For years, many businesses were tied to Microsoft Windows due to macros that they made use of in Excel and Word, but that's about to change. Recently, Google Spreadsheets released "Apps Script," which allows you to extend Spreadsheets and/or integrate other Google products like Calendar.

Apps Scripts are written in JavaScript and the environment provides you with a bunch of different services, which allow you to access your contacts, maps, XML, fetch URLs from the Internet, get Google finance information, send email—all sorts of things that make it possible to create complicated workflows and applications. I can imagine that there will be a marketplace sometime soon, which will be bustling with great apps to buy and use.

For now though, you're on your own.

Anyway, yesterday, Google had a hackathon, and because I had no real business oriented application ideas I thought I'd make a game. The trouble is, all processing is done on the server side, so real time interaction is a bit difficult—if not impossible. There are timer events, form events and menu events, but you can't bind a key or anything like that—at least not that I know of.

So, a game like Tetris or Snake was out, but not Conway's classic Game of Life. The Game of Life is a zero-player game in which the initial board evolves to form interesting patterns or disappears into nothing. It's normally drawn on a grid of some sort, so I thought a spreadsheet was appropriate.

I've put the source code up on GitHub, along with some more instructions if you wanna check it out. Fork it.

Update: It was pointed out that I didn't handle lineno correctly; I fixed it.

In Java, I have a HashMap and I wish to get a random key. Well, AbstractMap doesn't define a way to get a random key, but it does provide a way to get a Set of keys. Does Set have a way to get a random element? No, but you can create an Array from a Set with the toArray() method on Set.

We end up with the following:

public String randomKey() {
    // Assuming: map = HashMap<String, String>;
    Set<String> set = map.keySet();
    Object[] strings = set.toArray();
    Random random = new Random();
    if (strings.length > 0) {
        return (String)strings[random.nextInt(strings.length)];
    }
    return null;
}

Now, this isn't necessarily bad, but we have to create a new array, and a new set each time we want a random key. We can of course be smarter about this by caching the array and/or set, but then we run into synchronization issues. We also get screwed when we attempt to implement the popRandom() operation, which could be implemented like so:

public String popRandom() {
    String key = randomKey();
    if (key != null) {
        String value = map.get(key);
        map.remove(key);
        return value;
    }
    return null; // or more appropriately, throw an exception
}

So, we're doing all this extra copying, allocating and deleting, when all we really need is an iterator, to solve this generically in O(n) time.

public String randomKey() {
    // randomKey method in O(n) using imaginary iterator() on AbstractMap
    int size = map.size();
    if (size > 0) {
        int index = new Random().randInt(size);
        Iterator<String> keys = map.iterator();
        while (keys.hasNext()) {
           if (index-- == 0) {
               return keys.next();
           }
           keys.next();
        }
    }
    return null;
}

This sort of thing isn't necessarily true for dynamic languages like Python which normally have ways to iterate over keys in a map, dictionary or set. They still don't have a way to get a random element from either out of the box without resulting to the O(n) iteration method, or converting to a list and using a random index approach.

>>> import random
>>> random.choice(set([1, 2, 3]))
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/System/Library/Frameworks/Python.framework/Versions/2.5/lib/python2.5/random.py", line 248, in choice
    return seq[int(self.random() * len(seq))]  # raises IndexError if seq is empty
TypeError: 'set' object is unindexable

>>> random.choice({'1': 'world', '2': 'galaxy', '3': 'universe'})
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/System/Library/Frameworks/Python.framework/Versions/2.5/lib/python2.5/random.py", line 248, in choice
    return seq[int(self.random() * len(seq))]  # raises IndexError if seq is empty
KeyError: 2

And of course that makes sense given how random.choice is implemented, since there's not necessarily an order for the elements of a set or dictionary, so you can't expect to subscript them. However they do provide an order when iterating over them and traversing the structure they exist in, so you could certainly use the same O(n) approach from above.

If there's some other less obvious way to do this in Java using a EnterpriseFactoryObserverFactoryFactoryCreator, please leave a comment.

Update: I overlooked something important, which was pointed out by gojomo on Hacker News. Set, which is returned from keySet() on HashMap, has an iterator. Thus:

public String randomKey() {
    int index = random.nextInt(map.size());
    for (String key: map.keySet()) {
        if (index-- == 0) {
            return key;
        }
    }
    return null;
}

That worked out fine, but it didn't really have the feel of pattern matching like you get with real algebraic data types. If you recall, I was playing with the following example with the decorator approach:

type astnode = 
| AndNode of astnode * astnode
| OrNode of astnode * astnode
| NotNode of astnode 
| IdNode of bool

let rec eval_node (n: astnode) = 
  match n with
  | AndNode (l, r) -> (eval_node l) && (eval_node r)
  | OrNode (l, r) -> (eval_node l) || (eval_node r)
  | NotNode l -> not (eval_node l)
  | IdNode v -> v

eval_node (AndNode (IdNode true, IdNode false)) (* returns false *)

The idea of that program was to create a small language to evaluate boolean expressions. In OCaml, it's quite succinct—too succinct, in all honesty. That's it. Of course it doesn't include a parser, or a lexer, but that's the crux of it.

Since that original post, I've posted about two other language hacks that I've attempted to create—both of which use context managers and the with-statement, worlds and dispatching urls (a la routes).

Basically, it occurred to me yesterday, that with's as clause did destructuring of tuples, in the same way that the assignment statement does. That is to say:

a, b, c = 1, 2, 3

Will correctly assign a = 1, b = 2, c = 3, in the same exact way that:

from contextlib import contextmanager
@contextmanager
def assign(*args):
    yield args

with assign(1, 2, 3) as (a, b, c,):
    pass

will assign a = 1, b = 2, c = 3.

I'll admit, that doesn't look very powerful by itself, but when you consider the possibilities, you might come up with something like I did:

with structural_matching((1, 2, 3)) as match:
    with match('list() x y z') as (x, y, z):
        print x, y, z
    with match('tuple() x _ z') as (x, z):
        print "tuple case"
        print x, z

which looks incredibly close to pattern matching in OCaml. I was super excited—but it won't work.

See, match is a context manager that gets returned with the intention that if the __enter__() method raises a NoMatch exception, it skips the "body" and goes to the next match. The problem with that thinking however is simple—there's no way for __enter__ to force skipping the body due to rejected PEP-377!

In the example above (full source here), raising NoMatch in the first match block, results in control being passed back to the __exit__() of the outer context manager—structural_matching. And to think, I got my hopes up!

But nevertheless, I pressed on, and hacked together, a match, that can destructure the following examples correctly:

with match('[1:3]', [1, 2, 3, 4]) as (a,):
    print a
# [2, 3]

with match('[1:]', "hello world") as (a,):
    print a
# ('e', 'ello world')

with match('str() x y', 'hello world') as (h, e):
    print 'h = ', h, ',',
    print 'e = ', e
# h = h, e = e

with match('x y z', [1, 2, 3]) as (x, y, z,):
    print z, y, x
# 3 2 1

class obj(object):
    def __init__(self, x, y):
        self.x = x
        self.y = y

with match('obj() .x .y', obj('x-ity', 'y-ity')) as (x, y):
    print 'x = ', x, ',',
    print 'y = ', y
# x = x-ity, y = y-ity

with match('x y _', [1, 2, 3]) as (x, y):
    print x, y
# 1, 2

It's much less useful considering you can't put it in the structural_match block ,like you would in a real match statement, but it's all we've got.

Back then, I concluded with This is as close to OCaml like pattern matching that we're going to get, at least as far as I know how to get, but it's sort of cool, and definitely a hack. Today, I'll conclude the same way.

What I don't like about this, is that there are obvious uses of this thing outside of the basic computing needs Jobs demoed.

Imagine being able to use this thing as a next generation "mouse." Perhaps it would allow multiple windows to be tossed around the screen, or moved around "Three-card Monte" style. It'd be revolutionary.

I dare you to name a piece of software intended for creation that couldn't benefit from a multi-touch input pad—perhaps even customizable based on the context your in within the app? Photoshop sliders? Aperture light tables? Scaling and carving models in Cinema 4d or Maya? The list goes on.

Now, imagine 2 of them working in tandem. On the left, you have a hunking half-keyboard for the Q-W-E-R-T half, and on the right the Y-U-I-O-P half. Suddenly, we have a multitouch split keyboard (without haptic feedback of course), which could be the next generation of FingerWorks TouchStream style devices, which Apple, for reasons unbeknownst to me, ceased the operations of. (If I had to guess why they killed off FingerWorks, it'd be that Apple thinks the market for ergonomics is oodles smaller than mobile multi-touch devices—and I reckon they're right.)

The real disappointment with the iPad isn't that it can't run multiple apps, or that it'll be another $29.99 a month for 3G support for iPhone users. It's not even that the pixel density of the thing might make it tough to read books on. The real disappointment is the fact that the device is locked down and we'll never get the chance to use it to innovate the way we interact with our real computers.

The move was justified, as Roundup no longer matched the way our organization wished to conduct business. It was a good move, but as with any migration there are bound to be some hiccups along the way.

Right away I hit one. The data models for these 2 very different pieces of software are insanely different (who knew?). Roundup makes use of a SQL database, but not in a traditional way. And, activeCollab combines almost all of its entities into one table. This of course makes querying with SQL incredibly difficult, and a SQL to SQL translation close to impossible.

Luckily, in moving to activeCollab, we inherited a somewhat RESTful, API that allows for the modification and creation of entities. As a result, it became apparent that the logical way to migrate this was to pull the data out using the Roundup's libraries and make the appropriate API calls with the translated data.

To make it easy on myself, I developed a quick ORM-like interface to the APIs. I had the idea that if I could make it work for activeCollab, it must be generalizable enough to work for other services and APIs as well, which I could do later.

And, I was right. It could be more generalized, and it could be useful. In fact, the idea was so useful that 3,000 miles away in the San Francisco office someone else was already secretly working on the same idea!

Enter Remote Objects

The result of the secretive effort, that I became aware of, is called Remote Objects, which identifies itself as An object RESTational model. Six Apart has graciously released it as part of the requirements to run TypePad Motion, which is also available, under a BSD License, on github.

But, just because its main intentions were for being used against the TypePad APIs, doesn't mean that it only works with them.

In fact, the developers had the foresight to think that this would be useful in other cases too, just as I did, as can be seen in the examples that come with the package.

Needless to say, I abandoned my implementation of this idea and will adopt Remote Objects in the future. Have a look. Hopefully it is useful in your toolbox too.

Worlds allow you to capture the current scope of a program in a first-class way. All updates to the current state (i.e. local variables, global variables) happen in a non-commiting way. In other words, you can back out of any changes at any time.

Consider the following example (taken from the Warth paper):

A = thisWorld; // thisWorld is always the current world
r = new Rectangle(4, 6);

B = A.sprout(); // sprout creates a new world with it's parent set to A
in B { r.h = 3; } // side effects within this `in' occur only in the world B.

C = A.sprout();
in C { r.h = 7 }; // in A's world r.h = 6 still.

C.commit(); // only now does r.h = 7 in world A.

If you follow along in the comments I've appended to the example, you'll start to see why this idea is interesting, even from this little example.

The astute Scheme programmer, however, will notice almost certainly that this construct could be created with call/cc, which is certainly true. The problem with this fact is that not all programming languages are Scheme (unfortunately), and of course not all languages support first-class continuations.

The question I asked myself, however, is this: Can I hack worlds into Python? To which I came up with the short answer after some thinking, sort of.

I guess I should explain what's going on more clearly in the example above. The first thing to note is that A represents the current scope; the current state of all variables in the program. Sprouting a new world from an existing world means that any changes that occur when using the sprouted world, do not affect the world who sprouted the current world, unless the new world commits the changes made to the original world.

Which is to say, changes that occur in an in block acting on world X do not propagate to the parent (the world X was sprouted from) of X unless X.commit() is called.

Enter Context Managers

A few months ago, I wrote a blog post about Dispatching With "with", in which I explained context managers in Python, and how they can be exploited to create a less separated mapping from URLs to request handlers (something that definitely has its place in the small web-app world).

The basic idea of this was that in the __exit__ method of the web-application object, the current frame was inspected and references to functions that represent HTTP methods would be collected, stored and tied to the last regular expression passed to the expose method in the application object. This simple solution allowed us to express a web application succinctly like so:

app = web.application()
with app.expose('/'):
   def get(): 
       return "Hello World"
app.run()

For worlds, I also exploit context managers, though mostly for the in-like syntax, and for managing the current thisWorld variable.

The quick[1] solution that I came up with for implementing worlds can be used like so:

with Universe(): # establishes new world, assigns to local variable `thisWorld'
   thisWorld.r = True # must assign directly in the world. LIMITATION
   new = thisWorld.sprout() 

   with new:
       new.r = False

   with new.sprout():
       thisWorld.r = 15
       thisWorld.commit() # now new.r is 15, but the original r is still True

   print thisWorld.r # => True
   new.commit()
   print thisWorld.r # => 15
   thisWorld.commit() # have to commit to the actual scope LIMITATION
   # r is now part of the local variables where this universe exists
   print r # => 15 

Looking at this example, it's already apparent that the Warth implementation of worlds is superior, just in the amount of code needed to take advantage of it. You might also see that I didn't even attempt to port the rectangle example from above. That is because there isn't anything smart going on under the hood when it comes to container objects (such as lists, tuples, objects, dicts), and I'm not yet sure how to get there.

With simple immutable objects such as booleans, integers and strings, using copy-on-write semantics works wonderfully. Then, on commit of the world, the code just copies all of the changes into its parent. I haven't tackled the case of mutable container objects just yet, as there are complications in the API[2], as well as the implementation.

The interaction with this is sort of annoying though. In order to take advantage of worlds in Python, you have to touch virtually every line of code in the function you are trying to worldize, because you must assign explicitly to a world. The world's context manager sets up thisWorld for you, but you still have to do thisWorld.variable to get any sort of benefit.

My inclination is to get into some bytecode hacking to modify all assignments within the with block to be assignments to thisWorld automatically, but bytecode hacks are neither pleasant to maintain, nor are they portable across implementations.

It's also possible in the Warth version to worldize functions and any other first class object. Maybe the solution is simple and I just haven't seen it yet. Whatever hacks, that I come up with though, will be just that, hacks, as there is no easy way to add worlds to Python in the same way that Warth added them to JavaScript[3].

We are in an age of programming where mainstream programming languages are unable to adapt to our needs as programmers. We are unable to bend them at our will like we can with Scheme, Lisp and even Clojure. Attempts to bring about change on this front have not been met with enthusiasm from most groups. Whether it's a lack of marketing, evangelism or just that the general population doesn't view unbendability as a problem, I'm not sure. But, I for one like the idea of being able to easily add worlds, and other ideas, as true language features to languages that by practicality, I'm forced into using. That would make me a much happier, and effective programmer.

1. By quick, I do mean quick. This was 2 hours of work and sketching. Surely there is lots of work to be done to make it a true solution.
2. The same strategy could be used as for simple values like booleans, if the API used a method, say assign instead of the more natural assignment operator. Consider, thisWorld.assign('obj.height.inches', 30) vs. thisWorld.obj.height.inches = 30.
3. The Worlds prototype was written in OMeta, which is a solution to the "unbendable" languages problem. Note: I didn't attempt to write worlds in PyMeta, but, it may be possible to do.

It is the ever so common case that you always hear, It works fine here, it must be your fault. And, boy did I come up with some interesting theories as to why it was not the fault of my code.

Basically, I'm POSTing some data to a resource that is protected by HTTP Basic Authentication, and then reading the response for further processing. It is a basic task, and one that I've done many times in the past.

In fact, I've even used urllib2 to do this before using the following method:

headers = {'User-Agent': useragent}
req = urllib2.Request(url, data, headers)
 
passmgr = urllib2.HTTPPasswordMgrWithDefaultRealm()
passmgr.add_password(None, url, username, passwd)
handler = urllib2.HTTPBasicAuthHandler(passmgr)
opener = urllib2.build_opener(handler)
connection = opener.open(req)

In this case, the following behavior is seen:

1. Client (urllib2) POSTs data leaving out the Authorization header
2. Server responds with a 401. Client (urllib2) never sees the 401 error, and instead gets a SIGPIPE
3. Client attempts to reconnect, going right back to step 1

Naturally, the only way I discovered this was to fire up tcpdump and look at what was being sent. It quickly became obvious that there was never an Authorization header being sent, and therefore the 401 was completely justified. The broken pipe seems to have come from the server responding before reading all of the posted data to thwart off denial of service attacks.

My only explanation for why this works perfectly fine on my laptop and not in either of the data centers I tried running it from is latency, though I'm shocked, and not yet convinced, by that result.

Incidentally, I solved the problem by sending the Authorization header on first request, rather than waiting for the confirmation that, yes indeed, the resource needs the Authorization header sent, as urllib2 likes to do.

... and now it works fine.

This whole experience will make me think twice before laying the blame anywhere until I have uncovered the real truth, something I think all programmers should learn to do, if they don't know already.

Take for instance django-favorites. By itself it's a great package that does exactly what you want—it allows a user to mark things as being a favorite. Notice that I said "things." "Things" here means any model, because it uses the generic relationships framework that Django provides.

This is a huge win on its own because it means that I don't have to define a new favorites model for blog posts, one for photos and another for music I'm listening too. But, there's a downside to this as well.

How do I check to see if an item is a favorite? Well, for each blog post I select back from the database, I have to make another query to see whether or not it was a favorite or not. Alternatively, of course, I could be smarter and do a bulk query using an IN clause, making the query count only 2. But, if I wasn't using an ORM, my SQL would use an OUTER JOIN, or a sub-query to select back whether or not it was marked a favorite for the current user.

Django can do this using the extra method for QuerySets.

Ok, so we can use extra every time we want to select back whether or not an item is a favorite, no big deal.

Except that you have to do this every time. So, you then create a custom manager for Photo that includes a check_is_favorite method, which adds the is_favorite pseudo-column and everything is good.

That is until you have to do it for Entry, and Song, and User.

The solution however is simple. Reusable apps should include a "ManagerMixin", if it makes sense to make reusing the app as painless as possible. The django-favorites application that I've been using in my example would be complete in my eyes if it had something like this defined in it:

I have yet to run a bench mark against this to determine whether or not the sub-query here is less efficient than doing an OUTER JOIN. My gut says it would be, but for a first go at it, I'll keep it like this.

Anyway, then to make use of this you create a custom manager that uses FavoritesManagerMixin as one of its base classes:

And then to make use of it, we do:

The intention of this post isn't to point out a flaw in django-favorites, an otherwise great reusable application, BTW, but instead is meant to give a way that this idea of reusable can actually be usable.

I put my django-favorites on github. Feel free to flame me for going against what this post stands for and creating yet another "favorites" reusable app, without submitting a patch to the original, I wanted some practice in Django development.

He's got strength and training on his side, but I could probably take him if he didn't have his belt and was blindfolded. Give him his utility belt though, and I'd be doomed. That's not because his belt has super powers—instead his belt contains tools that are useful in common situations of distress, and of course detective work. The Bat-grappling hook for instance allows him to scale buildings and walls, and tranquillizer darts allow him to temporarily disable a foe. Batarangs, with practice, can be used to disable an opponent by aiming for a body part, or to cut down a hanging chandelier, creating yet another obstacle for foes to fight through.

Hackers have similar tools, but we carry them in "/usr/bin/" (though how cool would it have been if the Bell Labs folks named it "/usr/belt/" instead). The tools we use, generally allow us to solve problems quickly and efficiently—just like Batman.

The tool that I've come to rely on quite a bit recently is SSH. Most hackers use SSH for working remotely on servers, and for copying files over SCP or SFTP. Some may even use FUSE and SSHFS to mount file systems over SSH. Its potential uses are endless, but the most useful uses for me lately have been tunneling and SOCKS proxies.

Tunneling

As a programmer who on occasion works from home (more so currently), it's often a battle to connect to all of the company resources I need in order to perform my job. Firewalls are good things, and are configurable to allow remote people access to walled gardens, but with dynamic IP addresses being the common norm, opening up resources to many different addresses gets hard for sysadmins to track. Besides, they've got a ton on their plate already.

To combat this problem, VPNs were created. Basically, a VPN allows one to connect networks together as if they were local to each other. When I use my companies VPN, it's as if I'm sitting in the office.

Often though, this isn't enough. When dealing with networks that clients own, they may provide us access through only one entry point, a single development server for instance, which is locked down.

This is where SSH comes in handy. In the OpenSSH implementation of the SSH client tools, the -L option allows one to setup forwarding of traffic to another host. Suppose, I wanted to connect to a client's Oracle server, listening on port 1521:

Now instead of pointing our SQL*Plus client to clients.oracle.server.name:1521, we point it to localhost:9999, and traffic is forwarded via your.companies.host as if we were connecting directly from your.companies.host.

This is extremely powerful, and simple.[2]

SOCKS Proxy

Similar to the tunnelling example above, OpenSSH can act like a SOCKS proxy, allowing you to forward outbound traffic to a trusted source, which will then carry out the request on your behalf. This is great for browsing in public WI-FI spots where attackers might be sniffing for passwords being sent in plain text over HTTP, or some other unencrypted protocol.[3]

And, of course, setting it up is as easy as passing the -D option to ssh when connecting to you@remoteserver.

Then, you can setup your computer (or web browser) to use a SOCKS proxy, and point it to localhost:8000.

This isn't without its problems though. For one, the network could block all outbound traffic except HTTP/HTTPS. One obvious workaround is to have a remote server listening for SSH connections on port 143 or port 80, instead of the protocol default of 22. But, you'll of course need your own box, or VPS for this, as your shared hosting account will probably not allow you to change sshd's listening port.[4]

Of course, since SSH is a protocol for sending encrypted network traffic, there are many other uses for it. These are just the two alternatives I find the most useful lately.

1. I use the jargon file's definition of hacker, not the commonly confused term cracker.
2. It can of course get much, much more complicated
3. Unencrypted WIFI traffic is extremely easy to capture, with a tool like tcpdump
4. The thought of a "loopback" SOCKS proxy, "loopback" tunnel or some combination of the two cannot work, as it would only ever forward traffic to your localhost's sshd, which would then forward traffic to the destination, unencrypted, over the local network—this is the exact situation we were trying to avoid. Plus, if you're trying to forward traffic in this way, over a port that's being blocked, it's still blocked.