Muhammad Ali

If you’ve been browsing around programming-related websites like StackOverflow, you’ll occasionally see ads for companies looking to hire programmers, and quite often you’ll see them trying to entice you with graphics or mentions of Ninjas, Rockstars or Superheros.

But this isn’t just limited to flashy web ads. If you search job-posting websites like Indeed.com for ‘ninja’, you’ll find several such listings:

None of these jobs actually want real Ninjas (do they even exist anymore?), nor have anything to do with martial arts for that matter. Instead they are for programming jobs. But who is the target audience? At first glance it seems to be a lure for those wavering souls that have some unfulfilled childhood fantasies. But is there anything more to it than that? I posed the question to the Programmers – Stack Exchange community to get their opinions. The question has since been closed (update: and now un-closed…) – for good reason too: it was attracting a lot of negative comments which is not conducive to the type of community they are trying to build there. However, some good points were raised comparing the traits of a Ninja to the characteristics desired in software developers:

• Mastery by experience: to be highly skilled due to intense training and practice. This also implies enlightenment (i.e. knowing both your enemies/competition and your friends/end-users)
• Confidence in tackling the impossible: to have the initiative and determination to deal with problems that others don’t want to touch
• Economy of effort: to find optimal solutions in the minimal amount of time and with the least amount of effort
• Resourceful: to know what tools are available, how they can be used and when it is appropriate to use them
• Stealth and unorthodox style: to be able to go in, under the radar (when required), and finish the job, sometimes by employing techniques that commoners are not familiar with (this one applies mostly to hackers)
• Honor/Respect (this is probably more relevant to Samurai than Ninjas, but lets just go with the flow anyway): to be humble enough to respect the fact that some peer out there may be better than themselves

But this is not enough to convince me that this is more than a tacky marketing scheme by Human Resources Agents. As programmer Jon argues, there are experienced professionals in other industries too, but they don’t get referred to as Ninja Doctors, or Ninja Lawyers. However programmer Anna points out that this is most likely because the programming culture is closely tied to the gaming sub-culture, whereas the other professions aren’t. However, I still feel that the term is being grossly misused just for its coolness factor.

Anyhow, let me end this post by quoting programmer JB King‘s G.I. Joe analogy, which absolutely cracked me up:

If you ever saw the G.I. Joe cartoon from the 1980s you may remember the character of Storm Shadow. He had a sword and some throwing stars but with just the right sequences of punches and kicks managed to take apart a tank in an episode. In a similar manner, programmers can get called in to do some work that requires them to pull out weapons you may not have thought they had.

• • Comments [1]
  • Categories [Programming]

Setting up SSH access to my Bitbucket Mercurial repository on Windows took a bit longer than I would have liked. Since Google doesn’t come up with any direct hits that give a step-by-step guide to exactly dealing with this issue, and since the Bitbucket documentation leaves the Windows user high and dry with a ‘This is not described in further detail here’ message, I’m going to go ahead and write one of my own.

If you don’t have a public/private encryption key pair, you first need to get those:

• Download the Putty tools: Make sure you get at least PuttyGen and Pageant. They’re both included in the ‘Windows Installer for Everything…’
• Run PuttyGen and click on Generate to create a new key

• You can change the ‘Key comment’ to anything you like. Something that includes the encryption method, date, username and computer is probably helpful e.g. rsa-key-20101130-user@home
• The ‘Key passphrase’ is something that will be used to secure the private key that’s stored locally on your computer. Unless someone has the passphrase, they cannot access your private key. The PuttyGen documentation says

Choosing a good passphrase is difficult. Just as you shouldn’t use a dictionary word as a password because it’s easy for an attacker to run through a whole dictionary, you should not use a song lyric, quotation or other well-known sentence as a passphrase. DiceWare recommends using at least five words each generated randomly by rolling five dice, which gives over 2^64 possible passphrases and is probably not a bad scheme. If you want your passphrase to make grammatical sense, this cuts down the possibilities a lot and you should use a longer one as a result.

Now you can click on the ‘Save private key’ and ‘Save public key’ buttons to save the files to disk. Don’t close the dialog box yet as we’ll need it soon.

Now go to your Bitbucket home, and click on the Accounts button

Scroll down to the SSH Keys section. Copy your public key from the PuttyGen window where it says ‘Public key for pasting into OpenSSH authorized_keys file’ and paste it in the textbox next to the ‘Add Key’ button. Now press ‘Add Key’ and Bitbucket should store the key for you.

To avoid having to type in your long passphrase every time you use your private key for commits, you need to keep the Pageant program running in the background. You can have it set up to start once per your Windows session so you only have to provide the passphrase once, and then it keeps running in the background. You can do this by typing

pageant private.ppk

from the command line (where private.ppk is the file where you saved your private key).

• • Comments [9]
  • Categories [Programming]

I just realized today that the 5-10 minute delay in starting up of Eclipse matches exactly with a same spike in my internet usage! What the hell is going on here?

I started noticing the delay in Eclipse after I installed the PyDev plugin. I haven’t really looked into the reason for the delay, and it might have nothing to do with PyDev, but that sure would be a hell of a coincidence.

I wonder what data is being sent/received which causes this. I wonder if Eclipse is sending over keyboard shortcut usage statistics to the server – although I remember switching that feature off.

Mysterious. And suspicious!

Update: Since then I’ve had several other installations (and re-installations) of PyDev on the same and other machines and I haven’t been able to reproduce the problem. It looks like PyDev was not to blame after all. I’m still not sure what caused the problem originally. Maybe it was some other rogue Eclipse plugin. Or just something messed up with my workstation’s settings. I’ll never know…

• • Comments [3]
  • Categories [Programming]

I had quite some trouble setting up Mercurial/Murky to work the way I wanted it to, so I’m writing it down here so I can reference it in the future if I ever need to and maybe it can helps others too.

The default settings for Hg (Mercurial) don’t seem to be the most user-friendly. In particular I didn’t like the way the default pull/update/merge was working. Fortunately, you can tweak settings in Hg to make it work to your liking. You will need to edit the dot file .hgrc located in your home directory for this.

This is what my .hgrc file ended up looking like:

[ui]
username = Ali <bitbucket.user@myemail.com>
merge = /Applications/kdiff3.app/Contents/MacOS/kdiff3

[merge-tools]
kdiff3.args = $base $local $other -o $output

The [ui] and [merge-tools] sections ensure that Mercurial uses the tool I specified for the merge operation. I found that the default merge was adding changes from both conflicting files together into one – the changes being placed on separate lines, separated by symbols like >, -, < (the same way that the command-line diff tools works). Its very hard to read through the changes this way. By specifying an external merge tool of your choice, hg will call that merge tool and let it handle the merging. In this case, I choose kdiff3, which seems to be a popular free cross-platform tool. The kdiff3 merge shows me both the files side by side with the changes highlighted in colour. Its easier to figure out what’s changed this way. Here’s some more information on Mercurial merge tools:http://mercurial.selenic.com/wiki/MergeProgram

In the [ui] section, I also included a username part. This ensures that when I push to Bitbucket, it links my push to my bitbucket account. Otherwise it will display the username and machine you are committing from as your username. Refer to the FAQ for more details.

The version of Murky that I’m using (v0.8.1) doesn’t let you do a hg push if you checked out your repository through https. You can still do it through the command line, but that is annoying. So I suggest cloning your repository through the ssh url that bitbucket provides. This is a known issue and might be fixed in the future.

• • Comments [1]
  • Categories [Programming]

A few days ago I had read this article about how a random number generator had been used to create a flawed shuffle of an array. As it happens, today I had to generate some random numbers myself and I started to think, how much do I really trust the random() function in my code. I knew that Random Number Generators in computers are just Pseudo-Random Number Generators, i.e. they produce values that look sufficiently random, but are not truly random. I also knew that Hardware Random Number Generators existed which can convert unpredictable physical stimuli (like thermal noise, photoelectric effects or other quantum phenomenon) into electrical stimuli and are considered genuinely more accurate. But let’s ignore that for now, since I am purely interested in the software side of this. So I wanted to find out why computers can’t generate real random numbers, what are their limitations and if I need to worry about the outputs of pseduo-random number generators.

Why can’t computers generate real random numbers?
There must be a whole host of reasons since there is a whole field of research dedicated to this area. So one lesson to learn is this: never try to create your own random number generator or you might end up with something stupid like thinking random() generates increasingly randomer numbers the more times you call it. Use an implementation of someone’s algorithm who has already done research in the area. But to answer the above question in the most simplest of terms: Its because computers just follow instructions, and random numbers are the opposite of following instructions. If you make a random number by following instructions, then it’s not very random! Imagine trying to give someone instructions on how to choose a random number.

What are the limitations of pseudo-random number generators?
Several, but what resonates the most with me is that the numbers generated tend to repeat after a while. Good generators have a period large enough such that the repition rate is not noticeable for practical purposes. Special care needs to be taken when using random number generators for cryptography. Even though a generator might be ‘good’, that does not neccessiraly make it secure enough for the task at hand. But I’m not working with anything this critical.

Do I need to worry about the non-random nature of pseudo-random generators?
The Mersenne Twister (based on Mersenne prime numbers) is a well-estabilshed (i.e. publicly scrutinized by professionals) algorithm that generates very high-quality pseudorandom numbers quickly with a sufficiently large period. It is the default implementation in R, Maple, MATLAB, Python and Ruby. Since I’m working with python right now, this is enough to assure me that I don’t need to spend more time researching this topic.

This is my first entry in what I plan to be a series titled ‘What I Learned Today’, where I’ll write up a little entry about something new I learned that day (if I did any learning that day at all!). I will choose the item to be always something new that I discovered, and something that I think not everyone might be aware of. I figure this will help me better remember things and have a reference to go back to if needed. I will try to keep the content brief and in layman terms, but will link to other sources for those interested in more details.

• • Comments [0]
  • Categories [Programming]

Google recently introduced displaying starred search results along with regular results in order to better personalize the searching experience.

Although well-intentioned, I find this rather annoying. I already have a whole bunch of Google Bookmarks saved and now they show up in most of my searches. I have yet to find a single instance where this was relevant to my search. I have been using Google bookmarks for a couple years now and I have some very old bookmarks in there that I don’t visit anymore, but do not want to delete either. When these show up on the top of my search results – the place where I am expecting to find the most relevant search hit – it is quite frankly very annoying. Google should keep the bookmarking and the starring system as separate entities. Or at least give us an option to turn off the ability to show starred/bookmarked results directly in Google search results. I mean, if I wanted to search my Google bookmarks, I can do that through the Google bookmarks site. I don’t want my regular results being cluttered with that too!

• • Comments [0]
  • Categories [Programming]