Blog: 2009-06

The Onion on Turkey Sandwiches

Apropos of 2009-05-16: "Report: Turkey Sandwiches An Excellent Source Of Turkey Sandwiches"

Quack 0.37

I released Quack 0.37.

This contains a bug fix. Due to economic realities, as well as to the greater demand on my pro bono time from Scheme libraries, I probably won't be adding major new features to Quack in the forseeable future unless funding materializes.

ArgoUML is OK

I'm using ArgoUML 0.28 for static object modeling right now, and it's not bad.

I still prefer OMT to UML, and OMTool to ArgoUML. And I'll miss the convenience of my own old Jomtool (circa 1996). But the current version of ArgoUML is tolerable, and does a few neat things that OMTool didn't (15 years ago).

Leukemia and Lymphoma Society Team In Training

Blood cancers: you've seen them on House, now fight them with your credit card.

You can do this by sponsoring Anna in a fund-raiser for the Leukemia and Lymphoma Society (which, contrary to what the name suggests is not a social club for blood cancers, but rather an alliance of their mortal enemies).

Disclosure: Anna is an acquaintance.

Bah

I'm not a big video games person, but a while ago I found a PlayStation 2 on the curb, and then I picked up some used game discs on eBay.

What I have learned is that, even in video games, I don't get no respect.

How the Internet Works

I saved this chat room conversation from a while ago. Names changed.

<alpha> g'morning slackers
* bravo pees in alpha's coffee
<alpha> good thing i dont drink the coffee
<bravo> hrm
<bravo> I wonder whose coffee that was
<alpha> one of the cow-orkers, no doubt
<alpha> bravo: looks like your csco bug was patched up in code-of-the-day
<alpha> Fixed-in: [[version numbers ellided]]
<alpha> you upgraded?
<bravo> not yet
<alpha> bravo: that one have nasty bugs too?
<bravo> no our mole inside tac says there aren't any known issues yet
<bravo> which means one thing
<bravo> nobody is running it yet
* alpha lol

Yesterday

Yesterday was the 55th anniversay of the famous line:

Have you no sense of decency, sir? At long last, have you left no sense of decency?

—Joseph N. Welch

See the Language Log, June 09, 2004.

randtok

You may have heard how a YCombinator site was hacked, by exploiting poor token generation that was implemented in Arc. As you might know (perhaps from when I released Morc), the Arc reference implementation is currently implemented as an interpreter in PLT Scheme, and its random function reportedy calls down into PLT Scheme's random procedure. Use of the random PRNG wasn't the entire problem.

Just to scratch an itch this weekend, I made a library to generate these token strings while making efficient use of scarce /dev/random bytes: "randtok: Random Token String Generation in Scheme." You don't want your application to block because /dev/random can't keep up with your users.

Note that I haven't inspected and tested the code for security-sensitive production use. It is the weekend and unpaid work, after all. If you require a higher level of confidence, you can do the evaluation yourself, or you can hire me to do it. :)

PLT Popular Exposure

HTDP and DrScheme were plugged on a nationally syndicated radio program (including a FOX affiliate, if you can believe it):

Thomas is 10 years old and he wants to start a software company with his friends! He programs in C++, Java, and Python?! Wow. Leo says he wants Thomas to learn these programs right, not just noodling with them and learning bad habits. So Leo says that Alice is a good place to start, but Leo suggests HTDP.ORG. It's a programming book written by software professors all over the country and teaches "SCHEME," which is a "flavor" of a programming language called LISP. Download DrScheme. This will teach you to plan, design, and organize your software ideas.

—First item of summary of 2009-05-31 Leo Laporte show

Still being, AFAIK, the only professional Scheme consultant in the US, I look forward to Thomas starting his company and hiring me.

Snooze Performance

Don't use SSL for PostgreSQL access when using the Snooze persistent object library for PLT Scheme. You have to explicitly disable it by adding the #:ssl 'no keyword argument to the make-database call.

The long story...

I tried out the Snooze tutorial, and initially it seemed sluggish. So I added some instrumentation. Operations on 3 very simple objects typically timed like:

*** 348 ms : connected
*** 160 ms : table created
*** 52 ms : people printed
*** 753 ms : people saved
*** 47 ms : people printed
*** 759 ms : people deleted
*** 46 ms : people printed
*** 138 ms : table dropped

When it takes close to a second to delete three simple objects from an otherwise empty database, something is wrong.

So I doubled it to 6 objects, and found that save and delete operations doubled in duration:

*** 349 ms : connected
*** 164 ms : table created
*** 55 ms : people printed
*** 1513 ms : people saved
*** 54 ms : people printed
*** 1486 ms : people deleted
*** 45 ms : people printed
*** 135 ms : table dropped

I verified that performance of manual SQL operations through psql were fine.

Rather than profiling, I bugged the developers, and then lower-case snoozed a bit.

Then, on a random hunch, I checked to see if it was using SSL, and sure enough, the underlying PostgreSQL access library used SSL by default. With SSL disabled, times were reasonable:

*** 39 ms : connected
*** 39 ms : table created
*** 9 ms : people printed
*** 50 ms : people saved
*** 7 ms : people printed
*** 54 ms : people deleted
*** 2 ms : people printed
*** 11 ms : table dropped