Related link: http://news.com.com/2100-1033-982606.html

We know that upstart companies around the world are eating into long-distance company profits by offering Voice over IP (where legal). But this is a new twist: a monopoly local phone company, BellSouth, is offering VoIP.

Even though local phone companies in the United States are separate from long-distance ones, the local companies benefit from long-distance calls in many ways. They get access charges from the long-distance companies for the use of local lines. Many also have won the right to offer long-distance service in their local regions, or offer it in other regions–and of course, don’t forget cellular phones.

So BellSouth is cannibalizing its profits to enter a new industry, VoIP. This is consistent with what many business analysts say–that an established business cannot survive a major change in its environment without risking its old business model and throwing away the cash cows it’s already built up. What’s interesting is that one of the oldest and most conservative companies–a Bell operating company–can take the risk, and what it says about the success of the Internet.

Is this the sign of a major change for the telephone industry?

Related link: http://news.com.com/2100-1001-982305.html

Last week I posted a provocative
weblog
saying I could understand why system administrators failed to install the Microsoft patch that would have halted the SQL Server worm. (Unlike many commentators, I was not bashing Microsoft.) This weblog has drawn more comments than any weblog or article I’ve posted before, I believe–and many comments are excellent; I recommend reading them.

Another C|NET article posted yesterday provides a very different perspective from the one I cited in my weblog–a perspective that I think supports what I said in my weblog. Here are some relevant paragraphs.

“This shows that the notion of patching doesn’t work,” said Bruce Schneier,
chief technology officer for network protection firm Counterpane Internet
Security. “Publicly, they are saying it’s not our fault, because you should
have patched. But Microsoft’s own actions show that you can’t reasonably
expect people to be able to keep up with patches.”

For years, system administrators have complained about their inability to
keep up with the steady stream of patches that have poured out of Microsoft
and other software companies. In October, the software giant even raised the
bar for what’s considered a “critical” vulnerability, so that administrators
wouldn’t have to deal with so many patches that seemingly required immediate
attention.

“Seems like every time I install a system patch, something else goes wrong
with my system,” said Frank Beier, president of Web design firm Dynamic
Webs. The designer said many system administrators won’t patch for many
months, because they don’t trust Microsoft to fix the problem without
breaking some other function of the software.

And another
article
with a similar message (thanks to fellow editor Brian Jepson for pointing it out):

But not only are there too many patches to keep up with, people are reluctant to install them for fear they will interfere with their systems.

Related link: http://www.stanford.edu/group/floss-us/survey.fft

Stanford University’s Institute for Economic Policy Research is updating last year’s FLOSS 2002 report. If you develop free, libre, or open source software, hit the link. It’ll be interesting to see the motivations and viewpoints of these developer communities.

Related link: http://conferences.oreilly.com/oscon/

Due to or despite incessant prodding from gnat, I’ve just completed a proposal for the Intro to Perl Testing tutorial. My parter in crime is, as usual, Schwern. We’ll knock out another proposal for Advanced Perl Testing in the next couple of days.

The cutoff deadline is fast approaching, so if you want to talk about Perl, Python, Java, PHP, Tcl, Linux, Apache, MySQL, PostgreSQL, Ruby, Mozilla, or what have you, get on the trolley! (Oh yeah, I’ve also suggested a couple of speakers on open source gaming!)

Now to decide if I should ask for 30 minutes to discuss “Self-Supporting Features of Extreme Programming”…

Did you send in a proposal? Would you come to another XP talk? If we submit early, does that mean we’ll get our slides in on time?

Though America is not yet at war, there is a good chance that war will come. How has the Internet and the World Wide Web changed the way nations go to war?

First, it has allowed a much broader access to information so that people can find many sources for news. It has made the world smaller and allowed us to know what others are thinking and saying about the war. For example, this morning I can read news of the war from the BBC in the UK, from Canada, from New Zealand, from the Czech Republic, or from Pakistan.

In addition to reviewing news from around the world, I can also read information directly from the US Administration. For example, here is a transcript of remarks on the war recently made by the President in St. Louis. This allows them to take their case directly to the people. It also provides the people an opportunity to determine exactly what the President’s case for war is. By reading the transcripts of the President’s remarks, people can make up their own mind.

And if people agree or disagree with the President, letting him (or their representatives) know about it is simple as well. In addition to its other activities, Common Cause provides one way for any citizen to easily compose and send e-mail or faxes to their Representatives and Senators. This short feedback loop allows members of Congress to learn firsthand the feelings of the voters.

And as it always has, the Internet provides a great opportunity for ‘communities’ to spring up. For example, the Move On oganization in a relatively short time has gathered over 700,000 members that are banding together in protest against the war. Using only the Internet they raised over $400,000 to air TV ads around the country. In a single day of fund raising, they also raised enough money to run a pro-peace TV commercial during the Superbowl. Imagine any non-profit attempting to raise that kind of money from small donations in a single day before the Internet existed. It just wasn’t possible. Another example is International ANSWER. They were able to organize mass demonstrations in Washington, DC and San Francisco using the Internet. They literally organized bus trips to the demonstrations from over 100 US cities using the Internet.

In many ways, this is a history making moment. But given the dynamic nature of the Internet, how much of this ‘content’ will be retained? Years from now, will these stories be available and part of the record of history? Who will capture the news stories, the presidential remarks, the organizing e-mails, the editorials and (yes) even the Weblogs that make up this dynamic story?

We have an opportunity to have history write itself. If we capture and save the news stories, remarks and organizing e-mails, then later generations will have the best account ever created for what actually happened in the run up to a war. (And if there is no war, then the Internet will have played a big role in preventing it.)

Who will save the Internet content that is part of this historic moment for posterity?

Related link: http://news.com.com/2100-1001-982135.html

On Friday, the world reeled from a single bug exploited by a garden-variety virus. Hundreds of thousands of sites back-ended by Microsoft SQL Server were completely disabled by a bug now known as Sapphire, Slammer, or SQLExp. And blame is being assigned now by both the trade press and the general press, typified by the
C|NET news article
cited above. It’s those system administrators! Whether out of ignorance or plain laziness, they didn’t download a patch that Microsoft had made available as far back as July of last year.

But system administrators have good reason to refuse to install patches: many of them break systems. It’s often a case of one step forward and three back. Granted, a patch that’s out since July has probably been well-tested and the buzz among sysadmin circles could assure knowledgeable professionals that the patch is safe. But the process of keeping a system up to date is much more complicated than the idealists in the press and elsewhere make it seem. I’m not at all surprised that a system administrator might be conscientious and professional and yet not get around to installing all security fixes.

I used to install fixes religiously. Then a security fix came in on my Windows 2000 system that made it impossible to log in. I had to go slinking to one of my company’s system administrators, who spent over an hour undoing Microsoft’s patch. This is not an isolated incident; I hear of such things from other people too.

The usual community of Microsoft-bashers will say that the original sin was not to run an unpatched system but to run a system that used SQL Server in the first place. I do not give in to this easy jibe because I know SQL Server is in use right here at O’Reilly on at least one of our production systems. Anyway, other software has security fixes too.

Please don’t blame the system administrators, or make them think their first priority is to install everything they’re told to install. Instead, urge developers to do a better job of debugging, and set up better channels of communication so the administrators will know what they really need to install.

Is it ignorance, laziness, or something else?

Related link: http://www.linuxworldexpo.com/

Here are the major topics in the buzz I heard during two
days at
LinuxWorld:

Clusters

Recent experiments have suggested that clusters containing
dozens or even thousands of computers could be applied to a
lot of everyday business problems, not just the high-profile
scientific experiments people used to talk about. (The same
goes for grid computing, which Linux Magazine and others like
to call Extreme Linux when it’s applied to the GNU/Linux
operating system.) No wonder this theme all over LinuxWorld.

Naturally, hardware vendors are hoping to boost their bottom
lines by satisfying these CPU-intensive applications.
AMD
president Hector Ruiz sees it as a major market and
celebrates some victories there. The
SGI
Altix 3000 cluster–which is based on
Intel
Itanium 2 chips and is claimed to transfer data between
computers “in as little as 50 nanoseconds”–won a
best-of-show award.

Desktops

While the “Linux is ready for the enterprise” theme is old
news, “Linux desktops are ready for the enterprise” is worth
talking about. Recent versions of
OpenOffice
have impressed lots of people; they are attractive and
modern in their interfaces, and handle Microsoft formats
well.

KDE and
GNOME
have both stabilized and are sponsoring projects to make
their back-ends and behavior more compatible, thus easing
the pain of developers who want to write applications for
both. Several vendors base their pitches on integration of
free-software desktops and Microsoft products in the office.

(Nevertheless, I’m not expecting Linux for the masses any
time soon, except in consumer devices and perhaps in limited
kiosk-type environments.)

64-bit chips

Another favorite of hardware vendors, but not them alone.
Jon “maddog” Hall believes 64-bit address spaces will
transform computing, because programmers can greatly
simplify and speed up their algorithms when they no longer
have to worry about running out of virtual address space.

It’s still hard for the average computer user to imagine
running a 64-bit system, but then, Windows was designed for
16-bit systems that have long since finished the stage of
oxidation. The buzz about 64-bit chips intersected the buzz
about Linux desktops a couple times, with speakers
predicting that 64-bit chips would soon become
cost-effective on personal computers and that people would
find ways to make use of their speed.

Patents

The news from this front is alarming and encouraging at the
same time. Several spokespeople for the free software
movement indicated that software patents will not go away.
The intransigence of the U.S. government and the momentum
behind patents ensures that we will have to live with them.

This does not mean, however, that the freedom to code will
be gradually eaten away by patent-holders. We can still
negotiate with proprietary computer companies. The situation
is a little like the current state of copyright, as I
suggested in an
article
published just yesterday: the laws and courts are on the
side of intellectual property restrictions but the long-term
interests of the companies may be aligned with freedom.
Thus, the free software movement can ask companies to do
what Red Hat has done and promise
publicly
not to enforce any patent rights against free or open source software.

We hope thus to compromise with companies that value the
contributions made by free software. With a promise to live
and let live, they can preserve good relations with the
communities building free software while still enforcing
patents against companies that use their technologies in
proprietary software. If this practice becomes widespread,
one can imagine proprietary software companies complaining
about the unfair advantage that patents give to free
software!

Free software in government

This theme provided fodder for a whole track at LinuxWorld.
Major companies such as
Sun
are meeting with agencies all the time to promote open
source solutions and counter such hackneyed misconceptions
as “You can’t care very much about it if you’ve made it
free.”

There was a lot of interest in
Security-Enhanced Linux,
the astonishing system donated to the public by the National
Security Agency. The free software community accurately
promotes what open source can do for governments, but talks
less about governments can do for open source. This is an
important part of the battle, because the NSA has bowed to
unspecified outside pressure and announced it won’t be doing
any more free software.

Certification

The
Linux Professional Institute
reports an enormous increase in the number of registrations
for its tests; in the past year it’s gone from a few dozen a
month to several hundred. And the room was full when tests
were offered free at the conference.
UnitedLinux
is developing its own certification program by adopting the
LPI exams and adding one devoted to UnitedLinux material.

Perhaps people seek labels to pin on their lapels during the
difficult job searches that go on in a recession. But one
must still ask: why Linux? My answer harks back to what I
called an old story, “Linux is ready for the enterprise” and
they are the ones demanding formal credentials.

Those are the topics that seemed hot. I also know one topic
at LinuxWorld that was not hot:

Embedded systems

The advertisement for LinuxWorld I got a couple months ago
included an Embedded Linux Pavilion to “display the latest
products and services from embedded Linux vendors.” By the
time of the show, both the Pavilion itself and the paragraph
devoted to it in the brochure had vanished.

I could not find anyone to explain what happened, but the
recent financial difficulties of embedded Linux vendors
tells the story all too clearly. I sense that not only
individual vendors are being struck down. Linux is gradually
being adopted by embedded system developers, but not as
quickly as many people expected. I think the stagnation is
temporary and that Linux will prove valuable in a wide range
of devices (particularly those attached to networks, people
tell me).

So LinuxWorld taught me a lot. I got several valuable
demos. But of course there were annoyances as well. Some
speakers simply recycle what’s been in the trade press for
the past six months; most vendor pitches recycle facts that
attendees could find by staying at home and looking at the
vendors’ web sites. When I ask a technical question, being
handed a sales sheet with marketing buzz is not a sufficient
answer.

And the flashing lights, the blaring music, the macho
big-screen ads dig under my skin after a day or so. I was
thankful to get free of it all and concentrate on a novel by
Virginia Woolf in the relative repose of the train back to
Boston. Why, I thought, do trade shows have to be so
assaultive? Why can’t they convey their points through
subtle allusions like an upper-class English dinner party?

And just as rumor had it, Mildred–faithful old
Mildred!–had come to the show, and brought her new traffic
analysis tool to chatter about. Emily must certainly talk to
Mildred. But Mildred had been horrid to her, simply horrid
at the previous show, trying to claim that her traffic
analysis tool performed just as well as Emily’s, when even
Frank said no, there was simply no comparison, that Emily’s
provided ever so many more points of analysis, but here was
Mildred among the astroturf carpeting and the plastic palm
trees in molded granite square pots, saying, “Dear Emily!
What did you think of Helen’s presentation on her web
configuration package?” And Emily must speak, and with hands
aflutter answered, “Enchanting, as always, of course–but
dear me, isn’t it rather tedious always to be playing up the
cross-platform aspects of the tool year after year?
Although one must make allowances for her age, of course.”
And Mildred answered, “My thoughts exactly! We do have
something of a confluence of ideas, Emily, we always have. I
must complement you on the choice of an EJB vendor in your
recent announcement. Why, we made the exact same choice when
we brought out our product a year ago.” And scandalously,
Matthew was right next to the booth, he could hear the whole
exchange, slinking, ungainly Matthew who claimed to be an
audiovisual expert but could barely keep his eyeglasses
straight on his nose, who had to get her cabled up right
away or she would never be able to show her Impress slides
for her presentation, and she quickly answered Mildred,
“Indeed, we made the same choice. Wasn’t it terrible, the
memory leak brought in by that package? We fixed our product
right away, of course.”

No, I suppose I can’t expect a LinuxWorld like that. I’m
catching up on some sleep; see you at the next show.

What else is new?

Related link: http://ws.apache.org/

The Apache Software Foundation’s new Web Services project is up and running with its own site now.

The initial projects are:

• Axis
• Apache SOAP
• WSIF
• WSIL
• XML-RPC
• XML-Security

There is also a ‘general’ web services e-mail list for following general events for the project. More info is available at The Apache Web Services Project.

(It may not be too late to vote on the logo to be used for the projet!)

Related link: http://www.nytimes.com/2003/01/24/politics/24PRIV.html

The Total Information Awareness project of the DARPA Information Awareness Office has received plenty of criticism. The US Senate joined the pile-on yesterday. To continue research, the DOD has 60 days to report to Congress about the project’s price tag, aims, and possible effect on civil liberties. (Although if President Bush says that slowing down research would threaten national security, it can continue.) The amendment passed also requires that Congress pass new legislation before the TIA program could be deployed in the US.

This is a bump in the road for TIA or other systems like it, but not a permanent block. Even if this program eventually withers, others will rise up to take its place. I’m still trying to figure out how to live with no privacy.

Living in New York, I can’t really complain about the voyage to LinuxWorld. It’s just a short subway ride down on the 1/9 train and a walk westward to the Javits. So, armed with a wool hat, scarf, gloves, and two jackets, I ventured forth in the 20 degree cold weather to check out the scene.

This was the first conference I’d attended since Internet Mania subsided, so the number of booths wasn’t that overwhelming. Still, there was a significant vendor presence; however, the main focus seemed to be Linux on the enterprise more than Linux on the desktop. IBM, HP, Sun, Dell — all the mainstays. And, surely presenting their booth’s employees with the most interesting job in the open source world, Microsoft. It was pretty funny watching Microsoft make their pitch to fellow attendees.

Starting at 1 PM, I headed over to the O’Reilly booth to join my fellow PHP Cookbook author, Dave Sklar, for the author event. We manned the “Internet corner,” which meant that we got to share a table with Monty and Dave Axmark from MySQL, AB. (Monty! How cool is that!) This was the first real author signing for David and me, and we both had a blast. It’s always nice when people come up to you and say “Your book saved my life!” or “I took some code from one of your recipes and made some modifications of my own. It’s working out great!”

I also met O’Reilly author and editor Andy Oram, whose books I’ve been reading for years. In fact, the first O’Reilly book I ever bought, the Cow book, was edited by Andy. A few other O’Reilly authors stopped for a chat, including Derek Vadala and Æleen Frisch.

After the signing, I headed over to visit the New York PHP guys in the .ORG Pavilion. Hans Zaunere was manning the table and we had a nice talk. Speaking of NYPHP, the January meeting is coming up and I need to remember to block off my calendar.

I spent the day yesterday at LinuxWorld. This was my first Linux trade show visit since my trips to Linux Expo in North Carolina a few years ago. Given the tremendous technical, public relations, marketshare, and mindshare gains Linux has made in the past five years, I suppose I shouldn’t be too surprised how “mainstream” the expo floor seemed, but I was anyway. If I squinted just right so I had the giant Intel, AMD, HP, IBM, and Red Hat booths in focus, maybe I could have been at Internet World in 1997. The Polynesian/jungle/veldt-themed Ximian booth certainly helped me feel like I was back in the days when spending PR dollars on plush stuffed zebra-shaped chairs was the norm.

Adam and I hung out at the O’Reilly booth for a while. I really enjoyed meeting a lot of PHP users (and potential PHP users) across the familiarity-with-PHP spectrum. We talked about things ranging from “So, PHP, is that like JavaScript?” to the nitty-gritty of form processing. As a first-time author, it’s gratifying to actually talk to people using PHP Cookbook.

Meeting other authors like Derek Vadala and Æleen Frisch as well as other O’Reilly folks who toil behind the scenes (editing, marketing, designing, PR-ing) was a treat too. I’m still learning about everything (besides the writing) that goes into book production.

I also spent some time at the NYPHP booth, New York’s own excellent PHP user group. If you’re in or around New York City (and are interested in PHP), don’t miss its meetings and mailing-list.

My only complaint about the show has nothing at all to do with Linux: it’s about the dismal food that the convention center sells. I did OK with a gyro vendor across the street, but the culinary situation was much better at the last trade show I went to at the Javits center — the NASFT Fancy Food Show. Yum.

Related link: http://www.vendian.org/language_year/

In this nice little effort, representatives from 5 programming languages summarized significant events from 2002. The contributors were: Luiz Henrique de Figueiredo (Lua)
Rafael Garcia-Suarez (Perl)
Jeremy Hylton (Python)
The Ruby Community (Ruby)
Jeff Hobbs, Steve Landers, and Jean-Claude Wippler (Tcl)

A proposal for bundling the Gadfly RDBMS with Python on the Python developer’s list sparked a discussion of embeddable DBMS packages for Python.

The main distinction of Gadfly is that it is implemented entirely in Python and thus strongly cross-platform (the data files are also cross-platform portable).

Kevin Altis mentioned other embeddable DBMSes for Python which had cought his interest:

Interesting. I’m in the process of trying out Gadfly, PySQLite, and MetaKit as embedded databases. For reference, the links are:

Gadfly http://gadfly.sourceforge.net/

SQLite and PySQLite http://www.hwaci.com/sw/sqlite/ http://pysqlite.sourceforge.net/

MetaKit, Mk4py, MkSQL http://www.equi4.com/metakit/ http://www.equi4.com/metakit/python.html http://www.mcmillan-inc.com/mksqlintro.html

All are embeddable databases, but they each have their pros and cons. I can see how Gadfly would have a lot of appeal since it can be used as a pure Python solution. The licensing for MetaKit probably makes it inappropriate for the Python standard libs, but I’m sure that could be brought up with the author. PySQLite seems to be the most mature (MetaKit users may disagree), certainly SQLite is better documented, has a richer feature set, and as a bonus the source code is in the public domain! PySQLite appears to be quite fast.

http://www.hwaci.com/sw/sqlite/speed.html

Since it doesn’t use a memory map like MetaKit, it should work equally well with small and large data sets.

Anyway, I’m probably a month away from being able to present an adequate comparison of using each for different relational datasets. One data set I’m looking at is roughly 800MB of data, the other is only about 256KB and I’m looking at the smaller one first since it also has a simpler table structure.

I would be interested in seeing both Gadfly and PySQLite supported in the standard libs. I’m guessing that Gadfly needs a lot of testing and probably bug fixes to justify including it in the 2.3 standard libs.

Richard Jones, Gadfly Author, responded:

Gadfly has the advantage that any marshallable Python object may be stored with no mess, no fuss. Sqlite is restricted to only storing strings. Metakit supports a variety of data types, but no explicit NULL. Actually, the three support wildly different types of “unset” values:

gadfly: python’s None sqlite: sql NULL (and all its quirks ;) metakit: no support

Gadfly has the additional benefit that any Python object may support its View interface, and thus participate in SQL queries. Pretty powerful stuff.

What are your thoughts on these DBMSes, and any others like them? Do you prefer using commercial DBMSes with Python?

Triggered by an otherwise very interesting visit to a major European corporation yesterday, I feel that today I should rant a little on the corporate use of Open Source.

Now, I am not ranting about the fact that commercial entities are actually using Open Source - I want to rant a little about the fact that they (often) don’t publicly say so!

Or to put that into perspective - often the groups/units etc. that use Open Source are not allowed to mention the fact outside of their office. It’s a “secret”.

Now this fact often actually hinders the group in their use of the open source software. They can’t benefit from many of the advantages - because they are not allowed to.

So they resort to fixing bugs themselves - instead of getting them fixed in the Open Source project. They write new components when the ones in the Open Source project don’t quite fit what they need. They can’t ask questions on the mailing-list (unless they disguise themselves by using a generic mail-domain). In return, they cannot give back to the project and so the project also loses.

From my experience, the people working with Open Source are extremely frustrated by this and it can take a long long time before the “powers” agree that these facts can be publicly made.

So, my question is what do we - in the Open Source community - need to do to help those enthusiastic supporters of Open Source inside major corporations convince the “powers” to go public?

What can we do? Post your ideas here.

Resolution [XXXX] to create the Web Services PMC

WHEREAS, the Board of Directors deems it to be in the best
interests of the Foundation and consistent with the
Foundation’s purpose to establish a Project Management
Committee charged with the creation and maintenance of
open-source software related to Web Services, for distribution
at no charge to the public.

NOW, THEREFORE, BE IT RESOLVED, that a Project Management
Committee (PMC), to be known as the “Web Services PMC”, be and hereby
is established pursuant to Bylaws of the Foundation; and be it
further

RESOLVED, that the Web Services PMC be and hereby is responsible for
the creation and maintenance of software related to component
and service management, based on software licensed to the
Foundation; and be it further

RESOLVED, that the office of “Vice President, Web Services” be and
hereby is created, the person(s) holding such office to serve at
the direction of the Board of Directors as the chair of the
Web Services PMC, and to have primary responsibility for management
of the projects within the scope of responsibility of the
Web Services PMC; and be it further

RESOLVED, that the persons listed immediately below be and
hereby are appointed to serve as the initial members of the

Web Services PMC:

• David Chappell
• Glen Daniels
• Anthony Elder
• Jeremy Hughes
• Tom Jordahl
• Erwin van der Koogh
• Ted Leung
• Steve Loughran
• Christian Geuer-Pollmann
• Axl Mattheus
• Nirmal Mukhi
• Scott Nichol
• Piotr Przybylski
• Sam Ruby
• Alek Slominski
• James Snell
• Davanum Srinivas
• Sanjiva Weerawarana

NOW, THEREFORE, BE IT FURTHER RESOLVED, that Davanum Srinivas
and Glen Daniels be and hereby are appointed to the office of
Vice President, Web Services, to serve in accordance with and
subject to the direction of the Board of Directors and the
Bylaws of the Foundation until death, resignation, retirement,
removal or disqualification, or until a successor is appointed;
and be it further

RESOLVED, that the initial Web Services PMC be and hereby is tasked
with the creation of a set of bylaws intended to encourage open
development and increased participation in the Web Services Project;
and be it further

RESOLVED, that the initial Web Services PMC be and hereby is tasked
with the migration and rationalization of the XML PMC
Axis subproject; and be it further

RESOLVED, that the initial Web Services PMC be and hereby is tasked
with the migration and rationalization of the XML PMC
SOAP subproject; and be it further

RESOLVED, that the initial Web Services PMC be and hereby is tasked
with the migration and rationalization of the XML PMC
Security subproject; and be it further

RESOLVED, that all responsibility pertaining to the XML
Axis sub-project and encumbered upon the Web Services PMC are
hereafter discharged.

By Unanimous Vote, Resolution XXXX was approved. The Web Services PMC is
hereby created.

(Note from Kevin: For more information on the many existing XML and Web Services projects at the Apache Software Foundation, see the Apache XML project

Related link: http://lists.fourthought.com/pipermail/4suite/2003-January/004929.html

From the the rlcompleter2 home page:

One of the best features of python is that you can use and learn it interactively. rlcompleter2 enhances this interactive experience. It is a major improvement over the rlcompleter module in the 2.2 standard lib. I recommend that you simply install it and see if you like it. User interface is simple: hit one or more times during typing your python statements. If you sometimes use python interactively you will certainly enjoy it. If you don’t work interactively then you should :-)

I agree, and in my message to the 4Suite mailing list I demo how rlcompleter2 can be useful for navigating a complex API in interactive Python.

Aside from a few typos and URL corrections, most of the articles we’ve done worked out really well. I’m proud of all of the authors. I’m proud of the production staff who make sure articles are done on time and look nice and have all of the graphics they should. (Sarah Breen produces ONLamp, Linux, and Java content and does a fantastic job of it. Laura Schmier creates the graphics and manages to impress me at least once a week.)

No one’s perfect, and when you put multiple people on a project, the possibility for error can increase. (It can also decrease, but that’s a subject for another time.) Someone has to take final responsibility, though, and that’s my job as an editor.

This was most evident in Howard Wen’s Cube 3D article. It was a good article, but some of our facts were, well, dubious. (Howard and I discussed this the other day and couldn’t come up with a reason besides “sometimes it just doesn’t quite work”.) Wouter van Oortmerssen of the Cube 3D project was kind enough to point out a few facts that were, well, misleading:

- it’s not linux-only. It was made to portable, and its main targets during development were windows, linux and linux/ppc. It was mostly developed on windows, actually.

- first picture: “deathmatching with cube” (picture shows single player)

- “A future release will allow adjustments to the engine’s “camera” perspective”. This entire paragraph is completely taken out of context and wrong. He simply asked me wether it was possible and I said yes, then he makes a big thing out of it.

- “with similarities to the lightning gun in Quake III”: I never said quake 3, only ever quake 1.

- second picture: “Dynamic lighting from several sources”: this picture does not show dynamic lighting at all, just big particles.

- “Most of Cube is van Oortmerssen’s own original work, but it includes pieces from other projects” not true, unless you call SDL etc “other projects”

- “He built the entire multi-player code”: what does entire do there? I build the whole game, so the fact that I made the multiplayer goes without saying.

Reading through that list is a bit painful. I know which bits of the Howard’s text I rephrased into their incorrect states (and I don’t know where I got the image captions — I’ll stick to writing headlines). Still, it’s a good article about an interesting project, and Wouter’s pleased we ran it.

Another article that received some criticism was Adam Trachtenberg’s Internationalization and Localization with PHP. Specifically, the example code mixed localization data with code. As Kirk McElhearn, an experienced translator, pointed out, that’s a big no-no! You wouldn’t want translators to wade through code to change text, and relying on developers to keep things in sync is… well, it’s not the fastest way to accomplish things.

My immediate reaction to that criticism was, “Yeah, that’s fair”. The thing I like about Adam’s article was that his PHP object technique means that developers don’t have to know where or how translations are stored. They’re nicely encapsulated behind a clean interface.

Both Adam and I thought it was obvious that the resources would be stored in files or databases or somewhere outside of the program, but neglected to make this clear enough. Adam’s responded in his weblog with more detail.

In retrospect, I think we should be more clear with our example code, often going as far as to say things such as “Detailed error checking has been omitted for space” and “The next step is to add these features before serious deployment”. What’s obvious after working on an article for several weeks is not obvious to a reader, and we should communicate those assumptions better.

Aside from that, I’ve seen a couple of cases where example code didn’t quite work. The most recent example was where an article wasn’t explicit about the necessary version of the target Java library, and the author was very quick to uncover this with the reader.

Overall, I’m very pleased with the quality and breadth of our work. All of our original articles (not book excerpts) feature the Talkback section, so you can leave comments there. You’re also welcome to e-mail me with comments, if you prefer.

There, now my plate’s clean. Thanks for reading!

Editorial honesty and transparency. Who knew?

Related link: http://uche.ogbuji.net/

“I’ve draped this site in black to mourn the loss we’ve all suffered in the Eldred v. Ashcroft ruling, (all excepting big media interests). In this gesture I’m following Simon St.Laurent’s lead. If you find the color scheme oppressive you are justified in leaving. Instead, I hope this will provide you a tiny stimulus to get involved in the politics of intellectual property. The only force that can match the lobbying of media giants is the clamor of the populace.”

Prentice Hall announced today its intention to release a series of books under the Open Content License. This means that the books can be freely copied and redistributed (with some minimal restrictions).

Another author posed a question to Studio B’s cbp@lists.studiob.com list asking, “How does this benefit the
publisher”?

To help you understand my background,
I recently authored a title on Jakarta Struts for SAMS. One of my primary competitors (and an excellent book) was the title from O’Reilly.

The title from O’Reilly had every chapter published in PDF on The Server Side prior to publication - so the content of the book was available to anyone who wanted it. I still have somewhere (I think) all the PDF files for it.

Even though it was freely available, it had two big advantages over my book (in addition to being from O’Reilly, which helped it as well).

• O’Reilly began selling copies of the book on preorder as soon as the sample chapters began appearing. They were selling in the 2-3000 range on Amazon or higher for two months before the book even hit the shelves.
• The ‘buzz’ factor on the book was excellent. A large number of people had electronic copies of the book. Everyone in the Struts development community was sharing the files and talking about it. The title had wide ‘name recognition’ throughout the develoment community long before it was even available.

My book has done reasonably well (peaked at 169 on Amazon a week or so ago and still has a 5-star rating), but the O’Reilly title still well outsells it. My book didn’t pick up sales until it was out for a week or two and word of mouth began to pick up. Even though my book and the O’Reilly title actually became available for purchase within weeks of each other, the O’Reilly title had been selling as well as mine is now for two months before they were released.

So what does this have to do with ‘open sourcing’ the books by Prentice Hall? Well, a lot.

1. The electronic files for these books will be widely distributed and many developers will know about them. Many will still want hard copies - it’s more convenient than electronic.
2. If the books have content available prior to final publication, the sales ‘lifetime’ of the books can be extended by some number of months - this is especially critical with technologies that are emerging and don’t have many titles available.
3. People that use Open Source technologies will show a preference for books and publishers that ‘give’ to the open source community.

A great example of a book that succeeded using this model is “Thinking in Java” (by Bruce Eckel) which was (and is) available electronicaly all through its development. It is now in its third edition and still a top seller. (Not coincidentally, I’m assuming, Thinking in Java was also published by Prentice Hall.)

Here’s Bruce Eckel’s reasoning for making book content ‘free’ on the Internet.

Related link: http://pythonology.org/success

Read ‘em and cheer. Stephan Deibel says “These will eventually be published in printed form by O’Reilly
as well, and will hopefully be hosted on additional websites
in the future… Anyone interested in hosting such stories, please refer to the somewhat tentative story access web service. Anyone interesting in contributing a story, please see the contributor’s guide.” See also Success Stories on the Python Business Forum site.

Related link: http://news.yahoo.com/news?tmpl=story2&ncid=&e=4&u=/ap/20030115/ap_on_bi_ge/scot…

A friend of mine, “Kate”, does graduate studies on rhetorics and composition. Like me, she was disappointed in the verdict in Eldred v. Ashcroft. Here’s what she said:

Yesterday I talked to [the program head] about a project she wants to start to get all the important historical texts for our field online since everything is going out of print… But it sucks because all the publishers are sitting on the copyrights.

But a lot of stuff is available…it’d just be a big project to get it all online. She wants to organize it so that each of the major programs will take responsibility for specific texts so all of it together will make sense and give the field a shape we want, instead of waiting to see what the publishers decide will be available for new people in the field to have access to.

Her book won all the major awards in our field and it was online in print for 2 years. It’s ridiculous.

One of the owners of the publishing co. died and his family doesn’t intent to ever publish the books again and they still won’t even sell the copyrights back to the authors.

That’s just one story. An entire academic field of study is damaged by a copyright system that lets publishers keep works they deem unprofitable out of the hands of the public for longer than a human lifespan.

What would happen if we were to collect thousands of similar stories from thousands of other fields? Could the damage be undone?

Would it? Could it? Should it?

Related link: http://www.amk.ca/cgi-bin/pypi.cgi

In the never ending quest to get Python something like Perl’s convenient package registries and utilities, PEP 301: Package Index and Metadata for Distutils, by Richard Jones is the likely foundation. Richard has now produced a patch (announced by Andrew Kuchling) to Python with a preliminary implementation of PEP 301. WIth this patch (available in current Python CVS) developers can upload registry information specified through distutils. He also posted a preliminary registry of Python packages, which I expect will grow rapidly once Python 2.3 emerges with the PEP 301 code included. In fact, Richard and Andrew would love to see feedback from people who are willing to try Python CVS, or at least after Python 2.3a2 comes out with the patches included. The patch adds new “register” command for distutils which allows a package to be registered with a catalog.

Related link: http://fr.co.us.pythoneers.org/

FRPythoneers have a new leader, Jeffery Collins,
author of Pippy, Python for the Palm, and a new meeting place starting with the January 20th, 2003 meeting, at which Matt Gushee will present “Building REST-based Web Services with
Python.” If you live near Denver, we’d love to have you come to meetings or at least join the mailing list.

The Open Web Application Security Project released a report on what they think are the top ten security vulnerabilities in web applications. You can get the report here:

http://prdownloads.sourceforge.net/owasp/OWASPWebApplicationSecurityTopTen-Version1.pdf?download

I’ve put together recommendations on how to avoid making those top ten mistakes if you’re coding in PHP. You can get that document here:

http://www.sklar.com/page/article/owasp-top-ten

I used to say that there were two types of successful software companies: Great Technology companies, and Great Marketing companies.

It seemed like companies when they started didn’t have the money or time to immediately be great at both. But if they were really good at one or the other, they could survive.

I also used to hold up Oracle as a company that eventually became great at both. Oracle started out a great marketing company and that allowed them to hold on to market share long enough that their products eventually became great too. (Of course, they have so many products now that not all of them are great - but that’s a different story!)

Microsoft I used to hold up as an example of a Great Marketing Company. No, a Brilliant Marketing Company. Leave behind for a moment that when they signed the deal to supply DOS to IBM they got themselves a franchise that that they’re still riding. Look at what they’ve done since.

“Windows” is now one of the most powerful brands in the world. (Name one other brand name less than 25 years old that even comes close.)

Many other markets they didn’t initially own they took away using great marketing.

For example, they largely took away business networking from Novell by providing an easier to use product (Windows NT). It wasn’t particularly superior from a technical standpoint - but they knew that “ease of use” was the most important product feature at that time. Stealing the market by focusing on a feature set that’s more important to the customer is just good marketing.

And they ate the collective lunches of Lotus and WordPerfect when they came out with MS Office. Combining existing products into a new package like Office was purely a marketing play. Again, brilliant - they now totally dominate that business.

So what’s with this new server product? In the last few years it’s been called:

• Windows 2002 Server
• Windows .Net Server
• Windows .Net Server 2003
• Windows Server 2003

So, are there chinks in the Marketing armour now? Are they at risk of becoming a ‘not so good’ technology company with ‘not so good’ marketing too?

To be honest, I really don’t care about their Marketing right now. Flopping names around really isn’t a big deal. In the end, it doesn’t matter what’s written on the box. And besides, that’s not what I wanted to talk about anyway.

Here’s my real question: When is MS going to become a Great Technology Company too?

The technical challenges they are facing are the real chinks in their armour. This is the big problem at the core.

All the issues that are being addressed in their “Trustworthy Computing” initiative really stem from the fact that the quality of their marketing has always been better than the quality of their products. The “Trustworthy Computing” initiative itself is a classic example - great positioning but questionable technical execution.

While I’m not an expert, here are a couple suggestions:

1. Bite the bullet and focus on quality at the expense of marketing for a while. We don’t care what it’s called if it works.
2. Slow down. Get this set of technology solid before you move to the Next Big Thing. I don’t care if Marketing is bored with a technology after 2-3 years - I need to know that a technology will last my ROI timeframe (5 years or more) before I’m comfortable building mission-critical apps on it.

Wouldn’t it be a breath of fresh air if Microsoft came out with a new product and said “We don’t have a fancy name for it - we just put our efforts into making it work right.”

Related link: http://news.com.com/2010-1071-979587.html

I thought this was nice summary of where the DNS might be subject to attack and what could be done to protect it. Summary: the TLD servers should diversify in the same way that the root does.

Related link: https://www6.software.ibm.com/reg/devworks/dw-db2pylnx-i?S_TACT=102B7W91&S_CMP=D…

Free registration on IBM developerWorks is required for this tutorial on the Python API for IBM DB2. My favorite language and my favorite non-OSS RDBMS. Certainly worth the look.

Related link: http://use.perl.org/~geoff/journal/9844

SOAP::Lite makes web services amazingly easy in Perl. They’re so easy, in fact, that you can focus on just getting your job done instead of thinking “Hey, I’m writing a web service.” That’s kind of Perlish.

I once worked a project with a wxPython frontend communicating with a Perl backend. My initial tests were wonderful, going from Perl to Perl through SOAP::Lite. As Geoff points out, this idiom Just Works:

use SOAP::Lite
  +autodispatch =>
    uri   => 'http://my.server.com/My/Class',
    proxy => 'http://my.server.com/soap';

my $o = My::Class->new('bar');
print $o->method('drink');

For the non-Perlers in the audience and the terminally lazy, this means to use SOAP::Lite, autodispatching unfound methods in the My::Class class to the remote server. It creates a new object of My::Class with the new() call, then calls method() on it. Very handy.

Of course, neither of the two SOAP toolkits the Python programmer could use supported this. To be fair, I’m not entirely certain it’s part of the SOAP spec. Of course, we dumped the raw XML from both types of requests (Perl <-> Perl and Perl <-> Python), compared it, and could find no discernable difference.

We ended up passing a session token around as the first argument of all method calls. This was very easy to support with my authentication proxy approach.

Still, I agree with Geoff. There must be an easy way to accomplish this in Java or Python, mustn’t there?

Have a solution? We’re all ears.