Lazycoder

What I think about Wasabi

A lot of people are giving Joel Spolskey grief over his Wasabi language for FogBugz. Normally, I’d be one of them. However, his decision to write a specific scripting language to output one of his products doesn’t really affect me. How many bug tracking applications, CMS, and VNC wrappers does the world really need anyway? (probably as many as their are Linux distros).

Joel asked a specific question over in the comments at Jeff Atwoods place that I’d like to address.

(1) Six years of code already written in VBScript

(2) Needs to run on customers’ Windows and Unix servers

(3) Minimize tech support costs

(4) Many customers refuse to install new runtimes on their servers, either because of IT policies or out of stubborness

What would be your solution?”

I have two possible plans.

First, I would capture the existing functionality of the VBScript app in a document. Then I would find the most commonly avaiable web runtime for both the Unix and Windows platforms. I’d probably end up with PHP. Next I would hire talented PHP programmers and port the VBScript application to PHP. At this point, I’m not sure what I would do next. Each has it’s advantages and disadvantages.

1) Make the PHP version the official version and relegate the VBScript version to “legacy” status. Provide support for the VBScript version for a couple of years, but phase it out in favor of the PHP version. Provide DEEP discounts to existing VBScript customers to entice them to upgrade (maybe even make the upgrade free). This allows you concentrate on a single languages featureset and use a single codebase. (note Wasabi also allows you to use a single codebase, more on that in a minute).

2) Hire talented VBScript programmers to maintain a parallel version of the PHP application, bugfixes, support, etc…. I think it would be easier to maintain separate talent pools (PHP and VBScript programmers) than it is to retain and train people who are specialists in both languages to maintain and upgrade the Wasabi compiler. At least with VBScript, you have a dead language to maintain. PHP is constantly evolving.

I think that creating a DSL to save time in porting, or in Joels words,

“Since we don’t want to program in VBScript or PHP4 or even PHP5 and we certainly don’t want to have to port everything to three target platforms, the best solution for us is a custom language that compiles to our target platforms.”

avoid programming in an icky language is a poor choice. I’ve aluded to this kind of decision as “Technological Wanking” before.

DataGridView strangeness

I’m working in the Winforms world right now and I’m running into a LOT of strangeness involving the DataGridView.

I’ve had to deal with the designer adding columns to the DataGridView without any prompt from me. I’ve had to deal with constraint issues when binding the DataGridView to a DataTable and having the cursor in the bottom “new” row when trying to save. I’ve dealt with the combo boxes that won’t let you enter new text into them. And I’ve dealt with “TextBoxes” that don’t include the autocomplete functionality. But the one that has really baffled me, and will probably prompt me to go looking for an existing bug in the MSDN bug database is the following one.

I set a columns “Visible” property to “false”.

 But when I run the application, the column shows up in the DataGridView.

I guess it’s time to start going through all that code that’s prefixed with the warning.

/// Required method for Designer support – do not modify
/// the contents of this method with the code editor.

Has anyone else resolved these issues with the DataGridView. Anyone have a third-party library recommendation?

Whoops, careful when you join the TOR network.

Germany: Crackdown on TOR-node operators

The public prosecutor’s office of Konstanz raided computing centres of seven providers in Germany,
seizing ten servers because of the proliferation of child pornography.
Nothing new, things like that happen all the time, the juicy detail is
that some of the servers were merely running a copy of the TOR, a software to anonymize the usage of the internet to protect your privacy.

Those servers were most probably configured to be TOR Exit-Nodes, so
their IP-addresses might have shown up in the server logfiles of the
child-porn servers in question. One could argue that this is an attempt
to frigthen german TOR-node operators, but I’d just keep calm for the
moment. I guess that the attorney of state is just after logfiles, they
knew that those servers were operating as TOR-nodes. If you IP-address
pops up in a child-porn case surely your IP looks interesting to the
police.

A while ago, I suggested using TOR to securely browse the web. A few people around the web suggested that this could be risky. It could mean your IP address shows up in a log file somewhere associated with some illegal operation. It looks like that's what is happening in Germany right now. While this kind of thing is probably defensible, it means more money for lawyers. I'd recommend AGAINST using the TOR software right now. I think your best bet for secure browsing is tunneling your web traffic over SSH to a private proxy server, one you or your friends control.

Update: Take note of the two comments associated with this post. It appears to be safe to use TOR to browse the web as TOR is not enabled to act as a server by default upon startup. It has also been noted that they German police were not cracking down on TOR servers just because they were TOR servers, but as surmised by myself and others that the TOR servers IP address showed up in some logs during a child porn investigation.

SSH tunneling for privacy and fun

So you are using a portable browser with an onion router for security. You might even have a privacy proxy set up to strip ad, web page bugs, cookies, etc... But if you are using a public WiFi hotspot, your packets are still available to whoever wants to sniff for them. What can you do?

Tunnel them through SSH of course.

There are several guides out there that tell you how to do this. I'm not going to repeat the instructions. The basic premise is that you forward a particular service, say web over port 80 or SMTP traffic,  to an SSH server of your choice, most people set one up at home. Your school or work may have one as well that available for you to use.

By tunneling your web requests over SSH to a web proxy, like Squid, that uses an onion router you can just about ensure that you are the only person that knows what web sites you are browsing.

P.S. You can also use this technique to bypass just about any firewall restrictions.