Wednesday, 30 December 2015

The Fall of Constantinople

The other day, when talking about how islamofascists (salafist scum and so on) are destroying the French society (and the Syrian, Libanese, Egyptian, Tunisian, British, Belgian... societies) I had to listen once again one of those demented comments coming from "the collaborationist left" that always finds a way to justify whatever atrocity perpetrated by perverted, fundamentalist "muslims". This time the argument was based on the horrors of colonialism, so it seems that the bad doings during colonial times justifies that someone that has been living in France (and taking advantage of some parts of the French system: social aids, heath system... and rejecting others: educational system, cultural centers...) during all his life decides to join a sect of sociopaths and spread their sickness by preaching (and using) hate and violence against anyone that does not adhere to their sickening interpretation of the world.

I am fed up with this view where "the old" Europeans should be blamed for everything, and where the "new Europeans", the people from the old colonies that are now a proud an essential part of our societies should consider themselves as "traitors". The past is the past, and of course it needs to be known and used to understand the present, but not to justify everything.

This said, I'm going to enter the game for a few minutes, I'm going to talk about the horrors of colonialism, but another kind of colonialism, the one that "the collaborationist left" seems to forget or to be ignorant of. Europe has suffered different invasions over centuries, let's name some of them:

Regarding the Ottomans it would be interesting to note that their invasion still continues today. Just think about the city currently known as Istambul, its part lying on European soil used to be known as Constantinople, and during the times of Bizantium it was one of the great (or maybe the greatest) European cities. Then the Turks came, invaded, looted and murdered... and they have never been asked to decolonize and return the city to Greece... the big Turkish city is one of the greatest reminders of to what extent Turkey is not our alley, but just the contrary.

There's an imposing and beautiful painting in Toulouse's Augustins Museum by the Orientalist painter Benjamin Constant, The Entry of Mahomet II into Constantinople that gives us an exceptional glimpse into the tragic and painful day when the Ottoman hordes entered the magnificent Byzantine city.

Wednesday, 23 December 2015

Structural Typing and Dynamic Languages

The other day I read for the first time about Structural Typing. Nothing particularly revolutionary, but interesting anyway. It tends to be defined as a sort of Compile-time duck-typing for static languages. Scala seems to be the most "mainstream" language implementing this feature.

Duck typing is one of the basis of dynamic languages. You don't consider that an object is suitable for an action depending on a strict contract like its type, but in a much more relaxed "having whatever methods I need" kind of contract. Structural typing allows us to indicate those methods that we require that an object sports. The advantage of this over directly grouping those methods in an interface is that as we are not forcing classes to implement an interface we can apply it to existing classes without modification, the compiler we'll provide the safety by checking that the class really has those methods.

I think being able to define a set of methods that an object needs to have could be a useful addtion to duck typing in dynamic languages. Let me explain:


function doSomething(ob1){
ob1.method1();
//do something more
ob1.method2();
}

In the above case, we could receive an object that has method1, but not method2 (it's a "partial duck" not a "full duck"), so our doSomething function would not fail until it calls to method2. Depending on what this code really does, running it only partially would be useless or even dangerous (so that we could need some sort of rollback)

So it could be interesting to have something like this:


function hasMethods(ob1, methodNames){
//returns boolean
}

function doSomething(ob1){
if (hasMethods(ob1, ["method1", "method2"])){
ob1.method1();
//do something more
ob1.method2();
}
}

Saturday, 19 December 2015

YellowKorner

I think YellowKorner is an absolutely amazing place for anyone that is into photography, or just into beauty. I first came across one store of this publisher of Artistic Photography here in Toulouse and I was just delighted by the exquisite pieces of photography that I found there. In a city that sports a pretty good offer of Museums and galleries, YellowKorner ranks at the highest position in my podium of cultural references.

Talking about the art centres of "ma ville", Toulouse features one of the oldest public places in the world dedicated to photography, Le château d’eau. They usually have on display 2 different exhibitions for around 2 months. So far I've been in some of these exhibitions and they were OK, but not particularly interesting. However, this spring I attended to a really good one taking place in the cute, imposing (the exterior is rather reminiscent of Albi's Sainte Cécile) and just revamped Couvent des Jacobins. It was a selection of works in the château d’eau collection, intendend to celebrate its 40th anniversary, and some of the pieces were really remarkable.

Over time, I've come across YellowKorner branches in many other French cities: Paris, Montpellier, Aix en Provence... and today checking their web site I've found that they have shops in many other countres, even in Asia. I really recommend you to take a look at their list of locations, so that next time you visit a city hosting one, you don't miss to pay a visit. The works on sale change enough to make it well worth to pay a visit to a YellowKorner establishment at least once every 2 months.

Thursday, 10 December 2015

ES6 Constructors

I've previously said here that I'm not particularly excited about the addition of classes to ES6, though well, as they are mainly syntactic sugar all the magic of Prototype based programming (or OLOO, Objects Linked to Other Objects) remains. Anyway, regardless of our predisposition to it, as they will become mainstream we'll have to end up using them, so I thought it was good to get used to them.

One feature in "classic JavaScript" that I pretty like is that we can decide in our "constructor functions" (those that we designed to be invoked with new) to return a different object, rather than the one that has been passed to it as "this". The main use that I see for it is for having a pool of objects, or an "implicit/transparent" singleton (that is indeed a particular case of an Object Pool). With this in mind I was wondering if ES6 class constructors would allow that. Hopefully yes. It's well explained in this post by Dr Rauschmayer. He calls it "Overriding the result of a constructor". I had not thought that the [Prototype] of a "class" points to the Parent "class", but it makes pretty sense in order to inherit static methods. This diagram shows the whole picture of how objects the class inheritance sugar is translated into the prototypal world.

The whole article is pretty interesting. Reading it I found out that classes are not just compile time sugar, but that their inclusion has indeed modified the way the runtime works, as the creation of the object passed as this to a (constructor) function is done differently:

The instance object is created in different locations in ES6 and ES5:

In ES6, it is created in the base constructor, the last in a chain of constructor calls.
In ES5, it is created in the operand of new, the first in a chain of constructor calls.

ES6 involves many more runtime changes, like the new Internal properties featured by functions: [[ConstructorKind]], [[Construct]] and [[HomeObject]], and as the conclusion of the article states, one main point is that now we have different kinds of functions:

  • On one side we have Constructible functions, that I understand are those that can be called with new (as they have [[Construct]]), these are our "normal" functions and the ones created by a constructor definition.
  • Then we have Arrow functions, which have 2 main features: not being constructable, and capturing the lexical this (so for the latter it's as if you had called Function.bind)
  • And then functions created by method definitions, that are not constructable, use dynamic this and can use super.

Classes in ES6 follow a similar approach to other languages regarding missing constructors. If you don't provide a explicit constructor in your class definition, the compiler will add one. This one for a base class: constructor() {}, and this one for a derived class: constructor(...args) {super(...args);} .

As a JavaScript function can receive a different number of parameters, the idea of function overloading that we have in static languages does not exist, and hence a class can have only one constructor function. As a consequence we don't have the minor "problem" that can happen in static languages if a base class misses a parameterless constructor. It's described here

The article mentions something that is missing in ES6 classes and that even deserved an entry on its own, calling a constructor without new. The importance given to something like this really puzzles me. I've never understood the "effort" taken by some libraries (for example underscore.js) in pre ES6 times to allow you to call a fuction that is going to be used to create objects (what in pre-ES6 times we used to call a "constructor function") both with and without new. I'm referring to code like this:

function Person() {
    if (!(this instanceof Person)) return new Person();
    //normal initialization code here 
    //this.property = val;
  };

The idea that this is in case someone forgets to use new seems senseless to me. You have to know the rules... is as if you try to call a method with "->" rather than with "."... Reading the comments Rauschmayer explains that the use case is this :

The use case is if you want to remain flexible w.r.t. implementing something via a class or via a factory function. For my own code, I wouldn’t mind this kind of minor refactoring. For libraries, this becomes more important.

I assume he refers to having a function that receives as parameter another function that will be used to create one object. Your code does not know if that function is a simple one or a "constructor" one, it will just invoke it without new. The designer of that function wants to allow 2 use cases: the one I have just described, where the caller does not really know what function this is, and the normal one where the caller calls this function with new.

function Person() {
    if (!(this instanceof Person)) return new Person();
    //normal initialization code here 
    //this.property = val;
  };

function test(objectCreatorFunc){
   var o1 = objectCreatorFunc();
}

//normal use:
new Person();

//pass it as a factory to the test method
test(Person);

Well, the idea seems useful, but not having it in the language is pretty simple to circunvent, just do the extra step of creating the factory:

class Person() {
    constructor(){
     //this.property = val;
 }
  };

function test(objectCreatorFunc){
   var o1 = objectCreatorFunc();
}

test(function(){
 return new Person();
});

Searching a bit about other people thoughts on this topic I've found articles like this. The guy is really against the use of "new", saying:

The `new` keyword violates both the substitution principle and the open / closed principle. It’s also destructive because it adds zero value to the language, and it couples all callers to the details of object instantiation.

If you start with a class that requires `new` (all classes in ES6) and you later decide you need to use a factory instead of a class, you can’t make the change without refactoring all callers. Take a look at this example gist.

At first thought the idea of discouraging "new" and just using factories can sound odd, but on second thought it makes sense, cause as he says it causes huge coupling. But giving it another thought, we've already heard about avoiding "new" and using Dependency Injection for that. So yes, the idea of being able to call a function (contructor/factory) with or without new is meaningless, what you need is to inject those objects. Indeed, linking this to the feature that I mentioned at the start that in principle I liked (returning a different object from a contructor), it should not be a class itself that decides that it uses a pool of instances of itself, that's something should be managed externally, by the IoC.

Reading that whole post has been a pretty good thought exercise. He mentions that "super" should be deprecated, as it causes heavy coupling. Well, sure, because as he mentions earlier in the article, "extends", that is, inheritance, causes heavy coupling and should be avoided. Well, this is nothing new, it's just the "favor composition over inheritance" principle. In that sense, reading this answer in StackOverflow about why inheritance is heavily coupled has been a more that welcome reminder of why we should do so.

http://js-bits.blogspot.fr/2010/08/constructors-without-using-new.html ------------- https://medium.com/javascript-scene/the-two-pillars-of-javascript-ee6f3281e7f3#.g3ynqbd4j http://martinfowler.com/bliki/CallSuper.html Dependency Injection

Sunday, 6 December 2015

Hotel Descas

Already in my first incursion to Bordeaux 2 years ago I came across with one impressive building that was not mentioned in the guides that I had been reading, the Hotel Descas or Chateaus Descas. I've had pending a short post about it ever since, so given that today I've passed by it, marvelled again, and taken some fresh pics, it's about time to cross it off my ToDo list.

It's one more sample of that astonishing kind of French building that almost obsesses me, like the Hotels de Ville of Paris and Lyon, the Louvre... but you'll find them everywhere in France. The feature that I appreciate the most are those incredible slate roofs so huge and complex. For sure Chateau Descas is a great example of that kind of roofs, and it also boasts beautiful sculptures and mascarons on its facade. This kind of buildings exist since the French Renaissance, but the so intricate roofs are probably a more baroque element. The facade itself I assume fits into the Beaux Arts style. I'm a pretty ignorant person regarding architecture (I just like it), so probably what I'm saying is rather wrong.

I just leave you with some poor pictures to whet your appetite.

Imposing:

Facade details:

The roofs:

In English:

En français:

Wednesday, 18 November 2015

ES6 proxies part II

I already wrote about ES6 proxies in the past.. Reading this post by Dr Rauschmayer I've realised of an interesting and subtle difference depending on how we create our proxy for method interception.

In "classic" languages (C#, Java...) there are 2 strategies used by the different Proxy creation libraries. One is to use composition (the proxy class will reference the target class), and the other one is to use inheritance (the proxy class inherits from the target class). Based on the "favor composition over inheritance" principle most libraries tend to use composition. There's an interesting difference in the results of both approaches.

When using composition, if the initial method calls into another method in the object, this second call will not go through the proxy. It's normal, the proxy intercepts the first call, does its stuff, and then invokes the method through the target object. Once you are in the invokation done through the target object, the proxy has no way to intercept any ensuing code.
On the other side, when using inheritance, any secondary call goes also through the Proxy, cause indeed there is not this separation between target and proxy, your proxy is the target.

ES6 proxies are based on composition, as you have a target object and you create a proxy that points to it and intercepts actions on it. The big difference is how methods are called. A method in javascript is a property of the object, and calling a method entails 2 steps: getting it, and then invoking it. As explained in the article, ES6 proxies give you 2 traps for method calls, the get trap and the apply trap. When you use the get trap you return a function that will be later on invoked. In this returned function you put the "decorating" code, and the call to the original method. Here comes the cool part, in this function you have both the target object and the proxy (and the name of the property being intercepted), so you can invoke the property (method) either via the target (so it would be like in the composition case, no more interception happens):

//other method calls done from the first intercepted method are NOT intercepted
var entryCallProxied = new Proxy(cat, {
 //target is the object being proxied, receiver is the proxy
 get: function(target, propKey, receiver){
  //I only want to intercept method calls, not property access
  var propValue = target[propKey];
  if (typeof propValue != "function"){
   return propValue;
  }
  else{
   return function(){
    console.log("intercepting call to " + propKey + " in cat " + target.name);
    //target is the object being proxied
    return propValue.apply(target, arguments);
   }
  }
 }
});

or via the proxy itself (either using "this" or "receiver" as both point to the proxy). In this case the interception continues for other method calls performed from this returned function

//other method calls done from the first intercepted method are ALSO intercepted
var allCallsProxied = new Proxy(cat, {
 get: function(target, propKey, receiver){
  //I only want to intercept method calls, not property access
  var propValue = target[propKey];
  if (typeof propValue != "function"){
   return propValue;
  }
  else{
   return function(){
    console.log("intercepting call to " + propKey + " in cat " + target.name);
    //"this" points to the proxy, is like using the "receiver" that the proxy has captured
    return propValue.apply(this, arguments);
   }
  }
 }
});

Given the cat object below, you can see the difference between using one or another type of proxy. In the first case the call from method1 to method2 is not intercepted, while in the second case it is:

var cat = {
 name: "Kitty",
 method1: function(msg){
  console.log("cat: " + this.name + ", method1 invoked with msg: " + msg);
  this.method2(msg);
 },
 
 method2: function(msg){
  console.log("cat: " + this.name + ", method2 invoked with msg: " + msg);
 }
};

entryCallProxied.method1("Francois");

//Output:
// ------------------------------
// intercepting call to method1 in cat Kitty
// cat: Kitty, method1 invoked with msg: Francois
// cat: Kitty, method2 invoked with msg: Francois
// ------------------------------

allCallsProxied.method1("Francois");

//Output:
------------------------------
// intercepting call to method1 in cat Kitty
// cat: Kitty, method1 invoked with msg: Francois
// intercepting call to method2 in cat Kitty
// cat: Kitty, method2 invoked with msg: Francois

At the time of this writing you can run the above code in Firefox. Oddly enought, it does not work in node.js, even if we pass the --harmony_proxies flag. You can get the whole code here.

Saturday, 14 November 2015

Je Suis Humain

Je suis Charlie. Je suis Humain. Je suis choqué. Je suis tellement en colère. J'ai mal à la tête et à l'ame. Je me sens plein de haine, de tristesse... Je ne sai pas quoi dire, mais je vais essayer de l'écrire ici.

I am Charlie. I am a Human Being. I'm shocked. I'm so angry. My head and my soul hurt. I'm filled with hate and sadness. I don't know what to say, but I'll try to write it down here.

Last night I was going to bed after doing some hobbyist programming when I read the shocking news, the terror attacks in Paris. I was so shocked, angry and in pain. It took me time to fall asleep. This morning I ran to my laptop to read the news as soon as I woke up, but indeed I don't know why. I mean, I know enough. Some monsters blinded by a sickening perversion of the Muslim faith decided to kill as many innocents as they could. That's all what matters. In the next days we'll read about how they got radicalised, if they came from a Muslim family or they had converted. If their ancestors had been born here or there, or maybe these beasts had just crossed the border. We'll probably read that some of them had grown up in a quartier sensible, and in such case maybe some idiot will tell us how the French society had marginalized them... Maybe some other idiot (considering himself a leftist) will say that fundamentalist Islam exists because of capitalism an inequality. Bullshit, I don't care (and I don't buy it). Radical Islam exists mainly because Saudi Arabia, Qatar and Kuwait want it to exist, that's why they fund it with millions of petrodollars.

Right now all what matters to me is that they are bloodthirsty beasts that hate anyone that does not fit into their perverted vision of the world. They hate me, they hate you, they hate us, they are our sworn enemies and as such they must be treated. Today, more than ever, we are at war, a very difficult war, but in the moral sense it's a really simple one. Usually there are millions of geopolitical factors to account for when thinking about this kind of conflicts (how a past of colonisation, exploitation or previous wars project into the present...) but this case is pretty simple. This is just a war of Good vs Evil, Humanity vs Horror. It's like the war against fascist regimes in the last century, they are just scum that must be destroyed, for good and forever.

I've been seriously touched by these events. Previous terror attacks in New York, Madrid or London seemed very far to me (even when Madrid is geographically slightly closer to Xixon than Paris is to Toulouse). I don't have an emotional connection with those cities (well, I have it now with London, but in 2005 I had been there just once), but I have a strong connection with Paris. In part it's because I've been there quite a few times (and I think in all those occasions I've been around the area where the slaughter has been perpetrated). In part it's because it's the most beautiful city in the world. And in part it is because as it happens with other big French urban areas (Toulouse is a great example), it represents for me the biggest example of how people of different cultures, "races", ethnicities and religions can live together and share a present and a future (yes, for sure it's not perfect and there are problems, but the overall result so far is beautiful and inspiring). So an attack like this is not an attack to a city or a country, it's an attack to the whole of humanity and our shared existence.

Of course the French government has hurried up to state that serious measures will be taken, but which measures? Which real measures were taken after the Charlie Hebdo tragedy? Ah, yes, they put some troops on the streets, watching large train and Metro stations, synagogues... it's quite visible, but it's nothing. I'm not aware of the state watching seriously what is said in mosques and deporting radical clerics. I'm not aware of massive operations against salafist scum, I'm not aware of new policies of assimilation being put in place and replacing the dreadful "communitarism". When is this kind of measures going to be carried out???

The biggst measure that the French government seems to have launched is taking part in the air strikes against Daesh in Syria. Of course I support these actions, but it's not enough and furthermore it's pretty hypocritical. Basically the French government is trying to kill yihadist of French origin that are "fighting" (i.e.raping and enslaving women, torturing and murdering civilians...) in Syria. That's good, for sure, but why the same policy is not applied when they return to France? Yes, sure, this is the Politically Incorrect part of this post. I'm saying that when yihadist return to France they should be executed. They return here after having committed crimes against Humanity (I don't care how many women they have raped or how many people they have killed, if they went there it's because they wanted to do that), and come back with the intent of committing crimes and doing proselytism here. Honestly, and I'm not overdoing, this is right what I think, I'd like them to be shot on the spot as soon as they set foot in Europe. No detention, no trial, just shoot them dead on the spot as they get off the plane. You can call it revenge and brutality, I call it justice.

Thursday, 12 November 2015

Typed Serialization in Perl

After writing this post about deserialization of a type known at runtime, I remembered how out of the box it is achieving the same in perl.

If you've ever written some perl code you'll probably know about Data::Dumper and eval. So well, basically that's all you need for serializing an object and then deserializing it back without having to pass the type as parameter or anything of the sorts. Let's see.

When Dumper serializes a type, it will write the data in the object (your blessed reference or whatever) to a "perl code string", and furthermore, it will wrap it in a call to bless, passing it the type of the object!. I mean:

$VAR1 = bless( {
                 'places' => {
                               'Asturies' => 'Uvieu',
                               'France' => 'Toulouse',
                               'Germany' => 'Berlin'
                             },
                 'name' => 'Francois',
                 'lastName' => undef,
                 'city' => bless( {
                                    'name' => 'Paris'
                                  }, 'City' )
               }, 'Person' );

So we have there perfectly valid code to create a perl object of the right type with the right data. Obviously to dinamically run a string of perl code in our script all we need is calling the almighty eval. Well, just one minor quirk. We have to get rid of the $VAR1 = assignment. Oddly enough perl does not have replace function out of the box to do something like replace(mySerializedObject, '$VAR1 = ', ''), so you either use a regex, or substr

I've put the few lines of code needed for this serialization/deserialization into a class, in case one day I need to change the serialization strategy.

package TypedSerializer;

use strict;
#Data::Dumper::Dump stringifies the content of the object and wraps it in a call to bless with the corresponding type, 
#the main problem is that it adds this assignment " $VAR1 = bless(" ,
#if we pass this string directly to eval, it will fail because of that "$VAR1 = ", so we just need to remove "$VAR1 = " from the string
#so we either use Terse to directly prevent it from going to the string, or we just remove it with substr or a regex

use Data::Dumper;

sub New{
 my ($class) = @_;           
    my $self = {
   };               
   return bless $self, $class;   
}

sub Serialize{
 my ($self, $item) = @_;
 my $str = Dumper($item);
 return substr($str, length('$VAR1 = '));
}

#bear in mind that when the object is deserialized, the "constructor", New, is not called
sub Deserialize{
 my ($self, $str) = @_;
 return eval $str;
}
1;

I've put it up in a gist along with some testing code here

Sunday, 8 November 2015

Top vs Rownum

I guess talking about Sql queries these days, when Non Relational DBs are all the rage, is quite "uncool", but anyway...

For someone that has mainly worked with SqlServer, that fact that Oracle misses the TOP clause is quite shocking. You have to resort to using the ROWNUM pseudocolumn.

So a query like this:

SELECT TOP 10 * FROM cities

has to be written like this for Oracle:

SELECT * FROM cities WHERE ROWNUM <= 10;

It's odd, as I would say almost any other RDBMS out there implements TOP, but well, it's not a big deal. However, there is a huge difference when combined with ORDER By. If you rewrite this query:

SELECT TOP 10 * FROM cities ORDER BY population

like this:

SELECT * FROM cities WHERE ROWNUM <= 10 ORDER By population

You'll have a problem. In the first query the TOP clause to limit the number of results is executed after the ORDER BY, but in the second query, the WHERE ROWNUM condition is executed before the ORDER BY. This means that you will get whatever first 10 rows you have in your table, and then you'll order only those restricted rows, so obviously that is not what we want.

Hopefully the solution is pretty simple. In order to execute first the ORDER BY and then the filtering, you can use a composed query like this:

SELECT * FROM (
SELECT * FROM cities ORDER By population
)
WHERE ROWNUM <= 10

I came to this simple solution on my own, and doing some search to see if there is another better option, it seems like it's the common solution.

Thursday, 5 November 2015

.Net Attributes

I've never been too keen of .Net attributes, I guess because I've always had rather present its big limitation, they are a static, compile time feature, you can not add, delete or modify an attribute for a class, method or property at run time. In part as a consequence of this, they apply at the Type level, not at the instance level, so if you declare a class as [Serializable], all its instances will be Serializable, and you won't be allowed to remove this Serializable attribute.

I think it's common to talk about Attributes just in terms of metadata (notice that when they are applied to classes they are the perfect replacement for the Marker Interfaces. Attributes are more than metadata though, as they have methods they can have behaviour.

Of course Attributes are still pretty useful, but you have to be careful to use them only in situations when these metadata or behaviour are not going to change at runtime, if not, you'll have to keep this information in normal objects that you initialize based on configuration values and that you can change normally later on.

The behaviour for the Java counterpart, annotations, is basically the same as far as I know. On the other side, JavaScript does not have "official" support for Attributes/Annotations (you'll see some libraries that implement them based on comments). But indeed, JavaScript supports dynamic attributes for "classes" and "methods" (I'm talking about pre ES6, that's why I use the quotes). In the end "classes", "methods" and normal functions just come down to functions, functions are objects, and objects can just be expanded with new properties whenever you want. So you can designate your "class" as serializable, or your method/function as "cacheable" just like this:

function Person(){
...
}
Person.serializable = true;

var p1 = new Person();
if (p1.serializable){

}

function algorithm1(){
}

function algorithm2(){
}

algorithm1.fast = false;
algorithm2.fast = true;

if (timeConstrains == true){
algorithm2();
}
else{
algorithm1();
}

Back to .Net attributes, I had never thought about how attributes are stored. I mean, yes an Attribute is a class, but what I wonder is how is stored that one class, method or property is decorated by certain attribute having certain parameters? Everything is stored in the Assembly metadata. You can read here a pretty good explanation.

Going for precision here, all the [attributes] used in an assembly are gathered together by the compiler and written to the metadata of the assembly. Two tables in the metadata play are role.

The first one is the CustomAttribute table, it contains a list of every single attribute. The list entry has an index to the original declaration that had the attribute (1), a reference to the constructor for the attribute type (2) and an index for the value that's used to construct the attribute object at runtime (3).

The second one is the Blob table, the value index (3) in the CustomAttribute table indexes it. It contains the values you used in the attribute declaration. Those values are a string if you used a string or typeof argument, the actual value if you used a value type value argument, an array of those values if you use an array.

Constructing the attribute object at runtime thus involves first finding the entry in the CustomAttribute array by (1). Then locating the constructor for the attribute class by using (2) and jit compiling it if necessary. (3) is used to lookup the entry in the blob table, converting the values in the blob as necessary, like retrieving the Type from the string, creating the array, etcetera. And calling the constructor to create the object.

Organizing it that way has the big advantage that a declaration can have an arbitrary number of attributes and that attributes can be used on many kinds of declarations (assembly, type, method, parameter, field, etc). The disadvantage is that finding them back isn't particularly cheap

Now that we know how they are stored, the next question is, when are attributes created? (I mean, the instances of an Attribute class)
I've been doing some tests, and it goes like this:

  • Creating a class decorated with attributes (the class or its methods or properties) does not create an instance of the attribute.

  • Checking if a class is decorated by an attribute, let's say:
    typeof(Class1).IsDefined(typeof(SimpleAttribute), false);
    does not create an attribute either.

  • Attributes are created for example when code like this is run:
    var attrib2 = typeof(Class1).GetCustomAttributes(typeof(SimpleAttribute), true).FirstOrDefault() as SimpleAttribute;

    You'll use code like that if you need to check some property of an attribute or invoke some of its methods. Think for example in the AuthorizationAttribute and how the framework invokes its Authorize method.

Tuesday, 27 October 2015

Deserialize Runtime Type

In .Net (I guess it's the same in Java), most times that we are going to deserialize an object, we know the concrete type of the object at compile time, so it's not a problem that a Generic constructor for the Serializer object or a Generic method for the Deserialize method is needed. But which are our chances if the specific type won't be known until runtime?

The scenario
Let's say that we have an Interface or a Base class to interact with, but we'll receive the JSON serialized form of one of its implementations or derived classes. For example:


 public abstract class AlgorithmBase
 {
  abstract public int DoCalculation();
 }

 public class SimpleAlgorithm: AlgorithmBase
 {
  public int Coeficient{get;set;}
  public int Var1{get;set;}
  
  public override int DoCalculation()
  {
   Console.WriteLine("SimpleAlgorithm.DoCalculation");
   return 1;
  }
  
 }

This makes perfect sense. Your code will be interacting with AlgorithmBase, but the instance to be deserialized is a SimpleAlgorithm, so on one side you need a way to set in the serialized JSON string the specific type, and on the other side invoke the deserialization code with that type known just at runtime.

It turns that this is pretty easy to achieve with Json.Net. First, let's see our JSON:

{
 "type": "DeserializeRuntimeType.Algorithms.SimpleAlgorithm",
 "data": {
  "coeficient": 5,
  "var1": 8
 }
}

So we need to extract from this JSON the type, and use it to parse the "data" part into an instance of that type. With Json.net we can parse our JSON string into a JSON object in memory (JObject). Furthermore this JObject implements (well, the JToken base class indeed) IDynamicMetaObject, so if used with the dynamic keyword we can conveniently access the different fields with the "." notation. So we can just do this:

dynamic obj = JObject.Parse(jsonString);
string typeStr = obj.type;
JObject jObj = obj.data;

Now, in order to deserialize those data in jObj into an instance of the type in typStr we can use 2 of the overloads of the JObject. The easy way is to use JObject.ToObject(Type, serializer) (I'm using the overload receiving a serializer because of the pascal/camel casing differences between csharp and standard JSON)

var serializer = new JsonSerializer()
   {
       ContractResolver = new CamelCasePropertyNamesContractResolver()
   };

//with a type known at compile time
//AlgorithmBase algorithm = jObj.ToObject(typeof(SimpleAlgorithm), serializer);
Type tp = Type.GetType(typeStr);

AlgorithmBase algorithm = jObj.ToObject(tp, serializer) as AlgorithmBase;

And the quite more complicated one is to invoke the Generic method JObject.ToObject<T>(serializer). Notice that the way to obtain the first MethodInfo when we have several overloads is quite a bit bizarre.

var serializer = new JsonSerializer()
   {
       ContractResolver = new CamelCasePropertyNamesContractResolver()
   };

Type tp = Type.GetType(typeStr);
//with a type known at compile time it would be just:
//AlgorithmBase algorithm = jObj.ToObject<SimpleAlgorithm>(serializer); 
MethodInfo method = typeof(JObject)
    .GetMethods()
    .FirstOrDefault(mt => mt.IsGenericMethod && mt.GetParameters().Count() == 1);
   
   MethodInfo generic = method.MakeGenericMethod(tp);
   
   AlgorithmBase algorithm = generic.Invoke(jObj, new Object[] {serializer}) as AlgorithmBase;

It's interesting to see how the overload that for a type known at compile time is more elegant: jObj.ToObject<SimpleAlgorithm>(serializer), for a type known at run time turns a bit more convoluted.

Monday, 26 October 2015

SecureString

I used the SecureString class to store passwords in memory a few times in the past, and I have realised that I used it pretty wrongly, so I'll try to put up here what I have learned lately so that I can avoid such misuse in the future.

Remove from memory
Sometimes you have data (secret data) that want to keep in memory for as short as possible, just for the instant that they are going to be used. While those data are in memory someone could get access to them, either by inspecting the memory with a debugger, the swap file where it might have ended up or even easily, by dumping the process memory to disk (in modern Windows this is as easy as it can get, just launch the Task Manager, right click on the process and select "create dump file"). The first thought in order to get rid of those sensitive data would be to release that memory, but in the .Net managed world this is not so simple. After setting the reference to null you need the GC to come into action, and even when you can force a GC.Collect, this is not immediate, you also have to be aware about generations and so on. So a better option seems to overwrite the involved memory. For this, the .Net string class is a pretty bad bet, as it is immutable, so you can not overwrite it. You should better use a mutable structure (like a char array)

As a side note, I wanted to remark here that though you should not use strings for your critical data, it is not as horrible bad as I had got to think. I was thinking that because of string interning a string could stay in memory forever, but that is not the case. The string interning table is stored int he LOH (large object heap) that though GC'ed very unfrequently, it is occasionally. Furthermore, by default runtime strings (for example the string with a password that you have just unencrypted in memory) won't be interned, by default interning only applies to string literals.

SecureString
OK, so you'll read everywhere that you must use SecureStrings for all your sensitive data, but how does it really work? A SecureString contains an encrypted version of the string that you want to store in it. The encryption/decryption of the value is based on a symmetric algorithm and a key specific to the current logon session (this is based on DAPI key management and is explained here). The weak point obviously is the clean, sensitive string that will be encrypted into the SecureString. Some framework classes work directly with SecureStrings, for example WPF's PasswordBox, meaning that if a user types a password in that box, each character will be appended to a SecureString, and you will not end up with the password in a normal string at all. The ProcessInfo.Password is also a SecureString, but unfortunately there are many situations where the support for SecureStrings is missing.

A common sceneario
A relatively common scenario is having an application that needs to start another process or another thread (impersonation) under a different identity (UserB). We'll have the UserB password encrypted with some symmetric key in a file, DB ... we'll read it and decrypt it into a SecureString. This is important, some Symmetric Encryption classes that I've used for this in the past were just returning me a String, which is pretty wrong. You can find here a good implementation that returns SecureStrings. Notice how they do the decryption to a char[], build a SecureString from it, and immediately clear the Array with the clean password.

  public void Decrypt(byte[] input, out SecureString output, byte[] key,
            byte[] iv)
        {
            byte[] decryptedBuffer = null;

            try
            {
                // do our normal decryption of a byte array
                decryptedBuffer = Decrypt(input, key, iv);

                char[] outputBuffer = null;
                
                try
                {
                    // convert the decrypted array to an explicit
                    // character array that we can "flush" later
                    outputBuffer = _utf8.GetChars(decryptedBuffer);

                    // Create the result and copy the characters
                    output = new SecureString();
                    try
                    {
                        for (int i = 0; i < outputBuffer.Length; i++)
                            output.AppendChar(outputBuffer[i]);
                        return;
                    }
                    finally
                    {
                        output.MakeReadOnly();
                    }
                }
                finally
                {
                    if (outputBuffer != null)
                        Array.Clear(outputBuffer, 0, outputBuffer.Length);
                }
            }
            finally
            {
                if (decryptedBuffer != null)
                    Array.Clear(decryptedBuffer, 0, decryptedBuffer.Length);
            }
        }

OK, so now we have our password in a SecureString. This is fine for starting a new Process cause as previously mentioned ProcessStartInfo.Password is a SecureString, but what about impersonation?

As you know for impersonation we need to obtain an AccessToken via the LogonUser Win32 function. The problem is that this function does expect a clean password, not a SecureString, so are we condemned to the risks of having a clean password in our managed memory until the GC decides to clean it?

Hopefully there is a solution that is nicely explained here. The main point is that you can declare the PInvoke signature for LogonUser as receiving an IntPtr for the password parameter rather than a string (I had always done the latter). Then, you have to use Marshal.SecureStringToGlobalAllocUnicode to decrypt and marshal the SecureString into unmanaged memory. Once you are finished with LogonUser, you have to clean up the unmanaged memory holding the unencrypted password by calling into Marshal.ZeroFreeGlobalAllocUnicode

Sunday, 25 October 2015

Thread Return Value

It's clear to me that since the introduction of the TPL in most cases there is no reason to create Threads directly via the Thread class, and we should just use Tasks via any of the overloads of Task.Run. Tasks work as an upper level abstraction over the low level Threads making use of the ThreadPool, and ever than possible we should use abstractions. Anyway, I still tend to occasionally create Threads directly, just from habit. The other day I realised of an interesting difference between both approaches that leads to writing quite a different code in both cases.

Mainly, Threads started via the Thread class do no return a result. You create your Thread, start it with the Start method and at some point the thread will end, but you are not provided with a generic place where you can get the return value from that code (that's why you can only pass to the Thread constructor a delegate that returns no value). Obviously you could work around this by setting that value in some global place (don't do that) , or in a property of some object passed as parameter to the Thread, or extend the Thread class adding a Result property...
Notice that another possibility would have been that Thread.Join returned a value (this is what happens in the horrific thread API provided by perl), but Thread.Join returns nothing.

Well, the idea of having a Result property in the Thread class is basically what we have with Task<.TResult>, as we get a Result property to hold the result of the code. Cool. This difference can have an interesting effect on how we write our consuming code, basically avoiding the use of locks. Let's see what I mean.

Let's say we have a class that downloads a post. It's an "old school" one working synchronously, a call to GetPost will just block until the operation is complete. We are going to download several posts in parallel, once all of them are finished we want to have these downloads in a dictionary of url, post content.

If we use classic Threads, we'll have to run in the thread the downloading code and the code that will add the result to a dictionary, and as several threads can be accessing this Dictionary at the same time, we have to synchronize the access by using a lock statement (that is, a Monitor)

  private static void ClassicThreads()
  {
   var lockHelper = new Object();
   var downloader = new PostDownloader();
   foreach (string url in urls)
   {
    //c# 5, the foreach var is internal to the loop, so each closure closes over a different variable...
    var th = new Thread(() =>
    {
              var txt = downloader.GetPost(url);
              Console.WriteLine(url + " downloaded");
              lock(lockHelper)
              {
               results.Add (url, txt);
              }
          });
    
    th.Start();
   }
   while(results.Count != urls.Count)
   {
    Thread.Sleep(200);
   }
   Console.WriteLine("All Done!");
   Console.WriteLine("- Results:\n" + resultsToString(results));
  }

If we use Tasks, we can run in the Task/thread only the downloading code, then wait for all the Tasks to be completed, and fill our dictionary with the results from the main thread, by reading the Task.Result property, no need for any synchronization.

  private static void TasksBased()
  {
   
   var downloader = new PostDownloader();
   var tasks = new List≶Task≶KeyValuePair≶string, string>>>();
   foreach (string url in urls)
   {
    Task≶KeyValuePair≶string, string>> downloadTask = Task.Run(() => {
      var res = downloader.GetPost(url);
      Console.WriteLine(url + " downloaded");
      return new KeyValuePair<string, string>(url, res);
    });
    
    tasks.Add(downloadTask);

   }
   Task.WaitAll(tasks.ToArray());
   
   foreach (var task in tasks)
   {
    results.Add(task.Result.Key, task.Result.Value);
    
   }
   
   Console.WriteLine("All Done!");
   Console.WriteLine("- Results:\n" + resultsToString(results));
  }

This article gives a nice overview of Threads, ThreadPool and Tasks.

Sunday, 18 October 2015

.Net 4.6

While starting to try to put me up to day with .Net 4.6 I've come up with a few interesting things. Let's see.

I already wrote some months ago about how .Net 4.5 is an in place replacement for .Net 4. With 4.6 is right the same, and the same technique described in that post applies in order to verify which is the .Net version that you have installed. If I check on my PC the version of the clr.dll, I'll see that it is now: 4.6.96.0.

As you know Microsoft has been working for a while on a new and improved JIT (Ryujit). In the past it was possible (I never tried it) to install it (protojit.dll) side by side with the standard one(clrjit.dll), and select one or another. In 4.6 this new JIT has become the standard, and as such has been renamed to clrjit.dll. The old JIT is distributed with the framework in the compatjit.dll file, and if needed you can force an application to revert to it by setting a value in app.config. It's explained here.

.Net 4.6 comes with C# 6, and the long awaited Roslyn. However, the whole thing is quite a bit bizarre. The csc.exe compiler that you'll find in the Framework installation folder (C:\Windows\Microsoft.NET\Framework64\v4.0.30319) is the old compiler, not based on Roslyn and with support only for C# 5. You can verify this by just trying to compile some code taking advantage of some new C# 6 feature. For example, trying to compile a program including a line like this:

int? length = list?.Count;

will give you these errors:

error CS1525: Invalid expression term '.'
error CS1003: Syntax error, ':' expected

So the new Roslyn based, C# 6 compiler is not installed with the Framework!!!

Microsoft has gone crazy or what?
The new compiler is installed when you install Visual Studio 2015, and seems to get placed in: $ProgramFilesx86$\MSBuild\14.0\bin (it's explained here). This appears not to be a big problem for most developers, as you can install Visual Studio Community for free, but as it's a fully functional Visual Studio, the installation is slow and painful. I really can not understand how you can install SharvDevelop in 1 minute and less that 50 MBs while installing Visual Studio continues to take hours and GBs and GBs.

Hopefully, for those few of us that don't plan to install VS 2015 (on my personal laptop), we can install Roslyn on its own in 1 minute anyway. You just need nuget (that by the way, can now also be installed and used on its own, just download the binary from the nuget site), and run this command:
nuget install Microsoft.Net.Compilers
as explained here.
The new C#, roslyn based compiler is still named csc.exe, but its version is:
Microsoft (R) Visual C# Compiler version 1.0.0.50618
while the version of the the non Roslyn compiler is:
Microsoft (R) Visual C# Compiler version 4.6.0081.0!!!

Yes, pretty bizarre, thanks Microsoft for adding more confusion to our lives... I have installed the Roslyn compiler to a Roslyn folder and renamed the binary to csc6.exe, cause as I have the folders for both the old and the new compiler in my path environment variable, I needed a way to make sure I'm using the correct one.

Thursday, 8 October 2015

Call the scum Daesh

For some time I had been wondering why almost all the French media tend to call the ISIS monstrosity by its Arab name, Daesh. It caused me some discomfort as to some extent it seemed to me that using the Arab name entailed some sort of recognition to them. I've just found that I was totally confused, you can read here that the Islamo-Fascists beast considers the Daesh term as an insult, because itsounds like the Arabic words Daes ("one who crushes something underfoot") and Dahes ("one who sows discord"). I've read somewhere that the French government sent a recommendation to the media to call this abomination "Daesh".

I pretty much like this stance, and I'll try to adhere to it myself. In the past I've found it quite revolting that many media (CNN for example) called them "militants". This is a neutral term (indeed I would tend to give it a positive undertone), and for the most part I don't believe in neutrality, indeed I hate neutrality, not taking sides is just a sign of cowardice and mercantilism. One can not be neutral before sadism and wickedness, one has to take sides and push others into also taking sides, not doing so turns you into an accomplice. You have to use a term that shows disgust, repulsion and contempt, you can not call Daesh "militants, you can not call Saudi Arabia or Qatar "states", you can not call Erdogan "president" and you can not call the Turkish repressive forces "an army", you have to call them "sadists", "terrorists", "vicious murderers" and "genocidals", because that's what they are. I hope someday history books will call them like that, and will call HEROES to all those that fight against them, like the Kurdish freedom fighters (YPG/YPJ, PKK) and the international volunteers.

Well, I think I'll leverage this post to put here a link to this inspiring video by the Kurdish left wing rapper Castro, and this other one. Would love to see those Kurdish troops enter one day in the Turkish presidential palace and burn it down to ashes. Long live to the Kurdish revolution! and Boycott Turkey, let's destroy their economy same as they torture, murder and rape innocent Kurds. Hopefully economic pressure could force progressive Turks and "normal" Turks to unite and revolt against Erdogan and the AKP scum, but well, honestly, with a population that votes massively for the Erdogan beast, I'm afraid there's little good to expect from the "average Turk", as the "average Turk" seems to be an Islamo-nationalist that denies other people's rights, denies the Armenian genocide, agrees with the invasion of Cyprus, and so on and on.

Sunday, 4 October 2015

REC 4

[REC 4] has been a pretty nice surprise. I wanted to leverage the Cinespanha festival in Toulouse to go watch some film, but I didn't feel like spending much time going through the program, so when I found they were showing one more instalment of the [REC] franchise, the plan was done.

I had great memories from [REC 1] and [REC 2], but [REC 3] was crap (this is not just my feeling, it seems common to most critics), so much that I have to admit that I even hesitated about stepping back and save me the 7 euros of the ticket. Well, maybe [REC 3] would not feel so bad if you just looked at it as one more Zombies film, but if you put it along with its prequels, it's just crap. So, I was intrigued (and a bit scared) as to whether this 4th instalment would be in line with the good ones or with the shit one. Hopefully, it's been the former.

[REC 4] is a perfect continuation of the story developed in 1 and 2. It's as thrilling and intense as its predecessors. Though also set in a closed space (a ship rather than an old building), it does not achieve the same claustrophobic atmosphere, but it's just excellent anyway. I quite liked the turns given by the 3 films in explaining what is happening. While [REC 2] moved us from the infectious disease realm into the paranormal, demonic posession territory, [REC 4] moves us back into the infectious disease land.

The [REC] series (except for the third, crappy film, on which he was not involved) are the best known works by Spanish/Catalonian (I have no idea of which are his feelings of identity) director Jaume Balaguero, but his previous films: The Nameless, Darkness and Fragile are pretty good (Darkness in particular). I have realised that I had missed "Sleep Tight", so I'll have to put it in my ToDo list, aong with watching again [REC 1 and 2].

Sunday, 27 September 2015

Merge and Divide

France lacks of peripheral nationalisms, except for Brittany and Corsica, and anyway it's minimum when compared to Basque or even Galician nationalism. Not event regional feelings are any strong. Based on wikipedia Midi-Pyrénées has one of the strongest regional feelings, probably it's true, you will see the Languedoc/Occitanie cross here and there, and of course Toulousains are very proud (and with good reason) of our city. Indeed, I would say that when compared to Spain, French nationalism is pretty soft (yes, forget about the huge support for the FN, I've said it in some other posts, it's quite a mystery that does not fit at all with what I perceive in my daily life in France, but at the same time I more or less begin to understand what prompts that vote, and for sure in most cases is not a particularly strong national feeling what is behind it).

With this in mind, it's not strange that the decision taken by the government some months ago to merge several regions (effective next January) did not stir strong passions or painful debates among the population (wow, imagine how different it would be in Spain...) On the other side, some local politicians were quite belligerent. The main problem with these merges is that you have to reduce duplicated structures and you have to choose a capital, so in the case of the merge of Midy-Pyrénéés and Languedoc-Roussillon this was quite painful for the latter. The decision between Toulouse and Montpellier was pretty clear for anyone with a brain. Don't get me wrong, Montpellier is a beautiful, modern city full of history, but it can not be compared to Toulouse, neither in terms of population (Toulouse is twice the size of Montpellier, both for the cities proper and for the Metropolitan areas), economic relevance and historical role (capital of the Visigothic kingdom, Battle of Toulouse, County of Toulouse). Indeed, I guess this easy decision is what mainly led to the fusion with L-R rather than with Aquitaine,a region with which in principle there are more economical sinergies (the Aerospace valley...). But choosing a capital between Bordeaux and Toulouse would have been pretty tough and I guess nobody wanted to get caught in such a battle.

Anyway, politicians in Montpellier were ready to cry and fight, and in the end they managed a sort of split of competencies. Toulouse will be the capital, but will get 6 out of 11 regional administrations, Montpellier will get the other 5. Of course this has not been well received in Toulouse, and many (me among them) question this decision and the merge itself.

I considered this to be a problem unique to this new region, as I thought it was the only one with 2 big cities, though notice that other already existing regions like PACA or Rhone-Alpes have this same situation (Marseille-Nice, Lyon-Grenoble-Saint Etienne), but reading this week's issue of Charlie Hebdo I found out that the case of Alsace-Champagne-Ardenne-Lorraine is even worst, they are joining 3 regions and you have to split competencies to keep everyone sort of happy between Strasbourg, Reims and Metz/Nancy (as Lorraine already had 2 big cities...) Obviously this will be really convenient for citizens... and is an excellent way to spend the brutal (yes, you can only qualify them as that, brutal) taxes paid by French workers. As Charlie notes, it follows the tradition of competence and money saving established by the European Union and its split of administrations between Brussels and Strasbourg...

Regarding my new region, some people proposed an idea that would have been really costly, but in terms of history and structuring of the territory was not that bad, to move the capital to Carcasonne, that though located in L-R is much more related to Toulouse (30 minutes far by train) than to Montpellier. The next point is deciding on a name, as the M-P-L-R thing is just something provisional. There is one poll in La Depeche about it. I voted for Pyrénées-Languedoc (Toulouse was the capital of the historical Languedoc), but Occitanie seems to be the one favoured by most people. My problem with naming it Occitanie is that the historical Occitanie comprised a much bigger territory.

Friday, 25 September 2015

UAC

I still find things around UAC confusing sometimes, so I'll put up here some notes. This paragraph in Wikipedia explains pretty clearly what UAC means:

When logging in as a user in the Administrators group, two separate tokens are assigned. The first token contains all privileges typically awarded to an administrator, and the second is a restricted token similar to what a standard user would receive. User applications, including the Windows Shell, then start with the restricted token, resulting in a reduced-privilege environment - even under an Administrator account. When an application requests higher privileges or when a user clicks a "Run as administrator" option, UAC will prompt standard users to enter the credentials of an Administrator account and prompt Administrators for confirmation and, if consent is given, continue or start the process using an unrestricted token

The restricted Access Token is also called "filtered" token. We say that an application is running elevated when it is running with the unrestricted (full) token. As far as I know a running process can not be elevated, is something that can only happen when the process is started (same as you can not switch the user under which a process runs). So when a process is started it gets assigned an Access Token for a given user (and if that user is an Administrator it can be the restricted or the unrestricted one). Of course a process can use impersonation, but that's something at the thread level (impersonation token). One important point that I tend to forget is that if you are an Admin you can force a process to be started with the elevated token (rather than wait to see if windows offers you that with its UAC promp) by launching it with Run As Administrator

What does this restricted token really mean? Well, Access Tokens contain information about the Identity and the privileges of a User, as in Windows security works at 2 levels, on one side you have ACL's for securable resources (files, folders, registry keys), your permissions on these resources come determined by your user/group, so in this sense a restricted and unrestricted token for the same user behave just the same. On the other side we have privileges to perform certain actions (for example create Global Objects or use impersonation). Thanks to this pretty good article I learnt about the whoami /priv /user command that you can use to see the permissions associated to your current token.

Checking if a process is running elevated is pretty simple, you just have to enable the elevated column in Task Manager. There you can check that if you run a process elevated (for example cmd) and from it you start a new process (for example notepad) the child process will also be run elevated.

And, how do UAC and impersonation play together? Let's say you are running a process as a normal user and you impersonate one of its threads to run with the token of an Administrator (that you have obtained via the LogonUser API function), will it obtain an elevated or a restricted impersonation token?

I have not tested it myself, but from this StackOveflow discussion it seems like if you are in an interactive session you will get a restricted token, but if you are in a non interactive session you will get an elevated token.

By the way, reading over this post about Impersonation that I wrote time ago has been quite useful to refresh some concepts.

Sunday, 20 September 2015

Eritrea

Regardless of my interest in geography, history and social issues, I have to admit that my knowledge about Eritrea was pretty low. I knew the basis: Horn of Africa, independent after Italian rule and a war against Ethiopia, an "Italian style" capital, and well, what sadly you have to assume about mainly any African country, it's poor.

It seems like the second biggest group of refugees in the current humanitarian crisis are Eritreans, for example the shocking refugees camp that existed between last summer and this summer in central Paris under one of those beautiful overground metro tracks was basically populated by Eritreans, Sudanese and Ethiopians. So this woke up my interest in the country and made me go in search of some information.

It's very complicated to get a full idea of how the situation is there. The vision that most western media and governments promote is that Eritrea is a very poor and horrible repressive state. This article and this BBC documentarystand on that side. On the contrary, I found 2 fascinating documentaries, "A nation in isolation" and "Behind the Crisis"", that portrait a quite better image. Probably there's truth on both parts. On one side the goverment has made the economy, the health and educational systems improve and move forward, but is paranoid about dissidents and rules with an iron fist. Well, in a continent where hunger, AIDS and lack of education are so common, overcoming them at the expense of some personal freedoms does not seem such a bad deal to me...

I'll try to continue to learn about the country, cause apart from this intriguing/worrying political situation, there are some facts that make it quite interesting, for example:

  • Roughly half of the population is Christian and half of the population is muslim and they live together without friction. Churches and Mosques stand close to each other without a problem.
  • There are 9 main ethnic groups in the country, and again, there seem to be no conflicts among them.
  • Asmara is a sort of masterpiece of Italian modernist architecture.
  • Assab, the city with probably the most horrible weather in the planet (almost no rain, annual mean average temperature of almost 31 degrees and very high humidty. Notice that this contrasts with Asmara, that has rather pleasant climate.
  • During their heroic fight for independence against Ethiopia, the Eritreans were considered the best guerrilla army in the world.

Friday, 18 September 2015

Bordeaux

Bordeaux, "la belle endormie" (the sleeping beauty) is a really beautiful city. It's a little more than 2 hours far from Toulouse by train (and you can leverage a deal and get a return ticket for 30 euros, les samedis de intercité), so I have gone there in a good bunch of occasions. An easy an effective way to describe the city is to label it as a small Paris. I pretty enjoy the architectural change between Toulouse and Bordeaux. Toulouse architecture is amazing, but it does not follow the archetypical French style (the same happens with Marseille), on the contrary, Bordeaux is right what you would expect of a French city (in architectural terms) if your reference is Paris (indeed, Hausmann used Bordeaux as a model for transforming Paris). By the way, Lyon and Nantes are other 2 "very French" cities (well, Lyon is just incredible).

In my last day trip there I came across a few "different" images of the city that have prompted this post, so here they go:

Bordeaux will be connected to Paris by high speed train (LGV) in 2017, which means a travel time of 2 hours (meaning that Toulouse will be little more than 4 hours far from Paris! as we wait for the not yet confirmed LGV extension between Bordeaux and Toulouse). As a consequence the St Jean station is undergoing some important renovation and expansion works. The renovation of the beautiful and classy ceilings involves this astonishing scaffolding:

Le Garonne river flows really, really wide through Bordeaux (it's already pretty wide in Toulouse), and there are 2 modern bridges (Pont d'Aquitaine and the vertical lift bridge Pont Jacques Chaban-Delmas) that seemed to be worth a visit. In the end I didn't find them particularly remarkable, but on my path there by tram I spotted a couple of places that deserved a short stop. In the docklands area (area where the Italian fascist regime set up a submarine base) I came across this astonishing piece of Street Art:

Walking north from there I found quite a few painted walls, this piece quite caught my eye, as it is reminiscent of the amazing ROA

And from there I got to an amazing area that seemed a bit like copy-pasted from Berlin, Les vivres de l'art (beautiful memories of the courtyard of the sadly extinct Tachelles):

Sunday, 30 August 2015

Some films I've watched this year

In the last year my rate of film watching has quite decreased, so I have hardly posted any reviews. Anyway, there are a few rather interesting films that deserve at least a short mention here. Here it goes:

  • The East. I watched this excellent film 1 year ago, but never found the time to do a full review. It tells the story of a group of eco-fighters and the "spy" that infiltrates them. It stars the "indie diva"Brit Marling and the so cute Ellen Page. It's no wonder that the eco-militant thing reminded me of 12 Monkeys, one of my all-time favourite films.

  • The Captive. I watched this film early this year in Toulouse ABC cinemas. I quite liked it, it's slow but thrilling, with a broken narrative that makes it difficult at some moments to fully follow the story (maybe this is also because I watched it in English with French subtitles). I guess it's loosely inspired by Natascha_Kampusch's story.

  • We need to talk about Kevin. Wow, quite a shocking film. If you don't have kids and do not plan to do so, this is a nice story to reinforce you in your positions, and will be pretty handy to recommend it to your parents if they ever get a bit tiresome with the "you are not making us grandparents" kind of disappointed complaints :-)

  • Ex Machina. Best science-fiction film in a long while. A software developer performing a Turing test and falling in love with the target... well, something like that could have come up from my head! By the end of the film you'll be in love (or at least pretty horny) with the I.A.

  • La ninha de Fuego. It seems like this film has gained quite attention and pretty good reviews in France (I watched it last week in Utopia cinemas, and it was also on display in ABC cinemas). Slow and intense, it suggests but hides, making your imagination flow and leaving you with some open questions. I love how sexual domination is used as one of the main ingredients of the story, but no sex is shown (other than a nude image of the main female character, a tortured "femme fatale". This kind of strange story slightly reminded me of Almodovar's The skin I live in.

Monday, 24 August 2015

Solidarite Toulouse - Kurdistan

This last Saturday I came across a demonstration of the Kurdish community in Toulouse against ISIS and their sponsor the Turkish islamo-nationalist government. Indeed I think this demo was prompted by the last brutal attacks and repression exercised by the Turkish fascist state: bombing of Kurdish freedom fighters and civilians, the delivery of Kurdish prisoners to a certain death and torture in hands of Al-Nusra, the rape, torture and murder of a Kurdish female fighter... and the list goes on and on and on. Not that my French language skills are sky rocketing, but once joined to the demo I managed to chant some slogans like:

  • Erdogan assasin!
  • Daesh (ISIS) Terrorists!
  • Kurdistan libre!
  • Solution politique pour le Kurdistan

Obviously I took some pictures:



The organizers were handing out to the passers by an interesting pamphlet explaining this new chapter of Turkish dirty war and violence against the Kurds.







BOYCOTT TURKEY!!!!!!!!

Friday, 21 August 2015

Cyprus

I think many people don't know that Cyprus is a divided (invaded) country, and its capital Nicosia is the last remaining divided big city (along with Jerusalem). Though I quite knew about this situation, watching a few documentaries [1] and [2] on this topic last weekend has really infuriated me. Sure this is fostered by the visceral hate that I have developed lately for Turkey (as a state): the permanent neglect of the Armenian, Assyrian and Greek genocides, their ongoing joint venture to perpetrate a Kurdish genocide and destroy any kind of coexistence among religions (Syria...)

The passivity of the international community towards the Turkish invasion of Cyprus and the ensuing murdering and looting is shocking, not only at that time, but particularly now. With Cyprus being a member of the EU, the whole EU should exercise a hard boycott on Turkey, damaging their economy as badly as possible, putting them to the corner to force their complete withdrawal from Cyprus and strong economic compensations. The EU has just done so with different actors and without a real reason. I'm talking about the economic sanctions to Russia because of the conflict with Ukraine. I've already said it before, basically I don't give a shit about any of those 2 countries. In my eyes they are probably the 2 most xenophobic, utranationalist, racist and homophobic societies in the world (yes, sure, I'm judging them as a whole, it goes without saying that sure there are normal Russian and Ukrainian individuals that abhor their societies as much as I do), so I don't think we should spend any effort with them. Anyway, the alleged "Russian invasion" of Eastern Ukraine can not be compared in anyway to what happened in Cyprus. Russia is supposed to have entered into a territory where most of the population is of Russian descent, while the percentage of Turks in Norther Cyprus before the invasion was pretty lower. Likewise, so called "progressive" forces in Europe seem never tired of remembering us about the drama of the Palestinians, but stay oblivious to the drama of Kurds, yazidis or Eastern Christians being slaughtered by ISIS and the collaborationist Turkish government.

Hopefully I think in the last years the idea of Turkey joining the EU has been losing momentum, and indeed, I think it's just impossible. In principle all EU member states have to agree on a new country entering the Union, and obviously Cyprus will never agree, and I assume that Greece either. I had always opposed to the idea on cultural and historical basis, now it's purely that I can't consider Turkey a civilized country.

As a curiosity, I'll have to admit that Turkey seems to have done one good action in these years regarding this island, they have constructed a rather unique undersea pipe to carry water to the chronically water deficient island (to the Turkish occupied side, of course

We can all wish that with the rising tensions in Turkey (I think they could be on the verge of a civil war between islamo-nationalist scum on one side and Kurds and left-wing Turks on the the other side), some Left-wing Kurdish or Turkish fighter will make justice and get us rid of the current Turkish Fuhrer, that vicious torturer and murderer called Erdogan.

Saturday, 15 August 2015

Bytecodes, ASTs and so on

These pieces of news: [1], [2] and [3] about WebAssembly have made a pretty intereting read. It's not that I am interested in using it, I think 99% of web development projects will continue to be done in an every day more powerful and beautiful JavaScript, but the concept is pretty interesting since a technical stand point.

Being able to write high performance code for the web so that game engines can run smoothly on the browser is cool, but as I've said, I guess few people will ever need it. Having your Browser Virtual Machine running for a same "application" two parsers (one for JavaScript and one for WebAssembly) compiling to a common bytecode language is cool, but nothing new (you've been able since a long while to mix Python and Ruby into a C# application, and the same for Java). What is funny is that in the CLR and the JVM the first citizens were the static, "low level" languages (C#, Java...), and then the dynamic and more feature filled languages (Python, JavaScript, Groovy) were added as second citizens, for the web it has been right the contrary path.

What I find really interesting is that the code written in this "binary format for the web" is not bytecodes, in the sense that is not a set of instructions for a stack based (CLR, standard JVM) or registers based (Dalvik) Virtual Machine, but a bit upper level, a binary representation of an Abstract Syntax Tree (AST). Does this ring a bell? Well, it's just what is done with the DLR languages, that are compiled at runtime into a DLR AST that will be then transformed into .Net bytecodes.

The main performance advantage offered by WebAsm over JavaScript is that parsing this binary AST into bytecodes is way faster than parsing JavaScript. Though quite unrelated, my mind established a link between this and JerryScript, a JavaScript engine for small embedded devices. In the article they explain how they managed to make this engine fit into just 64KBs of memory:

From the perspective of IoT, we only focused on memory footprint.

JerryScript is a pure interpreter in contrast with multi-stage adaptive JIT engines today. So it has no overhead for storing compiled code. Even the parser doesn’t store AST. It produces bytecode line-by-line directly from the source code. For data representation, objects in JerryScript are optimized for size. JerryScript is using compressed pointers, bytecode blocks with fixed size, a pre-allocated object pool and multiple representation of Number objects to achieve both standard compliance and memory optimization. We will keep continue to reduce the memory footprint in various ways.

Friday, 7 August 2015

WPF vs WinForms

I don't like WPF. I've ever found it complex and overarchitectured, with a rather steep learning curve (and most times the VS designer does not seem able to draw effectively a XAML form) . For thin client applications a HTML5 SPA using your favorite JavaScript Framework/toolkit is usually more than enough. For thick clients sometimes is also enough. For those that it's not and for purely client applications you can try some of the HTML5 and node combinations discussed here. Anyway, for business line applications, Windows client applications are still needed and demanded. For those cases, I still would prefer to avoid WPF and stick to Windows Forms, and seems like I'm not the only one.

Sure there are many horribly architectured Windows Forms applications out there, just a continuation of the classical vb5 and vb6 nightmares. Obviously that's not Windows Forms fault, and many people have been developing pretty well desinged WinForms applications. The use of MVC (well, indeed I think it is MVP) demonstrated here is quite similar to what I've used in the few WinForms projects I've worked on.

With this in mind, the other day I was wondering if there is really any advantage in using WPF over WinForms. The resulting "research" did not give me conclusive answers, but made me refresh my poor knowledge of how Windows GUI applications work.

Apart from XAML, the recommended patterns and the new controls, under the covers the main evolution from WinForms to WPF is that WPF uses Direct X for rendering while WinForms uses GDI. DirectX can discharge this drawing to the Graphic Card, while GDI will do it in your CPU. This means that WPF drawing should be much faster that WinForms drawing. However, in principle WPF objects are more heavy than WinForms objects (in .Net terms). You can read more about it in these interesting StackOverflow posts [1] and [2]

One interesting point raised there is:

That being said, if you have a LOT of controls, WPF can actually outperform Windows Forms by a fair amount. In Windows Forms, each control requires a separate window handle, and receives its own message sets. With a lot of controls, this can actually slow things down pretty dramatically.

So in "Windows terms" WPF controls are lighter. But, what does this window handle and messages thing mean?

The most essential feature of any Windows GUI application (either .Net or native) is the existence of a Message Loop. The main thread in your windows application runs in a loop waiting for messages (a click, a timer, a refresh...) and when a message is received it will pass it to the code (Windows Procedure) associated to the affected Window. The notion of what a Window is at that level is quite important. At this level a Window (a Win32 Window) is not just your "normal Window" (with is blue title bar, close button...) but also controls like buttons, combo boxes, edits... you can see it here. They are created with the CreateWindow Win32 function, that is how under the covers WinForms, classic vb, MFC,... create their controls.

Both WinForms and WPF are based on the Windows message loop (it's created and kept hidden from you by Application.Run), but WinForms works much closer to the Win32 reality. Underneath it uses the CreateWindow function in user32.dll for creating most of its controls. In turn, user32 uses GDI for drawing these controls. From here:

User32.dll is a core windows dll used for windowing and other interactive user program tasks. WPF does not use it much.
Windows.Forms is mostly a .net wrapper around User32, and so is still based entirely on GDI,GDI+, and window handles.

WPF uses CreateWindow just for creating "real windows" and then it will create its controls by drawing on these Windows via DirectX (as if it were drawing shapes). As an analogy, think of how html controls work. An html button or textbox looks like its WinForms counterpart, but it's not a Windows Control, but a shape that the browser draws (for example via Cairo in Firefox)

You can verify this by running Winspector and trying to select a control in a WinForms application and a WPF application.

In the WinForms application you can select controls, for example a button:

While in the WPF application the only thing you can select is the "normal Window":