GIMP Can Open SFTP URLs!

I never noticed before that if I open a Konqueror window, point it at an SFTP location, navigate to an image, and right click to open that image using GIMP, that GIMP retrieves from the SFTP URL directly.  When I save that image, GIMP saves it directly to the server.  Sweet!  That means I can edit images on a server without copying them by hand.  I was already doing this with text files, using Kate, but now I can do this with images, too!  This is with GIMP 2.4; I haven’t yet tried 2.6.

Of course, the file dialog used by GIMP is the sickly GTK one, so this functionality of GIMP can only be accessed by opening files from Konqueror or the command line.  The KDE file dialog is really nice and I wish the GTK guys would realize what they’re missing.

The FamilySearch Security Policy Editor and the Zope Component Architecture

Over the past couple of months, I have been working to make it easy for administrators to create and maintain a complex security policy for a giant archive of digital artifacts.  In the process, I think I have found a useful way to configure complex software systems such as Zope 3.

A Security Policy for Dead People

The archive in question stores images, documents, and various other records about dead people.  (Genealogy is mostly about dead people, after all!)  The archive has not yet been deployed, but it will replace an existing simpler system.  Assuming the archive is successful, developers at familysearch.org (my employer) will want to adopt it for their own purposes.  As adoption grows, so will the complexity of the security policy applied to the archive.  Therefore, the security policy must be manageable.  People should not fear the prospect of making changes to the security policy.  Changes in how the system is used should lead to changes in the policy.  If the policy does not evolve with usage, the archive will stagnate to some extent and so will some of the work being done.

Because the requirements are complex, the security policy is also complex.  There are currently six degrees of freedom, meaning that there are six independent variables that affect the outcome of a security policy check.  I don’t know about everyone else, but my quick intuition is typically limited to three dimensions; any more requires a great deal more rational exercise.  Six dimensions is often too much to work with quickly and confidently.

However, I believe the right user interface can optimize that kind of rational exercise.  Following that belief, I created a graphical tool for managing the security policy.  It can answer questions with simple interactions, increasing people’s confidence that they are changing the policy correctly.  I eliminated the need for humans to parse and generate XML, which I think they will find helpful.  But the best part, I think, is I put test-first methodology right before the user’s face.  A screen shot follows.

FamilySearch RBAC Policy Editor

The acronym RBAC in the title stands for Role-Based Access Control.  The six trees in the top left represent the six degrees of freedom; each degree has a grouping hierarchy.  On the right is a report of whether users attempting the selected combination would be granted access.  The reports are updated instantly whenever the user selects a tree node.  The screen shot posted here is showing that according to the policy.xml file in my home directory, users with any role can retrieve any image stream of any published image artifact, regardless of license.  This interface is the place to change that policy.

At the bottom, there are three tabs.  The first tab has a table showing all policy directives.  A directive states that access is to be allowed or denied if the request fits the specified combination.  To change the policy so that people must at least be authenticated before viewing images, the user of this application simply selects the directive shown, clicks the Edit button, chooses a different role, and clicks Ok.

In the status bar is a report of how many tests are passing.  If people use this feature, I expect the application to be quite successful.  The tests tab contains a matrix of tests and test users; each test user has a list of roles.  The cells of the matrix each have a checkbox that shows whether a given test user is expected to be able to do something according to the policy.  If the outcome of the policy does not match the expectation, the cell turns red and the number of passing tests decreases.

RBAC Editor showing tests tab

The report panels on the right feature the ability to show all directives or tests that meet some criteria.  If I want to know why someone’s access is denied when I thought some directive allowed it, I select the conditions of their request, then look on the right to see what the policy says about it.  If it says no directives match, then I select or deselect conditions on the left until I find the directive that needs to change.  If there really is no directive that matches, I add a new directive (and a test!) and verify the change using the report panels again.

The application has other goodies designed to increase users’ confidence, such as fully integrated undo/redo, error and warning highlights instead of cryptic dialog boxes, and “find” fields that filter the rows of the tables.  I expect that this is enough for a security policy administrator.  To make it as friendly as an iPod is not a goal and would even be a disservice for people who are responsible for complex things like a security policy.

A Configuration for Living People

Throughout the process of designing and implementing this, I have kept one thought in my mind: could I use something like this to configure components in the Zope component architecture?  The component architecture solves big, interesting problems, but it also makes the outcome of configuration decisions much less obvious.  If I made an application like this that lets you see and modify the outcome of configuration decisions interactively, would it be useful to the developer community at large?

Boy, would I love to find out.  I started the Zope Jam project some time ago and haven’t done anything with it since, although I thought my initial prototypes looked promising.  I stopped the project because I felt something nagging at me that the design was wrong.  Now I think I see one specific blocker: the whole thing was designed around ZCML.  It appears today that the Zope community strongly supports the component architecture, but not necessarily ZCML.  So the new project would be an interactive configuration browser and it may support more than one way of modifying the configuration.

I still prefer to make it a desktop GUI application (written in Python, rather than Java Swing, which was required for the policy editor), with a variety of low-latency widgets and no access control issues, rather than a browser-based application.  It should run user code directly, so that when the user asks what the outcome of an adapter lookup would be, the GUI’s answer would always be correct.  It should integrate tests of the configuration much like I did with the policy editor.  It should do everything possible to increase the software developer’s confidence in the component architecture.

Let’s Build This

Does anyone else get excited about this?  I love finding ways to make complex things simple.  If I could find a company to fund the development of this, I would work on it full time.  I think it would be a major time saver for any company that is doing significant software development using the Zope component architecture.

There Goes Another Heater Barrel

I put together my fourth heater on Friday and Saturday.  It worked fine for a while; I was able to extrude both HDPE and ABS!  However, after I allowed the plastic to cool in the extruder, I could not get the extruder to drive the plastic again, no matter how hot I melted it.  I had to disassemble the heater to clean it out.  As I was working to remove the ABS, one of the leads attached to the nichrome wire broke.  I don’t have any way to fix those leads, so the fourth heater is lost.  At least I was able to salvage most of the parts.

I now see a pattern in nearly all of the heaters I have built: the nichrome leads have broken every time, and re-heating plastic already in the extruder has never worked and led to major problems.  The re-heated plastic simply refuses to move out the nozzle, no matter how hard the motor pushes; the plastic tends to find alternate paths to exit the heater!

I spent some time thinking about these problems.  I intend to solve the nichrome lead problem by attaching a short metal bar to the heater barrel, the bar extended horizontally, then gluing the leads (bare copper wire) to the bar using JB weld (a hard insulator that can withstand about 310 degrees C).  The extended end of the bar, which should be much cooler than the end attached to the heater, will have a 2 pin socket so I can detach the heater easily.

The problem with re-heated plastic is still a mystery.  The third heater used a PTFE insulator mounted flush against the heater barrel, as specified by the bitsfrombytes diagrams.  With that design, a lot of the plastic exited out the top of the barrel instead of the nozzle, although I can’t remember whether I was using re-heated plastic at the time.  The fourth heater had an 8mm length of the M6 pipe threaded into the PTFE insulator.  Although the fit between the heater and insulator seemed very tight, the ABS still found a way to exit out the top and made a nasty hard shell covering the threads.  I now realize that the M6 tap I used was designed for tapping hard materials like metal, not soft PTFE; an M6 tap designed for soft material would have a slightly smaller diameter.  Next time, I will make my own tap using brass or just force an M6 screw into the PTFE.

By the way, I have begun putting together a BoM for the hardware I actually used.  Tres expressed interest in it and I imagine others will be interested, especially now that Vik has provided a way to buy the laser cut parts for around $400, a lot less than what I paid.  Excellent work, Vik!

Doug Wright on Throwing Away Your Vote

I listened to the Doug Wright Show this morning.  He was adamant that all voters should vote for a “viable” candidate rather than the candidate they believe to be best fit for office.  He claimed it is more important than ever to vote strategically in the upcoming election.

No matter how I vote (and how all of Doug’s listeners vote), this state will vote for McCain, and only divine intervention would stop that.  This state is extremely (and I believe excessively) loyal to the republican party.  So why shouldn’t I vote for the person I believe should win?  No matter how I vote, I can’t change my state’s electoral vote.  All I can do with my vote for president is try to reduce my state’s excessive loyalty to the republican party.

Unabashed Dorky Enthusiasm about Willowrise

It turns out I am supposed to unleash my inner dork.  In other words, I should write about my passion.

I am passionate about building a family business.  That’s what Willowrise is.  We have plenty of skills and talent, but we’re still working out how to present our skills to the world.  We’re certainly not a retail shop, yet that’s what our current home page makes us out to be.  We’ll probably always have an online retail shop, but that should not be our main focus.

As a business, we want to build on each other’s talents and create expressive things.  Much of our business so far has been independent of each other, even though we are a tightly knit family and we work together well.  We are looking for projects that exercise our combined talents.  Some ideas:

  • Instructional design (could be a perfect fit)
  • Outdoor games (not video games–we want to encourage people to play outside!)
  • Hmm, we need more ideas!

We have created and sold many great pieces of art, the excellent Dayspring CD, some cool web sites, some software, and even some hand-made flutes, but these have mostly been individual efforts.  Working together is what we really want to do.

RelStorage Test Plan

Before I release RelStorage 1.1, I believe I should set up a complete test environment.  The test environment will test different versions of Python, ZODB, the supported databases, and the supported database adapters.

I started by installing buildbot, hoping it would solve most of the problem for me.  However, I wanted a builder that would check out two things, ZODB and RelStorage, and install them both; there is no obvious way to do that in buildbot.  So I uninstalled buildbot and decided to write scripts instead.  Maybe I’ll figure out how to make buildbot run my scripts later.

Using Linux-VServer, which I already have set up, I will set up 3 new virtual servers and name them after birds that honk when you annoy them.  “goose1” will be 32 bit Debian Etch with Python 2.4, PostgreSQL 8.1, MySQL, Oracle 10g XE, and cx_Oracle 4.x.  “goose2” will be 32 bit Debian Lenny with Python 2.5, PostgreSQL 8.3, MySQL, Oracle 10g XE, and pre-release cx_Oracle 5.  “goose3” will be 64 bit Debian Lenny with Python 2.5, PostgreSQL 8.3, and MySQL.  Each of the servers will test several combinations of RelStorage checkouts (the trunk, the 1.0 branch, and the 1.1 branch) and ZODB checkouts (the 3.7 and 3.8 branches at least) with all of the installed databases.

This will not test all possible combinations, but should be enough to catch a lot of problems early.  Combinations that I would classify as unimportant at this time include 64 bit Python 2.4 (since Python 2.5 supports 64 bit much better) and Oracle on a 64 bit host (since 10g XE only comes in 32 bit).

RelStorage: MD5 sums

If you study RelStorage a bit, you’ll discover that every object it stores is accompanied by an MD5 sum of the object state.  Then you’ll probably wonder why, since MD5 computation is cheap but not free.  We do it to support undo.

ZODB expects the storage to check whether an undo operation is safe before actually doing it.  FileStorage performs that verification using the following algorithm: if each object’s state in the transaction to undo matches the object’s current state, it is safe to undo.  If any object does not fit that rule, raise an UndoError instead.

RelStorage uses the same algorithm, but it compares states using the MD5 sum rather than the full state, allowing the comparison to proceed quickly.  Actually, the real issue is not speed, but portability. Do all of the supported relational databases have the ability to compare the contents of BLOBs in a query?   It’s hard to find documentation on questions like that.  It’s much easier to just compare MD5 sums.

Besides, it generally feels good to keep MD5 sums around.  If the filesystem hosting your database ever accumulates some corruption, you can use the MD5 sums to help sort out the mess.

My Rep(St)rap

Items of note that you can see in this picture of my Rep(St)rap:

  • I used the BitsFromBytes laser cut plastic with alloy screws and other hardware I bought from McMaster.com and Fastener-Express.com.
  • I decided to mount all of the electronics on a thin 8×10 acrylic plate ($1.58 at Lowe’s) to make power distribution easy and to retain an appearance similar to the rest of the machine.
  • Everything is there but the heater.  I’m still waiting for the nichrome wire to arrive.  I can be patient, so I used free super saver shipping. 🙂
  • I used aluminum gears in place of the plastic ones because the aluminum gears have the same pitch (distance between teeth) as the belts.  Until I did this, the belts slipped a lot, but now it’s actually kind of hard to make them slip.
  • The Z belt tensioner uses an M8 rod instead of an M8 screw.  It extends to the bottom of the cage, giving the tensioner extra stability.

Deliverance Seems Cool

I have begun using the Deliverance package.  I think it cleverly solves the web software theming problem.  Its method of theming is deliciously simple and straightforward, yet I imagine most software developers will shun it at first because its method is inefficient.  Actually, that makes me happy, because Deliverance is going to save me and my family business a lot of development time, giving us an advantage in the market compared with those who continue to theme sites by fighting with CMS frameworks.

On the other hand, there is no 1.0 release of Deliverance yet, so it’s not ready for everyone.  It’s undergoing major changes right now.  I like Ian‘s new direction a lot, but when I tried the trunk, it made a royal mess of my CSS with embedded URLs.  I intend to try again in a few days before reporting a bug.

Still A Gentooligan

Ubuntu is what I install on nearly every server and everyone else’s personal computer, but for my own desktop and a few select servers, Gentoo is still the winner.

Binary distributions release a set of packages that have been tested together, which is an excellent service to users.  In the open source world, every part of the stack is changing at irregular intervals.  Binary distributions serve as the buffer between that wild world and users who just want their computer to work.

However, that buffer has a cost: it has a side effect of adding barriers between open source developers and users.  For example, sometimes I need to run a specific version of someone’s software, but my distributor has chosen a different version.  This happens quite often for me.  With a binary distribution, my options are limited, but with Gentoo, I have several ways I might accomplish that, most of them involving little effort on my part.

I would like to take this moment to say “thanks!” to the Gentoo developers and users who contribute to Gentoo.  I realize it’s hard work, and the hardest work might be resolving conflicts with your peers.  Your efforts have been worthwhile for me and have not gone unnoticed.