Grindstone 2, the task management and time tracking solution from Epiforge, has become an indispensable component of my workflow (I did a full review on this great utility a little while back that you can find here). Recently I discovered a way to seamlessly synchronize tasks on multiple computers if you’re already using Dropbox.

IMPORTANT: Play it safe… please backup your data before continuing!

1. Ensure that Grindstone is fully closed (right click on system tray icon and select Exit).
2. Create a folder named “Grindstone 2,” or something you can remember, in your Dropbox folder on the local file system. For example, C:\Users\<YourName>\Documents\My Dropbox\Work\Grindstone Mobile\Grindstone 2.
3. Locate C:\Users\<YourName>\AppData\Roaming\Grindstone 2 and copy its entire contents to the folder you just created in (2).

   

   Before continuing, ensure that the folder that you’ve just copied contains, among other files, config.gsc2 — this is the XML file that Grindstone uses to keep track of settings, tasks, segments, and all your other saved information.

4. Rename the original (in AppData\Roaming) to something like “Grindstone 2 Backup.”
   
5. Download Junction, a free utility from Microsoft. We’re going to use it to create a soft link from the original location to the new location within Dropbox’s jurisdiction, so that Grindstone 2 will link to the data indirectly when the program starts, without being able to tell the difference. NOTE: Normal Windows links (i.e., .lnk files to a folder) will not work for this purpose.
6. From wherever you extracted Junction, hold down shift and right-click in Explorer, and select “Open command window here.”
7. Now, execute the following instruction to create the soft link (note that this is actually all one line):
   
junction "C:\Users\<YourName>\AppData\Roaming\Grindstone 2" "C:\Users\<YourName>\Documents\My Dropbox\Work\Grindstone Mobile\Grindstone 2"

   The result of this command is shown below:

   

8. To verify that this worked, you can cd to Roaming and execute dir. What you see should resemble the following:
   
9. Now for the true test: launch Grindstone, and verify that all your profiles and tasks are intact.

Repeat this process on any other computer that you wish to sync Grindstone with. Note that in order for the tasks to be synchronized, it will be necessary to shut down Grindstone at the end of your work day since Dropbox cannot sync files that are in use.

This year, I took a special-offer class in Computer Security, in which each individual was required to develop an application over the course of the semester to demonstrate a vulnerability in network security; one that we had discussed and explored as a class. For my part, I wrote an application to perform mobile remote session monitoring and management for TCP-based protocols — which is a bit of a mouthful, so here’s a bit more elaboration from the documentation:

KillJoy is a mobile TCP session monitor which allows for termination of specific sessions in addition to complete denial of service to a specific computer on the network. In its current implementation, KillJoy is designed to run for and has been tested on the Nokia n810 Internet Tablet, running Maemo 4 (Diablo); however, a minimalistic version also runs as a desktop application (both are experimental works in progress).

KillJoy’s main strength and distinction is that it does its work as a normal computer on the network, without needing to redirect all traffic through itself or act as a gateway in the form of an Intrusion Detection System (IDS). Instead, it accomplishes this via TCP and ARP packet injection. Furthermore, KillJoy is a flexible tool, allowing both interactive (manual) termination of sessions and automated control based on preset rules.

Some initial goals for the project included:

• Maximum portability (application must run on a handheld device)
• The ability to perform passive monitoring and when necessary, assert active control over an existing TCP session on the network without elevated privileges, provided that access to the network itself has been established (i.e., the network is unprotected or we have previously retrieved the network key)
• The capability to automatically detect and terminate sessions (connections between a local client and a remote host) that have been previously detected and “blacklisted” by the user
• The capacity to perform higher-level protocol analysis, in order to distinguish between traffic which uses the TCP protocol (Bittorrent, Windows Media, etc.). This goal was not achieved by the culmination of the project.

My original intent for this project was to be able to selectively exclude certain traffic from a network; ultimately this goal was achieved to the extent that the user can control the who, but not the what, since time did not permit the integration of higher protocol analysis into the product. Of course, it should go without saying that the project was intended for educational, and not nefarious purposes!

The implementation makes use of the technologies listed below. For more information on the development details, please refer to the presentation linked to at the end of this post.

• Python 2.5
• Scapy from SecDev.org (provides low-level packet inspection, modification, etc. from Python)
• The PyGTK library (Python bindings for the GTK+ user interface toolkit)

Let’s look at an example of KillJoy’s workflow on the Nokia n810. The application begins to monitor network traffic via packet inspection immediately upon startup, listing all detected sessions for every local IP on the network.

The above menu is displayed upon right-clicking on a session (note that right-clicking on a target, or the parent node in the treeview will display only the second and fourth options, as these operate on child sessions for the local IP in aggregate).

Upon selecting the Terminate session menu item, the remote connection is forcibly terminated. To accomplish this, KillJoy hijacks the TCP session and sends in-sequence RST packets to the remote host. (Note that the session will only be removed from view when a certain amount of traffic has passed without any further indication that the connection still exists.)

Towards the end of the project, I began to realize that KillJoy was not picking up all traffic from the wireless access point; instead, the only packets being detected and processed were only those sent from or received by the device itself. This was puzzling, since the network interface is supposedly capable of being dropped into monitor mode — and indeed, executing iwconfig wlan0 mode monitor returns without any error, but tcpdump is still not able to pick up any third-party traffic thereafter. Eventually this led me to the conclusion that the NIC hardware on the Nokia n810 (or the driver used for it) is not able to support true promiscuous / monitor mode, so to work around it, I implemented the capability to perform a Man-in-the-Middle (MiTM) attack on any number of devices on the network in order to view their traffic. Here’s how this might go:

1. The user, realizing that not all traffic is being picked up by the device, uses KillJoy to perform an ARP scan on the network to discover all active devices.
2. From this list of local active devices, the user chooses a subset of IPs to add to the MiTM list.
3. From this point on, an ARP spoof attack will be performed and maintained on each of the devices, positioning the attacker between the devices and the gateway, thus allowing him or her to view all traffic previously undetectable.
4. When the user exits the application, KillJoy automatically restores the ARP caches on all the devices from the MiTM list, resulting with (hopefully) minimally-detectable intrusion.

Note that it is also possible to manually specify and IP for ARP redirection if the IP is known.

I tested this approach with an off-the-shelf Netgear home router and it worked well; however, on other networks the ARP attacks were thwarted by presumably up-to-date router firmware intended to prevent such a well-known attack. However, the features provide an additional level of built-in capability to the user, should the program be used on a network device that does not support full promiscuous monitoring of packets.

Finally, without further jabber: a demo of KillJoy in action! Warning: mild drama.

For a more detailed and complete description of KillJoy’s features, or to inspect its internals, please refer to the following links:

• Download page
• Presentation (as given at Hope College on the 21st of April, 2010)
• Installation & Getting Started Guide (PDF, 2MB)
• Source code (SVN, archive [0.1])

How do you respond to a long-outdated email, neglected like so many other things during the school year, sent by concerned grandparents? Answer: lyrical inspiration…

This is none else than the inspirational tale
Of an email which nearly failed
Sadly, to complete circulation
And put to rest wild and undue speculation

Concerning a certain well-meaning patron
Not, however, given to over-communication
Being as he is confined to a life of hard labor
(That is to books, and lectures, and paper,)

His good grandparents, in deep concern
Wrote an epistle to discern
The awful state which was ensuing
Their grandson and consuming

His life, a poor and gruesome fate
Concluded many, when the hour drew late
Rumors and speculations abounded
Greedy siblings his possessions divided

And when no reply was forthcoming
Cries and wails were heard in mourning
But hark! When all seemed despairing:

Projects were finished!
Deadlines were met!
Homework completed!
Procrastination repressed!

And the email lives! No more is it lost
Deep in the clutches of a cluttered in-box
In fully good health, the prodigal taps a reply
Sipping on coffee, which he has come by

Honestly, thanks to a generous donation
(Which, by the way, deserves admiration)
And hereby sends you his thanks, and moreover
Proof of existence, which can’t be glossed over

For chances of further survival is bleak
Due to threat of examinations, arriving in two weeks
And if God deems to stay their vicious attack
His kind roommates have offered to pick up the slack

But before he goes down in glorious battle
He feels it his duty to surface, and prattle
A bit, taking respite to thank his dear benefactors
Grateful for patience, thankful for prayers

As always, hoping to be reunited
Unless, of course, school his fate has decided
But until then he wishes his love to send…

And with that
this belated reply
does hereby
come to an end.

The alternative Flash IDE from SoThink, normally $72.21, is free today ONLY on http://www.giveawayoftheday.com. SWF Quicker has some interesting features such as importing a project from .SWFs and .FLVs, as well as a standard editing interface that resembles Flash CS3 but with a seemingly snappier interface. For a complete list of features, see the first link below.

Product home page: http://www.sothink.com/product/swfquicker/
Download page (today only): http://www.giveawayoftheday.com/swf-quicker-4-7-holiday/

I’ve put together a quick video to show you how to extract the installer file from its Giveawayoftheday wrapper (useful since the wrapped executable will only allow installation today). The video also demonstrates importing a .SWF as a new project. Running length: 5:32.

During the school year, I work from home on a part-time basis, and for most of the semester I kept track of my tasks and time on pencil and paper. At least, I tried. More often, when the time comes to write my end-of-day summary, I have difficulty remembering everything that I’ve worked on, let alone how much time was dedicated to each task. It’s typically at these points of crisis that I turn to technology to solve my problems (and though there is something to be said about the value of stepping away from the computer when planning and brainstorming, mundane time and task management is hardly an effort that should require creative juices. At least that’s my excuse for playing with new technology, as always.)

At any rate, this time the solution comes in the form of Grindstone 2 by Epiforge Software, a free program for the Windows platform. Linux users can consider checking out Project Hamster, but I’d like to detail my pleasant experience thus far with Grindstone here.

The most appealing aspect of Grindstone is that while it is relatively straightforward to use, the app includes enough tools to make the power user happy, too: diverse report generation allows me to export a nice-looking timesheet, glance at the summary for a task or for a given date/time range, and view a pie-chart breakdown if I’m feeling visual. Grindstone supports custom fields and values for sorting tasks, the ability to parse custom fields from task names (with a little Regular Expressions), multiple profiles, and a dozen seemingly minuscule features that nonetheless make a world of difference in usability.

After setting up a profile, selecting a task and clicking the Start icon displays the egg timer; this tiny window sits at the top of my screen and lets me select the current task I’m working on throughout the day without revisiting the main program window. The egg timer’s window opacity can be adjusted from the program’s Options dialog.

About half a dozen times throughout the day, I walk away from the computer without remembering to hit ‘Stop’ on the current task. But no worries: when I return, Grindstone’s inactivity timer triggers, yelling politely prompting to account for my time. If, on the other hand, I forget to start timing a task (which also happens more than I care to admit) upon returning from the 4th coffee break of the day, the application will display a friendly reminder.

(P.S.: Just in case you just noticed the change from XP to Windows 7, I must mention that Grindstone’s profile backup and restore capability is quite convenient.)

Confession time: as annoying as I thought these features would be at first, they have turned out to make a world of difference in rendering the time management system an effective way to manage my day. Of course, if the notifications are a bit too intrusive for your taste, their settings can easily be adjusted.

At some point, I decided I needed to be able to categorize my tasks based on priority. Grindstone easily accommodates this with custom fields, so I created a field named “Priority” and enabled sorting on that field.

So far so good, but manually adjusting every task that I had to enter after I entered it became tedious rather quickly. Luckily, the Advanced Entry tab of the custom fields box (under Profile Configuration) allows one to set a match and format pattern in order to parse a field value from the task name. In my case, I decided that I would like to be able to enter a new task such as “Begin world domination (high)” in the quick task pane and have the new task “Begin world domination” be automatically added to the “High” group. Unfortunately, the description of the “match” and “format” patterns is a little terse and there is currently no help topic available on how to use it. However, to my delight, my cry of distress posted on Grindstone’s user forums was answered in less than an hour. How’s that for customer support?

The result of the endeavor is shown in the screenshot below, which also attempts to explain the fields. (Thanks Daniel!)

Okay. I’ve saved the coolest part for last: the report generation.

In my opinion, this is invaluable asset both for reference — at the end of the day, as I wistfully look over the progress report wishing for better productivity (kidding!) — and due to the fact that it allows me to generate a summary of the time spent over the week (or any interval, for that matter). Below, the summary report is being used to copy and paste a pre-formatted table into Excel:

If your time tracking needs are a bit more advanced, Lifehacker reviewed some pretty heavy-duty time management solutions some time back. But as far as I’m concerned, Grindstone does the trick for the extend of my needs. Kudos to the guys at Epiforge for a great product!

Psst: when can we expect a Linux port?

As this semester draws to a close, I thought it would be appropriate to share some of the notes, some written and others floating around in wetware, that I have accumulated over the course of the semester concerning my first experience with formal Computer Science classes. These classes included an Introduction to Comp. Sci., an overview of C/C++, and a course on Discrete Math. Most of my thoughts concern the latter two. This post will be part I of these notes, where I will discuss my experience in the Program Development (CSCI 241) C++ programming class. Please bear with me as I brainstorm out loud.

[Begin lengthy intro. Feel free to skip if you're interested in the bullet points.]

The background to this unofficial series starts with an admission that towards the beginning of the semester, being a fairly self-motivated programmer accustomed to reading books, articles, documentation, and other self-help resources, I had a fair bit of consternation over whether forking over such a high dollar amount required for accumulating technical skills would yield a sensible ROI; technical skills that, frankly, I have pursued independently up until this point. Along with this, sometimes I wonder what advantages a graduated “white-collar” Comp. Sci. graduate has over a self-trained, so-called “blue-collar” programmer, but that’s an topic for another time.  (Please understand, I’m talking about practical skills and not arguing over the necessity of a diploma here.)

Parenthetically, it must be mentioned that this decision to delay my CS classes until my Junior year was not by choice but rather because I attended a Community College during the first two years with a scarce curriculum in Comp. Sci. Having been encouraged by a former professor, mentor, and good friend to make the most of my education by recording my experience so far, this post will serve as a sort of journal entry, marking the beginning of a two-year journey towards finishing my Bachelor’s in Computer Science, where I will record a few observations that I may end up retracting later on. Disclaimer over.

[End lengthy intro.]

I mentioned in the last post that I’m reading a book called Coders at Work by Peter Seibel. Sunday evening I read chapter 8, in which Mr. Seibel interviews Peter Norvig, the Director of Research at Google. I particularly enjoyed this article because in it, Norvig and Seibel discuss the interview process used by Google and what the company looks for when hiring new programmers. One of the questions that came up is what the purpose of using infamous trick questions (a practice that Google is known while interviewing candidates). I am paraphrasing Mr. Norvig’s response to Seibel (in reference to the paragraph at the bottom of page 320), but he essentially makes the point that it’s not as important that you know how to solve every type of problem, but rather that you have a well-developed approach to solving the problem. To put it a different way, it’s not necessarily the breadth of your knowledge, but rather the maturity of your thinking process that is of value here. Knowing the “tricks” helps, but that likely won’t be of aid when you need to apply a more broad problem-solving approach to a similar, but sufficiently different problem.

With this maxim in mind, I’d like to evaluate CSCI 241 at my institution and mention a few ideas that came up during those long hours of class.

My first grievance is with contrived examples. These are indeed useful for getting a novice programmer’s feet off the ground, but they are not what hold our interest nor motivate us to stay involved in the material. I want to know, how does this teach me to write code that matters? Do I really care about implementing a set of Dog/Mammal classes to (re)learn inheritence? After all, I dare say what drew most of us to computer science in the first place was developing a solution to a problem that was of personal interest.

So how can we fix this?

Or, how do we design a computer science curriculum in a way such that classes which teach programming languages present a greater advantage than, say, students picking up a few books and teaching themselves? An abstract solution is to teach “meta-programming” concepts in which things such as

• the importance of writing efficient, but readable code,
• the importance of reading others’ code,
• the importance of code ownership and responsibility, and
• the important skill of being able to find and use resources to further one’s own education on the job.

I am firmly convinced that none of these are possible unless there is personal interest on the part of the student in the applications that the he or she is writing. So, perhaps some more concrete possible solutions include:

• Have each individual in the class checkout the source code of an open-source project of their choice, examine, debug, modify, and do whatever it takes to understand its overall working.
• For a final project assignment, have each student write technical documentation based upon their understanding of a module or two in the open-source project.
• Is the student already involved in an open-source project? Why not, as a professor, support it?
• Provide homework assignments of tiered difficulty so that students of all levels can be challenged to expand their knowledge of the language. How can you optimize the code in the assignment? Do you understand the concepts of a LinkedList? Great, rewrite it using templates (and so on).
• While we’re at it, let’s leave the PowerPoint slides and their near-useless pseudo-code at home and crack open Visual Studio in class.

One final point to make. If all students, no matter their prior skill level, are going to be required to jump through the hoops and take all the introductory classes to get a degree, then an effort should be made to adapt the assignments so that every student is challenged by the right degree.

After all, we should be teaching a mindset, not a language. Old languages go out of date, and new ones are invented, but the process of learning them does not change.

My apologies for the long gap of time that has elapsed since I’ve written a “real” post; it is true that school and work have been keeping me busy, but the whole story is that I’ve had less to write, and more to think about lately. This includes slowly working through two books that I’ll briefly mention here.

Coders At Work by Peter Seibel is a series of real and raw interviews with some of the most high-profile programmers of our day (though I’m rather ashamed to admit that the only name that was familiar to me before I started reading the book was that of Donald Knuth). After reading the favorable review of this on Coding Horror, I picked it up, and I’m glad I did.

Within its 601 pages, each interviewee is asked some predictable (though interesting) questions resembling:

• How did you get started programming?
• What was it that drew you to it?
• What do you think about C/C++?
• What tools do you use?

And then some more useful ones:

• In retrospect, how much of a role did academia play in jump-starting your career? Was it necessary?
• How about graduate study?
• What is the process that you use to design software?
• How important are formal proofs to testing?
• How do you read code?
• What are the skills you are looking for when hiring new programmers?

Obviously, as a rather new programmer in undergraduate study, these questions and more I find especially fascinating to hear addressed this early into my career. Though these folks have strong opinions which vary widely in some aspects, there are nuggets here such as the huge importance of reading code that others have written which I am glad to discover. The book has been reported to read like a novel, which it truly does.  Caution: because of the informal interview settings, the book contains occasional (though concentrated) strong language.

When I wandered over to Barnes & Nobles to pick up the first book, a second grabbed my attention entitled Pragmatic Thinking and Learning by Andy Hunt. This is, not surprisingly,  another addition to the Pragmatic Bookshelf (TM) series, but it turns away from the technical skills to concentrate on the art of thinking — but not in the analytical, procedural, mechanical, left-brain approach that we employ at work. Instead, Hunt emphasizes capturing and taking advantage of the creativity and intuition that sets apart an expert from an advanced beginner on the Dreyfus model of skill acquisition, and how to stimulate and encourage such thought patterns that he contends are not overly common to the field of Computer Science. With a well-established background, plenty of humor, well-placed quotes, hand-drawn illustrations and practical ideas geared toward those in the software industry, I am finding this to be a fresh and unique perspective on skills useful to a programmer.

For those of you not yet ‘Waving’, I have 4 Google Wave invites remaining. If you’d like one send me an email at cameron {at} odevelop {dot} com.

Just the other day I decided to change my password for an important online account to a secure one generated by KeePass, the free, portable and cross-platform password safe. It almost ended in a very bad situation when the program (which is otherwise an excellent one) decided to crash right after I had added an entry for the account, but before I had saved the database… and just after I had logged out of the account! Argh!

My online banking site doesn’t seem to have a simple way to reset the password, which is probably a good thing in retrospect, but… it’s a weekend so calling the bank was out of the question. After a few moments of panic, however, I realized that I had used KeyPass’ automated keylist generator a few days back, which meant the password was still there. The only thing lost was the account association, and — phew! — I was able to log back in with the first unnamed password from the list.

So obviously, I’m convinced that utilizing the keylist generator serves more purposes than one. If you haven’t done so, save yourself a potential headache:

Select Tools > Generate Password List… from the main window.

Set the length and characterset for the generated passwords, and click OK.

Enter the number of passwords to generate.

To add a site, edit the next blank item from the list along with its random, pre-generated password.

The later versions of Eclipse (I believe 3.4+) have migrated the menu system for plug-ins from using the antiquated actionSets to org.eclipse.ui.menu’s, commands, and handlers. Using an ISourceProvider, the state of your plug-in’s menu items can be managed dynamically; something that was rather painful to do with the old actionSets (when instead it was necessary to wait for the action to be invoked in order to get a handle to its IAction). There’s a great set of tutorials on the newer technique here and here.

In the process of migrating my plug-in to the new system, however, I came across a bit of trouble enabling and disabling the items. Seemingly, setting the “enabledWhen” flag for the menu items wasn’t working. Here’s the sample XML for the extension (can you spot the problem?)

<!-- Managing the UI state (enabled or disabled) of the menu item is accomplished by setting the 
variable referenced below within a class that extends ISourceProvider. -->
<extension point="org.eclipse.ui.services">
	<definition id="com.example.SampleItemSourceProvider">
		<variable name="com.example.SampleItemState" priorityLevel="workbench" />
	</definition>
</extension>
 
<!-- Menu item definition -->
<extension point="org.eclipse.ui.menus">
	<menuContribution locationURI="menu:org.eclipse.ui.main.menu?after=additions">
		<menu id="com.example.menuitem1" label="Example Menu Item" commandId="com.example.command1" <!-- Defined elsewhere --> >
			<enabledWhen>
				<with variable="com.example.SampleItemState"><equals value="stateEnabled"></equals></with>
			</enabledWhen>
		</menu>
	</menuContribution>
</extension>
 
<!-- Handler definition -->
<extension point="org.eclipse.ui.handlers">
	<handler class="com.example.MenuItem1Handler" commandId="com.example.command1" <!-- Defined elsewhere --> >
		<activeWhen>
			<with variable="com.example.SomeOtherVariable"><equals value="stateActive"></equals></with>
		</activeWhen>
	</handler>
</extension>

So as a note to self in case I forget (likely!), apparently an inactive handler is enough to override the enabledWhen flag of a menu item, which occurs when they are not managed by the same variable (or kept synch’ed). The opposite is also true. It’s easy to forget about those tricky handlers when they don’t define the actual menu item but are merely associated with them.