Friday, October 31, 2008
Why I'm not trying to go to tuscaloosa a night early
Tweets for Today
- 08:49 Since when have web pages been able to have customized "right click" menus? I always thought that was "impossible" but Google maps does it. #
- 15:19 why the hell is my office so much colder than the rest of the building? #
- 16:24 The problem with recycling is that I can be reminded how many cokes I've consumed by a single glance at the bin. I just don't wanna know. #
Thursday, October 30, 2008
The other one
He's a jukebox hero, got stars in his eyes
Wednesday, October 29, 2008
something learned at AJUG this month
The "$" character in Java is not just for the compiler to stick into the class file names of inner classes. No, you can use it in your own class, method, and variable names too. How did I not know this?
package com.jeff_robertson;
public class $Make$Money$Fast {
public static void main(String $ARGV[]) {
String foo$bar = "foobar";
System.out.println(foo$bar);
String $perl = "...";
String BASIC$ = get$money();
}
public static String get$money() {
return "$1,000,000";
}
}
Tweets for Today
- 16:22 I gotta find some more prolific twitterers to follow. Cause ya'lls are some quiet mofos lately. #
Tuesday, October 28, 2008
Tweets for Today
- 10:54 List of bands that I would probably like if I hadn't been avoiding them since 1993 because of "hype aversion", part 1: Wilco #
- 16:31 Hype aversion is an instinctive ego-defense. "If *I've* never heard it, it must suck". Saves you from knowing there's stuff you don't know. #
Monday, October 27, 2008
Tweets for Today
- 11:52 Today is the day I make my girls watch Star Wars. #
Saturday, October 25, 2008
purple grits
Tweets for Today
- 08:27 Nice boys don't play rock and roll. #
- 08:39 Oh iPod, why didn't they just make you with a standard USB jack? #
Friday, October 24, 2008
Tweets for Today
- 09:35 dropped my blackberry on the floor so hard the battery fell out. just realized that the SIM fell out too and wtf knows where it is now #
- 10:33 Doh. Sim never left BB, but was loose so the BB thought it was gone. I realized after sifting thru trash can for it. #
Thursday, October 23, 2008
Tweets for Today
- 13:06 Somebody actually just asked me to explain something "in lehman's terms". Bizarre typo, new meme poking at Lehman bros, or Freudian slip? #
Wednesday, October 22, 2008
InfoQ: REST Anti-Patterns
I think I may be turning into a RESTafarian. Been playing with Jersey a bit too much.
Tweets for Today
- 09:27 @WillCockrell How similar is Connecticut to what was depicted on "Gilmore Girls"? #
- 09:29 Found a bunch of of psedoephedrine in the pocket of a jacket that I can't even remember the last time I wore. #
- 11:28 The girl from The Wonder Years is a popular writer on mathematics?! Nova should have told me this. Head asplode. #
- 13:07 Powerpoint presentation procrastination party. #
Monday, October 20, 2008
Tweets for Today
- 10:27 no radio station billing itself as "oldies" has any excuse to play any song younger than me. stick with your core demographic to the grave. #
Sunday, October 19, 2008
Tweets for Today
- 11:56 my first-grader is "smarter than a fifth grader" #
Saturday, October 18, 2008
Tweets for Today
- 09:35 oh, the things that the president would oppose under "ordinary circumstances"! #
Friday, October 17, 2008
Tweets for Today
- 02:04 Nighttime roadgeek run thru downtown LA, Pasadena, Glendale, Burbank. #
- 09:21 approximate route last night: tinyurl.com/4ptbb5 #
- 22:09 been doin' some good old fashioned bloggin'. by gar, it's been a while. blog.jeff-robertson.com #
Thursday, October 16, 2008
NCSA HTTPd/Mosaic: Using PGP/PEM auth
Or, what we might have ended up using instead of HTTPS. In some ways this is nicer than HTTPS, since it puts the key exchange in HTTP. Apparently this was killed by export restrictions on RSA, although it seems like the same thing would have stopped SSL too.
On the other hand, SSL has the advantage of keeping the encryption out of HTTP altogether. Thus keeping HTTP that much simpler, and also enable SSL to be used as a generic tunnel for other protocols as well. Remember, worse is better.
On the other hand, SSL has the advantage of keeping the encryption out of HTTP altogether. Thus keeping HTTP that much simpler, and also enable SSL to be used as a generic tunnel for other protocols as well. Remember, worse is better.
LINK: The Chuck Cunningham of HTTP
If you actually read RFC 1945, the document that describes HTTP/1.0, one thing you'll notice is that section 8, where the methods are defined, has only GET, HEAD, and POST. The PUT and DELETE methods that are so important to advocates RESTful web services are relegated to Appendix D, "additional features".
This also where a number of other familiar things like the Accept-* family of headers were listed. In RFC 2616 these were promoted to full-fledged features of HTTP 1.1.
But wait.. Appendix D also lists a couple of methods I'd never heard of before: LINK and UNLINK. And some headers (Link, Title, URI) that appear to have been intended to be used with them.
These features are simply missing from HTTP/1.1. They disappeared, like a TV character simply being dropped between seasons with no explanation or mention. They weren't put on a bus, they didn't die in a plane crash with no survivors on their way back home, a bridge didn't collapse on them. The powers that be just decided that they never existed at all.
The Link header is described:
This sounds a lot like HTML link tag. Redundant, even.
Digging around, I found this description of the HTTP of 1992, written by Tim Berners-Lee himself. This documents the protocol in a stage between "HTTP 0.9" with it's GET method and no headers and the eventual HTTP/1.0 standard.
In the section on "Object Headers", we find:
Apparently sometime between HTTP/1.0 and 1.1 they finally decided that this wasn't something that needed to be in HTTP after all.
I have to admit I'm a little bit sad. When dealing with (X)HTML these headers and the methods to put/delete them are redundant, but they could be useful for non-HTML. One use I can imagine would be to provide the title ("alt text") of a photo as part of the HTTP response for requesting the actual image file, rather than having that text only exist in the HTML that embeds the photo. Maybe Link(s) to the homepages of the people in the photo. Of course it would require the web server to maintain some kind of database in which to store this data, which might have been asking too much of in 1996. But now? I think we could have used these little guys.
EDIT: It just dawned on me that understanding how things like this get abandoned and yet the world still turns out OK, means understanding a great truth applicable to other domains besides HTTP. After all, if PUT, POST, and DELETE had been widely implemented as they were originally designed - to allow users to create and edit web pages using features directly built into their browsers - then mankind would never need to have invented things called "wikis" and "blogs", and then where would we be?
This appendix documents protocol elements used by some existing HTTP implementations, but not consistently and correctly across most HTTP/1.0 applications. Implementors should be aware of these features, but cannot rely upon their presence in, or interoperability with, other HTTP/1.0 applications.
This also where a number of other familiar things like the Accept-* family of headers were listed. In RFC 2616 these were promoted to full-fledged features of HTTP 1.1.
But wait.. Appendix D also lists a couple of methods I'd never heard of before: LINK and UNLINK. And some headers (Link, Title, URI) that appear to have been intended to be used with them.
These features are simply missing from HTTP/1.1. They disappeared, like a TV character simply being dropped between seasons with no explanation or mention. They weren't put on a bus, they didn't die in a plane crash with no survivors on their way back home, a bridge didn't collapse on them. The powers that be just decided that they never existed at all.
The Link header is described:
The Link entity-header field provides a means for describing a relationship between the entity and some other resource. An entity may include multiple Link values. Links at the metainformation level typically indicate relationships like hierarchical structure and navigation paths.
This sounds a lot like HTML link tag. Redundant, even.
Digging around, I found this description of the HTTP of 1992, written by Tim Berners-Lee himself. This documents the protocol in a stage between "HTTP 0.9" with it's GET method and no headers and the eventual HTTP/1.0 standard.
In the section on "Object Headers", we find:
Note. It is proposed that any HTML metainformation element (allowed withing the HEAD as opposed to BODY element of the document) be a valid candidate for an HTTP object header. LINK is one example, TITLE another. One suggestion was that the isomorphism should be realized by prepending "WWW-" to the HTML element name to make the HTTP header name, and the HTML attributes imply identically named semicolon-separated MIME-style header parameters. It is open to discussion whether the "WWW-" should be inserted or not.
Apparently sometime between HTTP/1.0 and 1.1 they finally decided that this wasn't something that needed to be in HTTP after all.
I have to admit I'm a little bit sad. When dealing with (X)HTML these headers and the methods to put/delete them are redundant, but they could be useful for non-HTML. One use I can imagine would be to provide the title ("alt text") of a photo as part of the HTTP response for requesting the actual image file, rather than having that text only exist in the HTML that embeds the photo. Maybe Link(s) to the homepages of the people in the photo. Of course it would require the web server to maintain some kind of database in which to store this data, which might have been asking too much of in 1996. But now? I think we could have used these little guys.
EDIT: It just dawned on me that understanding how things like this get abandoned and yet the world still turns out OK, means understanding a great truth applicable to other domains besides HTTP. After all, if PUT, POST, and DELETE had been widely implemented as they were originally designed - to allow users to create and edit web pages using features directly built into their browsers - then mankind would never need to have invented things called "wikis" and "blogs", and then where would we be?
Tweets for Today
- 08:43 I don't want nobody to give me nothin'. Open up the door, I'll get it myself. #
- 09:00 There is so much awesome on _Physical_Graffiti_ that the otherwise-mindblowing "Kashmir" is rendered lame for obscuring the rest. #
- 18:18 At the airport, explaining the food at Paschals to people from NJ. #
- 18:31 Ever since I was eight years old I've always wanted to write a song about Duran Duran to the tune of "Barbara Ann". #
- 18:38 Add to the list of band/album/song name ideas: [Son of] Mr. Green Screens. #
Wednesday, October 15, 2008
why the hell didn't I ever try this before
For years and years (like since approximately 2001) I've been bitching and complaining, and never doing anything in particular, about customizing HTTP basic authentication in a servlet container. It's container specific, it involves lots of XML, and it usually involves sticking your classes up into the appserver's backside.
I've never actually gotten it to work. Then again, I haven't really tried all that hard either. It's just always seemed like more work than it's worth, especially when compared to things like Restlet and even Sun's own com.sun.net.httpserver. Anyway, I never did it. Instead I did this:
Just write a servlet filter that does the authentication and sets up the request appropriately. Duh. Why didn't they just include a class like this in the Servlet API instead of all the shenanigans?
NOTE: Yes, I know basic authentication is insecure. Prove to me that it's somehow less secure than an HTML form sending the credentials in plain text.
I've never actually gotten it to work. Then again, I haven't really tried all that hard either. It's just always seemed like more work than it's worth, especially when compared to things like Restlet and even Sun's own com.sun.net.httpserver. Anyway, I never did it. Instead I did this:
Just write a servlet filter that does the authentication and sets up the request appropriately. Duh. Why didn't they just include a class like this in the Servlet API instead of all the shenanigans?
NOTE: Yes, I know basic authentication is insecure. Prove to me that it's somehow less secure than an HTML form sending the credentials in plain text.
import java.io.IOException;
import java.security.Principal;
import javax.servlet.*;
import javax.servlet.http.*;
import org.apache.commons.codec.binary.Base64;
public class BasicAuthServletFilter implements Filter {
private SessionCache sessions = new SessionCache();
public void doFilter(ServletRequest arg0, ServletResponse arg1,
FilterChain arg2) throws IOException, ServletException {
HttpServletRequest httpRequest = (HttpServletRequest) arg0;
HttpServletResponse httpResponse = (HttpServletResponse) arg1;
String auth = httpRequest.getHeader("Authorization");
if( auth == null ) {
send401(httpResponse);
return;
}
String[] tokens = auth.split(" ");
if( !tokens[0].equalsIgnoreCase("Basic")) {
send401(httpResponse);
return;
}
String[] credentials = new String( Base64.decodeBase64(tokens[1].getBytes()) ).split(":");
try {
customLogin( credentials[0], credentials[1] );
} catch (Exception e) {
send401(httpResponse);
return;
}
// implementation of MyPrincipal is left an exercise for the reader
final java.security.Principal p = new MyPrincipal(credentials[0]);
HttpServletRequestWrapper wrapper = new HttpServletRequestWrapper(httpRequest) {
@Override
public String getAuthType() {
return HttpServletRequest.BASIC_AUTH;
}
@Override
public String getRemoteUser() {
return p.getName();
}
@Override
public Principal getUserPrincipal() {
return p;
}
@Override
public boolean isUserInRole(String role) {
// probably want to customize here
return true;
}
};
arg2.doFilter(wrapper, arg1);
}
private void send401(HttpServletResponse httpResponse) throws IOException {
httpResponse.setHeader("WWW-Authenticate",
"Basic realm=\"My Realm\"");
httpResponse.sendError(401);
}
public void customLogin(String user, String password) throws Exception {
// proprietary business logic (TM)
}
public void init(FilterConfig arg0) throws ServletException {
}
public void destroy() {
}
}
Friday, October 10, 2008
Jersey: RESTful Web services made easy
Work related
Tweets for Today
Wednesday, October 08, 2008
Mustache progress update
Sunday, October 05, 2008
IMG00159.jpg
IMG00160.jpg
Saturday, October 04, 2008
Tweets for Today
- 10:54 do not expect any further statements. the sons of batman don't talk. we act. #