Given my recent tinkering with Ruby and Rails, Tim Bray's mention of JRuby made me check it out. Its supposedly compatible with Ruby 1.8.2 and supports most builtin classes and BSF (Java world's common scripting language harness).

There are some interesting experiments going on in the JRuby world such as integrating Spring Framework into JRuby which allows Ruby objects to be weaved together using Spring configuration. There weren't many references to Rails on JRuby though.

While searching, I also ran into an article comparing the latest crop of Java-based scripting languages.

Choosing a Java scripting languange: Round two


p dir=”ltr”>Here is a performance comparison chart from the article which I found interesting:

As you can see, current implementation of JRuby is really slow. But I think its performance should increase to be comparable to Jython after a few round of optimization.

What surprised me was how fast Rhino has gotten. Rhino smoked all other languages on the chart except Java! I haven't looked at Rhino since version 1.5 but I got another good news when I looked up this morning: Rhino 1.6R2 (latest stable version released ten days ago) supports ECMAScript for XML (see Jon Udell's Introduction to E4X) which makes XML first class citizen in JavaScript language. Very nice.

Mid-experience comment on Ruby syntax: so far it feels better than Perl but worse than Python. I am finding Ruby code difficult to read and focus on. Endless jutting ends and seemingly frivolous abuse of special characters annoying too. Expressions like:

class Dog < Animal

creates conflicting echos in my head because meaning of '<' in general conflicts with it's meaning in Ruby. Differences can be explained away but I think the designer of Ruby language don't realize that logic does not dance on eyelids. Damn. I am slipping into poetic zen mode again. Help!

Ruby on Rails on Eclipse

Apparently, hot from the oven:

Setting up a Rails Development Environment on Windows Using Eclipse.

My only complaint is that setting up external rails commands is rather tedious and commands have no guard rails (sorry) due to command line level integration with Eclipse.

NOTE: I am not completely sold on Ruby nor Rails. I am playing around with Ruby on my breaks just to get the bitter taste of real world engineering out of my mouth.


WEBrick is usually shut-down with control-C but since it is launched as a Eclipse external tool, it has to be shutdown directly from the Eclipse Debug view.

Contactless Credit Card Vulnerability

Currently deployed contactless credit card are vulnerable to bump-and-relay attack. Roaming harvesters, equiped with modified readers that relay signals into a stolen transaction exchange network (STEN), bump into a contactless credit card carrier. Roaming spenders, equiped with a device that replays contactless card signals relayed through STEN, make purchases anywhere contactless credit cards are accepted. STEN matches harvesters and spenders on-demand.

Note that this vulnerability is not high risk for card issuers because:

  • Most contactless payment cards are currently used for small amount transactions of limited types (i.e. tranportation, vending machine, etc.)
  • STEN is difficult to setup, avoid detection, and defend.
  • Profit sharing at large scale is difficult.

Still, I could see small scale localized operations happening because the cost of investment and risk of capture are both low IMHO. Thankfully, there are several solutions to this vulnerability, some of which are already being implemented.

One obvious solution is to require two-phase commit for transactions above certain size. Another more low-tech solution, which I have not seen anyone propose yet, is to provide RF-shield sheath for cards so they can't be read unless the cardholder takes it out. I like this soution the best because:

  1. It's simple and effective
  2. No change is needed to existing systems.
  3. Solves the multiple-contactless-cards-in-a-wallet problem as well.
  4. Creates branding/marketing opportunities.

First Korean Jetfighter

Kinda cute looking, no? Add a MP3 player and sell it as iJet!

Korea's aerospace industry is still in its infancy but I am happy to see that its first jetfighter is about to be deployed. T-50 is a trainer jet based on the F-16 design although it's smaller (80%). A-50 is the attack jet version. It's not a bad start but I doubt I'll live to see the first Korean manned-spaceship take flight.

Linux Desktop Insecurity?

While Linux enthusiasts have touted security as one of the advantages Linux has over Windows, I fear Linux desktops' use of plain password dialogs to acquire system privileages on-demand is a serious vulnerability because:

  1. Password dialogs appear too frequently, creating complacency and training users into typing in the superuser password reflexively.
  2. Password dialogs can be easily emulated.

Are there any Linux features I am not aware of that protects against this?

Search Gulch

Quite a number of years ago, I was pitching the idea of group search and group memory to a few select VCs. Thankfully, no one really understood what I was wailing about. I am thankful because I I believe being right at the wrong time is worse than being wrong at the right time. So all the hectic search and social software related activities going on these days mean bitter smiles for me.

Hammer and Axe

The difference between smart and sharp is comparable to the difference between a hammer and an axe. You can cut a tree with a hammer, but it will take more time and create far more mess than with an axe.

PassMark acquires Vocent

PassMark Security acquired Vocent Solutions. I think voiceprint authentication is cool so I am looking forward to meeting ex-Vocent engineers next time I get to PassMark's new offices in Menlo Park. Verified-by-Visa with voiceprint authentication is interesting too.

Meanwhile, the second BayPay meeting will be held at one of the Foster City Visa buildings tommorrow. I hope I can get up at decent hours so I can make it to the meeting.


Too busy trying to catch up with promises so I'll so post short comments about movies I saw recently at home during breaks.

House of Flying Daggers

A great looking film with stunning action shots throughout the film except the end which was unbelievably bad in all aspects: terrible CG snow storm, dead heroine coming back to life, sloppy flailing fight scene, etc. Acting was mediocre overall with the exception of Zhang Ziyi but then I am a fan of hers so I might be biased. I think the director, Zhang Yimou, ruined most of the conversation scenes by focusing too much on the scenery and pacing the conversations too slowly. The Road Home, also starring Zhang Ziyi, is still his best film IMHO.


Everything about this movie sucked so much that I started skipping across scenes within 10 minutes. I did watch the battle scenes but got only dust and confusion in my mouth afterward. Alexander opened a new chapter in the history of warfare but this movie made him looked like a dustrat. Oliver Stone must have been stoned while directing this movie.

Sin City

Except for the opening and the ending scenes which detracted from the movie IMHO, everything was great although I think more attention could have been paid to background music. Oh, yeah. More of Jessica Alba on the stage would have been nice too. 🙂

That's all.