http://perens.com/blog/2013/01/16/1/

Someone on Slashdot recently claimed I hadn't read Keep the Aspidistra Flying because I thought the ending was depressing. After I finished my PhD in 2007, I've managed to avoid the same fate and have successfully avoided having a real job for almost five years. I've done freelance programming and written four books, and had a lot of time to post on Slashdot (as you can tell from the fact that, so far, I've posted more than anyone else this quarter) and do open source stuff (Ohloh ranks me in the top 2,000 geeks with no life^W^W^W^Wopen source developers).

That's about to change though. I had two interesting job offers recently (I seem to get job offers from banks very often, but I have a very low tolerance for tedium, so I'd probably have been fired around day 3 if I'd taken any of them). One was from Google in Paris (yay!) but working on boring things (boo!). The other was from Cambridge University, which is about as well paid as you expect in academia (aww!) but basically involves working on the same stuff I do for fun (yay!) with some very intelligent people (yay!). Oh, and it's in a city where a quick search found four tango classes (yay!) and property prices not much lower than London (oops!) and which is both small and flat enough that I can cycle everywhere (yay!) and so does everyone else (look out!).

So, in a few weeks I'm moving to Cambridge. I'll miss looking out at the sea, but being able to dance tango more than once a week should be some compensation. There also seems to be a lively salsa scene, although having to learn yet another set of names for the same Rueda steps is going to be a little tiresome...

When I visited, I went for drinks with some of the makerspace guys the night before my interview (I have no idea how much I drank, but it didn't seem to affect my interview performance too badly...) and met someone who worked on the C++11 atomics spec (which I was in the middle of implementing at the time) and someone who had ported 2BSD to a 32-bit PIC with 128KB of RAM, so it definitely seems like a city with no shortage of geeks...

This weekend (I think, maybe earlier), Slashdot published some statistics about the most active people. Apparently I am in the top four most active commenters for the past month and the past quarter. This is quite depressing.

In happier, and unrelated news, my FreeBSD commit bit was approved this weekend, so I can now cause untold destruction on the Internet at large...

Recently a set of six senators have proposed a Constitutional Amendment to overturn the controversial Supreme Court case of Citizens United v. FEC which held that corporations were allowed to make unlimited expenditures with regard to elections provided that those were independent expenditures, not coordinated with candidates.

The Citizens United case overturned two previous Supreme Court cases, McConnel v. FEC (which was a case the court evidently had trouble drawing lines over given the fact that 9 justices produced 8 opinions, and pieces of four of the opinions commanded a majority of the court), and Austin v. Michigan Chamber of Commerce. Some First Amendment scholars from across the political spectrum have hailed the decision. For example Eugene Volokh, a Republican, has generally felt this was an important protection of Constitutional liberties, and the ACLU played an important role in filing amicus briefs in favor of Citizens United, and has been very much in favor of the decision. Others have seen it as an open invitation to Corporations to meddle in politics.

Before we get into the Constitutional Amendment and why everyone, on both sides of this issue, should be opposed to it, it's worth noting that the questions of first amendment law in election finance cases seeks to balance two competing interests. The first is to ensure that the people can write and publish on political topics surrounding an election, and the second is to ensure the integrity of the elections. Citizens United draws this line by saying that independent expenditures are different from coordinated expenditures (5-4 holding, but the dissent didn't offer an alternative except to wait for another case), and that disclosure laws were entirely Constitutional (8-1 holding). The fundamental problem is that while money is not speech, regulating how people can spend money in order to express themselves regulates a lot of speech. The court correctly noted that the Constitution didn't differentiate between, say, the New York Times and, say, Merke, and therefore, couldn't grant the government the ability to ban Merke from buying television ads without banning the New York Times' right to print editorials in favor or opposed to candidates.

Indeed the concern over freedom of the press was at the core of Citizens United. Surely when Alito asked S. G. Malcolm Stewart if the government could Constitutionally ban books, he had no idea that the only answer S. G. Stewart could give would be "yes" (an answer repeated by S. G. Kagan at rehearing, see the same link above for all oral argument), and hence a question probably intended to address an issue of statutory interpretation set the stage for a Constitutional showdown. To be fair, both Stewart and Kagan tried very hard to avoid giving that answer but both were unable to come up with any alternative that would save the law as written, because the Supreme Court tends to err more on the side of facial challenges (striking down laws) than as-applied challenges (mandating exceptions) when it comes to freedom of expression. The dissent felt the correct decision was to say, in essence, "we don't have sufficient record to make this decision. Declare it as moot and let them bring another case to us through the courts."

Citizens United was hailed as a major First Amendment victory by the ACLU, and many other organizations which work on First Amendment issues, and by major First Amendment scholars such as Eugene Volokh. However, many others have seen it as a doorway to corporate tampering with our elections.

However, for any controversy, there are solutions that are far worse than the cure. This is one of them. The relevant portion of the proposed Amendment is:

SECTION1. Congress shall have power to regulate the raising and spending of money and in kind equivalents with respect to Federal elections, including through setting limits onâ" ...
(2) the amount of expenditures that may be made by, in support of, or in opposition to such candidates.

The omitted paragraph 1 allows the government to regulate gifts and donations to candidates, something already within the power of the government. Section 2 grants identical powers to the states.

Now, it's important to note what is covered under Section 1 paragraph 2. In essence any money spent communicating a message on an election for or against a candidate in any way falls under government power. Presumably this could include purchasing gas to go to a rally, publishing pamphlets, buying Obama's books to give to undecided friends in 2012..... These are all independent expenditures and could fall under government regulation under such an amendment. And nowhere in the amendment does the word 'corporation' appear.

In essence the proposed amendment is that we trust to Congress the ability to arbitrarily limit the freedom of the press not only by corporations but also by natural persons. Such an amendment would prevent a first amendment challenge to some laws already on the books (say, a foreigner here on a student visa publishes a blog posting on a site that he/she pays for hosting on opposing an anti-immigrant candidate. This is already against the text of campaign finance law, but would probably allow either an as-applied or facial challenge to the law even before Citizens United but that would be taken away).

This proposed Constitutional Amendment then goes well beyond repealing Citizens United in that it takes away Constitutional protections that each of us enjoy.

Now, the subject of independent expenditures is a controversial one. However, given that only defenders of Citizens United have offered any data defending their side, I am forced to at least tentatively conclude that the ACLU is right on this one. However for the purpose of the rest of this post, I will assume that this is a serious problem and offer recommendations for changing this proposed amendment so that it does not strip us all of fundamental Constitutional rights.

If the problem is a concentration of power over spending in our elections, it seems to me unwise to further concentrate that power in the hands of the state. Instead it would seem to me that granting power to Congress to curb the worst abuses only, while preserving the power of the common man would be preferable. In this case, if the problem is specifically corporate spending, then allow Congress to limit Expenditures, not part of profit-making goods and services offered at standard prices, on the parts of for-profit corporations only. This would be sufficiently broad enough to ban Corporate donations to Citizens United and the ACLU, but not sufficiently broad to regulate what fliers and pamphlets you or I can print to distribute. It would allow Congress to prevent Corporations from offering special discounts for such material, but would not prevent them from offering standard discounts (such as volume discounts available to everyone else).

In the end, it's easy to get whipped up into a frenzy and believe that because we must do something that this must be done. This is unfortunately common. We see on the other side of our politics, amendments to state Constitutions which forbid state judges from using foreign laws to inform decisions, forgetting that in international contracts or other cases where conflict of laws issues may come up, these foreign laws are extremely relevant to the cases. Like this present proposal, the problem is with being overbroad, and therefore causing a great deal of harm to our basic freedoms in the name of solving problems.

Every American should be opposed to this amendment. Those who oppose Citizens United and seek to overturn it should insist that the amendment to do so be narrow. Those who support it should listen to the others but make sure their concerns are addressed.

Hey! I am a finalist in the National Science Foundation's Visualization Challenge: Check it out and vote: Metabolomic Retina The full list of entries is here.

LedgerSMB 1.3.0 was released today after several years of development (perhaps nearly joining the ranks of Perl 6 and Duke Nukem Forever). The release offers a number of compelling features, such as separation of duties, far improved payment handling, better cash reconciliation and the like. But what makes LedgerSMB 1.3.0 cool is how we are pushing the envelope technically and attempting to provide a framework for quickly building new programs which re-use our application's functionality.

Simply put, the cool approach we are taking is in making stored procedures discoverable, much like web services. This is done by assigning semantic meaning to argument names, and then using a mapping function to pull argument names from the system catalogs, mapping these to object properties. This offers many of the benefits of web services, such as offering a looser coupling between database and application layers than is traditional, and it facilitates the development of add-ons or even other applications which re-use LedgerSMB functionality.

One key element to making this work is the principle that the database in such an environment should be the centerpiece of the computing environment rather than the bottom tier of a multi-tier architecture. Thus every application user is a database user, the database itself enforces permissions, and can act not only as a data store but also a message queue, possibly routing data to other applications (via queue tables and PostgreSQL's LISTEN/NOTIFY framework). In essence the database does everything that could be done with set functions.

Of course the database doesn't do everything. We don't hand it raw http query strings, or have it output HTML documents assembled from data inside the database. This is the job of the application layer, which is to manage the interaction with the human component. Separating this role off, then allows for more diversity in usage in the future. We are thus no longer tied to a web interface for the long-run, and could allow other client apps to be built on our software in the mean time, all sharing a common security and data logic framework.

In this regard, PostgreSQL takes on traditional middleware roles in LedgerSMB from 1.3 onward. This isn't to say it is an application server in the classical sense, but rather that it takes on many roles of application servers. We've found this approach to be quite scalable because hand-tuned SQL generally performs better (and is easier to troubleshoot) than ORM-generated SQL statements, and yet of course much business logic is not in the db server at all but rather in the application which provides the interface between the db server and the user interface, whatever that may be.

Work has already begun on 1.4 to take this approach to an even higher level, as we re-engineer the financial logic to make use of this approach.

Every generation needs an intellectual hero... Ours was Steven P. Jobs

My current phone is a Nokia N80. I've had it a few years and I'm reasonably happy with it, but it has a fault with the charging circuit and it's pretty bulky, so I'm thinking about replacing it. Unfortunately, there seem to be about 3,000 different options with no competent way of way of working out which one is sensible.

I mainly use my phone as... a phone. So, the most important feature for me is the ability to make and receive calls. Because I am a cheapskate, this includes SIP (and WiFi), since my SIP provider charges a lot less than my mobile provider when calling landlines. I really like WebOS in terms of UI, but that seems to rule the Pre out because the only WebOS SIP client is alpha quality and doesn't integrate with the address book. This is something that Nokia does really well - the SIP client is fully integrated, so I can just select someone from my address book and select Internet Call to make the call. No extra skill required.

Beyond that, the only thing I really need is to be able to sync contacts via bluetooth and to use it as a modem via bluetooth - both pretty standard features, I'd assume, since my last three phones have had them.

In terms of smartphone features, I'm not that bothered. A programming environment that supports native code so that I can port my ObjC runtime would be nice - I have no interest in VM-based crap - but aside from that I don't have any strong requirements.

I would, however, like decent battery life and a small size, and ideally a nice camera. The bulk and poor battery life of my N80 means that I quite often leave it at home.

So, any suggestions?

New JonesBlog update. STS-135 Landing photos and my visit to Kennedy Space Center

A Photographic Study of The Fly with anatomical details and discussion of potential applications in unmanned aerial vehicles here.

Ok, here's an odd request. Maybe someone out there has an answer for me.

I know we've been making huge advances in mapping distant celestial bodies, their speed either across our field of view or relative direction (to or from us) with red/blue shift, etc. I was curious to if there has been any publicly available project which creates a 3 dimensional representation of that data, and allows for adjustment of time.

The way I understand it, in theory with enough data, the known universe could be collapsed (virtually) to the time of the big bang.

I've had an idea for a (fictional) story, which I'd like to be able to back up with at least something resembling factual information. For example, the Earth takes roughly 250 million years to make an orbit all the way around our galaxy (one "Galactic year"). If you were looking at Galaxy X and Galaxy Y, and for particular intervals. Imagine a line drawn from a fixed point in each Galaxy. Would it be possible to determine if the Earth (or at least a close part of our galaxy) would intersect that line, or look back to when that did happen? ... and save the supercomputer comments for some other time. :)

I've noticed a trend lately (like in the last couple years). Comment thread lifespans are becoming shorter and shorter. I'm usually good about going back to my messages, and keeping up conversations in the thread. It seems not everyone else is.

    If anyone who programs here reads this, do your own research against the database, and see what mean life expectancy of comment threads is. I almost guarantee if you run it against all stories from the beginning, you'll see it's tapering off.
    What I have observed with my comments, even the occasional first post, is that the thread will die off at about 2 to 3 days, regardless of how interesting the conversation is getting. It seems people just aren't interested in going to older stories, which isn't surprising since it's a pain to get to older stories. Look for a story from two weeks ago. Type in some keywords in the search? No way.. Pointy-clicky through the More buttons, good luck there.

    Still, it's easy enough for people to keep up with running conversations. Well, I assume so. When we were forced into the new theme, I had to be sure my messages box was at the top left. Maybe I'm one of the few who actually set up for that, or most people are set for no notifications. Either way, it's becoming disappointing where conversations don't run their course. I don't think it's me... I have week and month long conversation threads going with friends and colleagues, even if every 3rd message (for colleagues at least) is "you are dumb, now send what we asked for". :) No offense to any colleagues or ex-colleagues who may read this. I'll assure you to your face that I'm not talking about you, but sure as hell when you aren't looking, I'm going to point at you and say "it was him".

So back to the topic... I wish more of you would keep up your ends of the conversation. It's hard talking about interesting subjects, and when I've written a well thought out reply, it's just exceeded the MTTL (mean time to live) for a thread, and it's abandon. Well, except for the random troll who goes back through old threads and writes TL;DR, but he barely counts as anything. :)

    Maybe Slashdot can gear up something more conducive to actual conversations, rather than a few hundred drive-by comments that are dead end conversations. I really miss the intellectual (or quasi-intellectual, sometimes) conversations, now replaced by a short thread lifespan and high churn of stories.

I've settled on a hopefully credible way to sign my posts without needing to worry about how word-wrapping will mess up the GPG signature. Before signing my posts, I will remove spaces, tabs, newlines, and any other non-printable characters before signing.

That means that the GPG signature of my posts will be invalid as-is (since the text of the posting itself retains the whitespace and non-printables). That means you will have to remove the whitespace/non-printables yourself before running through the GPG verification to see that it is a valid signature. This is how to do it:

put the plain text into PlainTextFile, and the signature (including beginning and end lines) into SignatureFile, and use this command:
tr -cd [:graph:] <PlainTextFile | gpg --verify SignatureFile -

Don't forget the single hyphen at the end of the line, which has a space before it.

For a long time, I've followed what I've read regarding URL lengths. 255 characters is it. Never let it get longer than that.

    By the RFC's, 255 characters is the guideline, to maintain backward compatibility with old browsers, old proxy servers, and other miscellaneous hardware that may be in the way.

    I went looking for more information, but found conflicting or outdated information. Who cares what the limits on Netscape 4 or MSIE 5 were.

    In my own personal MythBusters kind of way, I wanted to see what the limitations really are.

    What fun would it be without coding something up to handle it. :) I would share the code, but it seems Slashdot doesn't like that much. Basically, it would generate a URL, something like http://example.com/test.php?pad=11111 , and use a javascript redirect to send it back to itself. On receiving it, it would read the number of characters of the full URL, then add an increment to the pad. It printed the length of the request, and the full URL in the browser, so I could see where it was at. I introduced a 1 second pause so I could read the output.

    Initially my increment was 1, but that takes an awful long time, even with keepalives cranked up. I worked my way up to 500 per exchange, so the test would move along quickly. Watching the server stats, the keepalives were doing their job perfectly. The same connections were reused until their life expectancy ran out.

    I couldn't just give a redirect header. Browsers tend to not like that. My initial test with Firefox showed the problem. The default for network.http.redirection-limit is 20. Even turning that up to 999999 would stop pretty quickly (at about 500, if I remember right)

    My test client machine is a Windows 7 Ultimate machine with a Phenom II x4 955 and 8GB RAM. My test browsers are MSIE 8.0, Chrome 9.0, Firefox 3.6.13, and Safari 5.0.3. During the tests, I did not run into problems with CPU or memory utilization.

    My test server is a Slackware Linux 13.1.0 machine with two dual core Xeon 2.8Ghz CPUs and 4GB RAM. It is using Apache 2.2.17 and PHP 5.3.5. Other than custom configuration options, it's a fairly plain version of Apache and PHP. No patches. The OS is pretty clean. All non-essential ports and tasks are disabled. During the test, I did not run into any CPU or memory utilization problems.

    On the first run I observed:

        MSIE 8.0 4095
        Chrome 9.0 8190
        Firefox 3.6.13 8190
        Opera 11.01 8190
        Safari 5.0.3 8190

    I looked around a little. Apache lets you lower the length of the URL in the config file, but not increase it. The default is 8190, exactly as tested. Time to go patch Apache!

In httpd.h
/** default limit on bytes in Request-Line (Method+URI+HTTP-version) */
#ifndef DEFAULT_LIMIT_REQUEST_LINE
#define DEFAULT_LIMIT_REQUEST_LINE 16777216
#endif /** default limit on bytes in any one header field */
#ifndef DEFAULT_LIMIT_REQUEST_FIELDSIZE
#define DEFAULT_LIMIT_REQUEST_FIELDSIZE 16777216
#endif /** default limit on number of request header fields */
#ifndef DEFAULT_LIMIT_REQUEST_FIELDS
#define DEFAULT_LIMIT_REQUEST_FIELDS 16777216
#endif

    8190 was obviously set by people with no ambition. 16.7 million? That's a real URL! :) And before anyone says it, no, I wouldn't normally make the URL longer than I'm willing to type. Just like the MythBuster folks wouldn't normally put a dead pig in a car to see if it stinks. It's all in the name of science I tell you! :)

    So limits upped to 2^24, recompile complete, and we're ready to test again. While watching the compile, I had to ask myself, "does PHP have a limit too?". I guess not. Here's the results.

        MSIE 8.0 4095
        Chrome 9.0 122560
        Firefox 3.6.13 111060
        Opera 11.01 132560
        Safari 5.0.3 131060

Notes:
    1) I aborted the tests after I got bored.

    2) Chrome stopped displaying the full URL at about 32,000 characters. It truncated it at the ?, but did process correctly. If you have a 32,000 character URL, expect people to not be able to copy it from Chrome very easily. :)

    3) I started all the tests very close to the same time, and aborted them all very close to the same time. I don't normally use anything but Firefox, so I have several utility toolbars (webmastering, packet examination, and SEO analysis) that are installed. The others are clean.

    4) You can't use this as a benchmark saying any browser is faster than another, because I was limited by upload bandwidth at home.

    During the test, I was watching my uplink bandwidth graph. I'm on a residential line. It was clear where the upload bandwidth is cut off at (about 700Kbps). Due to the nature of this test, Every request was sent to the server, and returned to the browser, so like it or not I needed to use the same bandwidth each way. If I have a moment of sheer boredom at work or a datacenter sometime, I may repeat this test on a LAN. It's doubtful though.

    So in conclusion....

    1) All the modern browsers tested, except MSIE are effectively unlimited to the size of the URL they can handle.

    2) MSIE is still limited to a URL length of 4095 characters. I don't see a workaround for this.

    3) Apache is limited by default to 8190 characters, but this can be corrected with a patch.

    4) Regardless of what these components proved they could do, you can still encounter problems with firewalls, content filters, proxy servers, etc. Don't expect to be able to use over 255 characters.

I thought this was worthy for cross posting to my journal.

    For the 2012 election, the answer is easy.

        Write in JWSmythe!

        I promise restoration of the rights of all people, as protected by the Constitution and Bill of Rights.

        I promise transparency in our government, and open public audit of all government projects.

        I promise revocation of the Income Tax (25% of your income for most citizens), to be replaced by a 2% sales tax. This effectively gives a 23% raise to all working citizens.

        I promise increase in tariffs on foreign goods to be no less than 2% of the retail value, to encourage growth in the industrial sectors of America.

        I promise immediate closure of all tax "loop holes" to ensure all "big money" corporations pay in their fair share.

        I promise yearly "dividend" payments to the citizens of the United States on any excess tax paid by the citizens and profit from foreign tariffs.

        I promise health care in the form of open access doctors and hospitals to be no less than 25% of the total medical service field (at least 25% of doctors will be free for the citizens). You may still purchase insurance, and doctors may still provide special expert service, but for those who can't afford it, free services are available, and more positions will be available for both new and skilled doctors.

        I promise open borders, reducing the lengthy and confusing immigration/emigration procedures. Diverse and contridactory policies exist now, including Canadians who are welcome across the friendly open borders, but Mexicans who are frequently detained, arrested, or left to die in military style borders and checkpoints. This will reduce operational costs for enforcement agencies by billions yearly.

        I promise retiring the Department of Homeland Security and the Transportation Security Administration, returning their duties to the appropriate intelligence agencies. This removes over $55 billion in yearly government expenses that are simply not necessary.

        And oddly enough, I'm dead serious. I'm not a billionaire, so I cannot afford the campaign. The estimated cost for the 2008 Presidential election was $1.6 billion per candidate. Neither established party back me. I would hurt their corporate interests.

        And yes, I am an American born citizen. I have traveled to the majority of US states, and both bordering nations. I don't know everything, but I know people who I can trust who are experts in their fields. No individual can run the country properly, but a good team will return the United States to it's prior reputation of the nation all others want to emulate, rather than the most powerful and embarrassing nation in the world.