Related link: http://www.hostbaby.com/wizard

No sales pitch here, but I just have to announce the launch of something I’ve spent over two years making:

the HostBaby Wizard
http://www.hostbaby.com/wizard

Related link: http://praxagora.com/andyo/ar/social_network_innovation.html

I’ve been reading about viral marketing recently, so I tried to fit the phenomemon in with trends in social networks and Web Services.

Here’s a short script to remove multiple ip6fw rules sharing the same number.

for a in `ip6fw list $1 | cut –d ' ' –f 1`
do
    ip6fw delete $1;
    echo "ip6fw: deleted rule $1";
done

Usage:

# sh rmrules.sh 123

Today’s post is a one-liner that saves me a few lines of PHP every time I do a people query.

I used to always select my clients’ or customers’ names from the database, then use PHP/Ruby/something to grab just the first word of the name.

From now on I’m doing it in the database directly, though it took a while to figure out how.

SELECT name, INITCAP(SPLIT_PART(name, ‘ ‘, 1)) AS firstname FROM clients

(Ok so it only took like 3 minutes to figure out but I’m posting it here so I don’t lose it.)

:-)

IPFW, IPFW2, and IP6FW allow the ruleset writer to add more than one rule with the same number. Here’s a command that lists rules with the same numbers:

IPFW/IPFW2:

$ ipfw show | cut -f 1 -d ’ ’ | uniq –d
00100
00243

IP6FW:

$ ip6fw show | cut -f 1 -d ’ ’ | uniq –d
00100
00243

In recent years, Open Source has become a relevant and strangely addictive force in IT. As the Internet age has dominated businesses and consumers with the same well oiled, yet clunky machine, Open Source has crept out of the dimly lit bedrooms occupied by toiling hackers and into the network rooms and ‘enterprise centric strategies’ of todays businesses. Open Source has not just become more acceptable, it has become more relevant.

Despite the over-production of rubber penguins and increasing technorati blogging about Open Source across the net, Open Source still has a long way to go in achieving the kind of acceptance and use we as enthusiasts optimistically predict. As bods familiar with the workings of an Open Source community, it makes reverent sense why one should use the software; freedom, stability, security, quality etc. The real challenge that faces us is that although you may have a clear view of why Open Source may be the right solution, expressing and communicating this message can be difficult at best. Advocacy is a concept riddled with theories, beliefs and opinions on how it should be practiced - how can you best advocate Open Source software?

I am going to be writing a series of new articles about advocacy. In these features, I am going to write about the different issues involved in advocating Open Source software, and attempt to beat a path towards best practice. For quite some time, I have been advocating how Open Source can be right for some people. This evangelism was first expressed through my efforts creating Linux UK (one of the first UK editorial sites about Linux), on through my work as a journalist and resulting in my current full time position at OpenAdvantage (http://www.openadvantage.org) as a professional Open Source evangelist. Although there is still much to learn, the body of experience I have collated myself and from other people can act as a useful map when choosing which path to head down. The goal in this game is to be as productive as possible with your advocacy; anyone can randomly advocate, but here you want results.

Step back and re-evaluate

Before you set forth and explore the different avenues of advocacy, you need to step back and evaluate exactly what you are aiming to do. Sure, this nugget of advice sounds like one of those self-help audio cassette courses, but it is particularly important in the context of Open Source. The reason for this is that Open Source is first and foremost a culture, and like any other culture, it can be perceived and understood in inherently different ways. As an example, some people are inspired by Open Source due to the ethical and philosophical concepts, some are inspired by the technical benefits and some are plainly in it financial benefits. Even within these three loose groups, there are variations in tone and colour. If you support Open Source due to its ethical nature, you may approve of certain rights (such as access to source code and freedom of innovation), but not approve of other rights (such as selling Open Source, or including closed source components). What do you feel about free media - do you believe Open Source should be applied to sound/video? What is your take on software patents? Do you feel that Open Source should be advocated to businesses who will use it for closed source solutions? Are you happy running closed source software on Linux? Each of these questions has a variety of distinct answers that vary among members of the same Open Source community.

In marketing parlors there is a general rule that you should know your product inside out. This common-held view preaches that if you don’t understand part of your product, you won’t be able to answer *every* question and query about it. Open Source advocacy has a similar, albeit, less critical rule of thumb; “to help Open Source, you need to know Open Source”. With such a range in views of Open Source, you need to firmly understand your own position, and more importantly, understand how flexible you are in promoting Open Source in areas that you are not personally familiar with. Throughout your experiences advocating, it is likely that you will face challenges that will test your ethical and technical views, and it is advisable to set yourself a policy regarding how far you can bend on these issues. With the policy set early, you will gain more confidence in pushing forward.

While you are sat back, re-evaluating your perspective on Open Source, you should also re-evaluate your perspective on facts. Although we can be safe in knowledge that the O’Reilly Network does not resort to ridiculous headlines that mis-represent a story, it is likely that you will hear stories that may be perceived one way, but are entirely wrong in how the story was actually played out. As an example, a while back I was at a conference in London designed to help public sector organisations and schools understand what Open Source is, and a number of councils and schools gave a presentation at the event. One such school, Orwell High School, a specialist school for technology, made the leap over to Open Source. With over 1000 students, the school found upgrade costs quite prohibitive due to expensive hardware requirements for Windows XP, as well as high administrative costs. The school made the move to a LTSP thin-client setup, and this resulted in cheaper hardware, less landfill and a centrally administered system. This solution was by its very nature, a standard cut n’shut case; the need was there, and a solution was proposed. The result of this case was a saving of £13,000 a year in license fees; a worthwhile but not exactly ground shattering figure, given the millions saved in cases such as that at Beaumont Hospital where they saved over EU4million with Open Source. What is interesting with the Orwell High School case is how that saving is relevant to their context. A teacher in the English department stated that each child in the department had a budget of £1 per head. When you are dealing with such low figures, £13,000 can seem like an awful lot of money being saved each year.

The key point here is that information is relative to context, and context is relative to information. Before you even begin discussing how to push the merits of advocacy in different ways, you need to be prepared to sit back and think about the information you receive, and how that information is relevant to the bigger picture. The goal here is not to con people into using Open Source, neither is it to suppress some elements of Open Source. The goal is to be as honest and up front as possible, and to try and dispel some of the large quantities of hype.

The new series of articles will be online soon on the O’Reilly Network.

Thoughts and ideas? Scribe them below…

In most of the articles and forum entries everyone always mentions that installing Mono is greatly simplified by using Red Carpet. Now that I’ve done it, I’d have to agree. Getting there was, however, not as easy as I would have liked.

In this article I’ll provide the step by step instructions for installing Mono on SuSE Linux Professional 9.1 using Red Carpet 2.2.3. After reading, you should have a clear idea of how to get through the installation, and hopefully avoid some of the snags I ran into. In the end, with this article, setting up Red Carpet will be as easy as using it to install Mono.

This article will not provide any explanation about Mono itself. It assumes that the reader knows what Mono is, otherwise, why would you be interested in completing the installation?

Step One - Obtaining Red Carpet Enterprise

Well the first thing to understand is that since Novell’s purchase of Ximian, Red Carpet is no longer available as a separate download. As mentioned on the Mono Project download project, it is now available as the ZENWorks Suite 6.5.

Once you get to the ZENWorks download page from Novell, the file required is ZEN65_LinuxMgmt.iso. This provides management for Linux desktops and servers, but it is essentially Red Carpet Enterprise. Be forewarned, the only way to get the necessary installation RPMs are from a 474.2 MB iso image. In addition, according to the Novell web site, this is a 90-day evaluation license of Red Carpet.

I believe that Novell is well positioned to benefit from the growth of LInux and open source software. However, I question their restrictive licensing of a technology that is necessary to download and install what may become the predominant open source software development platform. I’m really not sure if this license will apply to Red Carpet, so I’ll let you know in 88 days. In addition, why not break up the iso image into the individual components? Why should I have to download 474 MB when I only need 3 files that are less than 2 MB?

Step Two - Installing Red Carpet Enterprise

Once you have downloaded the iso image and have burned it onto a CD, then mount the CD and look for the redcarpet2 directory. For SuSE Linux Professional 9.1, the RPMs necessary were found in the suse-91-i586 subdirectory. The critical files are:

• rcd-2.2.0-0.ximian.9.5.i586.rpm

This is the Red Carpet Daemon. It is absolutely necessary for getting Red Carpet to work correctly as I’ll explain later.

• red-carpet-2.2.3-0.ximian.9.0.i586.rpm

This package contains the graphical user interface for Red Carpet.

• rug-2.2.0-0.ximian.9.0.i586.rpm.

This package contains the command graphical user interface for Red Carpet.

Install these packages and we are almost done. First, the GUI application should appear in the KMenu in the System -> Configuration folder as Red Carpet. You can further verify the successful installation by using YaST. Check in the Install and Remove Software -> Package Groups -> System Environment where you will find the newly installed software in the the Applications and Deamons groups.

With the software installed, the next step requires starting the Red Carpet Deamon. To start the deamon from the graphical user interface, you need to return to YaST. Select System -> Runlevel Editor, and then click on the rcd service. Click on the Enable button and the service should change status and show Enabled is now equal to Yes.

To start the Red Carpet Deamon from the command line, use the following quick command. Enter:

sudo /etc/init.d/rcd start

You will need the root password, in order to complete this transaction. Once complete, you should receive the prompt “Starting Red Carpet Daemon.” Now that the deamon is running you are ready to begin the Mono installation.

Step Three - Installing Mono Graphically

I’ll assume that you are not currently using the root account, so the first thing to do is be sure and start the Red Carpet GUI application using the root account. Enter:

sudo /usr/bin/red-carpet

If the connect to deamon dialog appears as illustrated in Figure 1, then the red carpet deamon is not currently enable. Return to the previous step and start the rcd deamon. Click on the Available Software tab, then click on the Channel drop down list selection button. This should produce a list of available channels. Select the mono-1.1 channel and then all available packages from the channel should appear. Slect Edit -> Select All or press Ctrl A to select all of the available packages. Select Actions -> Mark for Installation or right click the selected packages and select Mark for Installation. Click on the Run Now icon from the tool bar, select Actions -> Run Now, or press Ctrl X. This will start the installation process.

Figure 1 - The Connect to deamon Dialog

Step Three - Installing Mono From The Command Line (Alternate)

Issue the following commands as root:

rug refresh

This will download the most current channel information. Next in order to confirm connectivity with the redcarpet servers run:

rug channels

This should present a list of available channels. The list will also present whether you are currently subscribed to them. The output should resemble the following listing:

subd? | Alias                        | Name
------+------------------------------+---------------------------------------
      | evolution-devel-snapshot     | Evolution Development Snapshot
      | evolution-snapshot           | Evolution Snapshot
      | redcarpet2                   | Red Carpet 2
      | ximian-connector             | Ximian Connector
      | ximian-connector-devel-snaps | Ximian Connector Development Snapshots
      | beagle-snaps                 | beagle-snaps
      | mono                         | mono
      | mono-1.1                     | mono-1.1
      | rcd-snaps                    | rcd snapshots
      | suse-91-i586                 | suse-91-i586
      | suse-91-i586-kernel          | suse-91-i586-kernel
      | ximian-connector-snapshot    | ximian-connector-snapshot

To complete the installation, then run the following commands:


sudo rug sub mono-1.1
sudo rug update -y


The -y option will permit all actions without confirmations. Since there are approximately 50 different packages required for Mono, including all of the dependencies, this option should prove helpful.

Step Four - Testing your installation

After installing Mono, confirm the installation with a simple test. Using a text editor, enter the simple C# program shown in Lilsting 1.

Listing 1: Save this simple program as hellopr.

using System;

namespace HelloNameSpace
{
   public class Hello
     {
       static void Main()
         {
	   Console.WriteLine("Hello, from Gurabo, Puerto Rico");
	}
     }
}

To compile the program, enter:

mcs hellopr

This should produce a response of “Compilation succeeded.” If the compilation fails, then check whether the system class starts with a capital “S”, the console class starts with a capital “C”, and the write line method uses a capital letter for both write and line. Remember, that in C#, classes and all methods and properties are case sensitive.

Successfully compiling the hellopr program should produce a hellopr.exe executable. To run the program, enter

mono hellopr.exe

This should produce the output “Hello, from Gurabo, Puerto Rico”.

Summary

In this article you have seen how to install and verify Mono. This process includes obtaining Red Carpet Enterprise, installing Mono, and finally creating, compiling and running a simple test program. I hope this provides a simple to follow procedure and eases your way on the road to developing Mono applications.

Do any of your development plans include Mono in 2005?

I’ll start with the thanks. I’ve received bundles of blog comments and personal e-mail messages with helpful ideas and very patient tutoring regarding my OS X problems. I’ve always been lucky to roll in congenial ‘Net company. From the early C++ community (before eventual insanity set in) to the early Linux community to the early Python community, I’ve seen the best that brilliant and dedicated interest groups can offer a newbie willing to do some homework. My experiences so far with OS X folks matches up against all the above. Thanks guys.

So I hope you don’t take it the wrong way when I say that as for the issue at hand, I tried as much was was practical from your suggestions with no luck. I had just decided: No mas. I surrender. Time to reinstall. I was in the middle of a glacial job of backing up by tarring to our household backup server before a reinstall. using tar. Then I heard of the OS X 10.3.7 release. I have always suspected 10.3.6. I know many of you run it without problems but the timing for me and for many others I’ve seen on the Net is just too much coincidence for my skeptic taste.

So I upgraded to 10.3.7 and the problem has vanished. Everythign is snapy again. Lori has stopped abusing me for buying her a Mac (easy now, she likes the computer, but she became very frustrated when it became unusable). My opinion is that OS X 10.3.6 had a bug that only affected some users, and that we were among the unlucky, and that they fixed it in 10.3.7. That’s cool and all, but I must say that I wish such breaks and fixes wouldn’t come and go in such mystery. I think Apple has a lot of opening up todo, but that’s the subject of another blog. For now, it’s all love.

Before I put this issue behind me (I hope), here are some brief notes in response to the many thoughtful suggestions:

A lot of people mentioned disk damage as a likely culprit. Some pointed me to this helpful article about running Disk Utility (or fsck). This seemed reasonable, since my one brief reprieve from the problem had come after running repair permissions. I dutifully tried both Disk Utility and fsck, neither found anything wrong, and I was right back to the problem upon full boot. I think Apple tech support also instructed Lori to do this when she first reported the problem, but it was worth my trying personally. One note is that in safe mode everything was nice and fast, but back in regular start-up (regardless of the user) it was dog slow. Perhaps it was a kernel extenson in that case, but I had no idea how to start narrowing down which was the culprit.

Some suggested DiskWarrior, a third-party tool, but one that has received an impressive shelf of accolades. Apparently it can fix some problems that elude all other tools, including those built into OS X. Problem 1 is that it costs $80, but that’s a bargain if I were confident that it would do the trick. Problem 2 is that it is not even really advertized as a performance elixir. It’s advertized more as a wicked sharp disk error recovery tool. A bit more lumber than we need overall, and not an obvious enticement to spend a speculative $80.

Some suggested DNS issues. This doesn’t seem at all likely. The slowdown affects launch of applications that have nothing to do with networking, yet networking applications such as Safari don’t seem in any more distress than any other counterparts. What’s more, if I do basic lookups on the command line, once the command line applet itself has taken ages to start up, network responses are immediate.

Apparently HP printer drivers, have been the source of some reported problems, but these problems are a matter of chewing up CPU. Once again, Activity monitor shows plenty of CPU idle left. CPU utilization is not the problem here (nor is memory).

I checked for third-party extensions and all that. /System/Library/Extensions has tons of “.kext” file (kernel extensions, I presume) but I can’t tell which would be 3rd-party, nor did I feel confident just deleting the lot. In /Library/StartupItems I did find a file “Wacom” which might correspond to an old Wacom tablet which I’d forgotten we’d installed (we hardly used it). Deleting that file didn’t make a difference.

Some thought that the fact that we’d made incremental updates from 10.3.0 to 10.3.6 caused a few gaps and fissures in things and that we should just use the “combo updater” (new concept for me) to go back to 10.3.0 and make the leap back to 10.3.6 in one go. Sounded plausible and all, but if it were the problem wouldnit it have got worse with 10.3.7, rather than better?

Here is a quote from one sugghestion:

[T]he Jan 2005 issue of MacAddict addresses
the “lazy Mac” (p.20: “your Mac isn’t as snappy as it used to be”).
They start by recommending a reboot and then checking Activity Monitor,
but eventually they recommend running the $15 shareware Cocktail,
which would have worked (as “repair permissions” is one of its
options).

Seems like useful into to keep in mind, though I don’t know how Cocktail would compare to DiskWarrior and other similar packages.

Bottom line now: my wife is happy so I’m happy. Thanks to Apple for the fix, and thanks to the OS X community for such solid support.

Related link: http://www.sheflug.co.uk/

It looks like the first quarter of 2005 is going to be a busy time for your humble weblogger. I will spend most of the January and February working on a book for O’Reilly. Then, the last week of February I’m going to Sheffield to speak about Open Source firewals at the ShefLUG 2005 Seminar (23rd February 2005) and immediately after that I’m off to Fosdem 2005. (I won’t be one of the speakers at Fosdem, just a regular attendee, look for me near the OpenBSD booth.) Then, in March, I’ll be teaching BSD Firewalls classes in Krakow (Cracow), Poland.

Fingers crossed, my health will keep up with my schedule.

A small private solutions provider in Maryland emerges as the first challenger in the post Oracle/Peoplesoft merger ERP marketplace. InfoSecure Open Systems & Solutions recently announced the release of technology and related services that enable the use of the open-source Compiere(TM) enterprise resource planning (ERP) and customer relationship management (CRM) application on the SAP-certified open- source MaxDB(TM) by MySQL database, providing a unique fully open-source alternative to Oracle/PeopleSoft.

Compiere is the #1 Open Source ERP/integrated CRM software solution with 750,000+ downloads. MySQL is the world’s most popular open source database, with more than 5 million active installations. The company also announced that support for Computer Associates’ Ingres, MySQL 5.0 and other open-source databases will be available soon.

Don Samoil, VP of Global Sales for InfoSecure points out: “With Oracle acquiring PeopleSoft, business may face fewer choices and higher costs. Having a true open-source ERP and CRM solution has become even more critical.”

InfoSecure Open Systems & Solutions offers miCompiere ™, a rapid installation and deployment service package for customers to quickly install or migrate to Compiere on MySQL/MaxDB. For a fixed price, customers can have their standard Compiere-on-MySQL/MaxDB system installed and running in a very short time.

Who else will join the competition?

Related link: http://www.rogueamoeba.com/slipstream/

Rogue Amoeba, the makers of the insanely cool Audio Hijack, will release Slipstream in January 2005. In an email they sent to registered users of their other products, they say:

Now, audio from any program can be played through it. With Slipstream, the AirPort Express isn’t just for iTunes any more.

Very cool: I can’t seem to give these guys money fast enough for all the cool stuff they have. At some point I’d like to have RealPlayer on all the speakers in my house so I can keep listening no matter which room I move to.

Related link: http://www.mozilla.org/products/thunderbird/

Perhaps I have been stuck in the dark ages, but I have used the Pine email client for close to ten years now, and have never been able to find a good replacement. Recently, however I decided to try out Thunderbird 1.0, and I give it two hearty thumbs up. Seven features that I find particularly helpful:

• Very easy installation.
  
• Excellent IMAP support.
  
• Intuitive User Interface and Downloadable Themes.
  
• Full set of keyboard shortcuts.
  
• Works well at work (Mac OS X) and at home (Windows).
  
• Readable documentation and very helpful FAQ.
  
• Excellent RSS integration.
  

Kudos to all the Thunderbird developers for making such a great app.

Related link: http://www.websidestory.com/pressroom/pressreleases.html?id=238&ctl=x08×087h29ub

This week the web analytics software company WebSideStory reported that the Mozilla Firefox browser now has an estimated 4% share of U.S. Browser Usage Share. Most of this new found usage has come at the expense of the Microsoft Internet Explorer, which is now down to 91.8%. I can only imagine that this number will continue to drop.

I’m even now more excited about giving all my relatives copies of the OpenCD for Christmas. I’m mostly just giving it to them just to encourage their use of Firefox, but who knows? Maybe they’ll get curious and give some of the other fine apps a spin.

Looking to impress your friends and relatives, give’m Firefox. They’ll thank you all next year.

Related link: http://www.netflix.com/RSSFeeds?lnkctr=mfRSS

NetFlix uses RSS to tell me which movies they’ve gotten back from me and which ones they have shipped. It’s been handy. I’ve been curious when they get the movies back, and now I know.

I guess this could be done in email, but RSS aggregators have made this really painless. The news is automatically sorted by source, and old stuff I’ve already seen disappears. In this case, I only need a line of text: “Received: Blah blah” or “Shipped: yadda yadda”.

I could also get an RSS feed on my complete movie queue, but that’s a lot less useful. Every time the queue changes, which is every time they send me a movie, the RSS feed updates and everything moves up one position. I don’t need 100 new items in my aggregator just because every movie moved up a position. I could write a filter for that feed to strip out everything but the top three, I guess.

I’d like to get most of my notifications this way: my bank can tell me about cleared checks, my credit cards could tell me a payment is due, and so on. These are all things I get in email but I can’t respond to in email. It’s one way: so why not give it to me as RSS?

Of all of the companies that are playing the open source card, the one I least understand is Oracle. HP, IBM, and even to some degree Sun Microsystems are easy to understand. Promoting open source helps them sell more hardware, like I said easy. Fundamentally, Oracle’s interest in Linux is the same, by promoting open source it helps them sell more software licenses. However, that’s the kicker. Until Bill Gates’ prediction comes true and hardware is essentially free, there is a big difference between these two positions.

Hardware manufacturers are not on a collision course with open source. Computer hardware and open source are complimentary markets. On the contrary, database management servers, middleware, web servers, finance and accounting software, and customer relationship management software are dead center the target of some of the most aggressive and successful open source companies. A simple example is MySQL AB, that competes, or will compete, directly with Oracle in the database market.

I’ve been confused by this for a while, but this week I was stunned. After a relentless pursuit, Peoplesoft Corporation surrendered to Larry Ellison and Oracle Corporation. This week the Peoplesoft Board of Directors took the advice of the “Transaction Committee” and accepted a cash bid from Oracle of $26.50 per Peoplesoft share, for an estimated total transaction value of $10.3 Billion.

As I’ll break this transaction down later, it is my opinion that this purchase may be a serious mistake by Oracle Corporation. I’ll show through a very brief review of their finances, that with the growing credibility of open source software in the server room, both Oracle and Peoplesoft will be directly threatened by a strong contender in some of their most successful product areas. This threat will drain new software licenses faster than they expect and they will be slow to respond to this threat.

In the end, I commend the Peoplesoft share owners in successfully raising Oracle’s offer price per share from $19 per share to $26.50. If completed, this will be a huge financial windfall for all Peoplesoft share owners. Although their 2003 annual report does not even mention a threat from open source it is curious to note that one of their key ex-executives believes differently. As we have already seen in the attempt from Novell to hire ex- PeopleSoft exec Ram Gupta to replace departed vice-chairman Chris Stone, it seems the executives at Peoplesoft know where the future lies. I predict that some of the biggest Peoplesoft shareholders, those who will reap the most from a successful sale, will head into open source.

More and more to get a sense of how little this makes sense, we only need to examine the numbers. The best place to go for any public company are the federally mandated Security and Exchange Commission reports. Let’s first check out the basic numbers from Oracle Corporation (ORCL). First, according to the Oracle Corporation 2004 10Q, Year End Report they claim that “We are the world’s largest enterprise software company.” They are most definitely somewhere in the top five of all proprietary software companies in the world. In 2004 they generated a total of $10B revenue, with $8B in software licensing (79%) and $2B from services (21%). 44% of those software revenues were from new software sales, while the remainder comes from license renewals and upgrades. Due to the well deserved reputation of their marque product, the Oracle database, they seem rock solid.

It is worth mentioning though, they do have open source on their radar. I guess they believe, as many of us do, that open source is important to watch but it is anyone’s guess when it might actually have any material impact on their revenue. Oracle admits: “We may also face competition in the open source software initiatives, in which companies such as JBoss and MySQL provide software and intellectual property free over the internet.” and “We may also face increasing competition from open source software initiatives, in which competitors may provide software and intellectual property free over the internet. If existing or new competitors gain market share in any of these markets, at our expense, our business and operating results could be adversely affected.” I say that when a risk finally makes it into the management discussion, it is probably too late to do anything to stop that threat from becoming an issue.

So the risk is there, fine. So let’s take a look at Peoplesoft. Reading from Peoplesoft Corporation’s 10Q Quarterly statement for the third quarter, they have booked $1.9B in revenue in the first 3 quarters of 2004. They are on track to surpass the annual numbers from 2003. Digging a little deeper, they have $1.3B in software license related revenue and $0.6B in service revenue. We see less of an emphasis on software licensing, but it is still heavily dependent on software licensing. It is also very important to look at what it would take to see a return on investment for Oracle’s $10.3B.

With $61 Million in net income in the first nine months of 2004, it would take approximately 384 years to earn back the investment based only on profit. Maybe it makes more sense to look at the almost 4 years it will take to have the Peoplesoft annual revenue to cover the sale price. Now I realize this freshman business school student’s analysis of this transaction is way off, but I stand by my analysis that this is a fantastic deal for Peoplesoft’s shareholders and an anchor around the neck of Oracle. Companies are bought and sold for many reasons, and I’m sure we may learn why Larry Elison pushed so hard to get Peoplesoft. In the meantime, let me elaborate on some of the open source projects that I hope, err I mean “may”, represent some of the biggest risks to Oracle and Peoplesoft.

In no particular order, here are some companies and projects that should be giving the Oracle sales staff nightmares before too long:

• MySQL AB
• JBoss, Inc.
• Anteil
• SugarCRM
• Cream CRM
• Compiere
• The Open for Business Project
• Tutos
• SQL-Ledger

Anyone, or maybe several, of these companies or projects may rise to be a serious threat to Oracle’s future software revenue. Only time will tell, however, I know that if I had $10 Billion dollars burning a hole in my pocket, I imagine there are better ways to invest it.

To obtain copies of the financial data reviewed for this, please visit:

• Peoplesoft Investor Relations Page
• Oracle Investor Relations Page

Related link: http://www.konferencja.i4u.pl/en_goscie.html

That’s the question that Lawrence Lessig and other guests will be trying to answer at the Intellectual Property Law International Conference in Krakow (Cracow), Poland, in April 20-22th 2005.

Topics for discussion include Creative Commons, P2P, and music sampling.

The folks at LinuxNews.pl report that prof. Lessig will spend three days in Cracow. He’ll speak at the conference and meet with a group of lawyers from Uniwersytet Jagiellonski interested in spreading the ideas of Creative Commons in Poland.

Related link: http://safari.oreilly.com/JVXSL.asp?x=1&mode=section&sortKey=title&sortOrder=asc…

This inspiring phrase from Kent Beck’s book Test-Driven Development By Example:

“When we write a test, we imagine the perfect interface for our operation. We are telling ourselves a story about how the operation will look from the outside. Our story won’t always come true, but it’s better to start from the best-possible application program interface (API) and work backward than to make things complicated, ugly, and “realistic” from the get-go.”

The following example test is just a little simple one-method thing, but I realized this same approach could be used to design an entire system!

You can just start typing some pseudocode the way you *wish* you could type *if* your class/system was “just that easy”.

Then, when done, break it down into bits, and try test-driven development to see if you can make it so!

Just a 1-hour-old idea. Feel free to rip it apart….

Related link: http://www.cs.tufts.edu/~mchow/excollege

I am pleased to announce that starting next month, the start of the Spring semester at Tufts University, I will be teaching a course entitled Security, Privacy, and Politics in the Computer Age. The course will be offered by the Experimental College at Tufts University. The following is a brief description of my course:

Computer viruses, worms, Trojan Horses, spyware, exploits, poorly designed software, inadequate technology laws, and terrorism: these issues have a profound affect on our daily computing operations and habits. New technological innovations such as file-sharing software and location-based tracking tools also have major political and social implications. Unfortunately, basic knowledge and understanding of the security, political, and social issues concerning the use of technologies is lax, and is a major reason why people are continually affected by computer security breaches and technology misuse. Granted, the problems are only getting worse. Issues including electronic voting, Radio Frequency Identification (RFID) tags, location-based tracking technologies, and the Digital Millennium Copyright Act (DMCA) will be discussed. This course will also delve into reverse engineering of software, understanding exploits (e.g. buffer overflow, Denial of Service, rootkits, spoofing) and intrusion detection, and how to protect yourself from malicious computer activities. Then, the issues will be put into a global context to answer the question: we have dug ourselves into a deep hole; how do we dig out of it?

This course is open to all, regardless of area of study. No software development or computer programming knowledge is required. Basic knowledge on computer technology and concepts is sufficient. The only requirement is that you are curious on the security, privacy, political, and legal issues in computer technology, and why they are important in society.

I do understand that only Tufts students and neighboring community members can enroll in the class (EDIT, 1/5/2005: ON A SPACE AVAILABLE BASIS). However, I endear to make this course accessible to the general public. Therefore, all lecture notes, news, examples, and assignments will be published to the course’s website as soon as they become available. I also envision having a message board for the course, and possibly videos or audio recordings for some lectures –all available to the general public’s use.

I am honored to have the opportunity to teach this course not only because of my passion for this complex matter, but to contribute back to my alma mater and to the Computer Science community. In addition, there is a lack of ownership of the subject matter that I will be presenting, a major reason why there is a lack of basic understanding of the security, legal, political issues in using technology.

For more information, please visit the course’s (tentative) website at http://www.cs.tufts.edu/~mchow/excollege.

Once in a while someone asks for a graphical installer for BSD, similar to Fedora Core. Wouldn’t it be cool if we could see the daemon or Puffy in full color?

No, it wouldn’t.

As someone who just finished a chapter on BSD and Linux installation procedures, I must say that I like BSD installers much better than their Linux counterparts and that I don’t see a reason to ask the developers to spend their time on something that’s pure eye candy. This is 2004, soon to be 2005, and the odd graphical Linux installer can still have problems talking to some monitors and video cards.

Related link: http://www.pyzine.com

A long time ago in a publishing world far, far away, Brian Richard started Py, an independent Zine for Python developers. I still have several copies of the first issue I picked up at OSCON 2002. That was about the same time I was thinking about going into print with The Perl Review.

Brian and I had chatted over email a couple times, and he had moved on to Linux Magazine. I thought that was the end of Py.

Mark Pratt, the new publisher of PyZine, called me tonight (all the way from Barcelona) and we talked about what each of us is doing and what we have planned. I certainly don’t want to compete with PyZine, so my idea for a Python magazine (I wanted to call it MagPy) is dead.

There might be some ways we can help each other, but mostly we just talked about how we do things and exchanged some ideas.

Now I’ll have to find another idea for a new magazine, but that’s okay. :)

Someone, somewhere on the Internet claimed recently that the hama USB 2.0 Card Reader 9in1 doesn’t work with OpenBSD 3.6. This is not true, the system detects the card reader and the flash cards you plug into the reader.

There is a problem with the un-plugging procedure. The system does not detect the removal of the card from the reader and won’t recognize the card when you put it back into the reader. I’m not sure why it happens, because the system does detect the insertion and removal of my Actina 128MB Flash memory stick (plugged straight into the computer, not via the card reader).

The cure is childlishly simple: disconnect the card reader from the compute before you remove the card from the reader. Then, remove the card from the reader and connect the card reader to the computer. It’s a stupid trick, but it works on OpenBSD 3.6. It may work with other systems and with other Flash card readers.

Related link: http://print.google.com/

Google just keeps doing amazing things. Google for “War and Peace”. One of the top links should be “Book results for war and peace” with a rainbow colored collection of book spines next to it. Follow that result and you’re in Google Print, which shows you the Penguin edition of the book, and it’s fully searchable!.

I’ve had this dream of creating concordances for my favorite books, but Google Print would virtually do that for me. Go on Google, take it off my to-do list!

SpamBayes was already installed (to /usr/bin as it happens, but location doesn’t matter as long as sbfilter.py etc. are in the path). My first step was to set up two mail folders: “Junk” and “MaybeSpam” using my mail user agent (Evolution 2.0.2). If your MUA already has some junk controls, such as Evolution 2.x, Thunderbird or Apple Mail, you may have special, local Junk folders. You probably still want to create actual IMAP folders on the server side (though see below for a note on a clash problem in Evolution).

I created a local SpamBayes config dir:

mkdir $HOME/.spambayes

I set up a config file by pasting the following into
$HOME/.spambayes/spambayesrc:

[Storage]
persistent_use_database = True
persistent_storage_file = ~/.spambayes/hammiedb

I added a variable to my environment as follows (on the command line and in my bash profile file):

export BAYESCUSTOMIZE=$HOME/.spambayes/spambayesrc

The next step was to train SpamBayes, first creating the database:

sb_filter.py -n

You should see “Created new database in /home/uogbuji/.spambayes/hammiedb” or such. If you have existing good and spam mail folders, you can kick start things by training on those folders:

sb_mboxtrain.py -d $HOME/.spambayes/hammiedb  -g
$MAILDIR/GoodMailFolder1 g $MAILDIR/GoodMailFolder2 -s $MAILDIR/Junk

Use the -s flag to specify folders with only spam and -g for
folders with only good mail (”ham”). You can have multiple instances of each flag.

Next I updated my .procmailrc with rules to run through SpamBayes and move mail according to the results. Something like the following:

MAILDIR=$HOME
LOGFILE=$MAILDIR/procmail.log
SPAMBAYESRC=$HOME/.spambayes/hammiedb

:0 fw:hamlock
| sb_filter.py -d $SPAMBAYESRC

#SpamBayes tests
:0:
* ^X-SpamBayes-Classification: spam
$MAILDIR/Junk

:0:
* ^X-SpamBayes-Classification: unsure
$MAILDIR/MaybeJunk

#Spamassassin tests, if you also have that
#:0:salock1
#* ^X-Spam-Flag:.*Y
#$MAILDIR/Junk

#:0:salock2
#* ^X-Spam-Status: Yes
#$MAILDIR/Junk

#Uncomment if you really must
#:0
#* ^(From|To|Sender):.*Cron.*
#/dev/null

Finally I added a job to keep up the process of training SpamBayes so it can adopt to changing spam patterns. I added an entry such as the following to my crontab (using crontab -e):

MAILDIR=$HOME
BAYESCUSTOMIZE=$HOME.spambayes/spambayesrc

# use /bin/sh to run commands, no matter what /etc/passwd says
SHELL=/bin/sh
10 6 * * *      sb_mboxtrain.py -d $HOME/.spambayes/hammiedb -g
$MAILDIR/GoodMailFolder1 g $MAILDIR/GoodMailFolder2 -s $MAILDIR/Junk

Be sure you don’t train MaybeSpam or any other iffy folders as junk (or as ham). All the above set-up did the trick for me.

Evolution gets in the way

Evolution 2.0.2, like many modern MUAs provides fancy client-side spam-filtering, but I ran into problems where this interfered with plain old IMAP folders. Evolution calls its spam folder “Junk” and seems to maintain it locally, even thoug it’s in the folder tree under the rspective server (which i think is bad form). Problem is that it seems to mask any actual Junk folder you have on your IMAP server. Most MUAs have an option to override the location of special folders such as Sent, Trash and Junk, but Evolution does not seem to. Has anyone run into thei problem and found a good work-around?

Side note: I’ve noticed in general that Evolution doesn’t get along well with UW-IMAP, especially not the very strange IMAP set-up that comes in SuSE Linux (odd considering Evo’s provenience). Not much I can do about that now, since we’ve outsourced most systems administration.

Do you have any handy SpamBayes tricks for Linux?

Tonight I had some time to update Busines::ISBN::Data, which is the data pack for Business::ISBN. It exists separately so I can update them separately. The ISBN folks have added several country prefixes and updated the publisher ranges in a lot of the prefixes: space for new publishers is getting short.

The task was much easier this time. Previously, I got the data from the HTML pages on their web site. They’ve done away with that in favor of a PDF file. Things would have been much easier if it was just a text file. There isn’t anything fancy in the PDF: no images, no fancy text effects: just the data.

Oh well. Updates are infrequent, and it was easy to extract the text from the PDF, even if the data was a bit dirty. Still, text wants to be text.

Updated. Thanks to “david_given” for pointing out a typo, which is now corrected.

Much of my current late-night hacking (I should be making a couple of big announcements soon) involves pushing the art of XML/SAX processing in Python by using its ever more powerful functional features. In doing so, I’ve been making more and more use of nested (AKA inner) functions for modularity and some neat approaches to dynamic dispatch. This has also brought me several times into the grey areas of nested scopes. I’ve come to know the PEP pretty well, but in case it saves anyone time spent probing Python legalese, here is an example that illustrates the behavior of nested scopes. The code can be run as is in Python 2.2 or later. For Python 2.1, add from __future__ import nested_scopes to the top.

g_a = 1                      #global scope

def f1():
    a = 2
    def g():
        print "f1/g", a      #a is 2
        return
    g()

def f2():
    a = 3
    def g():
        print "f2/g", a      #UnboundLocalError (at runtime)
        a = 4
        return
    g()

def f3():
    def g():
        global g_a
        print "f3/g A", g_a    #a is 1
        g_a = 5                #Modifying the global
        print "f3/g B", g_a    #g_a is 5
        return
    g()
    print "f3/g C", g_a        #g_a still 5

def f4():
    a = 6
    def g(a=a):                #Yuck.  Cumbersome
        print "f4/g A", a      #No problem.  a is 6
        a = 7
        print "f5/g B", a      #Now a is 7
    g()
    print "f4", a              #Back to 6, since int is immutable and

def f5():
    a = 8
    def g(a):
        print "f5/g A", a      #No problem.  a is 8
        a = 9
        print "f5/g B", a      #Now a is 9
        return a
    a = g(a)
    print "f5", a              #a is still 9

f1()
#f2()    #Commented out to avoid Exception
f3()
f4()
f5()

When I first ran into the UnboundLocalError problem demoed in f2 I started with the fall-back solution in f4, but 2 considerations turned me off that solution. The main one was ugliness of the keyword stuffing, especially when I wanted several variables in the shared scope. A more minor issue was a need to mutate such variables within the nested function. This is a minor issue because such mutation is rather inelegant and runs counter to the very functional principles underlying nested scopes. Nevertheless, I did have a couple of cases where I wanted to hack in mutation temporarily for some quick and dirtypurpose. It turns out that the f5 approach deals with both issues, with a bonus that mutation is replaced by functional transform. I use tuples to pass back multiple values from the inner function, of course.

I did not show in the listing how using exec or from foo import * can lead to syntax errors, a situation I ran into once, to my great confusion. See the PEP for a terse listing of syntax gotchas. Andrew Kuchling’s document mentions the exec gotcha. The usual solution is to use the form exec cmd in globals(), locals(). See the Python Library Ref exec documentation for details (notice: Python 2.4 relaxes the rules a bit on what can be used with exec ... in ...).
This slide mentions the exec gotcha as well as a possible problem with eval.

Side note: in Andrew Kuchling’s brief on nested scopes he introduces them by saying:

In Python 2.0, at any given time there are at most three namespaces used to look up variable names: local, module-level, and the built-in namespace. This often surprised people because it didn’t match their intuitive expectations. For example, a nested recursive function definition doesn’t work:

    def f():
        ...
        def g(value):
            ...
            return g(value-1) + 1
        ...

The function g() will always raise a NameError exception, because the binding of the name “g” isn’t in either its local namespace or in the module-level namespace. This isn’t much of a problem in practice (how often do you recursively define interior functions like this?)

I read this bit after I’d already used recursive inner functions in several cases, and had been impressed at their expressive power. Just goes to show that the human imagination is not fit to find limits to the usefulness of recursion.

Overall, nested scopes in Python are not as clean as a language purist might wish, but like so much in Python’s evolution, they find a comfortable niche between cleanliness and practicality.

Related link: http://www.devguide.net/var/bsd-firewall-stickers.zip

Here are some BSD and firewall sticker designs:

DragonFly BSD — Because There Are Other Alternatives

FreeBSD — Because There Are Other Alternatives

NetBSD — Because There Are Other Alternatives

OpenBSD — Because There Are Other Alternatives

OpenBSD — Painted Puffy

IPFW — Building a Better Firewall

IPFilter — Building a Better Firewall

IPTables — Building a Better Firewall

PF — Building a Better Firewall

Copyright? You are free to print and sell/give away these designs as long as they are used to promote DragonFly BSD, FreeBSD, NetBSD, OpenBSD, IPFW, IPFilter, PF, and IPTables in a positive manner. The Puffy image is copyright Theo de Raadt

Have fun.

I didn’t anticipate this lead into my debut as an O’Reilly Network weblogger, but I guess ya gotta go where the muse takes you. As I anticipated making this first entry, I was wondering what to cover. I was going to cover who I am, what I’m doing, and give a preview of what you might expect to read in this web log.

As I woke-up this morning the headlines read Atrapados entre balas asesinas, Trapped between assassins bullets. A father and two of his daughters had been shot to death in their car as they waited for the light to change. One minute the were just coming home from the game, the next, instant misery for two mothers, two sisters, and everyone else left behind to suffer their loss.

As the “pueblo” of Puerto Rico mourns, I come here to finally begin writing. But now I sit asking myself: “Who am I?”; “What am I doing that makes any sense in light of this tragedy?”; “What can I write about when my passion for technology, software development and open source seems pointless.”

But that’s just it, it isn’t pointless. It’s easy to compare our lives against the suffering we see around us and wonder if we have made the right choices. However like George Bailey from “It’s a Wonderful Life”, we each have our role to play. Yes we can change that role whenever we choose, but we always have a role.

One of the main reasons I am leading the SNAP Development Center is because of the choices I am now making. I decided about two years ago that I would involve myself in the creation of a high technology economy in Puerto Rico. I knew that I could help, and I willed myself to pursue the opportunity. I decided that I would become involved in this effort because I felt I had something to contribute. I saw in Puerto Rico what we all see by volunteering in open source software projects. I believed in the goal of the project, I saw problems that I could solve, and opportunities that I knew I could attack.

Deep down there are many people that are confused and scared of open source software. However, I believe that it has nothing to do with software licensing. They are scared and confused because they are unable to understand why a large group of programmers would volunteer their time to make commercial quality software.

Thankfully, there are millions who volunteer their time for countless altruistic causes. They help to bring comfort, to feed, to ask for donations, and to spread peace where none exists. Now enter the open source software development community; we write and test code so everyone else can make their own unique contributions. We have finally found a way to play our role, and we feel good playing it.

What confuses and scares people about open source is their inability to recognize that we all must find our role. We all need to find something we believe in and a way to turn our visions of the future into reality. What they don’t understand is that with open source, we now realize that there is a way. There is a way for us to volunteer our unique gifts and spread this model to others. We each want to help ease the suffering we see around us, and we now have a model that gives us a way to play our role. We can be ourselves, play our role, and still make a difference. So we must reach out to those who don’t understand, and lead them so that they too can find their role and make a difference.

What role do you play in open source and how do you think it makes a difference?

Related link: http://www.chipy.org/

The Chicago Python Users Group was going to talk about testing today, and I wanted to see what was going on in that part of the world.

I was afraid that I wouldn’t know anyone there, and I’d be the loony Perl bigot in the back saying “Well, in Perl…”, but it turns out that I knew a handful of people there, and I think more had heard of me.

As I introduced myself as we went aroudn the room, I mentioned that I was thinking about publishing a Python magazine, and not just an April Fool’s version of The Perl Review. I have already paid a lot of the sunk costs for TPR, so adding another one wouldn’t be that expensive. I just need someone to act as editor.

There was food aplenty, and it kept showing up. I could have the pizza and Dr. Pepper, which seemed to be a particular favorite of the group, but there was also a some wonderful zitti and a green salad brought by Kelly Ray, who’s using Python to create a cookbook (you know, the kind about food).

John Roth demonstrated Fit and Fitnesse as part of his “Extreme Programming Testing” talk. Chris McAvoy (who actually submitted an artilce to TPR just before I had to go overseas) showed off doctest. Ian Bicking (of Imaginary Landscape, which hosted the evening) introduced unittest and another Pythoner (sorry, notes smeared with zitti) explained hotshot (a Python profiler).

I liked the idea of a bunch of people showing off things rather than one long presentation by a single person. Among all of those were a couple of ideas that I want to take back to my Perl work.

After the talks, the topic somehow got around to the Comprehensive Perl Archive Network (I’m pretty sure I didn’t start it, as I was trying to be on my best behavior), and that Python doesn’t have such a beast. I suggested that someone just start one. From there people asked all manner of questions about how CPAN works, though most of them seemed to revolve around some myth that CPAN is restrictive. I explained that it’s just a really big directory of things, and that almost anyone can upload almost anything of any quality. The topic of a Comprehensive Python Archive Network gets kicked around every couple of years, but Python has yet to find its own Jarkko.

They haven’t announced their next meeting yet, but I’ll probably go back. I may even write a couple of Python programs between now and then so I don’t look like such a clod. :)

Related link: http://www.ddj.com/articles/2005/0501/

I usually don’t see Perl in Dr. Dobbs, but the January 2005 issue is all about open source and programming languages, and it has one of the best tech articles I’ve seen in a while.

This issue includes Sam Tregar’s “Perl, VMWare, & Virtual Solutions”. He’s the author of Writing Perl Modules for CPAN (one of the best Perl books out there), and works on Krang, a mod_perl based content management system.

None of that really matters for this article though, because that’s not really what he’s talking about (open source or Perl or Krang). He talking about money.

He used VMWare to test his product on a bunch of different architectures and operating systems without buying all those architectures. That’s right: he gets down to the money. He’s done his math and figured out the real dollar cost each way. He’s not using VMWare just because he likes it: it saves him a tens of thousand of dollars, even though it costs him a few thousand dollars. It’s great to see the article hit not only the tech angle, but the practical business angle too.

And it’s all in Dr. Dobbs. Imagine that.

Related link: http://www.syngress.com/catalog/sg_main.cfm?pid=2900

Have you ever wondered if you are doing the right thing? Is is okay to steal from work? How about downloading pirated music using the company network? Do the rules apply to everyone? Can I do whatever I want if I’m a system administrator?

These are real topics covered in “IT Ethics Handbook”. Sadly, each answer comes in two varieties: Conservative and liberal (each of which get their own font!). If you don’t like one answer, you can just choose the other. The (long) list of contributors put their heads together to come up with rationalizations for both sides.

I tend to think that if you have to ask the question, you already know the answer, and if you truly don’t, asking your friends, boss, or co-workers will clear it right up. Heck, the employee handbook might even answer them. The book doesn’t really lay a foundation for ethics, but sticks to specifics questions. Indeed, it seems to ignore the idea that ethics isn’t an absolute, and may vary between different groups and cultures. They merely mention all that stuff in the introduction, but then quickly discard it.

Some other paraphrased questions, in case you still think you need this book. You can quickly find a rationalization for the right and wrong of each and apply the answer that you like best.

• Can I write malicious virus code for profit?
• Should I use somebody else’s login and password?
• Can I use company resources for personal gain?
• Can I videotape my co-workers having sex in the hallways? (real question)
• Do I have to obey the law?
• Can I be lazy?
• Can I spy on employees?
• Can I take revenge on a co-worker?

Perhaps this book is for the guy who wears the expensive suit and takes off fridays to play golf.

I’d thought the disk permissions fix had solved the problem, but after a couple of days of use, the slowdown suddenly resumed. Repairing permissions again seemed to fix it again, but for less than a day. I’m beginning to think that maybe permissions have nothing to do with the problem.

Again the machine is taking forever to boot. Applications such as Safari and Activity Monitor take up to ten minutes to launch. Response to UI mouse click events such as basic menu selection or clicking icons is a matter of minutes, with the spinning ball of death churning all the while. The machine is basically unusable. Yet window drawing and the like seems snappy enough, so it seems system load isn’t a likely factor, and indeed Activity Monitor displays 80% CPU idle, 250MB memory “inactive”, 96GB free, 3GB VM size (we’ve cleared it so that the hard disk has 36GB free).

I’m pondering downgrading back from 10.3.6 to 10.3.5, since most corroborating reports of this bug I’ve seen suggest that the OS upgrade might have been the culprit. I suppose a re-install is another option, but that seems like such a slash-and-pray solution, one I might more likely expect for a Windows set-up.

Again this is frustrating because as I said earlier “Lori’s iMac usage is about as plain jane as it comes. We have hardly any third-party software on it, and the only third party app I’d describe as a “utility” is Roxio’s CD/DVD burning software, which we rarely use. Pretty much all we run on it regularly is Safari, Mail, iTunes, iDVD and iPhoto. I’ve used Keynote for a couple of presentations…” I expect such odd problems on machines where I program, play with exotic progrsm, and more.

Has anyone heard of a reliable fix for this bug?

Related link: http://www.oreillynet.com/pub/wlg/5885

I’m spending WAY too much time just on the web UI interface to my projects!

I wish I had a good re-usable framework for all these web-apps. Any suggestions?

Rails looks interesting, but I can’t just switch 50,000 lines of PHP over to Ruby for it. I’ve got all my shared classes in PHP already. Maybe I’d use it for a brand new project some day.

As I mentioned before, Tony Marston has an interesting approach that looks very tempting to throw myself into.

Perl’s Mason looks REALLY nice, and some dude I respect loves it. But again : I can’t switch all my code over to Perl for it. Is there anything like Mason for PHP?

PEAR’s HTML_QuickForm looks like it would help with forms, but not a complete solution. Maybe an ingredient to something bigger.

I’m just not into Smarty, for the same reasons described by Brian Lozier and others.

In fact - I’m really into typical templates at ALL — because the way I use PHP is not the typical fashion : I don’t put PHP inside HTML. I have PHP do *everything*, only a small part of which is spitting out some HTML to the browser. Since all my sites are mutli-lingual, with ALL words as a $lang hash/array/dictionary stored in a config file, and since all page-layout is CSS, there’s almost nothing on an HTML page that is *not* dynamic. Just the occasional div, span, ul, li, p, input, etc. My HTML is practically an XML file : just my dynamic values, with some basic identifiying markup tags wrapped around those values. (div id=”cart”, ul id=”menu”) Nothing worth making a static template for.

Again: I really like Mason’s component-approach. Hey I wonder if there’s a way to have PHP do the business-logic, and have Perl/Mason do the display-logic?

I know that millions of hours of brain-power have been spent by smarter folks than me, developing database-driven websites, and they must have created some framework somewhere that matches my needs - but I haven’t found it yet. (Though it’s funny that the two I like the best so far are in Ruby and Perl — c’mon PHP! What’s up with that?)

suggestions?

Related link: http://www.sebastian-bergmann.de/en/phpunit.php

I’ve finally gotten into some better habits for my database-driven web-apps. I’m trying to get myself out of years of spaghetti-code.

#1 - Make a shared directory where ALL common classes for this project will go
(example: Client.php Customer.php Item.php Invoice.php etc)

#2 - Create a CVS project for it immediately

#3 - Create a /tests/ directory inside of it, and make a PHPUnit2 test file for each class, and a unit test for each method.

#4 - Make ALL parts of the project (the front-end, the back-end management, the shell-scripts, the members login-area) ALL use the exact same shared classes.

#5 - No SQL anywhere outside the shared classes - any interacting with the database HAS to be done through the classes. Many times I’m tempted to just pass a simple one-line SQL command right in my code, but I resist the urge (remembering years of mess this caused me before) - and keep everything centered around the shared classes.

BEFORE I start in with the web-interface, I make many of the methods/functions I know I’ll need, and test them at the unit-test level at a terminal/shell. It’s always nice to know that your guts are in good order.

Funny thing is… now that that stuff is out of the way, I’m spending seemingly all my time just on the web UI interface! Damn I wish I had a good re-usable framework for all these web-apps. More on that in my next post.

other good habits?

It’s bad bad bad when you use form method="post" and your user hits the back-arrow afterwards…

… unless you use an approach I knew was possible, but never tried before a project I’m doing now.

Goes roughly like this:

————– someform.html —–
<form action="action.php" method="post">
<input type="hidden" name="action" value="delete" />
<input type="hidden" name="id" value="12345" />
<input type="submit" name="submit" value="delete this" />
</form>
—————————————–

————– action.php ———
switch($_POST[’action’]) {
case ‘delete’:
$id = intval($_POST[’id’]);
$db->query("DELETE FROM something WHERE id=$id");
header(’Location: menu.php’);
break;
case ‘add’:
# blah blah - your "add" actions stuff here
header(’Location: newentry.php’);
break;
}
—————————————–

Have *ALL* forms on all pages all posting to the same action.php page, which has a switch/case looking for the correct action, then using HTTP header-location to send them off to the next page. If they use their back-arrow now, no problem! It will never re-post the form.

(As a variation on this, I guess you could have lots of little PHP pages catching lots of form-post actions, then header-redirecting, but I was just trying to keep them all in one place.)

Only problem I had with this approach is that I like to alert the person who did some action that the action has been done! I added an Alert class with just two public methods: add and show. (Private methods are load and save, used at __construct and __destruct, respectively.) Now your action.php file can add an alert to the Alert class, then header-redirect off to any page you’d like, as long as the destination page has Alert::show where you want the saved alert to appear.

Anyway - I’ll bet this approach has been done before in a way I hadn’t thought of, but this is how I’m doing it for now, and I like the way it works so far. I’d love to hear from anyone else with a different approach to solving the form-post back-arrow conflict.

different approach to solving the form-post back-arrow conflict?

Related link: http://www.theperlreview.com

When I started The Perl Review, I had an online edition and a bunch of people who wanted it on paper. Now I have a print edition (and the online edition is still there), and people want to subscribe to an online-only plan so they don’t pay for international shipping.

That’s fine with me. I can do it either way. TPR now has an online-only plan that costs the same as the US print edition, and if we start printing in another part of the world (looking at Europe now and Australia later), those parts can convert to the print edition for no extra cost.

And, after dumbly grouping the rest of North America into “International”, I’ve adjusted those prices for Canadian and Mexican subscriptions to reflect the lower shipping costs to the countries on either side of me.

I’ve also created some RSS feeds for TPR news and discussion, and a public discussion forum on LiveJournal. The user feedback has been great, and I’d like to get more of it.

For a couple of years I’ve been researching community computer
documentation–the kinds of volunteer efforts produced by the
Linux Documentation Project,
the GNOME Foundation,
and others–with the aim of finding ways that it can be improved by
volunteers and project leaders. It’s natural that I should be
interested in a source of information that most computer book
publishers identify as their key competition. More fundamentally, I
can tell that people look to their fellow computer users for
information, and that these peers have lots to offer. I hope that, by
helping the community documentation movement to mature, I can persuade
them they also need the help of professionals like me and the other
folks at O’Reilly.

I had a discussion last Friday with Tim Ney, executive director of the
GNOME Foundation. We came up with several interesting points that we
thought would interest others who care about computer documentation.

Multiple approaches for multiple audiences

One nice thing about online documentation is that a site can provide
an unlimited number of documents for different users at different
stages of development or different entry points. The GNOME site, for
instance, could have a document for Windows users migrating over to
GNOME, a document for Mac users migrating over to GNOME, and so
forth. I say more about this (and other topics in this blog) in my
article on community documentation:

Splitting Books Open: Trends in Traditional and Online Technical Documentation.

And the nice thing about community-generated online documentation–as
a special case of online documentation–is that your own users can
contribute such documents as the urge comes to them. You don’t have to
set up a committee or manager to choose what’s written and allocate
resources.

That freedom comes with disadvantages, too, of course, as my article
explains. A project can end up with five overlapping documents written
for the same audience, and be deprived of documents that serve other
equally needy audiences. One way project leaders can encourage
volunteers to contribute the necessary documents is to develop a
high-level table of contents and invite readers to fill it in.

For most computer users, it would be a waste to write a totally
introductory document about GNOME–one that tells them, for instance,
that defines what an “icon” is and tells them they can start programs
by clicking on icons.

But maybe it wouldn’t be a waste after all. GNOME is gaining traction
in many parts of the world where you can’t take it for granted that
users have used computers before. They need help understanding what an
icon is. But do they need a manual? That leads to my next point.

Flexible approaches to conveying information

Not every training situation deserves a manual, or should be solved
through one. Perhaps what new users need is a laminated sheet with a
few simple instructions to get them started. It could point them to a
tutorial online. (Tim and I agreed that we had both tried Emacs’s
help-with-tutorial function early in our relation with that editor,
and that it was quite useful.)

Some people need Hands-on or platform training. The GNOME Foundation
does that for developers now, sending developers long distances to
provide it. They could film the trainers and try to figure out what
works. Perhaps the approach used for training could be frozen in text
somehow and turned into a manual.

(It’s worth noting that one of the most ground-breaking approached to
computer documentation, the O’Reilly
Heads First series,
was developed by two trainers.)

And what does that nascent new user need? Is it the same at every
site? Not at all, as we’ll see next.

Accommodate customization

GNOME documentation has to deal with an incredible diversity of
implementations. Few users get the desktop layout–menus, icons, and
panels–the way the GNOME Foundation released it. Every provider
customizes it extensively. And not just commercial providers. Tim
pointed out that when GNOME is installed in the Spanish region of
Extremadura, the icon for the chosen word processor is a picture of
the head of Cervantes–an image that apparently resonates for even a
moderately educated Extremaduran.

The customization continues as different administrators install the
software at their sites. So that laminated sheet I mentioned earlier
should probably be written by the administrator.

Make users into explorers

For reasons just explained, experienced desktop users have found that
they shouldn’t expect their favorite tools to be in the same place on
different systems. (This is true even when moving from one Windows XP
system to another.) Experienced users expect that the tool they need
is somewhere, so long as its moderately popular. They go looking for
it. For instance, when I boot a GNU/Linux system I don’t know which
IRC program was installed, but I expect there’s one somewhere and I
navigate the menus till I find it.

Thus, what desktop documenters have to do is explain all the wonderful
things that systems can do and make users want to do those things. The
range of computer tools for all types of activities–media,
communications, and even system administration–is so great that
nearly any computer user can become more empowered and productive if
they try new ones out. Once they have an idea what they want to do,
they can find the tools on most GNOME systems regardless of where the
vendor or administrator has placed them.

This goal–the inquisitive user–is the thrust of the most interesting
experiment in computer documentation I’ve found, minimalist
documentation. The approach of minimalist documentation is pretty
much to say, “Try out this thing and see what happens.”

So the search for effective community documentation continues. I’ll
keep you informed as I learn more.

Related link: http://www.adtmag.com/article.asp?id=10286

“Perspective on XML: Be humble, not imperial” was directly inspired by conversation with Simon St.Laurent about whether RDF is separable from design hubris (and how such hubris intersects XML). Today I found an interesting juxtaposition of premise in Sean McGrath’s “Inefficiency revisited“. One thing I seem to share with so many of my colleagues in the XML world is a wary attitude towards traditional data modeling practices. It’s an attitude that has also informed my thinking in related articles pondering data supermodels,
coupling of distributed systems,
OO encapsulation, and the like.

Some of us see XML as a bit of a refuge from established schools of data modeling. OO and Unified Process in my case, E-R and other relational based modeling in others’. Some just came from document-centric backgrounds where such extremely rationalized data modeling was not the mainstay. In my case, interest in XML was part of a general interest in data modeling as a vehicle for human expression rather than for robotic simulation of the real world.

I learned a lot in my own journey along this path from folks such as Sean McGrath, Simon St.Laurent, and Walter Perry. Walter in particular is worth a note. He doesn’t publish many articles, nor do I think he posts much to XML-DEV any more, but you would do well to look up some of his older postings on that forum, especially some of his debates with John Cowan (who is also always worth a read). He has a very interesting perspective on the role of XML in data sharing, and though it takes a bit of close reading to ravel the important conclusions from his expansive essays, I’ve found the effort rewarding.

I think a lot of the stress in the XML community centered on the fulcra of XQuery, SOAPish Web services and W3C XML Schema represents a split between what I’ve called the Bohemians and the Gentry. The Bohemians see in XML some escape from deep-rooted philosophies elsewhere that they feel lead to software boxed in by overly sophisticated (and imperial) design, and thus doomed to integration woes and expensive maintenance. The Gentry think that imposing the rigors they bring from other spheres of data modeling upon XML is the only way to bring order to XML’s strange arcadia of uneven structure and untyped chunks of data.

It’s easy to over-sell the “agile” ethos. Even though I can agree with XP folks that Big Design up Front (BDUF) too often leads to death-march projects that never end up truly meeting the customer’s needs, the Engineer’s training in me can’t accept that this is an inherent flaw in the idea of design before implementation, but rather a sign that popular design mechanisms are just not good enough to support software development needs. I find XML much better aligned with the agile world view, but only insofar as it brings a perspective to design that still needs proving and codification, and that once established will still demand the highest standards of professionalism from its practitioners.

Has using XML changed your general approach to data design and modeling in any way?

Related link: http://www.devguide.net/books/fw-01/os-fw-matrix.pdf

Open Source firewalls are not just for Open Source operating systems.

SSH and OpenSSH are essential security tools for today’s communications. The widespread use of wireless networks that require authorization via authpf means that you need to run an SSH client on every machine you connect to such networks.

Here’s a list of places to get you started:

• Microsoft Windows: PuTTY
• Microsoft Windows: Other SSH clients
• Mac OS X: you have the Terminal (Macintosh HD::Appl
  ications::Utilities), use command-line SSH tools from there.
• Mac OS X: don’t like the command line? Maybe JellyfiSSH will be the thing?
• Mac OS 9: MacSSH
• Palm OS: pssh
• Pocket PC: PocketPuTTY
• Microsoft Windows CE: OpenSSH CE

Related link: http://nocat.net/merchandise/

I hope you’ll excuse the product plug, but the much-regarded and hard-to-find “ANARCHIST CRIMINAL PARASITE” T-shirts from FreeNetworks.org are finally available on the Web, as well as mugs, mouse pads, and more…

Related link: http://shiflett.org/archive/80

Testing PHP

I guess this is my belated ApacheCon blog. I had a lot of fun as usual, and
I got a chance to meet a few new people and hang out with old friends. The
talk
that Geoff and I gave
went really well, and it ended up being as funny as we had hoped. More
exciting than the talk is the project behind it. I think we’ve created the
single best testing framework for PHP applications, and I’m going to try to
describe it for those who missed the talk.

There are a couple of resources available for download:

• Testing PHP with Perl Slides
• Demo PHP Application with Tests

What’s so great? Apache-Test -
a testing framework for Apache that adheres closely to strict testing
ideologies. Geoff and I have added features to Apache-Test that let you use it
to test PHP applications. In addition, we have provided a PHP implementation of
Test::More
- a popular CPAN module that has some very simple functions that make writing
tests easy.

The idea for this project began at
OSCON, where Geoff and I
were discussing testing tools and methodologies. The Perl community has
embraced testing as a key component of a developer’s skillset, whereas the PHP
community still relies heavily upon echo
and manual testing with a browser. Since Geoff is a Perl guy, I’m a PHP guy,
and we happen to be good friends, we decided to create a way to let PHP
developers benefit from Perl’s mature testing tools and methodologies. Since
Geoff is really a mod_perl guy and interested in all things Apache, he is a
big fan of the Apache-Test framework. This seemed like a great tool to provide
to PHP developers, so we proposed a talk about it. Once the talk was accepted,
we had to deliver.

What makes Apache-Test so great for PHP developers? It provides several key
features not available (to my knowledge) with any other testing framework:

• You don’t have to write any Perl. This certainly isn’t a unique
  feature, but one problem with our attempt at being funny in the naming of
  the talk is that people tend to think that using this framework requires
  you to know Perl, and that’s just not true.
• You don’t have to write any tests in your application. One thing that
  bugs me about several of the testing approaches I have seen is the
  necessity of including tests within the application itself. Thus, your
  tests can affect the behavior of your application, which totally ruins the
  concept of testing. You see, testing an application should be an example
  of a
  control experiment,
  where there is only one thing that changes - your application. If all
  tests pass, you make changes to your application, then some tests fail,
  you want to be assured that the cause of the problem is the changes you
  made to your application, not tests that you have written. In fact, a test
  shouldn’t even affect any of the other tests, much less the actual
  application you’re testing. I think this obvious flaw in existing
  approaches has stymied our adoption of testing as a necessary skill.
• Writing tests is easy. I think this is a key feature. If writing tests
  is a hassle, no one will want to do it. Let’s be honest - developers are
  lazy. In fact, we take pride in being lazy. The PHP implementation of
  Test::More that is now included in Apache-Test provides simple functions
  for writing tests. You can use these with any programming paradigm,
  which means you don’t have to use an object-oriented design, but you can
  if you want.
• The tests are repeatable. This means that you can repeat your entire
  test suite as many times as you want, and running the tests doesn’t affect
  the environment (or future iterations of the same tests) in any way.
• The tests are automatic. You don’t have to manually browse your
  application or execute tests. You just type make test, and
  Apache-Test takes care of everything else.
• You get a self-contained and pristine Apache environment. Simply not
  including tests in your code isn’t good enough - you want to have as much
  consistency in your environment as possible. Apache-Test gives you a
  separate Apache environment with its own configuration (including a
  pristine httpd.conf and php.ini) using your build. You augment the default configuration in a separate file, so that every change must be deliberate (it is also a good practice to keep your changes to the real Apache and PHP in a separate file, so that you can be sure that it has the exact same configuration as your testing environment). When
  you type make test, Apache-Test starts the server, runs your test
  suite, generates a report, and stops the server.
• Your application is executed with the real PHP, not the command line
  client. While the command line client might behave the same way, it’s not
  guaranteed to do so, and it represents a variable that ruins the ideology
  of testing.
• It’s very mature and stable. Major companies and open source projects
  have been using Apache-Test for years. It’s a proven tool.

These are the major features (that I can think of) that I find particularly
appealing. I’m sure there are others. Perhaps a nice side-effect is the
potential for cross-pollination between the Perl and PHP communities.

If you’re interested in learning more, please download the
demo and the
slides from our talk. To run
the demo, you’ll need
Apache-Test 1.16
or greater. You can find the most recent version from
search.cpan.org.

This testing framework is only available for Apache.

Related link: http://www.theperlreview.com

The Winter 2004 issue of The Perl Review is now available for subscriber download from our website. Print versions go into the mail next week.

Features include:

• Down Translating XML — Alberto Manuel Simões
• Module Release and Beyond — brian d foy
• Functional Perl Programming — Frank Antonsen
• Faking Stored Procedures — Zach Thompson

There are a lot of changes with this issue, including a completely re-designed look by Eric Maki, and recurring columns for Perl Mongers and The Perl Foundation.

Since the last issue, we have also added some online discussion fora and RSS feeds. See The Perl Review webiste for details.

Related link: http://www.decaffeinated.org/archives/2004/11/22/popups

The pop-up blocker in Firefox is wonderful, but it’s stop worrking. I thought I had messed something up, but the other side has just coded around it.

In short, Flash is popping up these windows from within its code, and Firefox can’t block what it can’t see.