What are we talking about?

After having implemented some additional features to my writing tools (since the last post, I feel ready to start with real technical topics. Instead of picking one of them precisely, I've decided to write a small outline first. Three main reasons for that. First, it will provide a basic search tool (otherwise, you'd have to know the revision number of articles, which is not really user-friendly). Secondly, it naturally gives a TODO list for me. Lastly, I'll have a priority queue: by clicking the topic name (or typing an url like http://www.revision-zero.org/wlang for example), you keep me informed about what interests you ! This way, I'll write new articles in the priority order you have decided. Below are the subjects I plan to address in the next few weeks. I did not put them in any particular order; you can also send me an email with proposals if what you are interested in is not in the list and I'll see if I know something about the subject you propose.

Generate secure code with wlang

Recently, http://www.sans.org published an Experts Announce Agreement on the 25 Most Dangerous Programming Errors. Top five winners in the 25 are dangerous because they allow variants of what's called "by injection security attacks". This kind of attack is really simple and relies on a terrible fact: each time you're writing a simple html page (or a SQL query), what you are actually doing is creating a (kind of) program (that will be executed by the browser, or the database engine). if you build your html page by concatening strings (injecting form data in your page for example or, more generally, using a templating engine) what you are actually doing is generating code ! Code generation is something really hard, for many reasons, including security issues. wlang is a simple (abstract) tool for generating code. In particular it helps you respecting good practices: you don't have to worry about html encoding, SQL back quoting and the like. Moreover, it has not been designed for a particular task: as an abstract tool, it is reusable by instanciation/configuration. A typical configuration I use is as a secure HTML templating engine...

Waiting for a D

D is the name of the Date and Darwen dream", two famous authors in the database community. In their "third-manifesto, they argue that our SQL databases are far from what we should actually could dream of. I completely agree with them and add: object databases are not what I'm dreaming of and object-relational mapping is not a solution neither. The subject has been a really hot topic in the past (and is probably still so), but I don't want to enter the big debate. Instead, I would like to write about what is my dream (not really far from these authors's dream, and really inspired from their work). This dream is possible: I've started a proof-of-concept implementation in Ruby really recently (after many unsuccessful attempts in the past). This blog will certainly contain material about what I've called the Duby project.

Specialization by Constraint

Yesterday, I've been faced (with horror) with an exam question in a Java programming course (hopefully, not from my computer science departement) where students were asked to implement a Server class ... which was a subclass of ServerSocket. It seems to be the worst practice in using inheritance: a Server is not a ServerSocket, it uses a ServerSocket. Our programming languages should not allow us to make huge conceptual mistakes as this one ! Of course, the subject is controversial: we use inheritance, as proposed by languages like Java or Ruby in two ways: for reuse (and using it that way may lead to what I call big conceptual mistakes) or to express a is_a semantics.

So ironic, when you try to use inheritance in the second way (conceptually the good one ;-)), it quickly leads to difficulties (when the conceptual inheritance hierarchy is not completely trivial for example). Specialization by Constraint (SbyC) is a theoretical framework of inheritance (that I've been introduced to by the same two authors as before). Its first equation looks simple but right: types are sets of value; subtypes are subsets. The authors introduce SbyC with a strong data-management point of view. The subject also seems simple but is actually deep and technical. In this article, I'll try to be more pragmatic and show some examples of where SbyC is useful, and how dynamically typed languages help implementing it.

Web @nother Way

There's a lot a good web frameworks ... but I'm a "never happy" guy. Frameworks make a lot of hypotheses, that often look wrong to me. I've started a project named waw (for "web another way") with my brother two years ago now (if I remember correctly). That project, for which we have a proof-of-concept implementation in PHP, proposes a web framework which acts really differently than usually proposed. For example, we try to provide ambiant web applications, i.e. able to adapt their behavior to the environment (AJAX-able client or not, I.E. vs. Firefox, etc.) ... declaratively. We've learned a lot from that project, so that I think it's time to write something about it, and to try to provide a really stable implementation (most probably in Ruby). For the sake of history: wlang has been designed during the PHP waw implementation!

Virtual variables

My inspiration for virtual variables is twofold: database views and fluents. While the first is probably well known, I guess you've never been talked of fluents. Fluents are simple beasts: they are simply boolean variables whose value changes with the occurence of events. For example, a fluent moving becomes true when the event start occurs and becomes false when the event stop occurs. Virtual variables are simply a generalization of that: they are variables because they have a value that changes over time and they can be assigned (when it makes sense); they are virtual because their value is actually computed in some way (by some kind of formula for example, like database views, or by occurence of events, like fluents). In this paper, I'll show why a "virtual variable" abstraction is powerful on selected examples. I'll also show how to implement such an abstraction so that it can really look like ordinary variables.

Next topics