Life is a Mystery

23 February 2005 . Comments Off

Reaching Back & Reaching Forward

I’ve been struck today by how long lasting programming technology can be and by how quickly it all changes.

Gary Fouty, a librarian in our science library, surprised me today when he revealed his talent for writing code. The beautiful thing was that he writes in Pascal, a language I left behind long ago, but one which, he reminded me, still serves awfully well and has a number of strengths. Gary has written a program to take search results in MARC form from our Aleph system and transform them into HTML for pasting into a blog, from which he delivers RSS feeds. Very graceful work. The results can be seen in the new books blog he manages.

The great thing for me is that following Gary’s code led me back to Pascal, and a nice Pascal compiler for the Mac. Free Pascal (FPC) is a nifty Turbo Pascal compatible compiler for dozens of platforms including Windows, Linux, and Mac. There is even a detailed XCode Integration Kit that helps you use Apple’s new coding tools with Pascal. Remember the good-ol-days of Inside Macintosh and its Pascal interface to the Mac toolbox?

Meanwhile the future is rushing at us full speed. A great article at Adaptive Path describes what they term Ajax (more commonly called “remote scripting”), the arrangement of tools and technique that make some of the coolest interfaces on the web tick (see Google Maps and Mail and a nifty map of Switzerland for examples). This model is turning the hurry up and wait paradigm of the web on its head. As the author concludes, “the challenges are for the designers of these applications: to forget what we think we know about the limitations of the Web, and begin to imagine a wider, richer range of possibilities.” Another nice article on this technique can be found at Apple (it even credits Microsoft!). It looks to be a very interesting year.

12 February 2005 . Comments Off

De Value of Passwords

One of my recurring arguments with auditors and some security staff revolves around how to secure passwords. They often push for a variety of measures, many of which I think are counterproductive and actually decrease any protection a password might offer. One of the worst offenses is the requirement to force a password change on users on some regular schedule. Last year I enjoyed a minor victory here at the U when I was able to convince the auditor, the head of network security, and the CIO that we didn’t have to require 180 day auto-expiring passwords on machines with private data.

In documenting that case I pointed to a few articles including this PDF and a few ACM articles not available on the open web. Today I learned of a different article devaluing the password, that of a Microsoft security staff member arguing for long pass phrases instead: why you shouldn’t be using passwords. I found this article on Slashdot which also included interesting comments and a link to an earlier story on the site.

Eric Celeste / Saint Paul, Minnesota / 651.323.2009 / efc@clst.org