Cosine Jeremiah and his Musings

Yes, that’s right. Today is my last day at my present employer. Two weeks ago I formed my own company, CosineWave Technologies Incorporated, and I will be working for it as a contractor.

Here are the primary services that I offer today:

• Unix Security
• Security Management
• Application Development
• Internal Training

Please go to the CosineWave website and drop me a line if you are interested in hiring me!

And to all my friends and colleagues that have helped me get here: thank you very much!

Thursday, February 28 was a long day for me, but in a good way. It started almost like any normal morning, except I had to wake up 20 minutes early to handle the morning care and feeding of my animals. That task is one my wife usually performs, but she had to run out extra early for her own work.

My morning at work went relatively fast. I had very few scheduled tasks because of meetings dotting my schedule and my vice president’s group was all going out to play Whirlyball for the afternoon. Additionally, due to my company’s sales team scoring a big contract, the company was serving free Lou Malnati’s pizza for lunch.

Whirlyball was probably the most fun of the day, but it is what happened afterward that is the most interesting. I arrived at Houlihan’s at 6:30, preparing to socialize with other security professionals at Chisec 16 starting at 7:00. I did not wait long. I had hardly sat down when Maniac showed up, always full of interesting conversation and even an Asus Eee PC, something I had never seen before. It was not long before the room was full of other security professionals from all over the Chicago area.

With 20–30 people in a room, you do not get to talk to everyone. I primarily spoke with a couple guys from the University of Chicago and some consultants from no less than three different firms. It was Thomas Ptacek that gave me the biggest surprise of the evening.

Tom told me that it is getting increasingly rare to find computer people that know C. I had never thought about it, but I could see why this would be a problem. I have been using C since 1994, and I simply consider it a staple of my computer abilities. It is like part of the foundation. It is through C that I know how a shell interacts with an operating system, or how any program interacts with other components of the system. My knowledge of C is how I learned about the general structure of a running process in memory, and from that I understand how things like buffer overflow attacks actually work. It is through C that I even know how Ruby handles its garbage collection, at a low level. In regard to modern computer architecture, if you do not know C, then I would be incredulous if you told me that you really understand computer architecture. I am not sure that knowledge of C++ can really convey the same understanding, except that someone could do so by paying close attention to the subset of C++ that is C.

I wonder… do you know C? If I were to compile a list of important languages that all computer programmers should learn, C would be high on the list, if not the top language. Certainly there are other important languages out there that expand ones mind around advanced programming topics, such as Ruby, Lisp, and ML, but down at the linker level C is the language that all other languages communicate with the operating system or the hardware—application binary interfaces (ABIs) are designed around how C compilers generate object files. It is that important.

Earlier this month I was playing with a WordPress plugin that would add OpenID support for the blog here. My intention is to make it easier to signup for commenting, while still not opening the flood gates of anonymous posting to avoid spam (I am not a big fan of CAPTCHAs). Unfortunately, the hosting environment is still on PHP4 and the plugin requires PHP5. I could probably fix the code to work with PHP4, but I have better things to do for now so the OpenID support will wait a bit.

Also, I want to share this bit posted on Jim Weirich’s blog. He said it is on his wall, and I liked it so much that it is also on mine now, too.

Recently Oracle released a 272 page document outlining some recommended best practices when implementing SOA with its suite:

http://download.oracle.com/technology/tech/soa/soa_best_practices_1013x_drop3.pdf

I was going to review it for its security best practices and WS-Security recommendations… but there are not any. Take that to mean what you will.

I just found out that Paul Graham has unleashed Arc upon the world after years and years of teasing us. This is exciting, particularly for what will happen to Ruby. All of the nifty features that make Arc awesome will be extracted into a few Ruby gems in the next 2–4 weeks, and everything that Paul put into Arc will be available for Ruby.

But Cosine, you might say, Paul developed Arc so that the language would have nifty breakthrough features unlike any ever seen before to make code more concise! Without the base language support for these features, Ruby will not beat Arc at its own game!

Well, someone has already written a library (it should be reformatted properly into one, anyway) in response to the Arc Challenge that implements part of the Arc standard library, exposing for Ruby any language features in Arc that Paul was trying to showcase in the Arc Challenge.

Paul, please give us a challenge that shows a fundamental language design difference rather than displaying a gap in the presently available libraries. I know you are a smart cookie, so you must be hiding something up that sleeve.

Actually, I can think of one advantage Arc has over Ruby. Arc is Lisp whereas Ruby is not, and following from that Arc has macros while Ruby has ugly workarounds to fake macro writing. But everyone already knows that. Hmmm, maybe what we really want to do is have all our Ruby gems and Rails made available for Arc? Arc on Rails, anyone? I think that would be pleasant.