Debugging AJAX Applications with IE

6. July, 2007

Note: Most of the information for this blog entry was copied from this blog (German only).

Debugging AJAX Applications (or RIA) has become much more simple with the Firefox extensions Web Developer Toolbar and the fantastic tool Firebug.

IE has lagged behind but there are now two tools which help a lot: IE Developer Toolbar which mimics the HTML/CSS editing capabilities of Firebug and some of the tools of WDT (like clearing the cache, showing outlines and disabling images). For debugging JavaScript, you can get the MS Script Debugger but you have to dig through the config to enable and disable it.

Now all I need is a way to get at the IE Dev Toolbar when the browser window has no menu …


What’s Wrong With … Surveillance

5. July, 2007

“If you have nothing to hide, you have nothing to fear from ubiquitous surveillance.” Uhm, really?

Well, I have something to hide. It’s nothing illegal. I just want to hide from a lot of people: Sales and marketing people, for example, who want to get my mon*cough*attention. People, who hate the company I work for (for whatever good or bad reason). People, who dislike my religion, my taste in clothes, politics or sex.

Imagine a male working for the London police. He’s been dumped by his girlfriend, he’s jealous or just seeking revenge. He sits in his little office and tracks her moving around the city with the some of the 500’000 cameras in the city. Eventually, he sees her meeting with her new flame. What will he do?

Maybe he will not use the face recognition software (which was pretty useless a few years ago). But there are other way. The new boyfriend of “his” girl will probably walk to his car (identification by license plate is a standard tool for the police and you wouldn’t believe the zoom levels the surveillance cameras can get if you don’t limit them artificially) or he will go home. Guess who is having a surprise visit tonight? In 2003, the LA Times brought an article “LA Police Officer Uses Database to Snoop on the Stars“. Apparently, this fellow was looking for a way to even out his income by selling juicy details to tabloids.

The problem with surveillance is not that I have nothing to hide, it’s that I don’t trust all the people who operate the system. In order to “increase” the safety of the system, little is known about which directly leads to a sense of untouchability by the people who run them. We have seen where this leads. Power doesn’t corrupt, unaccountability does.

But there are other problems as well. In Germany, a camera was installed to protect a museum but it also watched the private flat of Angela Merkel (German only). Don’t worry, it watched her only for eight years.

This could be fixed by operating the cameras automatically by a computer. A judge could grant access to the files when authorities receive a complaint. Unfortunately, this just shifts the problem. For most people, computers are still magical boxes. They know that it’s just a bunch of cleverly arranged silicon atoms but the real problem is that they can’t tell when a computer lies. Of course, that never happens. Right?

Well, computers don’t lie in the sense that they can know fact A and tell you B. That’s a human skill. But a human can delete fact A and replace it with fact B and the computer will happily present fact B as The Truth(TM). Since security systems are by default accessible by a select few only, it becomes increasingly hard to know if someone has tampered with a system. Worse, someone can accidentally break something. Your name might suddenly appear on the persona non grata list of the USA because someone mistyped the last name of an evil doer who has the same birthday as you (a chance of 1:366 or less). Luckily, you will notice the next time you pass through customs. Enjoy your strip-search if they don’t arrest or shoot you on sight.

“But the computer said …” Several billion will find this funny, one person won’t. Of course, this is an exaggerated example. But quite a few people do find themselves at the special attention of customs and they don’t know why. That is because the victims aren’t informed about the mistake (the culprit already knows, the guy who made the mistake is sure he didn’t and the person who eventually finds out is too embarrassed to talk about it). Even when they eventually find out, it is insanely hard for to get the mistake fixed everywhere. So when you have finally made sure the guys at airport A know you’re cool, the computer at airport B might not know or might not trust that new information. After all, you might be a very clever cracker, trying to clear your slate! Can’t trust nobody!

Any system that is supposed to be secure, must allow for error, especially human error. When I was taught engineering, the rule was to make each piece twice as strong as it needed to be if a human life was in some way connected to it. That meant you could hang a small car to a swing and it wouldn’t break (don’t try; they have optimized the process since then). The security systems that are being sold to us today are sold as “infallible”. Like the Titanic, the Hindenburg, Bank computers, “automatic” invoice systems. They can’t make mistakes, so when one happens, no one will ask any questions. Somehow, everyone seems to forget that there are still very few computers that can read (and none who can understand what they just read; just ask Google … and they get the data in a computer readable format). Most data that you can find in any computer on this planet has been planted there by humans! Especially the data about other humans! Or as Thomas R. Fasulo said in his infamous IH8PCs blog: “You should never believe anything you read or hear. Especially if you read it here. “

Furthermore, the wide spread surveillance is sold under the flag of “safety”. We are supposed to be more safe. How so? The number of crimes doesn’t change. A few more crimes can be resolved because of the surveillance but the idea that they prevent them is foolish. People commit crimes because they believe they won’t be caught. If there is a camera, they will just adjust their strategy, not change their lives. Many of them believe that the reasons for their behavior is outside of their own control, so they really can’t do anything. On the other hand, imagine the torture of a rape victim that is being filmed in the act and the criminal doesn’t get caught.

Unfortunately, the surveillance systems are sold as a cheap solution for the underlying problems. If a kid has no perspective in life and only gang members as role models, what choice does it have? You would be astonished. Take the Bronx, turned into the sin pit of the world by the media. In 2000, there lived roughly 400’000 people between 10 and 25. In that year, a total of 48,070 crimes were recorded. If each was committed by a different individual, that means that 88% of the people followed the law (remember, even if they were not caught, the crime is still recorded). Sadly, spending millions of dollars for CCTV cameras is more cheap (as in simple) than trying to solve the real problems.

More safety by more surveillance? I don’t buy it.


The Elevator Problem or Why Writing Software Is So Hard

2. July, 2007

A lot of people wonder why writing high quality software is so hard. When you read this, you’re probably sitting in front of a computer that runs an operating system with millions lines of code. Most people know that a computer “computes”, that is it adds numbers all the time and because we define some numbers to mean characters (65 usually means A) or colors (0 is black, 16777215 is pure white, 16711680 is bright green, etc), it can do astonishing things. Like showing you something a guy on the other side of the globe wrote. It’s all just math.

As we all know, math isn’t simple but 1+1 always gives 2. It doesn’t sometimes give 1.9 or 2.2 or 3 or 1. It’s 2. Always. That basic observation made many people believe that it must be simple to write correct software. It’s just math, after all. It’s exact. Well, let me tell you a story so you understand why writing software is so hard and sometimes insane.

Imagine you’re working in a big company. Your company is so big, it has its own skyscraper. There are six elevators that carry all your co-employees in and out, every day. This morning, your boss storms into the room and he’s obviously very upset: For the third day in a row, someone is using his parking lot. You say, no problem, you’ll put a sign in the elevators that the parking lot #5 right next to the elevators is reserved. Your boss is very happy and you can see the next raise shining brightly at the horizon.

So you turn to your computer, fire up your favorite text tool and after a few minutes or hours (depending on the tool), you come up with a nice sign saying to stay the hell away from parking lot #5. A few minutes (or hours) later, your printer has delivered the signs on nice fresh paper. You grab ’em and walk to spread the news in all six elevators. It’s the most simple thing in the world to press the button to call an elevator. You wait a few moments (or longer, it’s a big building) and “bing”, one of the six elevators stops by to get you somewhere.

You smile, step into the cabin and slab the first sign onto the wall. You brought Scotch tape, right? Of course you did. And scissors, too.

The sign looks great. Your boss will be very happy, he will think fondly of you when it’s time to spread the good stuff.

So you leave the elevator, let’s call it A, wait for the doors to close and press the call button once more.

“Bing” and the door of elevator A opens, so you can take the ride. You start to realize that this simple task might not be that simple after all.

There is a little computer somewhere in the building, that tries very hard to move the elevators around effectively and right now, it’s very proud of itself because you didn’t have to wait. Now, it eagerly waits for you to tell it where you want to go, so it can take you there as fast as possible. In the meantime, it does the same thing with the other five cabins.

After pondering the situation for a moment, you step inside the cabin and press the button of the floor that is farthest away from where you currently are. The door closes, you wait a moment, so it is really gone and call the next elevator.

“Bing”, elevator A opens it’s door again.

Apparently, it hasn’t moved at all or it can move much faster than you’d think possible. Let us rule out the second option because it probably breaks some laws of physics. You do know that elevators measure the weight of the passengers, don’t you? Well, some time ago, smart engineers noticed that kids wasted a lot of energy sending the empty cabins around. That made them angry, they didn’t want little pests to toy with their toys. So they used the very same sensor to determine if someone is actually inside and if not, they told the little control computer to just ignore any requests to send the elevator around. Ha! That shows them!

All right, you tell yourself, and go for the staircase to move a few floors down. Slightly annoyed, you press the call button. You wait, “Bing” and … elevator A offers it’s service. Somewhere in the house, a little control computer is very proud that it could send you an empty ride so fast.

Now is the time to start to worry. You could ask your buddies in the office for help. You need five of them, each rides one elevator to some floor and blocks it there. Of course, you know them and you’re a bit worried about the remarks you’ll probably get before you can explain to them why on earth it could be so hard to stick a piece of paper on an elevator.

Now is also a good time to think what you boss will think when you don’t return soon. Surely, to stick six pieces of paper on a wall can’t take more then a few minutes? What will he think if you fail even such a simple task?

The morale of the story: Even very simple things can become insanely complex as soon as a computer is involved. Unfortunately, even seasoned developers with years of experience sometimes fail to see all the traps in advance. That leads to the paradox situation that they concentrate on all the “hard” stuff, which they expect to cause trouble and postpone the “easy” stuff. If that easy stuff is hiding a bad surprise, it’s usually late in the project when you finally get to it. And at that time, the effects might be tremendous because you made your all your plans and estimates with the idea in mind that the “easy” thing will be a cinch.

That leads to the conclusion that it is impossible to estimate a software project except you have done the very same thing (including all circumstances!) before, preferably several times. If you didn’t, your estimates are just guesswork and could be off by several magnitudes (i.e. 10, 100 or a 1000 times).

PS: The solution for the elevator problem is to find the janitor or someone from the cleaning team. They have keys to take cabins out of service (ever noticed the locks near the buttons? That’s what they are for), so they can clean or repair them. Or you could paste the notice on the wall next to the parking lot. Or place one under the wiper. But we’re computer freaks; simple solutions are for wimps!