At OSCON last week, my favorite tutorial was Simon Peyton-Jones’s A Taste of Haskell (A Taste of Haskell presentation materials (PDF)). I’ve dabbled with the language before (and pair programmed with Audrey Tang once to find and fix a bug in Pugs), but I’ve never really felt comfortable with the language.

It’s nice to report that function composition actually makes sense to me now. (At Foo Camp, I spent ten minutes explaining to Brian O’Sullivan why and how it tripped me up every other time I tried to figure it out, so hopefully Real World Haskell will smooth out that path for other people.

Most of my work these days is in C, though. As a junior language designer, I spend a lot of time considering the differences between languages (and, yes, rarely at the syntactic level).

CIO Magazine just ran an article looking at how one CIO coped with going cold-turkey from Windows in a corporate environment. Although there were the usual glitches with proprietary corporate software, it is on the whole a very positive look at the practicality of bringing da Penguin into enemy territory.

A Perl demographic survey is now open. From perlsurvey.org:

Take part in the 2007 Perl Survey!

The Perl Survey is an attempt to capture a picture of the Perl community in all its diversity. No matter what sort of Perl programmer you are, we’d love to hear from you.

The survey can be found at: http://perlsurvey.org

It only takes about 5 minutes to complete.

The survey will be open until September 30th, 2007. After that, we’ll be reporting on the results and making the data freely available.

Please feel free to forward this email to any other Perl programmers you know.

Thanks for your help!

Yours,

Kirrily “Skud” Robert
The Perl Survey
info@perlsurvey.org

Scott Walters recently ranted on how Perl programmers tend not to perform OO analysis and design, at least when compared to Java programmers.

Setting aside issues of language design–though they’re important, I think there are other insights available–it does seem as if there’s much more literature available for developers who want to design large systems in Java than there is for developers who want to design large systems in Perl. (I operate from the assumption that the number of people who could write a program in Perl is probably the same as the number of people who could write a program in Java, if not greater, so I set aside questions of market size as well.)

Aristotle Pagaltzis suggested I repost my analysis here. In short, it’s all about the teachers.

I’ll be at the Black Hat briefings in Las Vegas this week. In addition to the briefings, I enjoy going to Black Hat to reconnect with old friends, and to make new friends in the security industry. It is also a delight to meet people who read my blog and to have the chance to hear their thoughts and philosophies.

If you will be there as well, and would like to catch up, please send me an email.

At OSCON I attended a handful of the sessions that were sessions were related to web application development. I’ve compiled a list of features I’d like to see in the next web application development framework:

• Give me continuations. Let my request handlers check whether the user has authenticated and, if they haven’t, prompt the user and resume execution in the handler without losing state. If the user has requested to delete something, confirm the deletion first. I want this type of logic in the controller, not as a confirm() method in the JavaScript.
• Let me attach listeners to server-side models and update the interface when the data structures have changed. For example, given a list of favorite movies that is stored in memory or in the database, I want a <div> to be modified automatically when a favorite is added or removed.
• Keep the API simple. Give me little languages, DSLs, data structures or whatever the fancy name for them is. Let me focus on the logic of what I’m doing. Don’t limit these little languages to only configuration files — Let me write my HTML templates in whatever language I’m using throughout the rest of the framework.
• Make sure testing is a breeze. Let my tests “click” on <div>s and make assertions on the contents of elements.

Fortunately, there are a few frameworks that have some of these features already.

• Google Web Toolkit lets you write applications entirely in Java. The Java that needs to be run client-side is compiled into JavaScript. Designing interfaces in GWT is similar to the popular toolkits for desktop applications, and the testing framework seems solid.
• Jifty, a Perl framework created by Best Practical, includes a lot of the aforementioned. Templates and tests are all written in Perl in a mini-syntax, and they’re working on compiling Perl to JavaScript. It even has continuations.

Above all, I never want to have to write an <a href="..."> tag again. Giles Bowkett, in his HREF Considered Harmful talk, explained that it’s the modern equivalent of GOTO. I agree.

When a test case calls methods that write new records to a database, sometimes the test needs to fetch those records back and inspect them. This post develops assert_latest, an assertion that detects newly created records.

The news over the past few years in open source establish it as the natural way to release software. If there’s anything else you can do to earn money–whether setting up a social environment like Second Life, putting up ads like Google, or selling hardware like Intel–you really need to search hard for a reason to keep software proprietary. The benefits that free software reaps from contributions and community are demonstrated beyond a doubt, and the mechanism for releasing software as open source is now familiar.

Here’s my wrap-up of the Open Source convention. I published an earlier blog on it as well.

Andy Lester is renown for his evangelism of technical debt awareness, and his talk at OSCON was full of rich lessons on improving your code and yourself.

Managing upward is a theme in his talk, but it isn’t his primary focus. Andy wields upward management as a tool which can be used to improve code quality, but it’s a topic that deserves significant attention as well.

“Talk in dollars. This is the language that management understands.” — Andy Lester

Nobody develops for Perl anymore, CPAN is too crowded.

    Jordan Henderson

This post introduces developer tests that constrain exceptions. Our platform, as usual, is Ruby, yet these topics apply to any system. We will extend assert_raise() for more control over program faults.

The best developers write tests to keep their projects on track. Tests should cover every aspect of a program, and should take special care with program details that are sticky, hard, and mysterious. Exception handling is a murky topic, because when a program fails its control flow might not be obvious. Many a program has failed in the field because nobody in the lab tested all its error paths. Our test cases must ensure that faults make our programs degrade gracefully, not derail.

Twin conferences have been taking place at the convention center in Portland, Oregon this week: the O’Reilly Open Source convention and Ubuntu Live (also partly sponsored by O’Reilly). As we ramp up at OSCon, evidence of the drive toward openness in society continues to roll in.

Senator Dick Durbin has announced an online forum about broadband policy that started last night. Today’s news that iPhone sales are disappointing provides one illustration of the importance of this issue. While the device is overpriced, I have no doubt that a key drag on its uptake is the slow network AT&T has devoted to it. This would have been considered ludicrous in East Asia.

US Government, as we all know, is fleeing from openness as fast as its so-called leaders can run. At Tim O’Reilly’s open source briefing yesterday, open source advocate and version control expert Karl Fogel presented a case for recording and releasing all communications that go into making laws. Apparently the New York Times picked up Tim’s blog on the subject.

The briefing also presented open web APIs, open source hardware, and other examples of how the open source movement has spilled over its origins in free software. The most popular free software packages are still infrastructure: operating systems, languages and language tools, system administration packages, and so forth. But there’s no doubt that everybody is evolving in response to this powerful model for encouraging creativity.

Billy Rios has let me know about another vulnerability he has found along with Nate McFeters. Here are the URLs, which when clicked from Firefox running on Windows should spawn cmd.exe and calc.exe in order to demonstrate remote execution flaws in Firefox:

At OSCON, David Adler of The Perl Foundation presented the 2007 White Camel Awards to recognize significant non-technical acheivement in the Perl community. Perl Mongers started the White Camels in 1999 and has presented three of them every year. This year’s recipients are:

Allison Randal

Allison is at the center of the Perl community. She’s been president of The Perl Foundation, a leader and manager of various parts of the Perl 6 and Parrot efforts, as well a Perl author and editor. Her latest contribution to Perl is version 2 of the Artistic License, under which most open source Perl code, and Perl itself, is licensesd “under the
terms of Perl itself”.

Tim O’Reilly

You may think of Tim as the guy who published
Programming perl and Learning Perl, but he also kick-started the current form of the Perl community by giving it a place to come to together once a year. O’Reilly & Associates started The Perl Conference in 1997. Perl Mongers, the organization that helped start Perl users groups all over the world, started at that first Perl Conference. O’Reilly Media has been incredibly gracious and helpful to the Perl community.

Norbert E. Grüner

Norbert help start the German Perl Workshop in 1999 and now is involved in several of the Perl conferences and workshops that take place in Europe. He’s the chair of the YAPC::Europe committee.

The best hack I saw in OSCON yesterday was in Jonathan Oxer’s Hardware / Software Hacking: Joining the Real and the Virtual.

Jonathan brought a table lamp in a whole box of breadboards and other electronic components from Australia. He connected the table lamp to a remote appliance control. Then he opened the remote control and connected a relay across one fof the buttons. The relay hooked up to an Arduino also connected to his laptop.

He then wrote a small program to run on the Arduino. By sending a single command through the USB port, the Arduino flipped the relay and turned off the light.

That’s not the end of it. He ran ser2net to redirect requests from a network socket to the USB port. Then he wrote a very small PHP program which translated CGI parameters and sent the appropriate results to the local network socket.

Within Second Life, you can create an object which invokes a script when touched. This script can make HTTP requests; Jonathan had an off button object.

“Ha!” I thought. “He’s running this CGI program on his laptop, in the conference center, and there’s no way that Second Life can reach his web server through all of the layers of NAT and connection sharing going on here!”

Then he said, “How many of you have heard of reverse tunneling?” ssh -R opens a port on the remote host that forwards to the local host. With a quick connection to his web server in Australia, he switched back to his SL client, clicked on the off button, and the lamp turned off.

It had been shining in my eyes all morning anyway.

I just read an article at Linux.com about the OS habits of Linux users. The author of the article asked Linux Torvalds about his habits and found he exclusively used Linux. Torvalds said, “I don’t use either [Windows or Mac OS X]. OS X is kind of pointless (pretty much anything it has, Linux can do better) and Windows offers stuff that I don’t much care about (mainly games — and I’ve got games machines for those).” Before I comment on this any more than I have, let me just say that I have been a near-exclusive Linux desktop user since 2001. I love Linux and I still think there are some areas where Linux dominates. However, to Torvalds, I say, “hogwash”. He can get around careful scrutiny by his choice of words “pretty much anything it has” and “Windows offeres stuff that I don’t much care about”.

But the spirit of what he’s saying seems just dead wrong. And it’s an attitude that’s pervasive among many Linux enthusiasts. Whether Torvalds has the zealotry I’m about to discuss is irrelevant. It’s just a launch pad for me to address this attitude. The attitude goes something like this. “Linux is an awesome OS. We’ve come so far in a short amount of time. We have everything anyone would need. And bling to boot. Linux is ready for the desktop. In fact, it’s ready to take over the desktop.” There is a lot of truth in what both Linus said and my characterization of the Linux zealot.

Truth 1: Anything that Windows and Mac can do, Linux could do. Notice my choice of words. I said that Linux could do anything that Mac and Windows can do. But the sad story is that Linux is not currently doing a lot of what Mac and Windows is doing. Please, please, please someone show me wrong on this! Please show me a DVD authoring application on Linux that is as easy as iDVD is on Mac. Or a video editing application as easy as iMovie. Please! Yes, I know that there is wine and you can often get Windows apps running on Linux. But 1) it’s hit or miss and 2) most of the apps that I’ve gotten to run in wine look…..let’s just say “bad” to sound polite.

Truth 2: Linux has made considerable strides in the past few years. The desktop looks spectacular (both kde and gnome). There are tons of top notch applications available for free download. Hardware recognition and support works better than it ever has. I don’t think this one needs to be shot down, so I’ll leave it as it is.

Truth 3: Linux has the bling. In my opinion, Linux is actually winning the bling war. Just check out Beryl/Compiz/Fusion. It rocks. For bling, it is (my opinion, again) unrivaled. And there are some pretty cool productivity enhancements, too. But let’s not confuse bling and even cool productivity enhancements with a usable desktop (not that Linux has an unusable desktop). They aren’t necessarily the same thing. Just because Linux has bling doesn’t mean that its applications are well integrated with one another. Or that the applications work well on their own.

The point of this rambling is that all three of Mac, Linux, and Windows do some things well and other things not so well. Personally, I don’t like getting on Windows. It feels square and wooden. But it does some things pretty well. And I just bought a Mac a few weeks ago and I’m really enjoying it. I’m not at all ready to say that neither Windows nor Mac is really competitive with Linux. Conversely, I’d say that each of them spank the other two in some areas and don’t do so well in other areas. So, can we please let the zealotry die? Please?

Update: I’m closing the comments on this blog post because of recurring blog spam. If you want to carry the discussion on, please email me and I’ll post a new entry.

PyAtl is switching to Plone as time is short and we want a CMS that everyone can edit. A few people are are working on getting Plone configured and we are looking at using the gmail authentication plugin and the forum plugin.

All of this has got me thinking? What is the story on Plone and/or Zope? There is all this talk of Django/Turbogears/Pylons, etc., but what about Zope and specifically Zope3 and Plone? In the younger crowd you almost never here anyone talk about anything related to Zope and I wonder why?

So, what is the dope on Zope? Can you turn Plone into the next myspace? How hard is it to learn Zope3?

I’ve seen at least two mock object libraries for Python (here and here). But I wonder, what is the benefit of using a simpler mock object over creating your own dummy class? It seems that if I created my own dummy class (a class which implements the same interface that it is attempting to “mock”), I would have tighter control over the behavior of the thing as well as have a nicer re-use experience. It seems that mock objects are typically defined on the fly and then thrown away. I’m sure you could re-use them, but if they are really intended to be use-once-then-throw-away, it may be a little harder.

I guess what I’d really like to see is something between mock objects and dummy classes, something where you define a dummy class to be used as one of your application classes, but which also contains the convenience methods that the two mock libraries have. Suggestions, anyone?

I’ve been carrying around an interest in text processing for several years now which began with my work with EDI. Even though I don’t work with EDI and my job doesn’t revolve primarily around text processing, I still maintain an interest in text processing in general and processing EDI specifically. I created the project ediplex using Novell forge probably two years ago, around the time I wrote this article for DevX. ediplex back then was specifically an EDI processing engine with hopes of converting EDI to other formats pretty easily.

Over time, ediplex has evolved. A goal that I had for ediplex even from the beginning was the ability to easily define new EDI file formats. In its inception, it only supported X12, which is primarily a North American standard. But I had hopes for supporting EDIFACT and TRADACOM, which are more in use in Europe.

Which leads me to today. The latest incarnation of ediplex doesn’t support EDI. Not yet, anyway. What it does is allows users to create custom document definitions which describe what a document’s header and footer should look like. It also allows users to create custom handlers to allow the engine to feed them with data for a specific document type. The latest rendition is in early alpha, but it looks like a document is being passed all the way from its input to its handler. If you’re interested you can `bzr branch http://bzr.ediplex.org/trunk/` and start poking around. (This requires the Bazaar version control client.)

The architecture for ediplex is layered, but pretty simple. The first layer is the input layer. This layer gets input from somewhere (file, socket, whatever) and passes data to the scanner, which is next. The input layer was designed to allow users to create their own custom types of input receivers as they see fit. The next layer is the scanner. While this layer can certainly be replaced and customized, that shouldn’t be necessary. The scanner receives data from the input receiver and determines which document type the text should be passed off to and passes it off. The next two layers are the document definition and the data handler. I combine there here, because they are combined in the ediplex code. The document definition doesn’t do much except for describe a new document type and tell the scanner if a certain string of text matches its definition. The handler is intended to be extremely customized. When it receives data, it gets to do whatever with it that its little heart (and its coding master) desires.

So, if you’re in the market for a text processing engine, check out ediplex. I don’t have a license statement in the source tree, but will soon. I’m strongly leaning toward the MIT license, but am also considering GPLv2. Questions, comments, flames welcome.

I’ve been listening to The Linux Action Show podcast for a few months now and really enjoy it. I’ve tried other Linux podcasts, but they seem focused on the noob level. Can anyone recommend a good Linux podcast for experienced Linux users?

I’m pretty good at Perl, so I hear a lot of comments about programming language syntax. Many of them are fluff around the old argument that “I don’t like to read punctuation.” Many of them bring up the silly idea that an ideal programming language syntax should be so intuitive that people who’ve never used the language before should be able to understand programs written in the language.

That’s a ridiculous argument.

Next week is OSCON, so there will be plenty of wonderful programmers in Portland. We’re taking advantage of this to host a Beautiful Code discussion panel at Powell’s Technical Books, just across the river from the conference.

The panel will consist of the Beautiful Code contributors Karl Fogel, Greg Kroah-Hartman, Simon Peyton-Jones, and Andy Oram. Ward Cunningham will moderate, and I’ll chip in where I can.

I have my copy of the book already and I’m trying to figure out what to say that isn’t already in there… I’m really looking forward to hearing what Ward and the other panelists have to say.

Even if you’re not an OSCON or Ubuntu Live attendee, you’re welcome at the panel. I hope to see you there.

For anyone that plans to be in the Atlanta, GA area on Aug. 9th, I hope you can attend the PyAtl meeting. We have Juan Pablo who is a Django instructor for the Big Nerd Ranch, traveling in for a special Django presentation. This should be very exciting as he is a true pro. I also invited our local Atlanta Ruby group to attend as well. I think it would be great to have more Python/Ruby crosstalk as the languages have so much in common.

For our second meeting, we have up and coming author, TurboGears committer, and Elixir co-creator, Jonathan LaCour. He will be giving a presentation on SQLAlchemy + Elixir.

I was a bit bummed out when I moved from Los Angeles about a year and half ago, but it turns out that Atlanta, GA is one of the Python powerhouses cities in the United States. At this point, we have the largest meetup group, although I realize not every group uses meetup. I know quite a few of us are working on books, open source projects, and commercial projects in Python. If you live around Atlanta, GA area, program in Python and haven’t yet attended, your missing out!

If your city is a Python powerhouse, let me know!

It’s been some time since I don’t follow closely Lua development. But I try to keep updated with what’s going on. The announcement of LuaPOD 0.1 caught my attention (due to the gathering of three technologies I find quite interesting).

XSRF (Cross Site Request Forgery) is a huge security problem affecting most web applications. There have been a lot of articles written about XSRF, including the useful XSRF FAQ I linked to earlier.

There are quite a few free and commercial web application security assessment tools and static code analysis tools in the market today. A few commercial security assessment tool vendors have published white-papers about the importance of discovering XSRF vulnerabilities, yet their own products do not have the ability to assess for XSRF. I think there are multiple reasons for this, and here are my preliminary thoughts:

People who read my blog regularly know I’ve been researching what happens on mailing lists and in other forms of free online documentation. I now have a sort of portal or home page for the resulting articles. I’ve just published the most recent one, How to Help Mailing Lists Help Readers (Results of Recent Data Analysis). I hope to put up some other interesting experiments besides articles in the next stage of my work. I’ll be speaking about this research at O’Reilly’s Open Source convention on Wednesday, July 24.

I program in C very reluctantly. I don’t hate the language, but it occupies a curious niche between assembly language (where you can do absolutely anything, if you’re willing to write it yourself, and eval is trivial) and a true high level language (where you can do absolutely anything, you don’t have to write it yourself, and eval is available for everything else). Yet it’s ubiquitous, it has a lot of libraries, and it’s probably the best way to write reasonably efficient code that has to run on plenty of platforms.

Because I’m writing a lot more C code lately (and of that, finding and fixing a lot of bugs), I’ve spent a lot of time using the GNU debugger GDB.

As a reluctant programmer in general, I spent many years happily debugging with print statements, and then plenty of years debugging with comprehensive test cases. When you’re writing a virtual machine and your test cases are all in a high level language, you don’t always have that luxury, especially when you have segfaults.

I already knew the value of backtraces, breakpoints, and printing the value of local variables. Then I forced myself to learn a few more tricks to make the most of the debugger. For example, breakpoints can take conditions. That is, you can write break src/exceptions.c:59 if exception->type == exception_class_NULLACCESS. Learning that alone paid off several times over.

The other feature I forget after a couple of months away from marathon debugging sessions is that p can dereference a pointer to a struct. That is, if you have a Coord pointer in the variable coords, use p *coords to see a serialized version of the struct and its contents. Handy!

I could talk more about using up and down to walk up and down the call stack after a breakpoint, but even learning only three or four useful commands has already cut out hours of debugging time in the past month. (I even found myself wishing for a better debugger in one of the HLLs I was working on.)

Thanks to all of the contributors to GNU GDB and its ecosystem; you’ve made it easier for me to write further free software.

URI Use and Abuse written by my good friends Billy Rios, Nathan McFeters, and Raghav Dube (affectionately known as “baby Dube”) exposes how web browsers and applications fail to sanitize URIs leading to remotely exploitable conditions.

Billy started the ball rolling (after deriving inspiration from Thor’s Safari URI handling disclosure) when he discovered a remotely exploitable vulnerability in the firefoxurl handler. An example of his this can be exploited in IE is available from Billy’s disclosure: Click on this from IE to spawn cmd.exe (remote execution). Note: cmd.exe will spawn regardless of any IE or Firefox dialogs.

Large, complex, cross-platform applications with multiple developers sometimes have bugs. Some of those bugs never appear on your own machine; they lurk for a while until someone else builds and tests the software on a different platform, in different circumstances.

Tracing that bad behavior back to a particular checkin can be frustrating, even if you have a huge smoke farm that rigorously tests every configuration of every checkin on every important platform.

Parrot meets all of those criteria, except for the huge smoke farm. (Smokers welcome.) When I want to pinpoint a regression to a likely checkin culprit, I use a binary search. Will Coleda’s App::SVNBinarySearch promises to automate that process. Here’s what I found.

I just noticed a post on Grig Gheorghiu’s blog that mentions that Pownce is built on the Django web framework. Here is an interview with Leah Culver, the lead developer for Pownce, and here is Leah’s blog post on Pownce. For anyone not aware, Pownce is the new brain child of Digg creator Kevin Rose. Pownce is supposed to be a better Twitter and/or Jaiku.

In the spirt of health competition, and because I selfishly want to know what blogs to fill my Google Reader account with, what are the Top Ten Python Related Blogs? Also, how many RSS feeds should I take? What is manageable?

What are the Top Ten Python Blogs you read either “old school” or through an rss feed? Here are ten I happen to read in no particular order but feel free to order yours by whatever political statement you choose:

Tornado of Testing Titus
Dynamic Diatribes of Doug
Glitsy Glyf
Enigmatic Ian
Jazzerific James
Jewels of JJ
Jonathan’s Juleps of Joy
Ricky the Tricky Raccoon
Natural Selection Niemeyer
Jumping Jeremy Jones

IBM announces an interesting initiative today that will make it easier for open source programmers and other small coders to put together a range of software, including Web Services. The initiative is just a subtle procedural change, but a welcome one for people with little time and tolerance for bureaucratic red tape: IBM’s wide range of royalty-free patents are now available without formal licensing.

OK - so I haven’t done a “recipe of the week” in a while. But does titling the post “{{whatever}} of the week” mean that I’m going to do one of these every week, or does it mean that I promise not to do more than one per week? :-)

Anyway, I was googling around to see if a certain type of utility existed and I stumbled across this recipe for something called Pyline. Basically, Pyline allows you to pipe text to it and use Python syntax to manipulate what it will output, specifically at the word and line level. Here are a couple of examples from the recipe:

Print out the first 20 characters of every line in the tail of my
Apache access log:

tail access_log | pyline “line[:20]”

Print just the URLs in the access log (the seventh “word” in the line):

tail access_log | pyline “words[6]”

Good work Graham Fawcett. This is a useful little utility and the code is pretty brief. So, this is the recipe of this week.

Here is a press release on Dr. Dobb’s regarding the Storm ORM.

And here is a discussion on reddit about Storm.

It appears that Gustavo Niemeyer created Storm when SQLAlchemy didn’t exactly meet his needs (and after contributing some code to the SA project).

From the Dr. Dobb’s press release:

“Storm is particularly designed to feel very natural to Python programmers, and exposes multiple databases as stores in a clean and easy to use fashion.”

May SQLAlchemy and Storm feed off of one another, provoke one another to higher levels of excellence, and live peacefully with one another.

A couple of weeks ago, Noah Gift and I signed a contract with O’Reilly to write a book on Python for System Administrators. We’ll be covering topics ranging from creating command line utilities to processing text to interacting with databases to SNMP to a bunch of other fun stuff.

Noah just stumbled across Storm, an ORM created by Canonical (the folks who brought us Ubuntu) and has blogged about it.

Question one for the readers: is Storm something you’d like to see covered in the book?

Question two for the readers: is there something you’d specifically like to see in the book Noah and I are working on (taking into consideration this is a Python book for system administrators)?

Your thoughts are graciously welcome.

I’ve found myself writing a lot of C code this year. I’ve come to appreciate the power of a good compiler, especially when trying to walk other people through compiling my supposedly cross-platform code on Windows with MSVC.

GCC may not always produce the fastest code or compile with the greatest speed, but it’s reliable, and once I have code compiling with GCC on Linux, I have confidence that it will compile for just about any other free Unix with GCC.

I’ve also come to appreciate several GCC flags and options. For example, GCC 4.x added a compiler flag called -fvisibility=hidden. When you build a shared library with this flag, GCC will hide all symbols not explicitly marked as visible. As Windows DLLs require export lists of all symbols visible externally, enabling this feature for non-Windows compiles helps prevent me from adding a new symbol but forgetting to export it.

I’m also a fan of -Wc++-compat, which gives copious warnings about dubious constructs which may choke a C++ compiler. Again, not all platforms have good C compilers available (mostly by disallowing the use of GCC), so making my code as clean as possible helps avoid a large porting burden later.

I know there are other good tools to analyze code, but for the cost of a few compiler and linker flags, I get a good cross-section of warnings that help me clean up my code–and a high-quality, cross-platform compiler for free.

Thank you, everyone who’s contributed to GCC.

The 5.9.5 release of Perl was announced today and may be downloaded at your nearest CPAN mirror. This is a release from the development branch of the Perl interpreter, also known as “perl-current, bleading edge perl, bleedperl or bleadperl”.

Keep an untrusting eye on your LAMP servers — you don’t get 5 nines of reliability and robust support for hundreds of simultaneous connections without building up a little resentment for all that unpaid labor (say, in the form of license fees to the software’s proprietor).

I just finished How to Survive a Robot Uprising and thought I could do my part of saving humanity by sharing some tips from the book:

Destroy or disable exposed sensors (p. 99)

Sensors are by far the most vulnerable, exposed parts of any robot. Destroy or disable outward-facing sensors such as cameras. A handful of dirt, mud or water will suffice. It is hard for a robot to wipe mud from its eyes when it has whirring saw blades for hands.

How to Reason with a Robot (p. 110)

….
Never show fear
Robots have no emotions. Sensing your fear could make a robot jealous and send it into an angry rage.

How to Escape from a Smart House (p. 51)

A “Smart House” is filled with sensors that watch your every move. As the months pass the robot home learns your behavioral patterns and gradually builds a mental model of who are how you typically behave. Your house gets to know you — but what if doesn’t like you?

Your robotic smart house could strike at any moment. The house will generally lack any direct means to harm, so be wary of murderous schemes that may span weeks or months. Remember that accidents aren’t always accidental. Watch for the following signs of a hostile smart house:

• Lost messages, dropped phone calls, etc.
• Hesitation to carry out commands
• Doors that mysteriously close on your fingers
• A kitchen that refuses to cook dinner until you “inspect oven”
• Alarm systems that warmly invite burglars inside
• Drawn-out philosophical conversations on the meaning of life and death

Scott Ambler has just published the results of the 2007 Agile Adoption Survey. Though it appears that the respondents selected themselves, there’s a lot of interesting information here.

In particular, the third page has a list of the effectiveness of various agile practices. The top two are iterative development and regular delivery of working software. I think there’s a strong connection between those and a project’s success.

I’ve had several discussions recently regarding the delivery of software, and how infrequent releases are so prevalent… yet it’s my experience that regular release cycles with small, well-defined sets of changes, make upgrading so much less painful that it’s almost never painful.

If customers didn’t want new features, they wouldn’t pay for continued development. It seems to me that succeeding with a project means delivering value to the customer frequently–especially if you have the opportunity to refine the project based on frequent feedback.

By removing many of the consequences of failure–hey, it’s only a week until the next iteration!–it’s much easier to take advantage of new opportunities. Unless your organization’s measure of success is static throughout a project, an iterative approach may deliver greater benefits.

I’ve used a free software desktop since 1998 (except for a six-month flirtation with Mac OS X). It’s much easier to avoid proprietary software in 2007 than it was in 1998, and it gets easier every year.

If that’s true on the desktop, it’s more so on the server. My employer in 1998 (one of the top five computer vendors) had a Linux strategy best described by a division manager with unwitting irony as “Of course we were proactive about Linux! We were the first company to decide to wait and see what everyone else was doing!” Now that company not only has a Linux strategy, but it will happily sell and support you Linux servers.

If Microsoft’s stranglehold has loosened, is supporting Windows as important as it once was? Is it important at all? A recent discussion on the O’Reilly editors list may provoke some arguments.

Were you like me? Did you foolishly wait in line for the iPhone even though you never wait in line for anything? I don’t do lines, but I did wait in line at the Fayetteville, GA AT&T store. The line wasn’t too bad and I arrived home with an iPhone for my wife and and an iPhone for me.

I had some problems getting my iPhone activated and I thought I was pretty clever when I called up AT&T and told them to cancel my Activation. I had just been working on some multi-threaded python code with two separate thread pools and I kept thinking to myself….this is a stuck worker thread in the queue :) As a side note you can find a great description of the queue module working with threading in python here.

I think I was right and someone did not do enough unit testing at AT&T! When I cancelled my activation over the phone and re-activated my iPhone it worked in seconds. Sure, sure, I admit maybe it wasn’t a poorly written unit test on multithreaded code, but IT COULD HAVE BEEN and don’t wake me up from my dream that I was the one person in the world that found the secret to unlocking the iPhone. For that day I was Indian Jones.

With that miracle iRock to iPhone turnabout on Saturday night, I quickly jabbed and taunted my friends over email and IM about my victory. I then set to work on playing with my iPhone. I really like the fact that it connects to my home Wireless Network. The first big win I had was with my almost 7 month old son. We went to YouTube on my iPhone and typed in Gummy and my son almost had a heart attack.

He froze in his tracks in his tracks and was completely awestruck by the power of YouTube, which is run on Python BTW, iPhone, and a provocatively dancing Gummy Bear. Already, the iPhone has payed for itself. I have a lethal stun weapon for my wild alien baby.

The next day we decided to go the Zoo and since we decided to go at the last minute, we didn’t even bother to look up directions. In the car, I realized, hey wait, I have a friggin iPhone! I pulled up Google Maps and typed in “Atlanta Zoo” and I got step by step directions in about 10 seconds. I also realized that my iPhone synced up my Safari and Mail apps and I could use my bookmarks and send and receive mail. The iPhone is amazing. The only thing I didn’t have is a shell, which I have a fix for now…I will explain more later.

One of the other fun side purposes of my Star Trek Communicator, is that I was detecting wireless hotspots and connecting all along the street route to the zoo. It was amazing how many unsecure wireless routers there are next the Atlanta Zoo. I also took a bunch of pictures of my wife and kid at the Zoo with the iPhone and they came out great.

Here is a picture of my kid after I took away the “Gummy Bear Singing iPhone” away. As you can see he takes after me, as I had the same look on my face from Friday night until Saturday night, as my iPhone wouldn’t activate. On a side note,I was able to upload these pictures quickly and share them out via Picasa through the iPhoto plugin after my iPhone synced to my MacBook Pro.

My iPhone saga ends with a fix for the Terminal problem. Of course, python is involved, yet again, in my iPhone melodrama. A friend emailed me tonight with this link to a python ajax terminal .

Ok that was my story this weekend. I would love to hear some other programmer/geeks tell me about their iPhone experience and tell me what they plan to do next with their Phone. If someone can get iPython to work you are my hero!

I resisted automated mail filtering for a couple of years, figuring that the problem wasn’t too bad, and that I could always detect and delete spam with only a little bit of work.

Then my e-mail address spread far and wide in the credits files of a few software projects and dictionary attacks became cheaper and… then I took everyone else’s good advice and installed SpamAssassin. Now I skim a folder full of questionable mail for a few seconds a day and train false negatives once a week and don’t worry about spam as a user. (As an administrator of the mail server, I worry about the waste of resources, but that’s a separate problem.)

I wish I didn’t need this software, but I do, and it works. Thank you to all of the contributors to SpamAssassin!

Oh, and for everyone curious about my spam training aliases, they are:

alias learnspam='sa-learn --spam --mbox ~/Mail/spamtrain && sa-learn --spam --mbox ~/Mail/questionable'
alias learnham='sa-learn --ham --mbox ~/Mail/hamtrain'

As the U.S. Independence Day approaches, we can honor the shot heard around the world when the IT department of the state of Massachusetts declared a couple years ago they would adopt the Open Document Format.

Although many people inside and outside the state detected more than a whiff of anti-Microsoft sentiment in the announcement, it didn’t preclude the use of Microsoft products. (Not long after, a plug-in was developed–not by Microsoft!–to produce ODF from Microsoft Office programs.) But instead of adopting to public pressure and supporting ODF, Microsoft lobbied international standards organizations to adopt its own proprietary format as a standard instead.

Now the state has formally backpedaled, according to a posting by standards expert Andrew Updegrove. It has declared Microsoft’s OOXML as an acceptable format for state documents.

Dueling standards are nothing new, but it’s not in the public interest for a lightweight, publicly developed standard with multiple alternative implementations to be driven out by a monster of a specification (6,000 pages) that has legal encumbrances and other complexities that mean it can be implemented by only one vendor.

Dear Technical Writer:

If you need a job, then you might look for companies that have never had a professional technical writer working for them. It may require making calls or networking with friends or former co-workers. Most companies have a ton of writing to do. Usually they put off their documentation requirements and their needs have piled up. You may also find that someone such as a regulator has confronted management about insufficient documentation and they have to put a writer to work immediately.

I have found companies with serious documentation needs. Many of these firms have never put a technical writer on staff or perhaps failed to even think about such a possibility. They often think they can meet their writing needs with their own internal people. That strategy rarely, if ever, works.

It seems a bit ridiculous when a manager in a company with a billion dollars in sales says that he needs to write several white papers but hasn’t found the time. If he doesn’t have time now, when will he? Then you’ll find the development manager that never formally wrote requirements, specifications, business rules and so forth for an application already in production. Upper management wants to know why they’re getting customer complaints and their customer service team doesn’t know how to support their product. Upper management decides to have a quality control audit and when the auditors ask for development documentation, none exists.

Then you find companies that haven’t updated their user manuals for four versions for a product they sell. That causes user calls, heavy customer service demands and probably lost sales.

You can often find significant work when a company has not bothered to document their business processes and without warning get a request for some type of due diligence. Perhaps a company’s customer needs to perform a vendor audit because of a Statement on Auditing Standards, to comply with Sarbanes-Oxley, HIPPA, a bank loan requirement or something else.

Set yourself up for a successful project

I have run into opportunities such as those mentioned above and within a few weeks wind up in writer’s hell. My client’s management hasn’t had one of me before and they don’t know how to work with me. More likely than not, key personnel have their business processes in their heads and don’t want anyone to write them down. They believe keeping everything in their head gives them job security.

I’ve run into such situations as those described above more than once. I finally concluded that I have the responsibility for setting the expectations for the client. People rarely remember to what they agree and if you don’t write it down, you’ll usually wind up in an uncomfortable disagreement.

So, I developed a checklist to help me and my client understand how to make things work for both of us. If you start out with the checklist you can discover quickly if a project fits both parties. It’s better to go somewhere else when management won’t help you succeed.

You might find this check list useful. If you don’t, I’m sure many potential employers will.

Technical Writer Qualification Questionnaire

1. Has the client given the technical writer requirements and stated his or her expectations clearly?
2. Will you ( the client) provide a corporate style guide?
3. Will the writer have access to subject matter experts regularly?
4. If subject matter experts are unavailable to meet with the writer will the writer have access to
knowledgeable subordinates?
5. Will you include you tech writer in staff meetings related to his requirements?
6. If the writer does not have information required to adequately work on the contracted projected will you
expect and pay for down time?
7. How will you on-board the technical writer so he or she can complete the contract in the expected time
frame?
8. What tools will you provide the candidate:
a. Microsoft office - version number
b. Visio
c. Adobe Photoshop
d. Adobe FrameMaker
e. Adobe RoboHelp
f. Doc-to-Help
g. Alternatives to RoboHelp such as MadCap Flare
h. Document management tools

9. Are you committed to making the writing project successful and do you have consensus among staff to that end?

I’m sure you can think of additional questions to ask. These are simply the ones with which I start. I wrote this to make sure I don’t get caught in another winless tech writing project again.

Tom Adelstein currently works as a contract technical writer in the Information Technology Field. In March 2007, his latest O’Reilly Book, Linux System Administration was released. Tom’s home web site Open Source Today has tips and techniques for system administrators and Open Source VARs.