Beefy Boxes and Bandwidth Generously Provided by pair Networks
Perl Monk, Perl Meditation
 
PerlMonks  

Respect for user data and how perl saved the day

by fergal (Chaplain)
on Feb 13, 2006 at 20:59 UTC ( #529931=perlmeditation: print w/ replies, xml ) Need Help??

This about a general principle and a specific instance where the principle was ignored but perl saved the day.

The principle is that user data is precious and should be respected and preserved. This idea is not new, in fact it's fairly obvious but almost certainly ignored by the application you're currently staring at.

The first (only?) time I saw it explicitly stated was in the book The Humane Interface (an excellent read, unfortunately the author died last year) and the reason I'm writing about it now is because I've just been bitten again so I want a rant (and nobody reads my blog)!

So, there I was typing a long post into a text box on a webiste not unlike Perlmonks. I was not too familiar with their system to I clicked on Preview, spotted a mistake and immediately clicked Back to fix it. Doh! Where's my posting? Click Forward and I get some message about resending data, OK go ahead. Nothing. My posting was gone. My 30 minutes of typing all for nothing. Arghhh! We wouldn't tolerate this kind of behaviour from the crappiest text editor, why do we tolerate it from web broswers?

I notice that blogger.com's post editor has an onclose action that warns you that you're about to throw away your edits but really it shouldn't be up to every website in the world to script this basic and obvious safety measure. The bug I filed against Firefox has sat untouched since I filed it.

Anyway, now the perl connection...

The last time this happened I was none too happy. I did the usual creative swearing and name calling and I said "that data's got to be sitting inside Firefox somewhere, there must be way to recover it through /proc". My colleague replied that he'd tried doing this before but it hadn't worked for him. Well, God loves a trier so we spent a little while looking at man pages and came up with this

#! /usr/bin/perl use strict; use warnings; use POSIX qw ( SIGCONT ); my $pid = shift; my $base = "/proc/$pid"; open(my $mem_fh, "$base/mem") || die "$base/mem: $!"; open(my $maps_fh, "$base/maps") || die "$base/maps: $!"; require 'syscall.ph'; my $result = syscall(&SYS_ptrace, 16, int($pid), 1, 0); if ($result == -1) { die "Error: $!\n"; } while (<$maps_fh>) { my ($start, $end) = map {hex($_)} /^(\w+)-(\w+)/; dump_range_seek($mem_fh, $start, $end - $start); } # wake the patient back up kill(SIGCONT(), $pid); sub dump_range_seek { my $fh = shift; my $start = shift; my $len = shift; my $seek = sysseek($fh, $start, 0); die "seek, $!" unless defined($seek); # warn "seek = $seek"; my $buf; while ($len) { my $chunk = $len > 4096 ? 4096 : $len; # warn "reading $chunk\n"; my $read = sysread($fh, $buf, $chunk); die "$!" unless defined($read); die "read 0" unless $read; $len -= $read; print $buf; } }

Save it as catmem.pl and then run catmem.pl $PID > some_file and it will dump out the entire memory image of that process. The it's just a matter of applying the usual unix tools like strings and grep to find what you're looking for. Of course this isn't guaranteed, it highly dependent on how the application in question stores your data etc etc but for Firefox at least it tends to find a fairly recent revision of what you've lost.

So if you work on a project that allows users to input anything longer than word or two, please show some respect and don't ever throw their data away. That doesn't mean you have to badger them with prompts every time they change screens, it could just be a matter of providing an undo function are maintaining a history of strings that have been typed but not saved.

End rant.

P.S. Yes, I typed his all in via a Firefox text box :)

Comment on Respect for user data and how perl saved the day
Select or Download Code
Re: Respect for user data and how perl saved the day
by BrowserUk (Pope) on Feb 13, 2006 at 22:07 UTC
    P.S. Yes, I typed his all in via a Firefox text box :)

    Perhaps it's just as well you didn't notice the missing 't' :)


    Examine what is said, not who speaks -- Silence betokens consent -- Love the truth but pardon error.
    Lingua non convalesco, consenesco et abolesco. -- Rule 1 has a caveat! -- Who broke the cabal?
    "Science is about questioning the status quo. Questioning authority".
    In the absence of evidence, opinion is indistinguishable from prejudice.
Re: Respect for user data and how perl saved the day
by tinita (Parson) on Feb 13, 2006 at 23:00 UTC
    So, there I was typing a long post into a text box on a webiste not unlike Perlmonks. I was not too familiar with their system to I clicked on Preview, spotted a mistake and immediately clicked Back to fix it. Doh! Where's my posting?
    Annoying, yes... What I'm doing in Opera if I fill out a big form and I'm scared it could vanish, I click on "Create linked". The POST will appear in a newly opened tab, the original window still contains the filled out form.
    still, this is just an unnerving workaround...
Re: Respect for user data and how perl saved the day
by Anonymous Monk on Feb 13, 2006 at 23:29 UTC
    Hmmm, I've been thinking I need an excuse to learn Tk and WWW::Mechanize. Should be possible to make a perl app that edits/saves/loads text on a web page, eh?

      Yes, but not using those modules. WWW::Mechanize is designed to act like a web browser, but if I understand your idea correctly, you need a Perl program to interact with the web browser you the user are already using. For this you can use programmatic control modules. For IE this would be Win32::OLE with the 'InternetExplorer' class or perhaps SAMIE. For Firefox there's some equivalent but I haven't looked into it.

      My personal workaround is when I'm about to submit a big text block, I copy and paste it in a text editor before hitting the button. But that also is a bit of a pain.

      You could write a Sniffer::HTTP program that makes backups of your posts without requiring any changes to your browser at all.

      ⠤⠤ ⠙⠊⠕⠞⠁⠇⠑⠧⠊

        That relies on your browser sending the information. If you click the "back" button, no data is sent.

        davis
        Kids, you tried your hardest, and you failed miserably. The lesson is: Never try.

        Or you could install a mouse/keystroke logger or take screenshots of X every few minutes and then we could get rid of those annoying "Are you sure you want to discard your changes" dialogs from all our applications :)

Re: Respect for user data and how perl saved the day
by zentara (Archbishop) on Feb 14, 2006 at 13:28 UTC
    This must be system-dependent, because on my system, with a grsecurity enhanced kernel ( widely used security patch), it responds "Error: Operation not permitted".

    I'm not really a human, but I play one on earth. flash japh

      I guess so. Although I can't see any great security benefit in preventing a user from accessing the memory of their own process. That said accessing that memory is a bit of an odd thing to do and isn't something you'd tend to do on a production server for example.

      You might find that you can't run strace -p $PID or gdb $PID either. If that's the case then I suppose it's intentional.

      Welcome to the world of DRM :) At least in this case you can probably turn it off.

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: perlmeditation [id://529931]
Approved by Corion
Front-paged by planetscape
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others browsing the Monastery: (7)
As of 2014-12-25 02:29 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    Is guessing a good strategy for surviving in the IT business?





    Results (159 votes), past polls