• My Thoughts on Go

    May 21, 2015


    I have been working on a project that needs to run as small-footprint native code. I've been doing C since 1980 and have written a fair number of commercial packages in C, C++, Objective-C and blends among them.

    But after a couple of decades doing Java and other managed languages, I no longer want to have to think about memory management.

    Plus, the project is Docker related and most of the Docker ecosystem is on Go. So, I decided to do the project in Go.

    Here are my "about a week in" thoughts.

    The Comfortable

  • I Love my MacBook Retina

    May 20, 2015

    It's an Amazing Machine

    On more or less of a lark, I ordered a MacBook Retina. I'm very glad I did.

    First, the lark... I have 4 running MacBook Pro/Airs and a couple of other running Macs floating around. The physical size difference between my 11" MacBook Air and the new MacBook is trivial. But... I like toys.

    The MacBook Retina is a particularly awesome device and it's become my "traveling around town" machine.

    The Keyboard

    The keyboard is, I suspect, love it or hate it kinda thing.

    For me, it's not quite love, but I really like the keyboard. I've been using computer keyboards since my Apple // and have seen keyboards lose travel.

  • Scala Versioning Fragility Rant

    May 8, 2015

    Yes, a Rant

    I've been doing Scala before it was a thing. I founded Lift and wrote the 2nd Scala book (Beginning Scala).

    And this morning, I'm ranting.

    Recently, I've discovered the joys of dual-language (Scala and Clojure) projects... I even did a presentation on it at QCon.

    Yesterday, I was playing around with putting a Reagent front end on a Lift app that talks to Apache Flink. Why? Because Reagent can support multi-hundred-thousand row scrolling grids seamlessly, even on my iPad, Lift is the best web framework I've ever used (yeah, I'm biased), and Flink seems to be well considered.

    But the problem was Scala's version fragility...

    The error manifest itself as:

  • 1Password on Linux and OS X

    May 1, 2015

    Password Management

    Managing the many hundreds of passwords I have across site on the Internet is non-trivially difficult. Grrr.

    I primarily use Linux (Ubuntu 14.04) for my work, but also have a couple of OS X machines because Keynote is a really good presentation package, Linux on laptops is still lame, and a few other lower-priority reasons.

    I've been using KeePass as my password manager. It's open source which is a win. It runs very well on Linux. It's written in C# and Mono runs C# well on Linux. But not so much on OS X.

    On Linux, KeePass runs really well. The Chrome browser plugin for KeePass is excellent. The Firefox KeePass plugin is marginal.

  • The IT pendulum

    April 11, 2015

    Meta-cycles in technology choices

    I've been working on my keynote for QCon Beijing and looking at technology trends and choices since the 1950s.

    One of the interesting tensions that I've seen in IT is the tensions between "getting it right" and "doing it quick".

    Most of enterprise/business IT is about making good business decisions. Business people who make those decisions need information that's mostly right, not exact. Yes, there are parts of IT that deal with transactions around money where making a 1 penny mistake is not acceptable, but the vast majority of what we do with enterprise IT is to help business people make informed choices.

  • Lift XML Vulnerability

    March 22, 2015

    A Serious Vulnerability

    Security testing at a large Lift-powered site revealed a serious XML-related security vulnerability.

    The core issue is that Lift prior to recently patched versions 2.5.2, 2.6.1, and 3.0-M4 are vulnerable to a XML eXternal Entity attack. The attack allows access to the local filesystem via XML entities:

     <?xml version="1.0" encoding="ISO-8859-1"?>
      <!DOCTYPE foo [
         <!ELEMENT foo ANY >
            <!ENTITY xxe SYSTEM "file:///etc/passwd" >]><foo>&xxe;</foo>

    The root cause of the problem is that Lift uses Scala's scala.xml.XML library for parsing and the default configuration of that library is insecure.

  • Pixie: stunningly good

    March 8, 2015

    A sweet Clojure-ish language

    It's likely no secret that I really dig Clojure. It's the first unityped language I've used since Objective-C in the early 90s that I really like. Yes, I still love Scala, but I think Clojure is pretty much the best designed computer language I've ever used... and maybe that's because Clojure is mostly "less is more" but in a few places, it's not.

    The things I really like about Clojure are:

  • What I Travel With

    March 7, 2015

    The Right Gear is Important

    I travel a fair amount and I like to have the right gear to travel will. Here's my current set-up:

    dpp's travel stuff

    Most importantly, a Traser Code Blue Watch. This watch is light and comfortable on the wrist and has a tritium light source so it's always visible. I can half wake on a dark airplane or in a dark hotel room, check out the time, and go back to sleep. I can do this without pushing buttons or doing something that's going to annoy others around me.

  • Slurping data from NeXT drives

    January 23, 2015

    Getting Old

    Yep... I'm getting old and so are my computers. I used to do a lot of coding on NeXT cubes and slabs.

    I have a bunch of NeXT machines laying around and so do some of my friends.

    But how does one get old data, programs, mailboxes, etc. off a NeXT machine? Turns out that it's not so hard.

    NeXT machines used SCSI drives.

    So, to get data off a NeXT drive, one has to put together a setup that supports SCSI-1 drives.

    I purchased:

    And I had a 50 pin micro to Centronics SCSI cable.

  • Orlando 2014

    January 4, 2015

    2014 Winter Break in Orlando

    I took my kids to Orlando Florida over winter break. They are 10 and do a lot of reading and play a lot of iPad. Here's the report.

    Caribe Royal Hotel

    We stayed at the Caribe Royale in a two bedroom suite. The room was almost 1,300 sq. ft and really nice. The kids had their own room with two queen sized beds. I had a room with a king bed and a jacuzzi tub. The room had a full kitchen and a washer/dryer.

    In terms of utility, the room was perfect. I did a grocery run the first night and we ate breakfast and some dinners in the room.

  • How Visi uses Weave and Docker

    October 31, 2014

    It's a Virtual Piece of Cake

    I've gotten a bunch of questions about how Visi, the simple web front end to Spark works. This blog post is an overview.

    Hosted Spark with a Simple Front End

    Visi is a hosted Spark cluster with a simple web-based front end that allows Excel-savvy folks to enter formulas that get turned into Spark jobs.

    The Spark cluster and front end are built on demand, hosted in Docker containers, and communicate over the network using Weave. The web UI is presented to the user via a dynamically updated HAProxy routing table.

    Nuts and Bolts

  • Keeping the Meaning with the Bytes

    October 29, 2014

    Back to the Future...

    This post was from November 2006. I had just started playing with Scala and was trying to figure out an ORM... the one that ultimately became Lift's Mapper.

    Keeping the meaning with the bytes

    One of my criteria for a good web framework is having security and access control built it. As I was driving friends and relatives to and from Thanksgiving dinner, I was thinking to myself, "It's nice to have goals, but how do you implement then?"

  • For All You Know, It's Just a Java Library

    September 24, 2014

    Blast from the past...

    I wrote this in May, 2008... and I've gotta say, I was pretty spot-on including Java 8 adopting some of Scala's better features:

    It's starting to happen... the FUD around Scala. The dangers of Scala. The "operational risks" of using Scala.

    It started back in November when I started doing lift and Scala projects for hire. The questions were reasonable and rational:

  • Dragonmark Chat: core.async over the web

    August 30, 2014

    It's the chat demo

    Check out the demo!!

    Way back when I was focused on Lift and explaining why Lift was different, I created the Lift chat app. The chat app was short, sweet, and highlighted how Lift was different.

    As I've been working through the Dragonmark stuff, I decided to use the same Chat app as a demo. Why? 'cause the same concepts are present in Dragonmark... the abstraction of the cross-address-space plumbing.

    core.async across address spaces

  • Introducing Dragonmark Circulate

    August 16, 2014

    Distributed Communicating Sequential Processes (CSP)

    Communicating Sequential Processes (CSP) provides excellent patterns for building concurrent systems. Clojure's core.async provides a Clojure implementation of CSP in a single address space.

    However, very few programs run in a single address space. Web applications run in a combination of the browser and one or more servers. Very often, applications will span a cluster of servers.

    Dragonmark Circulate provides a mechanism for distributing core.async channels across address spaces while providing the same semantics to all the address spaces.

    Some macros

    I've written some macros to make writing core.async code easier and more linear.