• The Old New Thing

    Shifting from program management to programming also affects your social life

    • 29 Comments

    My colleague who switched from program management to programming has this to say about unintended consequences:

    1. My wife says that I am much more pleasant to be around.
    2. My social skills appear to have become a lot better, which is really counter-intuitive to the standard image of a developer.

    My take on this is that I developed through the needs of my job as a lead program manager the ability to talk to anyone at any time to get a particular issue dealt with, but that I didn't necessarily want to do this or enjoy the process. After work or on the weekends, my wife was hard pressed to get me to see other people. Now, there is no such issue. The reduction in forced human interaction is such that I am no longer overstretching my ability to interact with people, thus rendering me able to undertake those interactions and actually enjoy it.

    Of course, this doesn't necessarily work for lifelong programmers, since they may not ever have developed these social skills to begin with!

  • The Old New Thing

    Comparing writing specifications to writing code

    • 35 Comments

    My colleague who manages to pack his entire office into a single box recently made the switch from program management to programming. I teased him, "So what's it like using an editor without a 'boldface' button?" His response was actually rather insightful.

    "Writing specifications is like writing a novel. Writing code is like writing poetry."

    When you're writing a specification, you need to start by setting the scene so people understand the problem you're trying to solve. You then explore the world you've created, elaborating on the details necessary to convey your intent, considering all the possibilities and addressing each one.

    When you're writing code, you are focused on conciseness. Like a poet, you are thrilled when you find a single expression that covers all the nuances you're trying to convey. You are intent on writing only what is necessary, no more. Beauty is in the small.

    I guess this explains why I was never good at long-form writing.

  • The Old New Thing

    Apparently I can't take myself anywhere

    • 23 Comments

    Upon arriving at the office, I unpack my bicycle bag and remove a crisp new white shirt. I change into my work clothes, and then at 11am, I head to lunch as I usually do. (This is the lunch group that includes JeffDav and occasionally BenCon.) I get a sandwich, sit down, and immediately drip sauce on my brand new shirt. Can't even keep a shirt clean for two hours. Fortunately, I keep a spare shirt in my office so I am able to change and give the now-no-longer-purely-white shirt a bit of a wash in the bathroom sink before the stain set.

  • The Old New Thing

    Viewing function composition as transformation of the domain

    • 12 Comments

    A lot of formulas you encounter in computer science can be viewed as function composition. Let's start with the simple problem of rounding integers down to the nearest multiple of some positive constant. The formula for this should be relatively easy for you to produce:

    round_down(n, m) = floor_div(n, m) * m

    where floor_div returns the largest integer less than or equal to n/m. If n≥0 and m>0, then floor_div(n,m) = n/m where / is the C integer division operator.

    But what if you want to round up? Take a look at the difference between rounding up and rounding down, say, using multiples of four for concreteness.

     0  1  2  3  4  5  6  7  8  9 10 11 12
    round_down 0 0 0 0 4 4 4 4 8 8 8 8 12
    round_up 0 4 4 4 4 8 8 8 8 12 12 12 12

    The round_up table is just the round_down table shifted left three places. The mathematical way of shifting the table heading is by manipulating the domain, in this case, by adding three. In other words, don't think of adding three as a vertical operation

     0  1  2  3  4  5  6  7  8  9 10 11 12
    +3 +3 +3 +3 +3 +3 +3 +3 +3 +3 +3 +3 +3
    3 4 5 6 7 8 9 10 11 12 13 14 15

    but rather as a horizontal one:

     0  1  2  3  4  5  6  7  8  9 10 11 12
    <- move left three spaces
    3 4 5 6 7 8 9 10 11 12 13 14 15

    (Sorry, I'm too lazy to cook up the appropriate VML diagram. Use your imagination and pretend that there is an arrow from the "3" in the top row to the "3" in the bottom row, similarly from the "4" in the top row to the "4" in the bottom row, and so on.)

    Now that you see that the answer is to "move the results" three spots to the left, you can read off that the desired formula is

    round_up(n, 4) = round_down(n + 3, 4)

    Shifting the domain left and right can be done by addition. Multiplication and division let you stretch and shrink it. Consider the puzzle of rounding down to the nearest quarter. You already know how to round down to the nearest unit, namely by using the language's built-in truncation operator.

    0    1    2    3    4    5    6
    |    |    |    |    |    |    |
    +----+----+----+----+----+----+
    
     \___/\___/\___/\___/\___/\___/
       0    1    2    3    4    5
    

    If only we could divide everything in the diagram by four. But we can! To do this, we transform the problem space into one in which everything is four times as big as normal, apply the operation, and then convert back to normal size.

    Those of you who've played with a Rubik's Cube are well familiar this technique: If you have a move that, say, flips two adjacent edges, but you want to flip two edges that aren't adjacent, you can still accomplish this by manipulating the cube until the two edges are adjacent, perform the flip move, then undo the steps you performed to get the edges adjacent in the first place. (This is known as "conjugation" in group theory and is a very handy technique.)

    We're just doing the same thing with this truncation operation: If we could shrink the truncator a factor of four, it would truncate by quarters. But we don't know how to shrink the truncator, so we do it from the other direction: Stretch the number line, apply the truncator, then shrink it back.

    0                   1
    |                   |
    |   1/4  2/4  3/4   |   5/4  6/4
    |    |    |    |    |    |    |
    +----+----+----+----+----+----+
    
     \___/\___/\___/\___/\___/\___/
       0    1    2    3    4    5
    
       0   1/4  2/4  3/4  4/4  5/4
    

    The top line shows the number line stretched by a factor of four. The truncator is still unchanged. And below it, we shrink the results by a factor of four, resulting in our desired rounding down to the nearest quarter.

    Taking the above diagram and converting it back to a formula:

    round_down_to_quarter(v) = trunc(v * 4.0) / 4.0

    This was probably old hat for most of you, but I think it's worthwhile seeing how the problem can be viewed geometrically. In particular, if you have a reversible operation "f", then the composition "f-1 ◦ g ◦ f" has the effect of "reinterpreting g through f-colored glasses". Here, the operation "f" was "multiple by four" and "g" was "truncate to nearest integer". Putting them together allowed us to take the truncation operator "g" and make it truncate according to a different set of rules.

  • The Old New Thing

    You know you're in trouble when your channel loses to dead air

    • 35 Comments

    When Australian Channel Seven aired a blank screen for 41 minutes [indirect report], you'd think its competition would pick up some viewers. But it didn't.

    But the glitch did not result in a ratings boost for public broadcaster SBS, with figures showing viewers preferred Seven's blank screen.

    To Seven's astonishment more than 900,000 viewers stayed tuned to the network after screens went blank 38 minutes into the nail-biting episode. "Around a million Australians hung in there for us and we thank them for their commitment," Seven Sydney spokesman Simon Francis said last night.

    (The Chaser, Australia's response to The Onion, chimes in with their own coverage.)

  • The Old New Thing

    Beware of redirected folders, too

    • 32 Comments

    Earlier, we learned about roaming user profiles, wherein the master copy of the user's profile is kept on a central server (which for the purpose of discussion I will call the "profile server") and is copied around to follow the user as she logs onto computers throughout an organization. In the comments, many people said that what they really want is for the files to be stored in a central location without any copying.

    That is what redirected folders gives you. Redirected folders are a way for a domain administrator to specify that selected folders in the user profile (for example, the Desktop, the Start menu, the My Documents directory) are not stored in the user profile but rather on a separate server (which for the purpose of discussion I will call the "folder server"). Note that this feature can be turned on independently of roaming user profiles. Roaming user profiles copies the user profile around; redirected folders let you pull folders out of the user profile. There are four combinations of these two settings, and each of them has its merits. If you've been following along so far, you already see how they interact, but I'll spell it out in pictures this time. The diagrams are color-coded as follows:

    Non-roamable portion of user profile("NR profile")
    Roamable part of user profile("R profile")
    Start menu
    My Documents

    For illustration purposes, I've shown only two redirectable folders, although in reality there are plenty more.

    Local computer
    NR profile
    R profile
    Start menu
    My Documents
    The first case is the common case: The profile neither roams nor contains redirected folders. Since there is nothing roamed or redirected, the fact that everything is kept on the local computer is hardly surprising. This is the most common configuration on consumer machines, where there is no IT department running the show.


    Local computer
    Drive C:
    Local computer (D:)
    or Folder server
    NR profile
    R profile
    Start menu
    My Documents
    In this configuration, the profile is still local, but we've redirected the My Documents folder to another location. (Though just to prove a point, I left the Start menu unredirected.) Some people redirect their My Documents to another, presumably much larger, drive on the same machine. Another common configuration in this same model (local profile + redirected folder) consist of redirecting My Documents to a folder server. This alternate configuration might be seen in a corporate network so that each user's documents are kept on a file server that is regularly backed up and has shadow copies enabled so the files can be recovered easily. You might even see it in a home network if you have accounts on multiple machines but want to keep all your documents in a central location. The downside of this arrangement is that if your My Documents server becomes unavailable, you lose access to all your documents.


    Local computer Profile server
    NR profile
    R profile
    Start menu
    My Documents
    ←sync→ R profile
    Start menu
    My Documents
    This is the configuration with a roaming user profile but no redirected folders. As we learned earlier, the master copy of the user profile resides on the profile server. When you log on, the server copy of the profile is pulled down to update the local profile, and when you log off, and changes to the local profile are pushed back to the server. This is the classic roaming profile configuration where all user data lives in the profile. Since the document folders are not redirected, the profile server can go offline and you can still do your work since your documents are cached locally.


    Folder server Local computer Profile server
    NR profile
    R profile ←sync→ R profile
    Start menu
    My Documents
    In this final configuration, we have enabled both roaming profiles and redirected folders. This is another common corporate configuration since it reduces the amount of copying that happens at logon and logoff but still keeps the user's profile and documents on managed servers so they can be backed up and otherwise centrally administered.


    A common gotcha for keeping the files entirely on a folder server is that if the folder server becomes unavailable, you lose access to your documents. This is particularly painful in laptop scenarios where the computer spends a lot of its time not connected to the network that houses the folder server. You can use offline files, however, to make these scenarios much more tolerable.

    What is the lesson here?

    First, as we already noted when we discussed roaming profiles, one reason why you can't manipulate the profile of a user that is not logged on is that the profile you may happen to find might not be the master copy, and what's worse, modifying the local copy can result in it becoming the master, ultimately resulting in data loss when the two versions are reconciled.

    Second, even if you somehow manage to get the user to log on so that the local copy is the master, and even if you are running as local administrator, the user's files may have been redirected to another server where the local computer's administrator account do not have access.

    The upshot is that you simply cannot manipulate another user's profile without actually running in the context of that user. You need to be aware of these other scenarios where the user's data is simply not accessible.

  • The Old New Thing

    You can't even trust the identity of the calling executable

    • 15 Comments

    A while back, I demonstrated that you can't trust the return address. What's more, you can't even trust the identity of the calling executable. I've seen requests from people who say, "I want to check whether I'm being called from MYAPP.EXE. I'm going to make a security decision based on the result."

    Although you can do this, all it does is give you more rope.

    Even if you are convinced that you're being called from the expected application, you aren't any safer. An attacker can inject code into that process (say, via a global hook) and you will foolishly trust it. In the same way that you shouldn't trust who you're talking to on the phone based solely on the caller ID. Somebody could have broken into the caller's house and made the call from that phone.

  • The Old New Thing

    Mysterious things Steve Yi has eaten

    • 18 Comments

    I read with some fascination Steven Yi's Mysterious Things I Have Eaten, since I have had four out of five of them myself. And I love the little story he tells about sea cucumber.

    Kimchee, like lutefisk and surströmming, most likely comes from the days before refrigeration. The acid produced by fermentation preserves (what's left of) the food.

    Oh, and if you're keeping score:

    • Dried squid: Too salty. (Then again, I didn't have the jerky type; mine was shredded.)
    • Sea cucumber: Awful.
    • Kudu poop: Haven't tried it.
    • Kimchee: Not bad.
    • Shrimp chips: Awesome.
  • The Old New Thing

    Be careful when interpreting security descriptors across machine boundaries

    • 6 Comments

    While it's true the AccessCheck function can be used to check whether a particular security descriptor grants access to a token, you need to be aware of where that security descriptor came from. If the security descriptor came from another machine (for example, if you got it by calling GetNamedSecurityInfo and passing the path to a file on a network share), calling the AccessCheck function on your machine may give different results from the remote machine. In other words, it is possible for the AccessCheck function to indicate that you have access, when in fact you don't.

    How can that be?

    For one thing, there are many SIDs that are machine-relative. If the remote object grants access to, say, the Builtin Administrators group, running the AccessCheck function checks the token against the Builtin Administrators group of the machine that is running the check. If you are a member of the Builtin Administrators group of your own machine but aren't a member of the Builtin Administrators group of the remote machine, you will think you have access when you don't.

    In addition to the machine-relative SID problem, there's also the problem that tokens can lose their identity as they travel across the network. If the server has the ForceGuest policy enabled, then it doesn't matter what your token is on your machine. On the remote machine, you are treated as Guest.

    The moral of the story is that trying to determine whether you have access to an object without actually accessing it is harder than it looks. You're usually much better off just trying to access it. No point trying to emulate what another computer is going to do if you can just have it do it!

  • The Old New Thing

    The pornography of food

    • 4 Comments

    On the Media picks up on the Harper's Magazine article Debbie Does Salad and chats with Frederick Kaufman, the article's author, on the curious similarity between the way cooking shows and pornographic films present their subject matter. Cooking shows target the 18–35 male, even though these people are unlikely to be cooks themselves. They just tune in to watch.

Page 351 of 457 (4,570 items) «349350351352353»