Technical Solutions to Amok Runs

3. August, 2016

Every now and then, an idiot realizes that his life isn’t exciting enough and decides to do something about it. Note: I apply humor to horror.

Some people (I think of them as idiots as well, just a different flavor) think that arming everyone is the best solution to this problem. Maybe these people probably never get angry.

Anyway. Here is my attempt at a solution: Data contracts.

A data contract is a contract which is attached to data.

Example: I could attach a contract to data which my cell phone produces, for example, “code looking for the signature of gunshots can access data which the microphone produces.” Similarly, I could attach “code looking symptoms of mass panic can access data from my mobile’s acceleration sensors.” And lastly, “code which detected mass panic or gunshots is allowed to access location data on my mobile.”

To build such a system, all data needs to be signed (so it can be attributed to someone) and it needs to contain the hash code of the contract. Big data services can then look up people by their signature (which would also allow to create a public / shared signature for an anonymous entity) and from there, get the data contracts.

Now that in itself doesn’t protect against abuse of data by greedy / evil corporations. The solution here is the same as in the “real” world: Auditing. People applying for access to this system need to undergo an audit where test data is fed into the system and auditors (which can be humans or bots or both) validate the operation. This results in a digital document signed by the auditors which will then allow them to access the data feeds.

This approach would then protect my privacy from people wanting my movement profiles to annoy me with adverts while safety services could still use the data to automatically detect disasters and dispatch help without me having to fumble for my phone while running for my life.

On the downside, attackers will start to shoot mobile phones.

If we look into the future, unstable people could be sentenced to share some of their data with automated systems which monitor their mental state – I’m positive that several companies are working on systems to determine the mental state of a person by looking at sensor data from their phones or fitness sensors as you read this. Of course, we’d need an improved justice system (our current one is too busy with things like patent lawsuits or copyright violations) with careful balance and checks to prevent another kind of idiot (the one which doesn’t believe in “everything has a cost”) to run amok with this (i.e. putting “unwanted” people into virtual jails).

There is a certain amount of “bad things happening” that we have to accept as inevitable. Everyone who disagrees is invited to move to North Korea where they have … ah … “solved” this already.

For everyone else, this idea has a few holes. It needs computer readable contracts, a way to negotiate contracts between computers (with and without human interaction), it needs technology for auditors where they can feed test data into complex systems and see where it goes.

I think the computer readable contracts will happen in the next few years; negotiating contracts and knowing what contracts you have is a big issue with companies. Their needs will drive this technology. Eventually, you’ll be able to set up a meeting with a lawyer who will configure a “contract matching app” your mobile. When some service wants your data, the app will automatically approve the parts of the contract which you already agree, and reject those which you’ll never accept. If the service still wants to do business with you, then you’ll get a short list of points which are undecided, yet. A few swipes later, you’ll be in business or you’ll know why not.

The test data problem can be implemented by adding new features to the big data processing frameworks. Many of these already have ways to describe data processing graphs which the framework will then turn into actual data processing. For documentation purposes, you can already examine those graphs. Adding signature tracking (when you already have to process the signatures anyway to read the data) isn’t a big deal. Auditing then means to check those signature tracks.

It’s not perfect but perfect doesn’t exist.


RPM build errors: No file attributes configured

25. July, 2016

The error comes from this lines in the RPM source code:

if (initAttrs(fc) < 1) {
rpmlog(RPMLOG_ERR, _("No file attributes configured\n"));
goto exit;
}

initAttrs() looks for “%{_fileattrsdir}/*.attr”

To solve this, install the package rpm-devel.

Another solution is to create a file “script.attr” in _fileattrsdir (default: /usr/lib/rpm/fileattrs/) with this content:


%__script_requires %{_rpmconfigdir}/script.req
%__script_magic ^.* script[, ].*$
%__script_flags exeonly


Real Life Adblocker

17. June, 2016

I’m one of those people who can’t tear their eyes from blinking, moving stuff. Web advertising is pure hell for me. Thank god for ad blockers.

But what about real life ads? Did you notice all those billboards popping up lately? They are everywhere. Recently, the learned to move.

Time to do something about it: http://jonathandub.in/cognizance/

Thanks, guys!


Random Conway’s Game of Life

27. December, 2015

Recently, I followed a discussion about free will. The starting point was the question whether a million exact clones which are placed in the same situations would shows the same behavior and whether they would diverge over time.

My stance is that they would behave identical in the beginning but, subject to quantum physics, small differences would creep in. Big things like hair color or beliefs would be very stable. A complex decision, which could go either way, might be influenced by the fact that a molecule binds a few nanoseconds later than in another clone. The neuron would fire slightly later than the other ones and a different option would be chosen.

Which made me remember Conway’s Game of Life. Life has been shown to be Turing complete – you can construct machines which can compute anything that can be computed.

Now which change to Life would bring it to the next level? Make it able to compute more than Turing?

If there is no metaphysical soul, no God-induced immortal energy in us, then our ability to comprehend must come from the physical body that we have. If neurons are small switches that trigger other switches when enough inputs agree, then where does comprehension – which simple computers certainly lack – come from?

Maybe the solution is that our neurons have a random component – quantum physics. Maybe the solution is a version of Life where survival with more than three neighbors isn’t impossible – just unlikely? Where cells can come to life from nothing by pure (small) chance?


On undoing, fixing, or removing commits in git

16. October, 2015

On undoing, fixing, or removing commits in git” is a web page which guides you when Git doesn’t do as you want to.

Thanks Seth


Testing Fonts for Software Developers

11. September, 2015

Characters that you need to be able to distinguish clearly:

0O – Zero and upper case o
l1I – Lower case L, one, upper case i
Z2 – Upper case z and two
S5 – Upper case s and five
G6 – Upper case g and six
B8 – Upper case b and eight
71 – seven and one
lI – Lower case L, upper case i
vy – lower case v and lower case y

Just copy and paste into your favorite code editor.

Fonts you should try:


TNBT – Creating Tests from the Debugger

20. July, 2015

From my series “The Next Best Thing“:

Often, you will find yourself in a debugger, trying to follow some insanely complicated code to find the root cause of a bug.

I would like to see a button in my IDE which reads “New Test Case”. It should example the current program state, determine (with my help) what part of the code I want to test and then copy the current state into a unit test. In a second step, I could then trim down the unit tests but I would have all the input, all necessary dependencies would be there, correctly initialized.

It would also be great if the IDE would track the state of the code from which the unit test was generated. If the code changes too much (indicating that the unit test might become outdated), I’d like to see that. Or maybe the IDE could figure out by itself when code tested in such a way deviates “too much.”

Along the same lines, the IDE should be able to inject probes into the product code. As I click buttons and enter data in the UI, the IDE should generate a series of unit tests under the hood as described here. If you’re using frameworks like Spring, the tests should come with minimal (or mocked) dependencies.


Replacing Integration With Unit Tests

15. July, 2015

Google asks to “Just Say No to More End-to-End Tests” – just go and read it.

The suggestion in the document is to have a testing pyramid. A few (slow, expensive, dangerous) End-to-End (E2E) tests, more integration tests (IT) and a whole lot of unit tests.

My approach is to aim for 100% unit tests by breaking down the E2E and integration tests into chains of unit tests.

Example: You want to test whether you can save a UI field in a database.

The naive approach would be to create the UI, create a DB, simulate user input, click the save button, check the data in the database, update the UI afterwards.

My approach is to cut this into individual steps and use the output of test X as input for X+1. For unit tests, output is always a constant, so this doesn’t create dependencies between the tests except for the fact that some are the logical next steps. Tests can still be executed in any order.

But back to the example. The first set of tests would put various values in the UI, simulating user input. The tests would just read the values from the fields and compare them against expected values.

The next set of tests would be for the input validation. These tests would reuse some of the “expected output” values from the previous tests. No UI would be necessary (the code to test the display of validation messages would be in another set). We’re only interested in “do we get the correct error for input value FOO” where FOO is a constant.

The input validation tests can be grouped into two sets: One where the input value passes the validation and another (probably a much bigger) where the validation fails.

For all the inputs where the validation succeeds, we write a test that writes this value (again taken from a constant) into the database.

Lastly, to update the UI, we write a set of tests which examine the state of the database. And another set which tests that a certain state appears correctly in the UI.

As you can see, at no time we have a runtime dependency of tests. Tests work in any order. If the output of one test changes, only a small number of tests need to be updated (if at all). The IDE will help you locate all tests which are connected.

Instead of using the constant directly in an assert inside of a test, you can refer to it from an annotation. Now you can write tests that make sure that an output value is also used as an input somewhere.

If a test fails, only a single test fails. If the validation changes and a value isn’t valid anymore, the DB test might still pass. This is good: We don’t want code to fail unless it’s really broken. The DB interface might be able to write “illegal” values into the database but the validation layer is responsible to catch them. Don’t mix responsibilities.

In E2E or integration tests, a single failure somewhere in the whole chain of operations breaks the whole test. With the approach outlined above, a single failure just breaks very few tests. Each test still runs only a small number of code lines, making it easier to locate the cause of the problem. Tests are fast, you can run tests for a subset of the chain – why test the database when you’re improving validation? Or start the whole UI? You can run fast tests all the time and mark slow ones (UI, DB) for “run only on CI server“.


Installing Epson Perfection V300 Photo on openSUSE 13.2

3. July, 2015

Locate Linux drivers on http://download.ebz.epson.net/dsc/search/01/search/?OSC=LX
Search for “v300”

The search gives two results:

  1. “iscan plugin package” from 2011
  2. “core package&data package” from 2015

You need both. The first one is esci-interpreter-gt-f720-0.1.1-2.* which is a necessary plugin for iscan to enable the software to talk to the scanner via USB. Without it, you get odd “Permission denied” errors and “scanimage --list-devices” will come back with “No scanners were identified.”

Then get iscan-2.30.1-1.usb0.1.ltdl3.x86_64.rpm (not sure what those files with a ~ in the name at the top are) plus iscan-data-1.36.0-1.noarch.rpm from the second search result.

Install all three of them at the same time.

Both scanimage and xsane should now be able to detect and use the scanner.

Related:


SoCraTes Day: Testing the Impossible

21. June, 2015

I’m back from SoCraTes Day Switzerland where I help a Code&Hack session called “Testing the Impossible”.

The session is based on this Mercurial repository de.pdark.testing.

Transcript

  • 20150619_105103-socrates-day-testing-the-impossible-page1Space Shuttle – They Write the Right Stuff
    • Why wasn’t the bug caught by QA?
    • Why did the bug escape dev?
  • Personal Bug Diary
  • Team Culture: Strengths va. Blame Game
  • Miscommunication with Customers
  • Anyone can press the “Red Button
  • Make failures cheap. Fail fast.
  • I’m wrong. I have learned something.
  • Bug-.hunting takes time and mindshare.
  • If you found a bug, write a test for it

How do I test randomness?

  1. Test small pieces
  2. Fix things that varies (IDs, timestamps, etc.)

How do I test a DB?

  • 20150619_105103-socrates-day-testing-the-impossible-page2Layer between DB and App code which allows to switch between real DB and mock
  • Verify generated SQL instead of executing it
    • Fast
    • Allows to test thousands of combinations easily
    • Useful for code that builds search queries
  • Run SQL against real DB during the night (CI server)
  • H2 embedded DB can emulate Oracle, MySQL, PostgreSQL, …
  • Test at various depths (speed vs. accuracy)
  • Testing Walrus dives deep!

%d bloggers like this: