Ryan's Ramblings

Like most web frameworks, Django provides a convenient mechanism for storing data across requests in a persistent "session" object. Like most web frameworks, Django implements sessions using a simple mapping from a "session key" to a session object stored on the server. And like most web frameworks, Django's default session implementation is trivially vulnerable to session hijacking attacks.

One of my commercial projects requires a space-efficient object serialisation format, and until now I've been using the obvious choice in Google's Protocol Buffers. I'm happy enough with the format itself, but the experience of using the Python bindings was just barely satisfactory. The interface feels quite Java-ish and there are some non-obvious gotchas, such as having to use special methods to manipulate list fields. I ploughed ahead, but was quietly looking around for alternatives.

The last straw came when I tried to establish a deployment scheme using pip requirements files. Both pip install protobuf and easy_install protobuf fail hard: the pypi eggs are out of date, the source download has a non-standard structure, and the setup.py script tries to bootstrap itself using the protobuf compiler that it assumes you have already built. Yuck. This was more pain than I was willing to put up with. Plus it was a good opportunity to take another look around.

My twin sons were born yesterday, 23 June 2009. A warm welcome to the world to Lachlan Francis and Aidan James Kelly. Photos maybe coming eventually, but it'll take some negotiating – Lozz has plenty of reservations about putting family photos on the Internet.

I'm not the sort to believe much in fate, but I'm delighted to note a couple of special coincidences with this date. First, it's the birthday of one of my personal heroes: Alan Turing, the father of modern computer science. Second, it's the twentieth anniversary of Australia's connection to the Internet, which took place right here in Melbourne. Portentous of great things to come? We shall see...but delightful nonetheless! read more >>

I hit my first real roadbump with jQuery yesterday, a missing feature that really made me stop and stare in puzzlement: jQuery doesn't support xml-namespace selectors. Since I'm trying to parse WebDAV response bodies, and such documents make extensive use of namespaces, it's quite the issue for me. Or rather, it was quite the issue – read on if you're interested in the details, or just download my solution if you're impatient.

Following up on the previous post about my newly ergonomic office, it's about time I shared all the details of my spiffy new chair. I've had it in heavy use for over a month now so I figure I can give a fair and unbiased opinion.

The short story: it's the Steelcase Leap Chair and it is made from pure awesomeness.

Now, the obvious choice for a programmer's office chair would have been that eternal symbol of dot-com-era excess, the Herman-Miller Aeron. Based solely on the hype the Aeron has generated online, any self-respecting chair-hunting geek owes it to themselves to track one down and try it out. I managed to find some in-stock at Living Edge in Richmond, and having tried it out, fiddled with all the knobs and rolled it around the showroom floor, I have to say: Meh. I just don't get the hype. Sure, it's nicer than my old $60 chair from Officeworks, but at just shy of fifteen hundred bucks I was expecting a lot more. read more >>

I've been sitting on this news for a few weeks now, while I got all the final preparations taken care of. I sent it off to the binders yesterday so I guess I can come clean: my PhD thesis has been accepted, and I'll soon be officially known as "Dr Kelly". Has a nice ring to it, don't you think? :-)

A special thanks to Adrian for being a great supervisor over the past four years, it's been a very challenging and rewarding experience and I enjoyed the process immensely. I've updated the page on my research with a PDF version of Asynchronous Multi-Agent Reasoning in the Situation Calculus. Hopefully I've found and updated all the other sections that said "my thesis is currently under examination" – please let me know if you spot any more. read more >>

Since I am now spending the vast majority of my time working out of the home office, I decided to invest a little cash in taking care of two of a programmer's most valuable assets – my wrists and back. I've been using my new acquisitions for a few weeks now so it's about time I reported on the experience. First up: the Goldtouch Ergonomic Desktop Solution featuring this keyboard and this mouse.

My long-standing obsession with Mozart/Oz is no secret, but I often find it difficult to articulate precisely why I'm so fascinated by the language. I never seem to make much headway by describing the power and elegance of its novel control structures such as first-class computation spaces – which, by the way, I would rank right up there with continuations on the list of "language features that sound useless but are actually incredibly powerful"...but instead of going down that esoteric road, let me demonstrate a short and eminently useful little hack that I put together last week, one which really highlights the power of the Mozart platform.

Following my previous post on testing Django with Windmill, I quickly ran into a common snag with in-browser web app testing: it's not possible to programmatically set the value of file input fields. This makes it very difficult to test file upload functionality using frameworks such as Windmill or Selenium.

In Firefox it's possible to request elevated permissions for your unit tests, but this is far from ideal. It means the tests are no longer automatic (you have to click "yes, grant this page extra permissions" whenever the tests are run) and it takes other browsers out of the testing loop. Like many things in life, the easiest solution seems to be simply to fake it.

The Mozart/Oz programming language provides a comprehensive distributed programming subsystem, and when it works, it's a thing of great power and elegance. But when it doesn't work, it tends to fail out with error messages that are exceedingly unhelpful. This is particularly troubling if you're working with a high-level abstraction such as Parallel Search – the error messages are far removed from the code that you're actually writing.

Inspired by a recent request for help on the mozart-users mailing list, I've decided to compile a quick troubleshooting guide for Mozart remote connections. And when I say "quick" I really mean it - there's only two steps but they can solve a lot of common problems with getting the distributed programming subsystem up and running.