Chase’s completely insecure and broken “secure” document exchange system (aka securedx, secure-dx)

A few days ago, I got a call from my girlfriend, Olivia. I was so deep in working on my startup, Parse.ly, that I hadn’t checked my bank account statements in several weeks. We just went into private beta last Thursday, after DreamIt Demo Day. She noticed some suspicious charges, and so I looked into them. Indeed, it looked like I had been a victim of fraud: there were three charges that clearly was not me.

I immediately called Chase Customer Service. In order to confirm the details about my account, the representative needed me to identify the fraudulent charges, but also identify charges that were actually valid. For this latter bit, I needed to identify the time/place of a specific transaction. This card was mostly used for online auto bill payments, so this turned out to be impossible for any of my last 20 valid payments. Yet the customer service rep insisted that I name a time and place. I told her, “The time and place was whenever the server for this system decided to automatically bill my account. I don’t know where their server is, I don’t know what time their cron jobs run.”

“Cron jobs?” she said.

Right, I had been hanging around techies at DreamIt Ventures for too long. “Listen, the transaction didn’t take place physically, it took place digitally. I can identify one transaction, which is about a month old, where I actually used the card in-person to buy something.” She finally understood and let me move on.

Burak from Trendsta said he felt bad for me, for how patient I had to be with this person. But that was the least of it. This little technical misunderstanding was nothing compared to what followed.

Continue reading Chase’s completely insecure and broken “secure” document exchange system (aka securedx, secure-dx)

Favorite PyCon 2009 talks

I attended PyCon 2009 this year, which was a whole lot of fun. Quite a few people have asked me which talks I liked, so I decided to put together my “top 5 talks” list, in ranked order:

  1. A Whirlwind Excursion through Writing a C Extension. This talk by Ned Batchelder (author of coverage.py and cog) shows that you can write a Python C extension module in under 20 minutes. This is my top talk because I never thought that my skills in C would be so directly useful in writing Python applications. Considering how damn easy it is to write a basic C extension module, I wouldn’t be surprised if the only reason I ever write C code again is to implement some Python functions or types in C. Truly the best of both worlds!
  2. Reinteract: a better way to interact with Python. Owen Taylor (of GNOME/GTK+ fame) has spent some time over the last few months building a better Python shell. Specifically, it’s a lightweight shell that is meant to be a prototyping or “worksheet” environment a la Matlab, Mathematica, or Maple. Except, you’re running and re-evaluating Python code. It even supports things like in-line graph plotting, but I’ve already used it to experiment with Python web services API. Any Python programmer who has been frustrated with IPython before should check out Reinteract.
  3. Easy AI with Python. This talk might have gotten the #1 slot for most interesting, but not the #1 slot overall because it seems like this talk has been given at a lot of conferences (not just PyCon) over the last few years. This talk introduces some complex AI topics in a very short time frame, and in a very intuitive way. For me, the neural networks example with Jets and Sharks was particularly impressive. Raymond Hettinger is a great presenter, and if you have some time you should definitely check out his recipes on ActiveState’s Python Cookbook and his How-to Guide for Descriptors.
  4. Abstraction as Leverage. A talk by one of my favorite Python authors, Alex Martelli (who wrote the best book on Python on the market, Python in a Nutshell), this talk isn’t so much about Python as it is about software engineering overall. But it’s thought-provoking as his talks usually are.
  5. Class Decorators: Radically Simple. The presenter is the author of the Class Decorators PEP, Jack Diederich. If you like decorators and you are curious about metaclasses, you’ll love class decorators.

Feel free to share your favorites!

Beautiful Code and a Beautiful Bug

I am teaching a technical course on the popular and ubiquitous version control system, Subversion, this Monday. I thought it might be fun to give my class a little “extra credit” reading from the O’Reilly book, Beautiful Code. In it, one of the original authors of Subversion, Karl Fogel, shares what he considers to be the most beautiful internal design within the codebase: the SVN delta editor. Though this API is not directly used in doing Subversion development, I thought it might be cool for students to have a deeper understanding of the thought that went into SVN’s codebase. But when trying to print up some copies of the chapter for the class, I got more than I bargained for…

Continue reading Beautiful Code and a Beautiful Bug

Dilbertization of IT

There is an article on eWeek I encountered via del.icio.us called “The Dilbertization of IT.” Though it says a lot of stuff most IT workers already know (that in many places, the “creative” work is being de-emphasized while “firefighting” or “maintainence” is emphasized), the more important thing to point out is the cause of this Dilbertization. I found an insightful comment which points to some of them.

Dilbert’s pointy-headed managers are everywhere. In my current Fortune 100 company, virtually none of the managers with any authority have ANY IT development background. They manage entirely by cost and project plan – ignoring any and all input from those developers who actually have a successful track record.

I can’t say this is true in my team, at my company, but I have certainly heard it from a lot of my IT friends. Also, I have an acquaintence who is an IT Project Manager who thinks that development is “easy work” and that most software developers are just “lazy”, which is why projects end up behind schedule. I think many innumerate IT managers share this opinion, and this can lead to problems, low morale, and resentment.

Nat’s Pendulum

Metacity (the window manager for GNOME) has this annoying and ugly minimize animation that looks like a bunch of cascading rectangles flying at your taskbar. I’ve always hated it, but dealt with it for awhile.

Today, I did some digging on the Metacity bugzilla to see if it was fixed, and found this bug.

Over the course of 3.5 years, this bug has sat on the bugzilla, and still isn’t satisfactorily resolved. There is now a reduced_resources flag in gconf, but this flag only disables the minimize animation at the expense of forcing you to use an ugly wireframe window dragging animation. (Complete, utter insanity.)

Continue reading Nat’s Pendulum

“This isn’t elitist, this is egalitarian.”

A surprisingly articulate post on OSNews about Free Software:

Asking me to get off my a$$ and code drivers for this baby is what I consider elitist and a very unreasonable demand on the end user. It’s one thing that gives GNU/Linux zealots a very bad name in the real world.

I have sneaking suspicion that you get this response from the Linux community because we feel you’re placing unreasonable demands on us. Your points are valid, but your energy is misdirected. Unfortunately for those who don’t like to code, that’s how software is created and improved. We invite you to participate in our projects in a variety of capacities including but not limited to programming, but of course participation is not required.

I think that Linux “zealots” get a bad name because much of the “real world” believes in a culture of entitlement. Look at everybody living life with a chip on their shoulder, blaming everyone else for their problems and scoffing at the notion that they take responsibility for their own situation. Somewhere along the line we stopped believing in opportunity as a means of realizing our dreams and began to foster the idea that we’re entitled to our expectations. In “Linux land,” we believe that the opportunity to participate in our information society is fundamental to our inherent desire as human beings to better our situation and control our own destiny.

Of course, money can make just about any dream come true. Mark Shuttleworth, for [example], invested $10 million to help make the Ubuntu project a reality. But years ago my great-grandmother told me the story of how my family came to America with nothing but the promise that here they would find a land of opportunity. This is the same promise we make with free software. This isn’t elitist, this is egalitarian.

I have to say, this is part of what makes me love Free Software.  It’s this idea of widespread opportunity.  Sure, F/OSS has power structures and means of coercion/control built into certain parts of it, but for the most part, it’s based upon a very simple, powerful, and egalitarian idea.  “Anyone can improve this, anyone can make it better.”  It’s that kernel of an idea that makes any process — whether software production, book editing, encyclopedia editing, or even beer brewing, more enjoyable to those involved, and, as a side effect, better for the general public.

Catching up on the reading list

Lately, I’ve been very diligent about catching up on my reading.

I have been perpetually delaying a review of Capitalism 3.0 and Dreaming in Code, both of whom deserve it. But I promise one soon. I use Hofstadter’s Rule of Thumb lately for estimating time: however long you think it’s gonna take, double it and add a unit of time. So if you think it’ll take two hours, it’ll really take four days. If you think it’ll take five days, it’ll really take 10 weeks. And so on.

In the meanwhile, I’ve been busy at work — actually working on some cool stuff from a technology standpoint, mainly in the realm of hacking with pieces of the Eclipse Modeling Framework, and its related projects like GMF, RCP, Eclipse Core, etc.

On my commute, I’ve been enjoying reading Making Globalization Work by Stiglitz. Although one of my friends mentioned to me that this book would be quite boring, and for the most part he was right. Not the lofty stuff of Barnes in Capitalism 3.0; but perhaps Stiglitz’s recommendations are much more practical for ways to improve the current system.

The other book I started recently is a long, written interview with John Kenneth Galbraith (much in the style of Socrates) which is entitled, Almost Everyone’s Guide to Economics. What’s amazing is to see Galbraith, this towering (literally) Keynesian economic thinker, speaking in the 70s of the growth of corporate power, the undermining of labor, and the insidious nature of market fundamentalism. And yet, here we are, 30 years later, heeding none of his warnings, and entering into the new “global age” of “The World is Flat”.

Oh yes indeed, I do need to write some reviews very soon.

Finished Dreaming in Code

Overall, Dreaming in Code was an interesting book. For programmers who already are obsessed with the classics of software engineering (Mythical Man-Month and friends), you probably won’t learn much new stuff in this book. However, the personal illustrations using OSAF did lead me to some self-evaluation of the work I do. It was also interesting to see the internal workings of an organization which seems to be set up ideally for programmers — a good mission, an open source project, no real deadlines or users in the beginning, design-focused, etc. — and still see it run into the same issues traditional software shops run into.

I’d post a longer review, but I’m headed down to New Orleans today. Will post a longer review when I get back, hopefully also of Capitalism 3.0, whose ideas have been swimming in my head the last few days of commute.  I think they really deserve to be summarized and presented here.

In the meanwhile, I’ve started reading Making Globalization Work by Joseph Stiglitz. This book, in particular, has been a kind of catharsis for most of my armchair ideas in economics, at least so far.  It’s a very strange feeling to read the ex-Chief Economist of the World Bank explaining his own ideas about overcoming the zealousness of “market fundamentalism” prevalent in economic circles, while I, who never studied economics formally, think, “Why would anyone trained in this discipline actually believe that markets are a magic force that work on their own?”  But I guess ideology always trumps rationality.