Monday, July 8, 2013

Use file extension ".yml" for YAML

Generally, YAML files should be referred to by extension ".yml" (instead of ".yaml", if they have one).

Currently, any remaining use of the extension ".yaml" seems (in my view) slightly silly.

Commonly, the letter X is used for a great variety of meanings including "cross", "extensible", "variable", etc. (e.g. in XML). On the other hand, Y (e.g. in YML or YAML) carries no such extra baggage.

Relatively speaking, Y's use is rather uncommon. The acronym YACC comes to mind (for "Yet another compiler compiler"—BTW, its extension is simply ".y" when generating C language files). Actually, YACC assists more than it conflicts, because historically (as you may know) YAML was an acronym for the similar phrase, "Yet another markup language".

Linguistically speaking, therefore, the acronym "XML" has (in a way) only two informative letters. By contrast, all three of the letters of "YML" are fully informative. Indeed, the existing set of acronyms beginning with Y seems extremely small.

Per Wikipedia's article on information theory, "Abstractly, information can be thought of as the resolution of uncertainty." By implication, this is why a four letter YAML file extension feels greatly overspecified.

For the sake of completeness (though less important), this Ansible project comment (regarding their choice of extension) exemplifies other motivations:

> Three letter extensions owe historical relevance from DOS.
> They also save typing.

But these last two aren't the important reasons—instead, see above.

This comment (from March, 2014 in the Symphony project) also seems relevant:

> Once you have two of the biggest industry players doing ".yml" as the extension, it is the standard.

Information from the website dates the organization's most recent activity to 2009 (approximately). Evidence of this comes from:

1. > © 2001-2006 All Rights Reserved

2. > [The latest] News:
> 20-NOV-2011 -- JS-YAML, a JavaScript YAML parser by Alexey Zapparov and Vitaly Puzrin.

3. > [The latest] YAML Resources:
> YAML 1.2 (3rd Edition):

Their latest specification (1.2 above) is from 2009, presumably before much of YAML's worldwide adoption:

> YAML Ain’t Markup Language (YAML™) Version 1.2
> 3rd Edition, Patched at 2009-10-01

Even their latest news item, the above-referenced JS-YAML, uses BTW the extension '.yml":

> var doc = require('/home/ixti/example.yml');

Therefore the staleness of's information should greatly lessen the impact today from the recommendation in their FAQ:

> Is there an official extension for YAML files?
> 1. Please use ".yaml" when possible.

Here is a URL for web-searching the usage of the two YAML data file extensions (.yml and .yaml). I found time-wasting discussions of which extension to use here, here and here. Apparently these discussions are a result of the official organization exerting its influence uphill, against prevailing practice.

Maybe the public should complain. Maybe would listen!

Here are merely some (of the many existing) usage examples of the shorter extension ".yml" in common use:


> -- NOTES:
> -- 1. The YAML file extension usually is ".yml"


> If you want a YAML file extension of .yaml (instead of .yml), you have to configure that.


> The default YAML for most projects seems to be .yml, instead of .yaml.
> In NetBeans in particular, the YAML wizard only allows creating a file with a .yml extension


> All mapping documents should get the extension ”.dcm.yml” to identify it as a Doctrine mapping file.
> $driver->setFileExtension('.yml');
> The Symfony project sponsored a driver that simplifies usage of the YAML Driver. The changes between the original driver are:
> File Extension is .orm.yml
> Filenames are shortened, “MyProject\Entities\User” will become User.orm.yml
> $driver->setGlobalBasename('global'); // global.orm.yml
> As a quick start, here is a small example document that makes use of several common elements:
> # Doctrine.Tests.ORM.Mapping.User.dcm.yml


> NOTE: YAML files more often use the .YML extension.


> Configuration files should end in .yml, not .yaml
> That's the standard file ending, and should be consistent with expectations.


> Posted by cweagans on March 6, 2013
> .info files are now .info.yml files

The only counterexample I have found (using ".yaml") comes from cPanel (in their EasyApache interface, apparently a cPanel product). Generally, cPanel seems somewhat "stuffy" and old-fashioned (i.e., likely to prefer the recommendation of an official organization over common usage). Per cPanel's EasyApacheHowToMoveProfiles:

> Profile are located in the /var/cpanel/easy/apache/profile/custom directory. The filename will be identical to the name you save it with, plus the .yaml file extension.

EDIT: The above reference is from the Wayback machine. However, as of August, 2016, we can still see cPanel using only extension ".yaml".

Copyright (c) 2013 Mark D. Blackwell.

Wednesday, July 3, 2013

Use Ruby-like Mirah to develop for Android

I have minimal experience in Android development—I have set up its development environment and merely compiled something that another has written. I work mainly in Ruby on Rails.

However, for the intrinsic joy from developing something on an Android device, I'm particularly interested in the language Mirah created by Charles Oliver Nutter (the developer of JRuby). I keep Mirah in mind, for whenever it will become practicable to use in Android development.

Perhaps Mirah is ready now—a Google search shows plenty of people using Mirah on Android.

Back in 2011, Nutter wrote an article about Mirah in Dr. Dobb's Journal. To sum up, this is a Ruby-like language designed in such a way that, for any program feature (or user feature) a programmer desires to implement, she would create a new keyword or plugin for the language (somewhat directly in the compiler—this being Mirah's main point of departure) rather than add a new Java package. And, it compiles to the JVM.

Therefore in Mirah (unlike in JRuby-based approaches such as Ruboto) no program needs a package or library beyond what is already in standard Java and Android. Programs written in it are extremely tiny (due to running without huge, additional language libraries) and they load and run (both) extremely quickly on Android devices (with their Dalvik Java virtual machine).

To use Mirah to build an Android app, see the Pindah project.

In order for someone to use Mirah (essentially syntax sugar on top of Java) BTW not only should they be familiar with Ruby, but they must also know Java well.

There's more about Mirah here:

For Android development, other JVM languages, Scala, Clojure, etc., as well as Ruboto, are also interesting.

Various StackOverflow questions relate to Android development using Mirah, JRuby, Ruboto, etc.:

Copyright (c) 2013 Mark D. Blackwell.

Friday, June 28, 2013

Ongoing open-source Rails secret_token vulnerability

Today I was re-alerted to a somewhat dangerous insecurity for open-source Rails apps if their Application.config.secret_token is kept under version control. The relevant file:


Rails itself generates this file in this way (without an entry in .gitignore) but it's still dangerous. There's lots of discussion here.

Presumably easily an environment variable could be set in config/application.yml (often kept out of version control) and retrieved at run time into config/initializers/secret_token.rb.

Remembering this would seem the only way to solve the problem and protect one's apps into the future from this known security vulnerability.

Here are Ruby on Rails Security Guide's recommendations:

'[P]lease secure your database configuration, e.g. config/database.yml, and your server-side secret, e.g. stored in config/initializers/secret_token.rb. You may want to further restrict access, using environment-specific versions of these files and any others that may contain sensitive information.' — per its Environmental Security section.

'If you have received an application where the secret was exposed (e.g. an application whose source was shared), strongly consider changing the secret.' — per its Session Storage section.

BTW, newly, Rails 4 has added Application.config.secret_key_base (described in the previous link and Guide for Upgrading Ruby on Rails' section, Action Pack).

'If you happen to share your code publicly, make sure your secret_key_base value is kept private.' — per this blog post.

Presumably, however, this new variable name setting does not remove the current security vulnerability either in Rails 3 or 4 since the Rails secret_token still is under version control.

Copyright (c) 2013 Mark D. Blackwell.

Wednesday, June 19, 2013

Raspberry Pi hobbyist computer

Just now (albeit belatedly) I came across a small, fun $35 computer for hobbyists: the Raspberry Pi.

Have you heard of it?

This recalls _why and others' passionate advocacy of "The Little Coder's Predicament" with projects such as hackety-hack that provide hackable computers again for children.

BTW, Raspberry Pi runs Debian Linux (wheezy).

Copyright (c) 2013 Mark D. Blackwell.

Tuesday, June 4, 2013

Blog posts' date position

Just now I was reading a blog to avoid emailing its author with questions they already blogged about. Like others with this purpose, I read it reverse-chronologically (i.e. from the top).

While reading a blog purposefully to learn the current status of a fast-changing software system it seems important to gather a quick sense of time context for each post.

Inevitably I observe myself sliding my browser window downward to the bottom of each post to get a sense of how long prior to the post above it each was released—just in case the time interval is much, much longer than those above.

Then I slide the window back, indeed with resulting uncertainty that I have recovered the proper beginning of the proper post.

Some blogs may never have a delay of more than two weeks between posts.

If I knew this were the case always I wouldn't even look. But since I am not sure, I find myself looking at the dates.

Viewing a blog's archive helps somewhat (and furthermore I can read a whole blog by clicking its posts in an archive list; but this seems less natural).

So the minor suggestion here, for blog formatters' consideration, comprises the usefulness of placing the date of each post immediately below its title.

Copyright (c) 2013 Mark D. Blackwell.

Monday, May 27, 2013

Robin Hodson compositions

A acquaintance of mine, Mr. Robin Hodson, has composed quite a number of choral and chamber works worthy of note. Not 'modern' music, these are quite listenable.

One can hear them free of charge on ScoreExchange. Just click the tab labeled 'Scorch plug-in', and install it if necessary. (BTW, Sibelius recently has made their plugin work better):

Truly quite excellent (especially harmonically) are:
  • 1993   Wind Quintet (1: Martial Fugue & Western Wind)
  • 2002   Verbum Caro Factum Est
  • 2003   English Missa Brevis
  • 2004   Ave Maria (SB duet)

Here's a chronological list (attempting to be complete) of his compositions (which are available on ScoreExchange):
  • 1986   This Is The Day
  • 1988   Missa Sancti Pauli
  • 1989   There Is No Rose
  • 1990   Death, Be Not Proud
  • 1993   Diaphonic Mass (organum)
  • 1993   Wind Quintet
  • 1997   Ave Verum
  • 2000   Funeral Sentences
  • 2001   Magnificat (Maryland Service)
  • 2002   Elegy for Strings
  • 2002   Nunc Dimittis (Maryland Service)
  • 2002   Verbum Caro Factum Est
  • 2003   English Missa Brevis
  • 2004   Ave Maria (SB duet)
  • 2004   Ave Regina Caelorum
  • 2004   Regina Caeli Laetare (Soprano, Piano, Cello)
  • 2008   Psalm 111: I Will Give Thanks Unto The Lord

Also I should mention the several CD releases (of steadily increasing quality) of his own popular music compositions. The 2008 album is uniformly excellent. Particularly excellent from his 2003 album are:
  • Hold Your Candle Over Me
  • Never Coming Home Again

Copyright (c) 2013 Mark D. Blackwell.

Tuesday, April 30, 2013

Essential jQUERY

Recently, I picked up the bare essentials in jQuery from the book, jQUERY Visual Quickstart Guide by Steven Holzner, Peachpit Press, 2009.

However, a word of warning: the book is somewhat badly edited, and there is no corrected edition (still as of this writing).

From the core jQuery source code, this page also is useful. Here are my brief notes:

JQuery refers to a certain syntax $(thing) for any thing as 'jQuery-wrapping'.

The keyword $ is an alias for jquery. Both are used in the following ways:

  • $(function)  –  Append a function to the list to be run when the document is ready: a shortcut for $(document).ready(function).

  • $(CSS-selector-string)  –  Select some nodes in the document.

  • $(HTML-string)  –  Create HTML for insertion.

  • $(DOM-node)  –  Like saying simply DOM-node, but change the value of this and set context (an attribute used by jQuery). Examples are:
    •   $(document)  –  The document.
    •   $(this)  –  this.

  • $.method  –  (This one has a dot and no parentheses.) Run a utility method.

The jQuery methods selected for explanation in the book are:

  • Methods on jQuery-wrapped collections of HTML elements:
    • addClass,  after,  alt,  animate,  append,  attr,  before,  bind,  clone,  css,  each,  (event binder methods),  fadeIn,  fadeOut,  fadeTo,  height,  hide,  hover,  html,  is,  (jQuery-UI methods),  length,  load,  one,  serializeArray,  show,  size,  slice,  slideDown,  slideToggle,  slideUp,  text,  toggle,  toggleClass,  unbind,  val,  width,  wrap

  • Event binder methods:
    • Keyboard   –   keydown,  keypress,  keyup

    • Mouse   –   mousedown,  mouseenter,  mouseleave,  mousemove,  mouseout,  mouseover,  mouseup

    • The rest   –   beforeunload,  blur,  change,  click,  dblclick,  error,  focus,  load,  resize,  scroll,  select,  submit,  unload

  • jQuery-UI methods:
    • accordian,  datepicker,  dialog,  progressbar,  slider,  tabs

  • Methods on jQuery-wrapped HTML strings:
    • insertAfter,  insertBefore

  • Utility methods:
    • ajax,  browser,  each,  get,  grep,  inArray,  isArray,  isFunction,  makeArray,  map,  post,  support,  trim,  unique

Copyright (c) 2013 Mark D. Blackwell.

Thursday, April 25, 2013

Meetup authentication & email addresses

As part of its OAuth authentication process with other apps, Meetup doesn't provide email addresses of its users. (I refer to this official Meetup forum question, and to this page in the Meetup API docs—search the page for 'email'.)

Twitter doesn't provide email addresses either. However, Meetup seems nicer than Twitter.

People use multiple Twitter accounts (I know some who do). But people don't use multiple Meetup accounts (at least supposedly not).

When registering new users through this difficult class of OAuth authentication providers (those which don't supply an email address) one might ask each new user directly for some email address, or might not. Requesting this is normally recommended.

If an app uses Meetup authentication (and it doesn't request and confirm an email address during user registration), and uses another form of authentication also (even added later) then there's no way to identify the same user, if or when they sign on by a different way.

So Meetup authentication (without email) is only good if the app is forever limited to using Meetup authentication alone. With that permanent limitation, in such an app, nobody (mysteriously) will run into the problem of having more than one account.

Of course, having Meetup as the single method of authentication is useful, reasonably, only to apps which are already limited to Meetup users.

Keeping the UI simple (by not requesting an email address when people register) means the app might never have email addresses. But that might be okay if an app uses Meetup authentication alone, forever.

Then one need not bother people with asking for their email address when they first use an app. The ease of that emotional UX moment when new customers are forming their first impression of an app (and making their initial commitment to it), from the standpoint of building a customer base—depending on the app—could be considered more important than ever knowing their email addresses.

BTW, omniauth-meetup is a good gem for doing Meetup authentication in Rails.

Copyright (c) 2013 Mark D. Blackwell.

Saturday, April 20, 2013

Flat UI and Twitter Bootstrap "Mobile First" for Rails

Designmodo's announcement for their free Flat UI (which uses Sass) mentions plans (in the discussion) to release a pay version containing LESS code. And an issue on their Flat UI gem floats a suggestion of possibly porting it to LESS.

Darthdeus' gem flat-ui-rails contains Flat UI precompiled to CSS with no LESS code.

Whether Flat UI will continue to be maintained and useful for Rails doesn't relate to Darthdeus' trivially easy to maintain gem but therefore instead to Designmodo's free Flat UI product itself. So far, BTW, their Pro version seems to be vaporware.

There is a rumor Twitter Bootstrap version 3 "Mobile first" will have a flatter UI, but that's only temporary (for development purposes) according to this article.

Web searching revealed no sign how Designmodo's Flat UI might be affected by Twitter's new "Mobile first" initiative otherwise.

Copyright (c) 2013 Mark D. Blackwell.

Friday, March 22, 2013

StackExchange family (including Stackoverflow) doesn't care about signout

I again registered a test account for 'Log in with Stack Exchange'.

Disappointingly, after logging out of every (SE family) site, it still lets me log in again merely by button clicks, while I type nothing.

After more than a year, clearly the managers of the Stack Exchange network family of websites don't give a hoot about protecting users of shared computers with a truly effective signout.

What if some rude person at a party click-logged into and deleted someone's account, thus trashing their vast accumulation of reputation?

Copyright (c) 2013 Mark D. Blackwell.

Thursday, January 31, 2013

Fix spurious XP warning 'firewall not started', howto

Spuriously the last few days, booting my XP computer, I've been warned my firewall is down (in a yellow message bubble). Microsoft's Security Center software (running locally) says, "Microsoft Security Essentials is turned off." The message is not transient, either.

However, real-time protection is running just fine!

Running Microsoft's WMIDiag diagnostic tool didn't help, but web searching the message gave me this procedure (to rebuild a corrupted WMI repository—when prompted, answer yes):

> cd %windir%\system32\wbem
> net stop winmgmt
> dir /ad
> ren Repository Repository.old
> net start winmgmt
> net start "security center"
> firewall.cpl

Then in the General tab, select 'On' to restart Windows Firewall.

If you really want to understand WBEM (mentioned above, Web-Based Enterprise Management, or Microsoft's version: WMI, Windows Management Instrumentation) you can click this humorously easy introduction or web-search it.

Copyright (c) 2013 Mark D. Blackwell.

Wednesday, January 16, 2013

Thomas Young mass setting open letter

Subject: Thomas Young mass setting by Mark D. Blackwell

TYC Administrator
Thomas Young Centre
The London Centre For Theory And Simulation Of Materials

Dear madam:

Since your website:

indicates you as the first point of contact, I write to announce with pleasure that I have composed a mass setting in honor of your own Thomas Young, the famous polymath.

This entire mass setting was inspired by Thomas Young's list of major thirds in his own Young Temperament (a well-temperament for keyboards). He arranged these thirds in order of increasing size (thus increasing distance from purity). In his design, this order matches the key signatures with increasing numbers of sharps and flats. His temperament (I assume you know) is described here:

To be more explicit, the chord roots in this mass setting exactly follow Thomas Young's ordered sequence (or otherwise relate to it): C, G, F, D, Bb, A, Eb, E, Ab, B, Db, Gb.

You might find it amusing to inform your membership of this connection to your namesake, perhaps in a note in a publication. At least, I hope so!

The "Thomas Young" mass setting can be heard here (click the icons which depict two notes on a staff):

Copyright (c) 2013 Mark D. Blackwell.

Compositions self-nominated to Baker Artist Awards

I nominated my musical compositions for consideration for the various local Baker artist awards and grants (of Baltimore) by adding a page on their site just now.

Please consider looking! As you know, comments are love (there, as ever).   :-)

Copyright (c) 2013 Mark D. Blackwell.

Saturday, January 12, 2013

SATB sheet music from Mutopia

I have prepared a selection (twenty-nine numbers) of SATB sheet music, starting from Mutopia's search filter in the vocal category.

All have lyrics in English, Latin, or Spanish (and some French, German, and Italian) in the staff (as opposed to being separately printed).

They are not filtered for quality, nor for content type (such as religious).

They are engraved using the beautiful Lilypond, as everything is on Mutupia.

Copyright (c) 2013 Mark D. Blackwell.