Firefox 3.5.5 screwy characters appearing

There's something that's bugged me ever since I upgraded to Firefox 3. Certain pages that used to work perfectly in Firefox 2 suddenly didn't.

Instead there would be a mess on the page - lots of square boxes the size of characters with text inside them. Like this or maybe this

Typically this would be some kind of character encoding issue ( the server/browser specifying/requesting UTF-8 instead of ISO-8859-1 etc), or having Auto-Detect universal set off in Firefox - and most sites around the net propose this as a solution (oh, & also recommend partial reinstalls of your O/S).

Uhh, no.

It's actually a compression issue.

If you're having this problem, the resolution is this:

Enter into the address bar

about:config

in the Filter textbox below, type

network.http.accept-encoding

You can also just start typing "accept-encoding" until it appears on the screen.

Double click the network.http.accept-encoding entry.

Now, on my browser, it was set to

gzip,deflate;q=0.9,compress;q=0.7

but should have been

gzip,deflate

So, type that into the box & hit OK, then restart your browser (just make sure you close all your windows too)

Voila, you can now surf the web without having to constantly switch back to IE.

Twitter OAuth Invalid Signature on friendships/create

This is a public service announcement.

I've been doing a bunch of work with Twitter recently & came across this problem.

When trying to do a friendships/create, I get back "OAuth Invalid Signature."

I'm using Tweetsharp v0.15 preview (an excellent product, btw), but I don't think this is a Tweetsharp issue, it's a Twitter issue. People are really scratching their heads about it.

The Tweetsharp guys proposed a solution here, but that didn't help me. In fact, the more I googled, the more erroneous solutions I found.

Here's my setup. TwitCleaner (the app) has a consumer keys & secret. It would then get an access token/secret for the user, & use that token/secret to make the user follow @TheTwitCleaner. This is done so we can DM the user when their report is done. We encourage people to unfollow again (if they want to) once they get their report DM.

Anyway, pretty simple. We have valid OAuth token/secret from the user, so that's not a problem.

We're just trying to make the user follow @TheTwitCleaner, should be simple, right? No.

I wasted several hours on this. Among the solutions proposed (& wrong) were:

• You can't use a consumer key/secret to follow the user those keys are associated with (ie, TwitCleaner the app has key/secret, but it's associated with @TheTwitCleaner the Twitter account)
• The OAuth information is incorrect
• The request had to be made over https, not http (not something I have control over with TweetSharp, as far as I can tell)
• That because I was passing in Client information when making the request, that was gumming things up.

Well guess what? It was none of those.

Know what fixed it?

Passing in the username to follow in lower case.

I kid you not.

Now, @TheTwitCleaner is in Twitter with that combination of upper/lower case, so I was passing it exactly as stored. But no, apparently befriend (Twitter API friendships/create) needs lower case in order to work reliably.

So now you know. Hope that saves you some pain.

A Nifty Non-Replacing Selection Algorithm

Algorithms are awesome fun, so I was super pleased when my little bro asked me to help him with a toy problem he had.

The description is this: It's a secret santa chooser. A group of people, where each person has to be matched up with one other person, but not themselves.

He's setup an array that has an id for each person.

His initial shot was something like this (pseudo, obviously):

foreach $array as $key => $subarr {
  do {
      // $count is set to count($array)
      $var = rand(0, $count)
  } while $var != $key and $var isn't already assigned
  $array[$key][$assign] = $var
}

Initially he was mostly concerned that rand would get called a lot of times (it's inefficient in the language he's using).

However, there's a ton of neat (non-obvious) problems with this algorithm:

1. By the time we're trying to match the last person, we'll be calling rand (on average) N-1 times
2. As a result, it's inefficient as hell ( O(3N+1)/2)? )
3. There is a small chance that on the last call we'll actually lock - since we won't have a non-dupe to match with
4. Not obvious above, but he also considered recreating the array on every iteration of the loop *wince*

Add to this some interesting aspects of the language - immutable arrays (ie, there's no inbuilt linked lists, so you can't del from the middle of an array/list) & it becomes an interesting problem.

The key trick was to have two arrays:

One, 2-dimensional array (first dim holding keys, second the matches)
and one 1-dimensional array (which will only hold keys, in order).

Let's call the first one "$list" and the second "$valid".

The trick is this - $valid holds a list of all remaining valid keys, in the first N positions of the array, where initially N = $valid length. Both $list & $valid are initially loaded with all keys, in order.

So, to pick a valid key, we just select $valid[rand(N)] and make sure it's not equal to the key we're assigning to.
Then, we do two things:

1. Swap the item at position rand(N) (which we just selected) with the Nth item in the $valid array, &
2. Decrement N ($key_to_process).

This has the neat effect of ensuring that the item we just selected is always at position N+1. So, next time we rand(N), since N is now one smaller, we can be sure it's impossible to re-select the just selected item.

Put another way, by the time we finish, $valid will still hold all the keys, just in reverse order that we selected them.

It also means we don't have to do any array creation. There's still a 1/N chance that we'll self-select of course, but there's no simple way of avoiding that.

Note that below we don't do the swap (since really, why bother with two extra lines of code?) we simply ensure that position rand(N) (ie, $key_no) now holds the key we didn't select - ie, the one that is just off the top of the selectable area.

Oh, and in this rand implementation rand(0, N) includes both 0 AND N (most only go 0->N-1 inclusive).

$valid = array_keys($list);
$key_to_process = count($valid) - 1;
do {
  $key_no = rand(0, $key_to_process);
  if ($key_to_process != $valid[$key_no]) {
    $list[$key_to_process][2] = $valid[$key_no];
    $valid[$key_no] = $valid[$key_to_process];
    $key_to_process--;
  }
  # deal with the horrid edge case where the last 
  # $list key is equal to the last available 
  # $valid key
  if ($key_to_process == 0 and $valid[0] == 0) {
    $key_no = rand(1, count($list) - 1);
    $list[0][2] = $key_no;
    $list[$key_no][2] = 0;
    $key_to_process--;
  }
} while ($key_to_process >= 0);

Without the edge-case code, this results in a super fast, nice slick little 10 or so line algorithm (depending on how/if you count {}'s :)

Elegant, I dig it.

The Trouble With Ratios

Ratios are used all over the place. No huge surprise there - they are, after all, just one number divided by another.

The well known problem case is when the denominator (the bottom bit) is zero, or very near zero. However, there are other subtler issues to consider.

Here's a chart that has a ratio as the X axis:

Don't sweat the details, they're not terribly important - just the rough distribution.

The X axis in this case is what's called a Calmar - ie, the total dollar return of a system divided by it's maximum drawdown. Or, in English - how much you make proportional to how big your pockets need to be. This gives a non-dollar based (ie, "pure") number that can then be compared across markets, systems, products, whatever.

This graph is actually a bit trickier than that, since there's actually 3 dimensions of data there - it's just the third dimension isn't plotted - but we'll get back to that.

Where this gets ugly is when, in the case of the Calmar above, the drawdown drops to, or near to, zero. For example, if you have a system that only trades once - and it's a winning trade - the calmar will be very, very large. Even if you chuck out systems that are obviously a bit nutty like that, you can still end up with situations where the ratio has just blown out of all proportion.

Which results in this:

See how everything is in a vertical line on the left?

Well, it's not. Those points are actually quite well spread out - it's just that instead of the X axis going from 0->50 as in the first case, it now goes from 0->22 million - of which only a small number are greater than a hundred (you can see them spread out on the right, very close to the Y axis)

In this example, we can see the problem, so we're aware of it. However, what if the ratio had been the unplotted third dimension? We might never have known.

Now, the way that I'm using these ratios internally, I'm protected from these sorts of blowouts - I simply compare sets of ratios. If one is bigger, it doesn't matter if it's bigger by 2 or by 2 billion.

However, there are many situations where you might want proportional representation. If one value is twice as big, say, it should occur twice as often. In this case, ratios that explode out by orders of magnitudes quickly swamp results, and drive the whole thing into the ground.

You swiftly end up with a monoculture. One result eats all the others, and instead of a room full of happy spiders doing their thing, you end up with one fat angry spider in the middle of the room. Umm, so to speak.

Ratios can be dangerous, kids. Watch out!

Unit Testing - Necessary, but Not Enough

I realised recently that I'd hit a point of diminishing returns. My overall code base was now so complex that any change I introduced in certain areas was taking exponentially longer to debug & ensure accuracy.

Of course, I had a test rig - otherwise how would I know what I was doing was correct in the first place?

The central core of all my systems is a rebuild of a now antiquated black box trading platform. I don't have the source, but I need to duplicate the behaviour.

The test rig is pretty sophisticated - it didn't start that way, and it shouldn't really have needed to be, buuuuut

The old system:

1. Calculates using single precision floating point math.
If I need to explain why this is painful, check this out - if even the guys running Excel get occasionally tripped up by floating point math, what hope is there for the rest of us? Single point means there's only half as many bits (32) to do maths in vs the default double (64 bits). Rough shorthand, single precision gives you get 6 decimal places. A number like '12000.25', you'll lose the '5'. If it's negative, you'll lose the '.25'. This means lots of rounding errors, and the more calculations you do, the more errors. The systems I'm working with do a LOT of calculations.

2. Rounds incoming numbers non deterministically
Mostly you can guess correctly what it's going to decide a market price becomes, but particularly with markets that move in 1/32's or 1/64 (ie, not simple decimals), this rounding becomes arbitrary if not damn ornery (rounded? no. up? no. down? no. truncated? no. based on equivalent string length? maybe)

3. Makes 'interesting' assumptions
Things like the order that prices get hit, how numbers are calculated internally (eg X = function(A/B) often returns a different result from Y = A/B; X = function(Y), that slippage only occurs in some situations and not others, and so on. Some make sense, in a way, many we don't want. So now we have two modes of operation "old, broken, compatible, testable" and "new, not-broken, different numbers, untestable"

4. Has 'chains' of internal dependencies.
So, unsurprisingly, any of the above errors will then cascade through the output, fundamentally changing large chunks of the results.

So, the test rig allows for all this. Understands where common rounding problems occur, and how they cascade. Sorts by seriousness of the discrepencies, and so forth. Oh, and it does this by automatically tracking 60 or 70 internal variables for each calculation set across 7000 days on 60 markets. Ie, filtering & matching its way through 20-30 million data points.

But this still isn't enough.

And this is where I see the light, and realise that this unit testing stuff that people have been raving about might actually be useful. So far, it has been. It's enabled me to auto-scan a ton of possible problems, keep things in alignment as the system adjusts to changing requirements - all the palava you've read about.

But I've been thinking. No amount of unit testing would catch the errors my test rig will. Not that the rig is that amazing - just that they're operating at fundamentally different levels. Unit testing won't tell me:

a) If I've made a mistake in my logic
b) If I understand the problem space correctly
c) If my implementation is correct (in the "are these answers right?" sense)
d) If I understand the problems space <b>thoroughly</b> (obscure, hard-to-find & subtle edge cases are very common)
e) If my unit tests are reliable & complete - have they caught everything?

Unfortunately, thinking about this more, I'm not convinced that even unit testing PLUS my test rigs (yes, rigs. I lied before. I actually have two, no three, that grill the system from subtly different angles) are going to catch everything.

Of course, it's a game of diminishing returns. How much time do I spend testing vs actually delivering resuilts?

Shifting to a higher level language helps - fewer lines of code = fewer bugs. It's still a stop gap though. Programs are only getting larger & more complex.

Better architecture always helps of course - lower coupling = fewer cascading problems across sub-domains, but when we're juggling tens, hundreds, or thousands of subsystems in a larger overall system?

I'm not convinced there's an easy answer. And as software gets more complex, I only see the overall problem spiralling at some high power of that complexity. No matter how clever our test rigs, how well covered in tests our code is.. How do we move forward efficiently without getting bogged down in "Can we trust the results?"?

Right now, I just don't know.