Monthly Archives: August 2014

Up until now, the getMainPage function, which was part of the topicProcess made internal invocation to get the user data and the tags and put it all together to create the page’s data before it was return to the WebApplication to be rendered into XSLT and then HTML. I decided that TopicProcess shouldn’t know nor care about the tags and user info, and I can actually put into use the plugins mechanism which didn’t do anything yet.

How is a plugin work? well, after identifying the call, the WebApplication prepares a list of all relevant plugins, which are methods, much like the handlers we had until now and runs all the plugins in a recursive manner:

  • a plugin get the input,
  • may alter it,
  • if there’s another plugin in queue, runs the next one
  • if not, it runs the handler (i.e. main application), which returns a JSON¬†object as output
  • the plugin may alter the output and return the call to its caller
  • so we end up back in the WebApplication after all plugins and the handler went over the input and the output

TagProcess now knows that whenever the url “/” is called, it should run the pGetTags plugin (the prefix “p” is for plugin, as the function is slightly different the getTags handler). It was extremely easy and it works like a charm.

The next step, which I will do sometime in the future is more challenging: currently, the XSLT knows nothing about the plugins and their additions to the page. If future plugins should be available for anyone to add – the XSLT shouldn’t know about the plugins either. At most, it should know it should run a plugin-XSLT that will create an HTML snippet with an attribute stating where the snippet should be placed (e.g. “inside-sidebar”). But who will do the actual placing? can I trust the server-side code to do it effectively? nothing like a good challenge to call it a night ūüėČ


so I’ve bunched-up some updates, some are extremely cool, other are still very interesting.

First, I’ve wrote a mysqlDbBuilder that will check if the DB exists and all tables are up to date and if not, it will build and update whatever is necessary. I still didn’t have any updates but it should work and it’s very cool.

Second, I added xslt-support for plugins. how does it work? in the plugins folder there’s an “include” folder that should list all available plugins (at least the ones we’d like to have XSLT¬†support); there’s a single place where all plugin-output content is written in the page, called (naturally) “#plugins”. After creating the HTML, I use Cheerio for DOM-manipulation to move the different items to their rightful places using their css classes that look like “reposition-after-sidebar”, meaning that the element should be the next sibling after the #sidebar element. elements can be before, after, prepend or append (added inside the element at the beginning or the end). so that’s works. it’s very cool, but not yet supported by client-side, as there’s no real need for that now.

I¬†still haven’t finished with plugins as the database doesn’t support them. The existing mysqldb and even mysqldbapi shouldn’t be aware of the plugin-model. On the other hand, the plugin shouldn’t be aware of the db’s internal (the fact that it is mysql for that matter). I’m thinking about using ORM for this, although I don’t like this concept as it limits the power of the DB (can’t limit string length, for example), but honestly I’m not sure of any other way. Another issue would be the initializing of the plugin-db-tables, as again, I’m not allowed to intervene with the system’s sql-instructions file.

My next task was to add an English version to Theodorus. Presumably it should be too difficult, I translated all the strings and changed directions of the CSS. So it’s all good, but now comes the question “What should be the default language?” (language is determined by default theme) and I’d be happy to agree it should be English. However, Theodorus works in Hebrew, and I’d like to keep that. No problem, just move the theme selection from the config file to the database. Aha! not so fast! the database doesn’t initialize before the server starts running so this thing simply doesn’t work. I wasn’t sure why and how it came to be. I was sure that node.js magic that it’s not multi-threaded, so there shouldn’t be a way that the app will start running before the DB finished its initialization.

Ideally, themes should be per user where the default is determined by the…. community(‘s founder?). Hello new model – Community. And now the developing spiraling to every direction. A better plan is in order.

To be continued…

I recently read about the Boston police force’s use¬†of facial recognition in¬†safeguarding a music festival, which is great.¬†But it also uses the system to catch teenagers illegally breaking into the event. This is troubling¬†since it violates¬†the right to¬†privacy. Yes, we need to decide how much of our freedom we need to surrender for a sense of security, but if I feel that I’m being constantly watched and¬†scrutinized,¬†I would feel afraid rather than safe. Who knows which¬†kind of bad things I’m up to¬†without even realizing it? even the assurance that I’m a good person and therefore that I have nothing to hide won’t dispel¬†my fears of being¬†exposed to someone who might use¬†the system against me.

But that’s exactly the problem, isn’t it? we have a tool (a bio-metric database) that might¬†improve security tenfold, but that could¬†also eradicate any shred of personal security and privacy in the wrong hands. What is the probability of¬†this tool will not being misused by anyone in an imperfect world? probably substantial. What about a perfect world? well, in a perfect world we wouldn’t need¬†it in the first place.

So we have a great tool to catch bad guys. Why¬†do you oppose it? Don’t you want what is good for society?

“Good” and “Bad” are relative terms. And the one who decides what “bad” means is the person controlling¬†the tool. Is homosexuality a bad thing? it’s not up to you to decide. It’s up to the man with the gun. What about¬†loitering? fornication?¬†family violence? abortion? honor-killing? ¬†I’m pretty sure you have a very solid opinion about these issues, but it’s not your call. It’s someone else’s. Since¬†all these issues are controversial,¬†this person just might not think like you, and¬†this is¬†why I do not trust people who would harm¬†me for the alleged benefit of society as a whole.

So we have a great tool for¬†identifying people.¬†Isn’t that¬†useful?

Really? where’s the empirical evidence for that? ¬†Let’s take¬†all the unresolved police cases and count how¬†many of them could be cracked with a bio-metric database. The database can’t be used for¬†all crimes, because you¬†would need to compare its data against forensic evidence from the crime scene (fingerprints? DNA samples? surveillance camera footage?). How much can we crack, then? I don’t know, but if we’re talking about 90%, then, yes, a bio-metric database would be very¬†useful. If it’s a mere 10%, it probably won’t worth the money spent on¬†it. Anywhere between these two extremes¬†is worth considering depending on how much we are¬†willing to sacrifice and if we’re prepared to face the risks inherent in the database’s abuse against us.

So we have a great tool. How can we make sure it won’t be used improperly?

Ah, the million dollar question at last! Great, so let’s break it into pieces. First, generating¬†a bio-metric ID that would¬†authenticate that I am who¬†I am claiming to be, doesn’t require a¬†database in the first place. A smart¬†card has enough capacity¬†to¬†contain the relevant information and that would be the end of it.

Second, if we nonetheless¬†decide to maintain such¬†database, it should be 100%¬†off-line and heavily secured, both informatically and physically,¬†given that¬†our¬†personal information is both¬†valuable and vulnerable. If any authorized authority (such as the police or intelligence agencies) would like¬†to use it, it should request¬†the database maintainer’s¬†permission.¬†If the maintainer considers¬†their request just and reasonable, s/he would¬†grant the minimal permissions temporarily¬†and log both the request and the database’s responses. This way, the guilty party can be found immediately¬†if anyone claims the database was abused against her/him.

So we agree on a bio-metric ID and an offline database?

No, I’m still against both, but this is the lesser evil, as far as I’m concerned. The very existence of such a database is troubling, because it assumes we are all potential criminals. How many criminals are out there? 90% of the general population? 1%? Is that 1% worth the effort and expenses of harassing¬†the other 99%? shouldn’t recording only first-time¬†offenders be enough¬†(as is done today in any case)? If you ask me,¬†I would rather use the¬†resources expended on creating and maintaining the database for¬†preventing crime from happening in the first place.