IF NOT EXIST "$(OUTDIR)" mkdir "$(OUTDIR)"

This should create the output directory if it doesn’t exist. The line would hang the build on my development box from time to time, so I decided to track down what the problem was. It turns out, IF NOT EXIST will sometimes hang if there are quotes around the filepath, at least on Windows XP. You can verify this with a simple perl script:

for (;;) {
    system("cmd /c IF NOT EXIST \"\\Windows\" echo nodir");
}

Running that script will cause the cmd to hang after a short amount of time (usually less than a minute).

But, if you run this script, it will continue forever:

for (;;) {
    system("cmd /c IF NOT EXIST \\Windows echo nodir");
}

In our case, the filepath will never contain any spaces, so the solution was to just remove the quotes from the IF NOT EXIST command in the Makefile.

My goal was not to write the most efficient program possible, but to see what results I could get from a reasonable design and no major optimizations. So, I wrote about 160 lines of C code, using OpenSSL for the hashing and the old K&R bit counting method. Depending on how long the message plaintext was, this got me about 1 to 1.5 million attempts per second per core on my 3.0 Ghz Core 2 Duo. The winning CPU-based entry, which was written by D. J. Bernstein, contained an optimized SHA-1 implementation and got around 10 million hashes per second per core. So, I was about an order of magnitude off, which seems reasonable to me.

It turns out the really fast implementations were all on GPUs. Both the winner and the runner up used Nvidia’s CUDA for fast GPGPU processing, which was cool to see.

I ran my program for most of the 30 hours of the competition. How did I do? My best result was 37 bits off of the goal, which put me 7 away from the winner.

static void Main(string[] args)
{
    object x = null;
    object y = (short)4;
    x = (y is System.Int32) ? (System.Int32)y : (System.Int16)y;
    Console.WriteLine(x.GetType());
}

What is printed out?
Try it.
Explain why you were wrong.

If you run the code, you get this output:

System.Int32

The code snippet as it stands doesn’t make it clear exactly where the unexpected behavior is. This is a little more clear:

static void Main(string[] args)
{
    object x = null;
    object y = (short)4;
    x = false ? (System.Int32)y : (System.Int16)y;
    Console.WriteLine(x.GetType());
}

This code outputs the same thing as the above snippet. So why does this snippet output System.Int32, when x clearly gets set to (System.Int16)4 ? The answer is in the C# implementation of the ternary operator.

The Answer
In line 5 of the second example above, x is set to the result of the expression on the right side of the equals sign. Since the thing on the right is an expression, it must have a single type.

The C# Language Specification, in section 14.13, spells out how the type of the expression is determined:

The second and third operands of the ?: operator control the type of the conditional expression. Let X and Y be the types of the second and third operands. Then,

• If X and Y are the same type, then this is the type of the conditional expression.
• Otherwise, if an implicit conversion exists from X to Y, but not from Y to X, then Y is the type of the conditional expression.
• Otherwise, if an implicit conversion exists from Y to X, but not from X to Y, then X is the type of the conditional expression.
• Otherwise, no expression type can be determined, and a compile-time error occurs.

In our example, since there’s an implicit cast from an Int16 to an Int32, but not an implicit cast from an Int32 to an Int16, the compiler says the type of the expression must be Int32. Then, when our Int16 is returned, it’s typecast to an Int32.

More Types
The spec makes it pretty clear what is supposed to happen if there’s an implicit conversion from one of the operands to the other, but not the other way around. But what happens if there’s an implicit conversion in both directions? According to the spec, none of the first three conditions are met, so the compiler must output an error. There is an implicit conversion from a byte to int, and also one from const int to byte, as long as the int is small enough to fit into the byte. So, let’s try compiling this:

static void Main(string[] args)
{
    const int i = 1;
    const byte b = 2;

    object x = null;
    x = true ? i : b;

    Console.WriteLine(x.GetType());
}

The Bug
If you compile this with the .NET 3.5 compiler, it compiles without errors. There’s a warning about hardcoding true into the ternary operator, but nothing about the types. So, the compiler does not conform to the C# language spec. That’s a bug, but it’s not that shocking. There are other places where the .NET compiler doesn’t conform to the spec. It seems that Microsoft has a policy to leave such bugs in, so as to not break compatibility with existing code, so it will probably stay that way for the foreseeable future.

Mono
This got me wondering if the Mono compiler properly supports the spec. So, I tried compiling with the Mono 2.0 C# compiler. Here’s what you get:

Program.cs(13,17): error CS0172: Can not compute type of conditional expression as `int’ and `byte’ convert implicitly to each other
Compilation failed: 1 error(s), 0 warnings

So it looks like Mono conforms to the spec in this case. It’s a bit amusing that an open source project supports the spec better than Microsoft itself, but there are probably also cases where it goes the other way. However, this means that the Mono implementation is incompatible with the .NET implementation of C#. Now, this particular incompatibility is unlikely to come up that often, since there aren’t many types that have two-way implicit conversions with each other, but it’s something to consider.

The Law
The legal implications of this bug are perhaps the most interesting part. A few weeks ago, there was a lot of talk about the Mono patent situation. This has now been largely resolved with Microsoft putting C# and the CLR under its Community Promise. However, the Community Promise only applies to a given implementation “to the extent it conforms to one of the Covered Specifications.” If an implementation does not conform to the specification, it is not covered by the promise.

You can probably see where I’m going with this. If Mono decided to support compatibility with the .NET compiler by breaking from the spec and implementing the ternary type bug the same way Microsoft has, it might be giving up its protection against patent lawsuits. In order to be legally safer, it’s probably wiser for Mono to stick to the spec and break compatibility with the .NET compiler. This is significant, because the more situations like this crop up, the harder it will be for programmers to port their .NET code to Mono. There’s not much that the mono project can do about this, but it’s unfortunate that the legal situation forces their hand on compatibility.

I actually ended up using nginx, PHP, PHP-FPM, and xcache. I’m running 8 instances of PHP and 2 nginx worker processes. First, I got started by using the step-by-step instructions I found on someone’s blog. After the initial setup, there was still a lot of configuration to do, some of which was not trivial. Below are some notes from my experience:

1. When setting up FastCGI processes for PHP, make sure the firewall isn’t blocking access to the port the FastCGI servers are listening on. If your firewall is filtering packets to the port, you’ll get a “504 Gateway Time-out” page from nginx whenever you try to access a PHP page. To open up the port, if you’re using iptables, add something to your iptables startup script like this:
iptables -A INPUT -p tcp -s localhost --dport 9000 -j ACCEPT

2. Somewhere I saw a redirect example to eliminate the www from URLs that caused me to add this to the config file:

server {
    listen          80;
    server_name     www.definingterms.com;
    rewrite         ^/(.*) http://definingterms.com/%1 permanent;
}

server {
    listen          80 default;
    server_name     definingterms.com;
    [...]
}

I’m not sure why I thought I needed this, but it was messing up the loading of static images on this blog. The right thing to do is just list multiple server_names for the host, and let WordPress handle the redirect:

server {
    listen          80 default;
    server_name     definingterms.com www.definingterms.com;
    [...]
}

3. Moving most of my sites from Apache to nginx was easy, but there was the problem of rewrite rules. A lot of the software I use (e.g. WordPress, Mediawiki, Gallery) needs rewrite rules. If you’re using Apache, there’s always an example .htaccess file either in the documentation, or in some user forum. However, the nginx rewrite rules work differently, and you can’t always find an example config, so it took some time and brain power to get them all right. Actually, this is true for all parts of the nginx configuration. The English documentation is sparse and it’s sometimes hard to find examples of what you want to do.

4. nginx doesn’t have CGI support. If you’ve got those one or two sites that use non-PHP CGI, you’ll have to set up a FastCGI instance for each language you want to support. For example, I had a copy of ViewVC running, which is written in Python. With Apache, it was just using CGI. With nginx, I’d have to constantly run a whole Python FastCGI process for the rare event when someone wants to browse ViewVC.

In the end, I think the move to nginx was worth it purely for the performance gains, since it keeps me from having to pay for a heftier VM every month. But, it did take a fair amount of work and if I had slightly more complex needs, it might not have been a good fit for me.

Instead of storing the passwords, they’re generated on the fly using a cryptographically secure method. The software is all open source, so you know what’s going on and can reconstruct it if you need to. Finally, there’s also a very convenient browser plugin for Firefox that I can install everywhere. So, I finally bit the bullet and got away from my tiered password system by moving all of my online accounts to using passwords generated by PasswordMaker.

If I’m going to go through all of that trouble, I might as well use a secure password, right? So I decided to use passwords with letters, numbers, and punctuation. That shouldn’t be anything special, it’s just the standard recommendation for password security. Some systems even have that as a minimum requirement.

What surprised me was that a huge number of websites I use don’t allow passwords with punctuation, 20% in fact. Out of the 97 sites where I tried to update my account, 19 of them would not allow it. These ranged from hip web 2.0 sites like digg.com to big, corporate sites like geico.com. Here’s the full list:

• aadl.org
• aareced.com
• blockbuster.com
• briarcoveapts.com
• digg.com
• etsy.com
• geico.com
• godaddy.com
• hewitt.com
• movietickets.com
• my.dteenergy.com
• mycigna.com
• novell.com
• nytimes.com
• projecteuler.net
• ticketmaster.com
• transunion.com
• worldogl.com
• zipzoomfly.com

So now I have to use a different set of characters for my passwords at these sites. Fortunately, PasswordMaker lets me configure different profiles for different sites, so I can set it up once and forget about it. But, why should I have to do that, especially when it makes my account less secure?

It seems like it just requires more work from the website makers to restrict certain characters, and I can’t think of any good reason to do so. It might make sense to restrict passwords to ASCII characters if their system doesn’t fully support Unicode. But disallowing all punctuation just doesn’t make any sense. The programmers might be worried about allowing escape characters in passwords, but it seems like it would be just as much work to protect the system against them internally as making an additional demand on the user.

If we’re going to expect users to have secure passwords, we need to allow them to do so. I’d like to see the above sites change their password policies, and I want any new sites to allow long, complex passwords.

Dinosaur Remix

Dinosaur Remix lets you randomly mix together panels, but also lock in certain panels to make a comic you like. Then you can add clever alt text and save it or send it to a dinosaur-loving friend!

It’s written in Python, PHP, and JavaScript. It was my first chance to really use jQuery, which is just about as awesome as everyone says it is. All of the code is available on GitHub.

• A Good Dictionary – This is still your first line of defense against the hostile hoards of foreign words. For German, the best is clearly LEO. The reason it’s better than your trusty Langenscheidt’s or Oxford-Duden is that it’s user created and maintained, so you get idioms, slang, and current events.
• Google for Grammar – If you don’t know which of two or three possible variants is the correct one, Google all of them and see if one has many more hits than the rest. Important here: put the phrase in quotes. This is especially good for things like which preposition to use with more common words. Let’s say you want to translate “I’m going to Chicago.” Which preposition do you use? Try searching for a similar phrase (in this case, altered for geographic relevance) and see if one stands out. Go to google.de and click the “Seiten auf Deutsch” (Pages in German) button. Then try three reasonable guesses:
  1. “gehe zu Berlin”: 7 hits
  2. “gehe nach Berlin”: 2,890 hits
  3. “gehe bei Berlin”: 1 hit

  It looks like we have a clear winner. You can be pretty confident translating your sentence as “Ich gehe nach Chicago”. However, this isn’t always foolproof. If you had searched for “gehe in Berlin” you would have gotten 576 hits and the results wouldn’t have been quite as clear. But, after reading the first few hits, you’d have realized that it’s not what you’re looking for.

• Wikipedia – This is especially good for technical terms. Suppose you want to talk about the famous Quicksort algorithm in German. LEO won’t help you. So, go to the English Wikipedia page for Quicksort. Then, look down on the left side of the page in the “languages” box. Click “Deutsch” (if it exists) and you’ll be taken to the equivalent German page. In this case, you find out that Quicksort is the same in English and German, so now you can (not) translate it with confidence.
• Names – You read a foreign name and you’re not sure what gender it is. Sometimes that doesn’t matter, but if you want to talk about this person, it sure is useful to be able to use pronouns. So, to figure it out, do a Google image search, preferably at the Google site for the country, and look at the results. Example: Johannes vs. Johanna (I read this somewhere online, but I’m not sure where. It’s especially helpful for Asian names.)
• Machine Translation – I list this one last because it’s generally the least helpful. The two main free sites are Google Translate and Babelfish. These sites are slowly getting better, but right now they’re still of limited value. They’re good if you want to read something in a language you don’t know at all or it would take you a long time to do the translation yourself and you just want to get the gist of the text.

Und wenn er auch wußte, daß er den Besitz dieses Duftes mit seinem anschließenden Verlust würde entsetzlich teuer bezahlen müssen, so schienen ihm doch Besitz und Verlust begehrenswerter als der lapidare Verzicht auf beides.

This can be roughly translated as:

And even knowing that the possession of this scent would require him to subsequently pay the terribly high price of its loss, the possession and loss seemed more desirable than the lapidary relinquishment of both.

The interesting part of the sentence is “daß er den Besitz dieses Duftes mit seinem anschließenden Verlust würde entsetzlich teuer bezahlen müssen”. In a word-for-word translation, this is “that he the possession of this scent with its subsequent loss would terribly expensive pay have to”.

In general, English and German have similar sentence structure and word order. But occasionally you see a German sentence that makes you think the author took a sentence, tied it in a knot, and threw it onto the page. Translation of such sentences requires not only translating the meaning into English, but untying the knot so that the English-speaking reader can parse it. And that’s the fun part.

It’s been tested in Firefox 2 and 3, and I think it should work in recent versions of Safari and Opera.

Click the image to see the example

While this does allow you to compare the percentages much more easily, it’s not quite perfect. On the plus side, it displays both percentages at the same time and it’s quite easy to discover. Anyone who is interested in the Top Critics information will move to click on the tab header, and when they move the pointer over it, they’ll see the popup.

On the downside, it does require fairly precise mousing (and holding the mouse still) for the whole time you want to read the number. This makes it much less accessible to those who have trouble acquiring small targets and keeping the pointer still, such as the elderly or disabled using a mouse. Additionally, you have to use the pointer to see it, which makes it inaccessible to those navigating with just the keyboard.