SuperBoB

I like to listen to Security Now! when I’m out walking. Episode 143 had an explanation of a new product called Yubikey. The basic idea is that you have a device that plugs into a USB port and is recognized as a keyboard. Pushing the only button on the device causes it to type a 44 character string which acts essentially like a One-Time Password. Combining this idea with something like OpenID, you can have a relatively secure authenticator. It could be combined with a password/passphrase challenge to provide two-factor authentication. This isn’t anything new, as VeriSign and Paypal have tokens. The same limitations of physical tokens exist, mainly that your Yubikey could be lost. In the case of the USB interface, the interface on the USB could be physically damaged or worn down.

The pros of this device are where my interest lies. Yubico has opened up the specification and is providing SDK’s to make this work. Ubico has provided an OpenID provider that can use a Yubikey or you can host your own authentication server. For anybody who wanted to build their own system or experiment, this seems incredible. VeriSign is not likely to give you their code and let you set up your own token server to use with their tokens. That is Yubico’s business model. They want you to set up your own system and are working to help you do so. The second big pro is ease of use. It is not hard to see the 6 digit key on a VeriSign token and type this in to an input box, but the 6 digit key is pretty limited. Yubikey on the other hand has enough digits to play with that it can build some smarts in. The key is uniquely identified by the string it sends. It can now function as your id/username. The string as a whole is a unique string that acts as a One-Time Password. So with one string, I can provide a name/password pair to identify myself. The server can take the name piece of this to look up and check against my password. This string is generated by inserting the USB device and pressing a button. This is esentially one-button login. Combined with OpenID, it is essentially one-button login to a lot of websites. On top of that, you can’t “give your password away” to a phisher. You could lose the Yubikey, which is why I would recommend using it in conjunction with another password, but someone can’t sniff out a physical key. This is pretty cool. I recommend checking out the Yubikey link for more info.

Although there are a lot of options for Python editors on the Internet, I have been using some version of VI for far too long to give up my muscle memory of modal editing that VI uses. Wing IDE actually has decent VI keystroke support, but it doesn’t go quite far enough, or I haven’t figured out how to make it do what I want. For instance, I use all sorts of ed commands, and like my macros and buffers. It looks like the Wing authors are interested in improving the VI personality of the editor, but I’m impatient. I think I’ll have to work at using Wing and file a view bug reports, although I’m not sure they aren’t really enhancement reports.

In the meantime, there is a lot of information on the web about how to set up VI to use as a decent Python editor. This article by John M. Anderson was helpful to cover a bunch of the basics. I also found a great 6 easy steps process to get ctags working on Windows. Maybe this isn’t such a big deal to you, but I have jumped through a lot more steps before to get this going. The value here is in the conciseness of the information presented.

I don’t have my perfect vimrc set up yet, but I am a lot closer after adding BufExplorer, NerdTree, and Snippets. I plan on figuring out more cool stuff that I can post about Vim and Python.

I read a blog entry recently that Steve Yegge wrote last year about what makes great software. Coincidentally, I have recently been working on better Python integration with Vim and better Vim integration with Firefox. Steve’s blog post gives several major criteria for good systems, not that completing the list makes a piece of software good. Instead good systems should have all point in the list covered.

1) systems should not reboot
2) systems must be able to grow (without rebooting)
3) a system should have a command shell
4) a system should have integration hooks (Steve calls this advice, and it is probably more subtle than “hooks”
5) systems should have an extension language and a plug-in system
6) perhaps the hardest today, systems should be introspective

The article spent a good amount of the space on Firefox. I think he spent a lot of time trying to explain how to improve Firefox because he would like to use it. This seems like a win for the Mozilla group to me. If Firefox was beyond hope, it wouldn’t take more than a couple sentences to write it off.

The newest release candidate of Firefox 3 does not fix the need to reboot, but less memory leaks are a good step in the right direction. I’m not to worried about murdering my programs, but is definitely an inconvenience to me when I’m forced to restart Firefox. I think working towards no restarts would help stability during normal use. I would think that all of this stuff should be figured out in the OS anyway, but as Firefox gets more complicated, I supposed it has to take on more aspects of an OS such as proper process and memory management. It should have a good response to a lack of resources. The dialog that tells me a script is not responding is a start, but the browser should have better built-in health monitoring if possible.

Steve gives the example of Greasemonkey as a way to extend Firefox without rebooting. I wonder if add-ons could be written as strictly JavaScript, considering one can specify CSS and write HTML elements along with program logic. I have also been playing around with Chickenfoot. It has a limited set of extension scripts, but I think we need more access to UI elements with Greasemonkey. For right now, that is held back because of security concerns.

If security is going to be the limiting factor, then we still need a way to install extensions without restarting. I don’t know if there is a good way to distinguish whether changes to chrome are safe or not. Once XUL runner is fully functional and hosting Firefox as an application, maybe the problem will be changed. Firefox will act like a virtual machine, which might make for seamless restarts, rather than no restarts.

Brendan Eich also wants to let Firefox be extended with Python. If this actually becomes a reality, I anticipate the number and kind of extensions skyrocketing. JavaScript is pretty easy to work with, but Python seems even better to me.

As far as command shell. I have been using yubnub, which gets you part of the way there. I recently discovered vimperator, which provides not only a command-line, but a partial Vim-like environment. If you don’t have the piece you already want, just add something to yubnub or vimperator to extend your shell. Again, I hope that adding python to the mix will allow this to reach even farther and be easier to extend. I haven’t become practiced with vimperator yet, but already I can see it’s usefulness in navigating by keyboard.

I recently started playing with Python again. It is amazing how fast you can pick up information on how to create a service or compile Python into standalone applications for OSX or Windows.

Python also has quite a few GUI frameworks as well as a good number of python web frameworks.

After looking at portability, pre-built binaries, ease of building a program, and ease of compiling, I have settled on wxpython as a GUI framework for now, although I have used all of these except pyxul to build different applications. Either Python(x,y) or Enthought provides a pretty comprehensive Windows package including WxPython. The former also has PyQT as well.

The web framework question is a lot tougher. I have played around with Turbogears, Pylons, Django, and web.py (if that can be called a framework), but I haven’t built anything serious with any of these. I recently came across web2py. I like that it seems to give a built-in tool to add new applications. It also seems to have some of the built-in administration screens like Django. I am working on building a sample website with it now, both to teach myself and to show others a framework example. Since web2py was built with education in mind, it seems a more natural fit for this last purpose. A long time ago, I was messing around with Zope. Although Zope and Plone are pretty powerful, I dont’ think I would use them as teaching examples.

More exciting for me than playing around with Python, I have been attempting to teach it to other people. It just seems to flow naturally, both to CS students who have had experiences with other languages, and with complete newbies. I really like Dive into Python, but have been looking at other sources such as Byte of Python, a starter wiki, and Wikibooks as well.

Eventually, I hope to be able to apply some of this knowledge to Sugar which has really intrigued me. Perl had a project to recreate a lot of the Unix tools in Perl. I have a Perl OS archive saved for years now. I think a lot of these can be recreated in Python, but the idea of creating a whole interface in Python seems to be an even greater amount of work with a possibly greater payoff.

When I saw my brothers playing Tiger Woods golf on PS3, the character creator struck me as something that could eventually be useful to police sketch artists. Without having a whole lot of drawing ability, one could still use this tool to create a sketch of an alleged criminal. In fact, if a possible victim was able to run the software, they might be able to create a sketch on their own. Now someone has taken this one step further and created a virtual police lineup. We aren’t quite in the big brother society of V for Vendetta yet, but if you look at the CCTV system in England, it doesn’t seem too far away to have software that would compare a virtual sketch with faces caught on CCTV. Possibly this could be limited to cameras in the alleged area of the crime. The software would compare facial features to find possible matches. Possible matches could be put into a virtual police lineup. I actually feel that a scenario like this is pretty scary and perhaps awful. There are some protections like the Data Protection Act, which one band actually used recently to help film their music video. I will admit that I haven’t read the act and don’t know if people caught in this virtual dragnet would have to be informed that film of them was used. However, I doubt it considering how hard it would be to identify someone in the camera and tie them to an address if they weren’t a Person of Interest. Just because a scenario is scary doesn’t necessarily mean that the government won’t try. Even if the government (in this case of England) would shy away, I expect some private company would be more than willing to try it out. Minority Report was another movie with some very bad ideas. Call it Pre-Crime or call it guessing, but people in the movie were definitely convicted before they committed the crime. There wasn’t a court case, much less a presumed innocent phase. So I guess technology is wonderful, but unfortunately, because of the way it is used, technology is scary.

I read an interesting article on Daily Galaxy about the nature of Math. Does Math exist without our interpretation. This seems like one of those Quantum Observer phenomena. I also read an article in the Telegraph about how babies seem to inherently know some Math. Do they “invent” Math in the womb or in there early months? Is there some basic notions passed down through genetics? This second question is not science fiction. Instinct could be considered knowledge that is passed down genetically. So is there some evolutionary benefit to incredibly fast learning of mathematical principles? Is there some benefit to “instinctively” knowing some of these principles? I think that the actual answer to these questions will shed more insight on how we are put together.

I don’t remember when I first saw the movie Gattaca, but it was well after the Human Genome Project had started its work. It seemed then, and still does, that somebody would discriminate based on what your genes contain. Reading this recent article on Ars Technica reminded me of this great movie. I think I have some conspiracy theorist traits. Maybe it’s genetic. In any case, I could always see the argument being made as possible though not necessarily probable. Where before, I thought NASA could do something similar, it is much easier to see how insurance companies would try to skirt any such law if passed. In a rational world, an insurance company would try to keep costs down by factoring in additional “risks”. That doesn’t necessarily mean they would deny coverage for a condition, but certainly raise premiums. I think John Timmer makes some good points on why this is a slippery slope, which usually means it is a bad idea. The problem is that even if every individual at an insurance company realized that it was a bad idea to discriminate, which wouldn’t happen, it is too easy to deny that the problem would affect them personally and thus the biases would still creep in to underwriting and policies. Without the personal connection to customers, the customers are just numbers in a database, and thus it is more difficult for a sense of ethics to enter in. Of course it is wrong to treat a person with less than the best I can offer, but is it wrong to treat a number this way? In any case, I have read the earlier version of the bill that was passed by the Senate and hope that it does become law. As usual though, I expect this to be the beginning of a conversation, not the end.

Unfortunately, I don’t have 20/20 vision. Fortunately, more options are opening up all the time from RadK therapy to Lasik. However, I think want to bypass that and go straight for the Bionic Eyes. Granted, they aren’t perfected yet, but I am eagerly awaiting the days when something like this provides not only basic vision that most people (thought not all) take for granted, but advanced abilities such as infrared vision or visual overlays. Until then, I’ll be content to look at the pretty pictures with my Mark 1.0 eyeballs the way the God intended.

As Japan’s workforce ages, they look to replace retiring workers with robots.  As the population pyramid in the US flattens out, will we have to do something similar?  It seems likely that as countries move from a developing status to “developed” nations, their populations will also flatten out.  As a comparison to the US, check out Japan’s population pyramid.  They are simply farther along a curve that technology is likely to take countries.  Combine this with the advances of technology worldwide in general.  Consider Licklider’s paper from 1960, or Vannevar Bush’s seminal article from 1948 to see both two amazing prognosticator’s, and how far technology has come in that time.