Structure and Interpretation of Computer Programmers

This is sort of a message from the past. I wrote it yesterday, but had people I needed to talk to before I could hit the big old publish button. (Including this bit, so I really wrote it “today”, but the earliest you can read it means that “today” will be “yesterday”. This is one of those uses of the past-perfect-nevertense that blows up lesser recording equipment.)

Today (the real today that this thing was posted), I handed in my notice at Sophos. Six weeks from now, I will be officially an unemployed starving artist. I’m working on lining up a project to take up most of my time for the first few months of the new era, which really looks like it will work out, and of course need to solve the “marketing presence” problem. Although the fact that you’re reading this probably means you already know who I am, and something about what I do. If you want a Cocoa or UNIX developer for a contract – especially one with experience in the worlds of security and scientific computing – then please see my LinkedIn profile to find out a bit more of what I’ve been up to, and drop me a line – here, at @iamleeg or to iamleeg at gmail dot com. I know there are a load of interesting people out there working on a load of interesting projects, one of the great things about WWDC every year is meeting you all and sharing in the excitement. Well hopefully I’ll get to work with you on some of that cool software, too!

So, like many people who go self-employed, I’ve got little idea of what will happen next :-). I’ve got some ideas for apps which I’ll be working on in the (probably too copious) spare time I’ll have. But I’m going to focus on contracting and consulting in the short term. This is going to be an exciting time, if somewhat daunting…but you’ll be able to check on my daunt levels right here, dear readers.

I promised at the turn of the year that there would be lots of blog posts on various tech things during the first half of the year. Unsurprisingly that didn’t quite pan out, and I’m hoping to rectify that over the next couple of months now that I have fewer (perceived) content restrictions on the blog. And this first project I have lined up should certainly be producing some good’uns, assuming it all works out. I’ll be the first to admit that if it doesn’t, I’m heading for trouble very shortly. Which is why I know that it, or something very like it, will work out :-).

To fellow Sophists who are hearing about this for the first time here, I’m very sorry. I tried to let people know today but there are hundreds of you, one of me and lots of loose ends to tie by mid-August. But don’t worry, there will be beer.

Despite being able to play some instruments, I probably couldn’t do a good job of making any of them. I don’t have the patience required to boil a horse for long enough to stick a fiddle together, for instance. Luthiers would probably get incredibly bored by the following post but for fellow apart-takers, it’ll hopefully be quite interesting.

I once made a stringed synthesiser, when I was at college. The basic principle is that of an electric guitar running in reverse. A metal string is stretched between two bridges, and sits inside a horseshoe magnet. Now rather than plucking the string and letting the magnetic pickup detect the vibrations, we pass an alternating current through the string and use the magnetic field to cause the string to vibrate. Mount the whole shooting match on a soundbox roughly the shape of an appalachian dulcimer, so it makes a decent amount of noise. And there you go!

Well, there bits of you go, anyway. While you can drive the string at any frequency you like, it’ll be really quiet on any note which isn’t a natural harmonic – it’s being forced at one frequency, and trying to vibrate at a bunch of other frequencies, so can’t really resonate. Assuming that the materials of the string aren’t up for grabs, it’s the length and tension which choose the fundamental frequency. What you currently have is capable of playing bugle tunes. Put a few different bugles together and you can play chromatic scales, so putting a few different strings together increases the likelihood that our synthesiser has the ability to play some notes in the tune we want.

In fact, it’s still going to have a fairly nasty volume characteristic, because most of the noise doesn’t come from the string, it comes from the soundbox. In that regard, violins and pipe organs have quite a lot in common. But they differ in that pipe organs have one soundbox per note – the pipe itself – and violins have a single box. So it’d better be possible to get it to resonate at a whole bunch of interesting frequencies, which is one of the reasons for making them (and acoustic guitars) the shapes that they are. Now what the real acoustic characteristics of a fiddle body are, I’m not entirely sure. But what I do know is that a violin is surprisingly small – the “concert pitch” A pipe in an organ is a little under 40cm and the lowest note a violin usually has (a ninth lower) will therefore be almost a metre long. Even though an enclosed box like a violin needs to be half the length of an organ pipe playing the same note, it will still naturally accentuate the higher frequencies that the strings have on offer because it isn’t big enough to do much else. And it’s that which gives the instruments their sound. My synth’s soundbox was cuboid-ish, so had two characteristic “loud” notes and their harmonics. The z-axis wouldn’t have resonated much as the box was on a table which absorbed the momentum.

The remaining interesting point is that the violin is forced to extract the sound from a rubbish part of the string. The bridge is both responsible for translating the motion of the string into the wood and for stopping the string from moving. The string moves most somewhere out toward the middle (it’s mainly vibrating at its natural wavelength, which is twice the length of the string) and not at all near the ends. That’s why pickups on electric guitars sound “warmer” further away form the bridge. There they pick up more of the lower harmonics, but the nearest pickup (and the bridge) get proportionally more of the higher harmonics.

…at least, it provides for a nice analogy to use when discussing basic security concepts. I don’t think people necessarily choose better passwords after a skinful, nor do they usually make improved choices of what information to share on social networking sites when returning from the pub. That’s probably why Mail Goggles exists.

So, the attendee beer bash at WWDC. There is beer. There is also the regulatory framework of the state of California, which mandates that minors under 21 years of age may not be supplied with beer. There are also student scholarship places to the WWDC, and no theoretical minimum attendee age. There are also loads of people in the vague area of Yerba Buena Gardens who are not attending the WWDC. But only attendees may visit the bash, and only attendees over 21 may drink beer.

I went to the registration desk at Moscone West on the day before Phil Schiller’s keynote, and identified myself as Graham Lee. “Hi, my name’s Graham Lee” I said to the lady behind the desk. It turns out that’s not sufficient. While I did indeed give the name of someone who was indeed registered to attend the conference, there’s no reason for the lady to believe the identification I gave her. She wants to be able to authenticate my claim, and chooses to rely on a trusted third party to do so. That third party is the British government (insert your own jokes here), and she is happy to accept my passport as confirmation of my identity.

Now I am given my attendee badge, a token which demonstrates that I have authenticated as Graham Lee, an attendee at WWDC. When I move around the conference centre to get to the sessions and the labs, the security staff merely need to look for the presence of this token. They don’t need to go through the business of checking my passport again, because the fact that I have my token satisfies them that I have previously had my identity authenticated to the required level.

The access token would be sufficient to get me in to the attendee beer bash, as it proves that I have authenticated as an attendee. But it does not demonstrate that I am authorised to drink beer. So on the day of the bash I go back to the registration desk and show a different lady my passport again, which indicates that I am over 21 and can therefore be given the authority to drink beer at the bash. I am given the subtle green wristband pictures, which again acts as a token; this time not an identification token but an authorisation token. The bar staff do not care which of the 5200 attendees I am. In fact they do not care about my identity at all, because they know that the security staff have already verified my attendee status at the entrance to the event – therefore they don’t need to see my attendee pass. They only care about whether I’m in the group of people permitted to drink beer, and the wristband shows that I am in that group. It shows that I have demonstrated the credentials needed to gain that particular authority.

So, there we have it. A quick beer of an evening with a few thousand colleagues can indeed turn into a fun discussion of the distinction between authentication and authorisation, and how these two tasks can be carried out independently.

Ha, crossover humour! It’s like Core Graphics, which is a Mac thing, only it’s chord, because I’m talking about music, but I’m a Mac guy…oh, never mind.

When I’m trying to think of chords in music I always end up with a mental image of a piano keyboard, with the notes that make up the chord pressed. That’s all well and good, but I don’t have a piano! Apart from some set pieces like barre chords, I can’t really think of note combinations in the same way on a guitar, and certainly get flustered trying to harmonise on a violin. What I really need is a piano to sit down and work out harmonies at, which I could then play on the instrument of my choosing (playing a string of notes on any of those instruments isn’t so much of a problem).

Unfortunately the biggest piece of floor space I currently have access to is about 1.3m x 0.4m. Maybe some cheap Bontempi would fit there, but not an 88-key upright. If there were a real-space version of the GarageBand digital keyboard, that would certainly fit…in fact it would probably fit in one of my nostrils. One octave doth not a piano make. Some people have suggested Clavinova, MODUS or similar electric pianos before. The thing is, they cost around £2k, whereas an upright is <£500.