agency handling private data, see the story of how the Suffolk County (NY) clerk’s normal processes put a few thousand SSN’s in the public record [via Emergent Chaos].
• Perhaps all these violations of “don’t ask for information you don’t need” and “don’t store information you don’t need again” were less serious even a few years ago, but the consequences of these old ways are getting worse every day.
• Though it’s hard to patch the process perfectly, one simple fix would be to direct the flow of sensitive information away from local offices, e.g. create a state tax return checkoff that allows the income tax people to inform the assessors about eligibility and primary residence status without revealing any income information.
• Well, the politics is irritating too. Creating yet another “take with one hand, give back with another” program is inefficient, and clearly its primary purpose is to create an opportunity for attaching a politician’s name to a tax cut, with extra discrimination making the program harder to kill.

Update 3/7/2006 see also: The public servants at the Ohio secretary of state insist on treating documents that pass through their hands as public despite embedded SSNs.

Update 4/11/2006 see also: Broward County (FL).

Here are two books that I’m enjoying right now. Neither of them is hot off the presses, but I thought I’d put a good word for each nonetheless.

• The Pragmatic Programmer: From Journeyman to Master: Good judgment takes years of experience to really learn. This book is a succinct presentation of the principles. I wish I’d written it. I know, everybody knows about this book (series). I’m catching up on my reading.
• The Computational Beauty of Nature: Computer Explorations of Fractals, Chaos, Complex Systems, and Adaptation: Finding the beauty of the universe by seeing the interconnectedness of mathematics, complexity theory, fractal geometry, chaotic and adaptive systems. If you can program computers, the math is accessible enough.

Ed Felten discusses an interesting dispute among astronomers regarding how long scholars should withhold discoveries so they can retain exclusive access and get credit for more original papers. (Aside: As I note in his comments, while this is largely self-governing because everybody has incentives to publish, there are occasional extreme examples of scholarly hoarding, such as the decades-long embargo on publication of some Dead Sea Scroll materials.)

The security angle on this is that the dispute is about whether the Spaniards scooped the Americans by reverse-engineering a temporary name published in an advance abstract of a paper. The temporary name contained a date that could have served as an index into a telescope activity log, revealing the position of the newly-discovered object.

The lesson is that a cookies or nonces (temporary data values to be used only once) should usually, in security applications, be content-free (long, random, unpredictable, and generated with a random number generator not prone to reverse engineering itself). Structured or predictable nonces can lead to information leaks or to vulnerability to forgery. Short nonces fall to brute-force search.

I just happily discovered that GMail settings support non-GMail “From:” addresses. It’s a welcome feature for me, as I had no intention of binding to a vendor domain name ever again.

Perhaps it has been a feature for quite some time, and I just wasn’t aware of it. GMail is predisposed toward pleasant surprises without fanfare (e.g. “plus addresses” are supported too).