• Week 2018-W41 in reading

    I’ve recently decided that I’d start a new series of weekly posts about interesting arcicles I’ve read. This is the first post in this series.

    For each interesting position from my reading list, I’ll provide a short summary. Please note that those summaries are not meant to be comprehensive. They are here only to give an idea of the topics covered.

    What Are Capabilities?

    Although I’ve started reading it last week, I’d like to include it in my summary as it’s been a very good read. The title says it all: it is an overview (an introduction?) to the capability paradigm.

    The idea behind capabilities is that instead of exposing complex, multiple-purpose interfaces that can be used to perform many different operations and procuring an equally complex access-control system separate from those operations, it is better to expose a limited interface that only allows to perform the operations we wish their user could perform. In this context, the interface is the capability because when handed over to a user, it gives them the capability to perfrom operations on resources of some kind.

    The article refers to a useful example: operating systems usually specify files as paths represented as character strings, without limiting their use. To actually limit accessibility of files to different users, access control system based on users and groups is provided.

    In such environment, a path can be passed to system routines, such as open or unlink. Should the software used by the user be replaced by an evil adversary, it could harm user’s files. However, if the operating system passed files as objects with only a limited set of operations available, it would be much harder for the program to misbehave. It could also keep the user from misusing their own files.

    6 Dumbest Ideas in Computer Security

    A very entertaining read about two fundamentally different approaches to computer security: designing secure systems and extinguishing fires. Concepts like white and black lists are compared, exposing challenges of doing the latter right.

    Personal observations on the reliability of the Shuttle

    Recommended by the above text by Marcus J. Ranum, it is an in-depth analysis of decay of reliability of space shuttles. It also underlines the importance of the choice between bottom-up and top-down design approaches and the importance of careful design that doesn’t skip any important detail.

  • K-9 mail

    Some time ago I’ve decided I want to give up using Gmail (user interface and the service). But first I had to choose something I could rely on.

    Having reviewed capabilities of several mail user agents available on Google Play, I’ve decided to go with K-9 mail as it was said to have a number of advanced features:

    1. IMAP folder classes to configure how folders are synchronized and displayed.
    2. Email encryption – it supports autocrypt and integrates with OpenKeychain.
    3. Handles several accounts simultaneously.
    4. It’s got a virtual inbox composed of any number of IMAP folders and the user decides, which folders should be aggregated in it. (This feature is particularly useful with more than one mailbox / account.)
    5. It lets the user archive their mail by moving it to another folder (and the user can configure the archive folder). This is very useful if you do GTD.

    It is very flexible too. For instance, it lets you define additional identities for each account. This works like a charm if you’ve got several aliases defined for your account.

    Finally, it’s got bulk operations (delete, mark/flag, move, mark as read/unread, etc.) and two display themes: bright and dark. It also lets the user decide whether they want to compose their mail in plain text or in HTML.

    All this makes K-9 a great mail user agent. I have even disabled Gmail on my phone and replaced it with this great app. Now I’ve got one app to handle all my mailboxes and it works great!

  • Refactoring legacy code

    I have recently refactored a piece of our product to improve its maintainability. It was a part responsible for (1) receiving messages from outside of the system, (2) calculating appropriate operation and optionally (3) adjusting the data in the database.

    Unfortunately, the code was a total mess:

    • a bunch of EJBs calling each other;
    • working directly on the message data and on JPA entities;
    • selecting and applying the appropriate operation was just a switch with a branch for each mode of operation.
    public class UglyService {
    	private EquallyUglyService otherService;
    	public void processMessage(Message msg) {
    		// ...
    	public boolean isOpen(Message msg) {
    		return msg.getStatus() == Status.OPEN;
    	public void doSomething() {
    	public void updateCase1(Entity ent, Message msg) {
    		if (/* conditions */) {
    	public void updateCase2(Entity ent, Message msg) {
    		if (/* other conditions */) {

    What I did was:

    1. Create a strategy class for each case of that switch statement and only use original enumeration to request a specific strategy from a factory. Each of them implemented an interface.
    2. Extract common parts of those strategies and introduce a composite that grouped strategies. (Factory was still hiding the fact that strategies were being composed as it always returned a reference to an implementation of an interface.)
    3. Wrap the original message object in an adapter and move all service methods retrieving data from the message to the adapter. At this point the code started looking like object-oriented just a bit. At least it is more coherent now.
    4. Implement a factory method in the above mentioned adapter to produce strategies based on its internal state.
    public class SlightlyBetterService {
    	public void processMessage(Message msg) {
    		MessageAdapter ma = MessageAdapter.wrap(msg);
    		Entity original = retrieveOriginal();
    		// Adjuster is usually a composite of several different
    		// strategies responsible for updates of different properties
    		// of the object
    		Adjuster adjuster = ma.produceAdjuster();

    With the above enhancements, it is easy to introduce new actions, each of them is easy to test and if the objects (messages) received by our system change, only the adapter needs to be adjusted.

    That was fun!

  • One hour rule

    There’s been some bad news today, mostly related to the EU Copyritght Reform (articles 11 - link tax, and 13 - upload filters). If that wasn’t enough, there’s more: the one hour rule.

    So we might get a new law that would enforce content removal too quick to be done with appropriate care and thought. Let’s take a look at the statement:

    […] the Commission is proposing a legally binding one-hour deadline for content to be removed following a removal order from national competent authorities

    One hour is expected to be enough to:

    • contact across several different organizations, regardless of time of the day,
    • take it off-line.

    A few questions, just the most obvious ones: who gets to decide whether content is terrorist or not? Who is responsible for classifying it? Is it done proactively by a group of internet detectives? How are power abuses going to be handled? Is the content always going to be removed selectively, or – to meet the deadline – the quick and dirty way, with anything around it?

    But then it gets even better:

    A clear definition of terrorist content

    I can’t even imagine how anybody could think that we can have a clear definition of something like that. There’ll always be some different perspectives and no definition is going to be 100% clear. None will save us from false positives.

    Strong safeguards: Content providers will be able to rely on effective complaint mechanisms that all service providers will have to put in place. Where content has been removed unjustifiably, the service provider will be required to reinstate it as soon as possible.

    This is of course unfair: the authorities have one hour to get our content off-line, but when it is decided that the content was classified as terrorist by mistake, there’s no clear deadline for them to bring it back.

    Increased transparency and accountability: Transparency and oversight will be guaranteed with annual transparency reports required from service providers and Member States

    Annual reports? Having a report once per year means they’re going to have only numbers, with no measures to fix errors in the processes behing them. This also means that improving anything in those processes will take years, because of the huge delay between action and its evaluation.

    All this makes me really worried about the future of the internet. And I hope we can still do something to avoid the tragedy that this one-hour-rule could lead to.

  • Single-handed watches

    Some time ago I’ve stumbled upon Slow Watches, a brand of single-handed watches from Switzerland. Initially I though: what a neat idea! Not much later it appeared that there are at least several companies that produce watches with only one hand.

    Up until now, I have found:

    At some point, I have also found some Belarussian watch with one hand, but I didn’t bookmark it and can’t find it right now.

    There’s something wonderful about a watch with only one hand. It might seem impractical today, when everything is happening so fast. These watches are simple yet elegant, eye-pleasing and still can be used to tell the time quite accurately.

    I think one day I will buy myself a one-handed watch.