Category Archives: Software

Strict mode for Javascript – continued

Posted on 2010.08.15 by Preston L. Bannister

Seems the prior post gathered some response.

To set expectations – this is my personal weblog. What I put here is the bits that (to my mind) might be otherwise missing. I am not interested in repeating material covered elsewhere. If you are already well-read, then I hope these bits will nudge your thinking forward a bit (even if you do not entirely agree with my conclusions).

On the other had, if you are seriously short of clues, I am not going to help you. Spent enough time on USENET News (long ago) to note the point of diminishing returns. Since I write these bits as an entertainment (of sorts), I am not going to invest a lot of time with folk who are too many laps behind.

Javascript is at heart a dynamic, prototype-based sort of object-oriented language. Most folk coming to Javascript are acquainted with static, class-based languages – and have little or no experience with anything different. The natural inclination is to transfer learned habits from the old to the new language – and that is a mistake.

Back in the late-1980′s or early-1990′s one writer came up with a classification scheme for object-oriented languages. There were many variations proposed and explored in that time, so a scheme that enumerated the important aspects was very useful. (Wish I knew how to find the article – it was in an ACM or IEEE publication of that period, I believe.) As a guess, I suspect that most of the current generation of programmers is not aware of the possible variations, and assume all object-oriented languages must be like Java / C++ / C#, and expect the same learned habits to still make sense with Javascript.

Disregarding the usual noise, there is one bit which it is worth responding, as it (quite unintentionally) illustrates my point.

New gives you prototype inheritance, performance benefits, and it’s about language semantics.

That is exactly my point! … only the reality differs from the assumptions of the guy making the comment (and I suspect he has a lot of company). Back in the late 1980′s / early 1990′s the pragmatic consensus was to move forward with object-oriented languages that could be made to run efficiently on the then-current hardware. How to generate optimal code for static class hierarchies was fairly well understood, at that time. More dynamic object-oriented languages were simply too hard to optimize.

The v8 Javascript engine offers a good example. The combined memory and CPU footprint of an efficient Javascript engine was simply impossible on circa-1990 computers. What is practical and reasonable on current-generation computers was – twenty years back – completely not practical.

My reading of the articles on the current-generation Javascript engines was that the toughest problem – and main aim of implementors – was to optimize in the absence of static-class hierarchies, and that quasi-static classes are not particularly optimized.

This makes sense. Writing script for web pages is programming in the small. The number of entities on a web page is small, as are the number of repeated instances. Static classes with efficient support for huge numbers of behavior-identical instances are essentially useless in a web page. If you are creating large numbers of instances for a web page, you are almost certainly doing it wrong. (Note the “flyweight” class pattern is useful here.)

My assumption (from what I have read) is that “static” class hierarchies yield no particular benefit in client-side Javascript.

Assumptions should be checked … so I wrote a micro-benchmark.

Method dispatch – Microbenchmark – Javascript
The aim was to measure method-dispatch for three cases:

  1. The method is bound to the instance.
  2. The method is bound to the “class” (via the __proto__ member).
  3. The method is bound to the “class” (via the function invoked via new).

What I see (in terms of exact results) will likely vary as each browser vendor tweaks their Javascript engine. The point – in the case of the current discussion – is that static class hierarchies yield no significant advantage. It does make perfect sense that static-class languages can deliver bare-hardware performance numbers (which I do expect to use). For web page script, I expect static-like class usage to yield no significant benefit.

For programmers coming from C++/Java/C#, the notions that made sense no longer apply. Thus the emphasis on denying any semblance to static-class languages. This was exactly my point.

Posted in Javascript, Software | Leave a comment

Strict mode for Javascript

Posted on 2010.07.31 by Preston L. Bannister

A small item…

Javascript is a hash (pun not entirely intended). There are good parts to Javascript, and bad parts. For folk attempting to learn Javascript for the first time, they could use some help avoiding the icky bits.

My first cut at rules for a “strict” mode for Javascript:

  • No use of “function name(){}” declarations
  • No use of “document.write()”
  • No use of “new”

No doubt I could come up with more rules, with a bit more reflection, but this is a start.

No use of “function name(){}” declarations
There are two means of declaring functions, and I strongly prefer the second form. Programmers coming from other languages tend most often to use this form:

function foo() {
}

For an entire collection of reasons I prefer this form:

var foo = function() {
};

The second form is better suited for later refactoring, and offers subtle emphasis to the learning programmer of the difference offered by Javascript. The first form can also lead to subtle bugs (which I do not want to explain) – certainly not what you need when first learning a rather different language.

As a partial hint, I tend to make rather a lot of use of namespaces, so my function declarations most often look like this:

var ZOT = {};
ZOT.foo = function() {
};

Or in the more elaborate use:

var ZOT = (function() {
    var foo = function() {
    };
    return {
        foo: foo
    };
})();

This last form makes full use of closures, and allows for private data and functions.

No use of “document.write()”
Programmers tend to want to generate HTML from program code. This is a huge mistake.

To me this is a classic application of separation of concerns. HTML describes page structure. CSS describes page presentation. Script describes dynamic behaviors. Best to keep each concern separate.

No use of “new”
On this point I am certain others will differ. They might even be right. Certainly the “new” operator is of huge advantage in static languages. But that is not the domain of Javascript – certainly in the web browser, and possibly even for server-side usage.

The “new” operator misleads programmers when first learning Javascript. The pattern of usage most appropriate to a static-class language is not the same as the most appropriate usage in an entirely dynamic language.

Conflicted over Crockford
There is a measure of irony in the last point. Douglas Crockford has consistently served to promote better usage of Javascript. Crockford was hired by Yahoo. The quite elaborate user interface library in Javascript developed by Yahoo, is first invoked with “new YUI()”. YUI obviously represents a substantial body of work, at least partially in what seems the right direction. Yet I cannot yet quite get past the beginning.

Posted in Javascript, Software | Leave a comment

VirtualBox as free software

Posted on 2010.07.16 by Preston L. Bannister

File this under “Missing the Obvious”.

I bought VMware Workstation several years back. Used virtual machines quite a lot in developing and testing software. The company I work for licensed the enterprise version of VMware, at least in part due to developer experience using VMware. A few of the VMs currently hosted under the enterprise version of VMware started out running under VMware on my desktop.

A few years back – well after EMC acquired VMware – I got the distinct impression that the desktop version of VMware was somewhat neglected. I was losing increasing amounts of time to locked-up VMs, messed up keymaps, and even main desktop lockup. This provided an incentive to try Sun’s VirtualBox, which proved more reliable for my usage.

Oracle gained ownership of the VirtualBox software with the Sun acquisition. Is there any strong reason for Oracle to offer and develop the “free” version of VirtualBox, or will the desktop version of VirtualBox suffer the same apparent neglect as did the the desktop version of VMware?

Of late I was reviewing the documentation we sent to our customers with the last software release, as we are rolling up to a small update in the near future, and a larger release a bit later. In the documentation we send to customers, we have a prominent declaration of support for running under VMware. This was an easy declaration to make, as developers used VMware heavily in development and testing. We knew our product ran under VMware.

Now this is somewhat less true. Certainly the more elaborate test setups (mine) are all run under VirtualBox. I expect things all still work under VMware, but I personally no longer have a basis to make that assertion. For the next release, we will likely add an statement of support for VirtualBox.

As to the obvious bit I had missed:

Many of our customers are still not using virtualization software. Generally customers move from a physical machine to a VM at the time of a major version upgrade. At the next major version upgrade, we will offer a recommendation for VirtualBox.

Oh. Right. I had forgotten about that multiplier. Selling enterprise virtualization to our customers represents many more opportunities than any in-house usage at our development outfit. Nevermind my misgivings – offering free software to developers is about the best advertising Oracle could buy.

Does Oracle know this?

Posted in Software | Leave a comment

Odds and ends in testing with Active Directory

Posted on 2010.07.12 by Preston L. Bannister

Of late, I have needed to test against Microsoft’s Active Directory – so I setup a virtual machine hosting Windows 2003 Server and configured as a domain controller. The domain controller is connected to small number of machines (also VMs) on a private network – pretty much what you would expect for a tightly controlled test setup.

One surprise in the experience was the difficulty in getting the domain controller (and DHCP setup) properly working. Admittedly, setting up a domain controller is a somewhat unusual task. As a rare task perhaps not so important to Microsoft as a process that needs the user experience optimized. Still, given I have long been well-acquainted with how this all works at a network level, I ended up wasting a surprising amount of time trying to find the right knobs to turn. (Much searching with Google to get a key Microsoft product to work … the irony.)

Oddly, all the nice GUI interfaces to administering a domain server actually make the process more obscure than the equivalent activity on Unix (where I am accustomed to configuration kept in text files). I do now better understand my past conversations with network administrators who did not know how to do (what I considered) simple tasks with Microsoft’s domain controller … and why they often got it wrong.

Since my aim was testing, I wrote programs to populate Active Directory with large/variable numbers of users and groups, and to cleanup after. Though you could make direct Active Directory or LDAP calls, I find Microsoft’s ldifde utility is quite useful for this purpose. Note that Active Directory uses tombstones to support distributed replication (which is good), and that scripted changes will leave behind many tombstones – which may perturb your testing. You can limit the scope of the impact by changing the tombstone lifetime – the period of time tombstones are kept before cleanup – from the default down to 2(?) days. (Finding and changing that single setting ate up the large part of day.)

(Had a flashback to the old original text-based Adventure game. “You are in a maze of twisty passages, all alike.”)

Another approach is to take a snapshot of the VM when Active Directory is in a “clean” state, and restore the snapshot later. In principle this could be simpler/faster than the scripted restore (using delete operations fed via ldifde). Found a quite thorough article on virtualizing Active Directory, and ran across the USN ROLLBACK problem.

To aid in distributed replication, Active Directory keeps a count of local changes (the USN number) to track replication of remote changes. All quite usual and normal for this problem domain. Given that Active Directory has been around for a decade, you would expect the obvious use-cases to be covered, but not quite….

Turns out if you distribute changes among more than one Active Directory controller, you have a problem in the not-unusual case of taking a backup (or a snapshot) and restoring it later. Thus the many items returned by the above web search, including developers at Microsoft.

Um … what?!? Seems to me this is a pretty common case. That Microsoft would have got this wrong in the first version back in 2000 is only slightly disappointing. That this is still a problem a decade later is very surprising indeed.

Given that I may for future test purposes need to add a second domain controller VM, this looks to be another problem to avoid.

Posted in Software | Leave a comment

Java for Business = Zinger from Oracle

Posted on 2010.06.22 by Preston L. Bannister

Last year Marsh Ray found a potential vulnerability in TLS renegotiation. The Oracle Java folk responded by disabling renegotiation entirely in the Java Runtime. This is not a fix, as it breaks usage for a large class of security-oriented sites. A rather large group of folk now find that their once-secure applications no longer work – and are not happy.

At first, there was no word from Oracle on a real fix … then I received this email.

Hi Preston,
Good to hear from you. Have I told you what a fine group of folks there is at Oracle Java? No? That’s because there isn’t.
[snip]

Anyway I ended up talking with some people in Oracle (our SES in DC called the president of Oracle) and several people later a VP of security called me. Anyway the fix will contain 3 implementations low, medium and high security and he claims it will take a significant amount of work in the application software to implement any of them. The release is expected by September. The gotcha is the VP told me that they will only release the JRE to licensed JRE users. I told him the JRE has always been a free download and he responded with “free download not free use”. In order to use the JRE you must have a support contract in place and it appeared to him the DoD was a couple million licenses out of compliance. Apparently it was only free until they came up with this Java for Business thing they have now. In my experience it’s a very Oracle response. Quite the opposite to my dealings with Microsoft.

I guess time will tell….
[snip]

(Emphasis is mine. All identifying information removed.)

Well, we have an answer. Yikes.

To be clear, I believe Oracle is entitled to do whatever they want to make money from Java. Oracle bought Sun, and now they own Java. Sun had a different approach, but Sun failed. Also what Oracle does in the long term may or may not be different from what the above message indicates.

On the flip side, I have to re-consider whether it makes sense to write code for the Java platform. If Oracle is fragmenting the Java platform, and changing the cost to customers … using Java may no longer make sense. This may be the point where I start planning to move all future work off Java and away from the JVM.

Of course, there is open-source Java, but I am not convinced there is the critical mass of interest required to make open-source Java a viable option. I would very much like to be wrong on this point, but for now, I am skeptical.

Is Google’s Dalvik VM potentially a viable option? Might IBM’s investment in Java translate into backing for open-source Java? Is it time to move off the Sun/Oracle JVM entirely?

Time to re-visit choices made long ago….

Posted in Software | Leave a comment

Anachronisms: Icon for “Save…” is a floppy, HDTV sized in inches

Posted on 2010.05.20 by Preston L. Bannister

Went looking for an icon to represent the “Save…” or “Save As…” operation in an application. The icons I am finding are all images of a floppy disk. For long-time GUI users, this image is familiar and requires no thought. For newer users … they may never have seen a floppy disk. The image has become antique.

When was the last time you used a computer with a floppy disk drive? When did you last save a file to a floppy disk?

Seems rather past time for a new icon. :)

Funny bit is that the square-with-notched-corner shape of a floppy looks rather like an SD memory card. Still not a good choice for file-save, as more likely use is to copy files from the memory card.

Checked to see if Microsoft had any good ideas. Office 2007 uses a image of a floppy for “Save…” and “Save As…” – adding a pencil writing on the floppy label (an antique behavior) for the “Save As…” icon. Internet Explorer changes “Save As…” so the pencil is writing on the sliding metal cover that protected the magnetic film (not really a good idea).

Went searching through GUI Style Guides looking to see if Microsoft (nope) or Apple (nope) had an updated replacement. Along the way ran across the style guide sections on designing for differing display resolutions. Display resolution is measured in DPI (dots-per-inch) and display sizes are measured in inches. Because both Microsoft Windows and Apple Macintosh software were originally developed on the west coast of the United States, entire generations of programmers and users have learned to think about screen sizes in inches.

Have you noticed that all the HDTVs sold have sizes measured in inches, not in Metric System units?

This is odd, as only the United States still holds firmly to the old “British Imperial System” of measures, and HDTVs are not made here. Even odder, in countries that do use the Metric measures, the HDTV sizes are still expressed in inches. (Don’t believe me? Check out the Amazon site in France – home of the Metric System.)

If only the French had developed Windows … then the Metric System would have had a chance. :)

Posted in Humor, Software, user interface | Leave a comment

WordPress hacked (again)

Posted on 2010.05.19 by Preston L. Bannister

On around May 13 someone subverted my weblog to serve pharmacy ads. Annoying, but not otherwise a big deal, given regular backups. This hack was more clever than prior incidents Took me longer to find and remove the problem.

I expect WordPress to be insecure. Looked at the source code early on. Like most PHP applications, the potential attack surface is very large.

Will be a bit before things are entirely in order. (Ick. Using a stock WordPress theme.)

Posted in Personal, Security, Web | Leave a comment

Do you trust Oracle?

Posted on 2010.03.31 by Preston L. Bannister

The death of Sun, and the submission to Oracle – as a developer – leaves me with doubts about Java.

Sun was always a bit of a mixed bag. Some of their work was absolutely brilliant, and some – especially with software – was amazingly dumb. Never did really understand why this was the case. (Lots of theories, of course, but no certain grasp.)

Oracle is a very different mixed bag. The Oracle database is both a very solid piece of work, and old not-quite-irrelevant to the present and future (an intentional over-simplification.) The Oracle database is core to Oracle the company. On the other hand, Oracle (the company) is also heavily invested in applications and software that cluster around the Oracle database. Much of this software is written in Java (for very logical reasons). This would seem to guarantee the future of Java (as a platform).

But … the Oracle-core has a diminishing (if very fat) future. That fat future can stretch out quite a while – beyond obvious reason – as the IBM mainframe market proved.

As a developer, I find that I crossed a threshold some time back, and am impatient with Java when I can express more elegant solutions (to complex problems) in Javascript. (Yes, really – Javascript. May have something to do with early heavy exposure to Lisp in school.) Hearing that C# incorporates lambdas … is C# a better base than Java (with appropriate wariness of stealth Microsoft patents), or rather an extraneous step before bundling a Javascript interpreter?

Do you trust Oracle?

Posted in Software | Leave a comment