Adriaan de Groot, vice president of KDE e.V., wrote a short essay on Target Platforms for KDE.

His divisions of four types of target platforms is instructive; the two major axes are free/non-free and Unix-like/other.

“Unix-like” is an awfully big grab-bag, however. The joys of trying to figure out dynamic linking on Mac OS X ought to put to lie the shrill claims of the turtlenecked faithful that it’s just BSD with a shiny GUI (maybe BSD circa 1987, when everybody wanted a magnesium case). I almost dare not even imagine how much fun it is to coax compilers on non-free Unix-like platforms into interpreting modern C++ correctly.

The nice part of free Unix-like platforms is that they’re easy to obtain and install. The monster machine sitting in my other office can run multiple VMs for *BSD and OpenSolaris simultaneously, so testing a patch for portability requires a little bit of system administration and a little bit of discipline to script the process. Testing a non-free platform, Unix-like or not, is much more difficult.

POSIX and free redistribution and source code availability gives us a much better chance of figuring out and fixing those problems than we’d have otherwise. However, that’s no substitute for platform-specific experience – having an OpenBSD VM running doesn’t mean that I automatically know why OpenBSD’s handling of, for example, complex math is different from that of FreeBSD, or how to fix it. Sometimes there’s no substitute for a little elbow-grease from a passionate user of the platform. It’s nice that projects such as KDE actively support it.

Very interesting focus on the fraud by a trader at Société Générale on a new blog site by O’Reilly author Karim Yaghmour. (Karim wrote Building Embedded Linux Systems and now has founded a company devoted to securing email.)

Recently, I had the pleasure of flying from Vacouver, BC, to Edmonton, Alberta on an airbus 319. I was delighted to find a 110 V AC power outlet in the seat back in front of me. Having never seen this before, I had to take a picture and share it.

Note the power charger icon in the mac window. Also, there is a USB plug visible on the left side of the display. I believe that is for future use on games (the PS3 has a USB input, I think these will allow the controllers to be plugged in and used for game playing).

It’d be wonderful to have power on all flights - kudo’s to the Airbus 319!

Brent

It’s a sad old story, a story we’ve all gotten tired of–the patent so brainless as to be almost worth citing as a creative act of industrial sabotage, yet awakened from years of dormancy with a hungry ferocity to claw and mangle everything in its path. This particular patent is being exerted by Trend Micro Incorporated against Barracuda Networks, Inc. for a firewall product incorporating the popular open source spam filter, ClamAV. Only this court case stands in the way of a power grab that would require all open source work on virus filtering gateways to cease.

The Trend Micro patent (5,623,600) simply suggests that virus filtering be provided in a firewall. That’s all. Patents are supposed to cover things that are novel, and not obvious to a person having ordinary skill in the art. This patent meets neither criterion. Although it was filed in 1995 and granted in 1997, Barracuda has found a good deal of written evidence that filtering at the router was widespread earlier. And if lots of people are installing virus filters on their desktop computers throughout a company–any fifteen-year-old could say, “Why don’t you put it all in one place under the control of people who know what they’re doing?”

I had some conversations today about Nokia’s purchase of Trolltech, the makers of Qt and Qtopia. From a conversation with Juha Seppa (Director, Devices R&D at Nokia) and an email exchange with Haavard Nord (CEO and founder of Trolltech), I discovered that the relationships of these companies vis-a-vis free software is not expected to change. I assume that Nokia simply wants to ensure the continued funding and unimpeded development of Qt and the other software that has made Trolltech popular on mobile devices.

First of all, Qt and Qtopia will continue to be released under the GPL. An open letter sent by Trolltech and Nokia management to the KDE community says, “We respect the symbiotic relationship Qt has with the community and we wish to continue and enhance this relationship.” Furthermore, “Nokia will apply to become a Patron of KDE.”

However, Nokia’s long-standing support of GNOME will also continue. They have been deploying Maemo on Internet tablets and will continue to do so. One of the big draws of Trolltech, though, was the strong cross-platform support in its software. Nokia currently uses at least three operating systems (Linux, Symbian, and one of their own), so preserving flexibility is crucial.

Help Net Security has posted an interview with me and Billy Rios titled Spies in the Phishing Underground.

If you enjoyed the interview, and if you want more details and screen-shots, check out our talk at the Federal Black Hat Briefings 2008 [February 20]. The title of the talk is Bad Sushi: Beating Phishers at their Own Game. Following is a brief description:

Use os.path for platform-independent manipulation of file names.

Ted Neward attempted to pull apart some of the silliness in the debate over scalability with Can Dynamic Languages Scale?. In particular, one of the most important insights is:

There’s an implicit problem with using the word “scale” here, in that we can think of a language scaling in one of two very orthogonal directions:

1. Size of project, as in lines-of-code (LOC)
2. Capacity handling, as in “it needs to scale to 100,000 requests per second”

Last night, the first stable version of Movable Type under a GPL license was released. You can download it from here.

Being a Perl coder and advocate of open source, the release of MTOS has great significance to me personally.

There is still a lot of work to be done in its transition, but progress has been steady.

With development of MT’s being mostly closed to date and Six Apart’s relentless focus on end-user user experience, the MT community has significant amount of designers, consultants and other professionals who use it to run their business and deliver solutions. What is now needed are experienced Perl coders to join the mtos-dev mailing list and start discussing how to improve the existing code, tap further into the collective experience found in CPAN, and in return, make what’s been developed for MT, an asset to the Perl community as a whole.

There definitely where some issues over the years in terms of code style and quality that are being addressed. It’s improved though there is still a long way to go.

Here are some links for getting involved:

• Contributing to MTOS
• Downloading MTOS
  • Subversion Repository
  • Nightlies
  • Stable Releases
• MTOS Mailing Lists
• The Movable Type Wiki

After recently coming across the secret Tom Cruise Scientology recruitment video, I was left wondering a few things. Could Scientology make you a better programmer?

Tom claims, “We are the way to happiness. We can bring peace and unite cultures.”, and “We are experts on the mind”. That sounds like a good recipe for just improving just about anything. I also noticed a lot of acronyms like KSW, and SP. He sounds like a programmer, maybe that is some new programming technique like agile programming, or extreme programming.

Tom also claimed, “When you’re a Scientologist, and you drive by an accident, you know you have to do something about it, because you know you’re the only one who can really help… “. I wonder if they are also good at debugging bad code? I would have loved to have heard something like, “When you’re a Scientologist, and you see code that isn’t tested, you know you have to write tests because you are the only one who can really help”?

Anyone else interested in seeing Tom Cruise back on Oprah’s couch talking about the right way to Unit Test? I suppose we can only hope….

Matthew Garrett did some quick calculations to figure out how much electricity the world wastes thanks to Adobe’s inefficient Flash player. Now I don’t use Adobe’s Flash player (partly because I’m no fan of poorly-coded proprietary software, but also partly because Adobe lies about its Linux support), but I’ve noticed that Flash on the machines of other people seems to make fans run, and Gnash eats up a lot of CPU too.

I realize that there’s probably little chance that Adobe cares that releasing their source code under an open license would allow them to support Linux without the little “but 32-bit x86 only” caveat they occasionally slap on their download pages, but would the argument that a more efficient Flash player would stop wasting electricity and save a few pretty trees go any further?

I’m sure a couple of hours with debugging symbols and Powertop and the source code could improve things.

Tired of calculating symbolic and octal formats in your head? Download a dashboard widget that does the calculation for you. This is one sweet dashboard widget!

UNIX Permissions Calculator Dashboard Widget

My Links:
noahgift.com
My O’Reilly RSS Feed

There is a good entry on Adam Leventhal’s Weblog, about Apple crippling DTrace’s ability to trace ITunes. I suppose I will unfortunately need to put this in my not cool category. So far Google has set the Gold standard for Corporate “coolness”. I wish Apple can lean more toward this direction, even though I still love Apple.

One of the common complaints against Perl is that it’s “write-only”. For many Perl programmers, this is regrettably true. Perl, by design, allows you to get things done in a quick and dirty manner. It’s an explicit design goal which allows, amongst other things, the famous “one liners” in Perl which get so much done so fast. However, this freedom comes with a price and that’s a heavy price. Newer Perl programmers often write excruciating code, but experienced Perl programmers write code that is relatively easy to read, once you understand the language. There’s a huge difference between reading code and understanding a language. But when does a language go too far?

I think it is extremely important for an organization to account for the reality of doing business (Risk based approach compared to the purist mentality of securing everything) when strategizing an information security plan. It is true that an individual who has a habit of perceiving security issues as purely a technology problem without understanding the business reality is likely to make bad security decisions.

However, I think some people in corporate security take this argument too far and end up awarding critical roles to individuals that do not have the appropriate skill-set and mind-set. More often that not, this happens when organizations responsible for information security misunderstand the argument to mean that you only need to probe for the understanding of business fundamentals and process management when recruiting for talent. Depending upon the criticality of the role awarded, this can deem disaster.

Generate cryptographically secure hashes with hashlib.

I really don’t know what this means, but here is the page that contains the headline. Further down in the page are a few details regarding the announcement. Here are those details:

Python has been declared as programming language of 2007. It was a close finish, but in the end Python appeared to have the largest increase in ratings in one year time (2.04%). There is no clear reason why Python made this huge jump in 2007. Last month Python surpassed Perl for the first time in history, which is an indication that Python has become the “de facto” glue language at system level. It is especially beloved by system administrators and build managers. Chances are high that Python’s star will rise further in 2008, thanks to the upcoming release of Python 3.

Completely Random YouTube Highlights While I Procrastinate From Real Work

Head of Microsoft Goes Ape Crazy

Steve Jobs Says Microsoft Has No Taste and Makes 3rd Rate Products

How to pronounce Linux

Stallman on Free Software

Larry Ellison says Microsoft is Not Innovative Technically

My Links:
noahgift.com
My O’Reilly RSS Feed

System and network monitoring is one of the many fragmented fields in computing that could use better integration. Right now, 49 leaders of the field are meeting in Austin, Texas at a BarCamp under the sponsorship of BMC Software and its Chief Architect of Open Source Strategy, William Hurley, along with the Zenoss open source monitoring project. In addition to Hurley, the BarCamp is organized by Mark Hinkle of Zenoss and John Willis of the Zabovo training company. The BarCamp includes proprietary vendors as well as free software projects. Major announcements: a new Open Management Consortium will develop standards for a enterprise system monitoring agent and enterprise monitoring design paterns. The OMC Design Patterns project plans to create a domain-specific pattern language and a repository for patterns. The agent, I suppose, will define and provide protocols for handling the patterns.

On the IPython list we have been struggling to get the system Python on Leopard to work with readline, as it is not included with Leopard. Ludwig Schwardt create a readline egg that is easy installable. The instructions for doing this are on the IPython wiki here.

Thanks Ludwig, IPython works on the System Python for Leopard, that means Dtrace support too!

Reference:
IPython
IPython Wiki Readline Instructions Leopard
Easy Install

My Links:
noahgift.com
My O’Reilly RSS Feed

Bob Rogers just released Parrot 0.5.2. This monthly release includes a couple of interesting new features.

First, we’ve managed to bundle up Patrick Michaud’s Rakudo (that’s the implementation of Perl 6 on Parrot) such that you can type make perl6 on Unixy platforms and make perl6.exe on Windows and get a working standalone Perl 6 binary. This is experimental and we hope to iron out some installation and deployment issues by next month’s release, but it was important to demonstrate our progress.

The second new feature is a toolkit for starting your own compiler. Max Mohun built a prototype several months ago, and we’ve added a stripped down version for now that builds the skeleton of a compiler for you using the Parrot Compiler Tools. I mentioned the LOLCODE compiler in What the Perl 6 and Parrot Hackers Did on Their Christmas Vacation; this is how Simon and Company were able to get LOLCODE up and running so quickly.

If someone asks nicely, I might even make it possible to create a standalone LOLCODE compiler executable. Where else are you going to get patch explanations like:

The bare expression before an O RLY? should both set IT and be used as a test in the O RLY?, but it should only be evaluated once.

(See Perl RT #49808.)

The world of free software is full of amazing and even heroic stories (the gcc toolkit for its quality and flexibility, Linux and free desktops for their size and sheer ambition, Samba and Mono for their tenacity at keeping up with confusing quasi-standards) but one of my favorite recent stories is the opening of the iPhone.

Apple did a beautiful job creating this device. Millions wanted it the moment it became known, and thousands wanted to write programs to explore its ground-breaking interface elements. Apple, however, failed to release its APIs, much less any toolkit or run-time environment.

So the community built its own.

My last two blog posts on egg-related topics had a title prefix of “easy_install tip”. This post is related, but since it’s handled with setuptools rather than easy_install, I’m prefixing it accordingly.

Have you ever wondered how various packages you install put scripts into your path, such as into /usr/bin? If they’re using setuptools to define their package, then they may be using a script entry point. Here is an example taken and modified from a toy setup.py I have sitting around:

    entry_points = {
        'console_scripts': [
            'my_wonderful_script = my_wonderful_module:my_wonderful_function',
        ]
    },

If you run

python setup.py install

, it will create a script named “my_wonderful_script” in your scripts directory. On Linux, this is typically the same directory that the Python executable itself is in. If you’re on Windows, this is a directory that looks something like C:\Python25\scripts. When you run the generated script, it will call `my_wonderful_function` from the module `my_wonderful_module`. This is something that is really easy to setup and can come in very handy. Next time, I’ll write about how to control where stuff goes when you easy_install it. I guess we’ll be back to the “easy_install” tip prefix.

Not only is free software development unprecedented in its size and geographic spread–hundreds of people from countries around the world collaborating on individual projects–but it brings together people who are notorious for having trouble dealing with other people. That’s really impressive when you think about it.

Of course, the stereotype of the computer programmer with Aspergers Syndrome is overblown. I used the term in my title to attract attention, but I’ve worked with enough programmers to know that many warm and socially sophisticated people take up the job.

Let’s put it more gently: many programmers have the feeling their people skills haven’t kept up with their technical mastery. That’s why they are attracted to sites such as Perl hackers Michael Schwern’s geek2geek, whose motto is “What we have here is a failure to communicate.”

How does free software development work so well, then? People often remark that the Internet made the explosion of development in the mid-1990s possible, but they focus (wouldn’t you know it!) on the Internet’s technical functions: instantaneous transmission, exact replication of content, etc. Occasionally a general “nobody knows you’re a dog” comment gets thrown in too. But we have to consider the social behavior encouraged by the tools the geeks developed.

After hearing the word FUD used on an almost daily basis in blogs, newstories, idle banter, I “fear” with little “uncertainty” or “doubt”, that it was perhaps the most overused word in IT in 2007. The word FUD is almost approaching the word “communism” in the McCarthy era. In fact, in a weird ironic twist, the use of the word FUD, is often FUD. Think about that one for a bit…

I submitted FUD to the Lake Superior State University banished words list. Does anyone else have a word they think should be banned?

I just released 0.1.3 as a python 2.5 egg here. Liten is a tool that determines duplicates on a file system by performing an efficient md5 checksum algorithm, so it is very reliable. I also added an entry point to the egg install, so it will install to the scripts directory of any *nix Operating System. The easiest way to install is to just:

easy_install liten


Reference:
Liten Project Page

My Links:
noahgift.com
My O’Reilly RSS Feed

The threading module lets you run multiple operations concurrently in the same process space.

Tomorrow is Parrot’s monthly New Contributor Day, as we prepare for the 0.5.2 release on 15 January 2008. Before you join us in #parrot on irc.perl.org, you might peruse three articles I wrote for Linux Magazine last year.

A Tour of Parrot explains the philosophy of the project and several of the design decisions we’ve made.

Programming PIR explains the native programming language of Parrot, an assembly language full of high-level language features and syntactic shortcuts.

Programming Reusable PIR shows how to build actual programs in PIR.

Now that the Parrot Compiler Toolkit has reached its second stage of evolution, you don’t have to write PIR to build your own compiler on Parrot. I hope to continue the series soon by showing how simple writing a working compiler for a non-toy language can be with this new technology.

J. David Blackstone has a pointed journal post entitled The Right Way To Do It which praises Perl’s “There’s More Than One Way To Do It” philosophy:

TMTOWTDI is anarchy. It scares people who want to keep order by force.

Allowing people the freedom to choose from many different ways of doing things is a recipe for disaster, we’re told.

… in my experience, it’s been the Perl code I’ve had that is readable, well-designed, and maintainable. It’s been the Java code I’ve seen that is ugly, poorly-designed, and unmaintainable. There are certainly exceptions to both sides of this.

Yet it’s not about Java versus Perl (and certainly not Perl versus Python).

“Perl is dead”, crows TIOBE’s January 2008 index. The world belongs to Python.

You see what you want to see in statistics though.

For example, you could compare Perl, Python, PHP, and Ruby job trends. Don’t drop those sigils yet.

Or compare Perl’s delta to C’s delta. Both lost ground in the TIOBE index, but C declined by almost twice as much.

Here’s a fun one. TIOBE’s editorial says that C# and Java will eventually be the two most popular languages. To do this, C# has to surpass Perl. That’s a problem though; it gained more than Perl lost and still slipped a position and is still more popular than Perl.

Ultimately this isn’t even good stats porn though. There’s no analysis of why languages have gained or lost in popularity. Without that, there’s no good way of deciding what these statistics mean. Without that, it seems silly to declare winners and losers and long-term trends. (One might also suspect that the actual release of Perl 5.10 and the buzz around that from the second half of December versus the “imminent” release of Python 3 may shift numbers from this point on.)

Ian Bicking just created a Google Group for Virtualenv here, and a bug tracker at launchpad for virtualenv here. I also have slides from a talk at Pyatl here

Links:
noahgift.com
My O’Reilly Feed
Virtualenv Google Group
Virtualenv Launchpad Bug Tracker
Virtualenv Package Information
Virtualenv Slides

I’ve long believed that the easiest way to install software on a modern operating system is through a well-designed package manager connected to one or more carefully-maintained package repositories. Thus my brain always shudders when someone says “OH it’s so EASY to install software on MACZ just drag and drop! woo!!” (Why should I have to fire up a web browser, navigate to a website, find the download link, figure out which version works with the dependencies I have installed including the OS version, pick a mirror, and then figure out where the file actually downloaded? I suppose it’s likewise easy to get a Ph. D. in theoretical physics — just walk on stage when they call your name.)

I do remember the bad old days when installing something reasonably fresh required me to trawl through rpmfind.net looking for, if I were exceedingly lucky, an RPM built for the particular version of the particular distribution I run, or barring that an SRPM that I could coax into doing the right thing. There were still benefits to using a packaging system (mostly dependency tracking), but that’s more work than I want to suggest to my parents.

I was late to Debian (my first installation was 1999), but apt-get was a clear improvement for installing and updating the entire operating system, especially when combined with the quality and breadth of packages available for Debian.

These days I use aptitude, which is even more so.

Again, I’m not sure that I would suggest that my mother make a habit of running this on the command line by herself, but she’s perfectly capable of copying and pasting a few commands from an e-mail to keep her system up to date or install new software, and the process is much simpler than giving her a list of directions to navigate a web site. I doubt I’ll ever catch her running aptitude search, which is fine… but I use the command frequently.

The process of installing software in such a way that it does not conflict with other software, includes dependencies in a sane fashion, and receives security updates almost automatically for the whole OS (not just the kernel, GUI, bundled web browser, and DRM-laden media player) is now something I almost don’t even think about. That is the sign of a truly useful piece of software.

Thanks to the contributors to Aptitude, apt-get, dpkg, and the Debian and Ubuntu repositories.

Another article of the series “Yet Another Perl 6 Operator”

Perl 6 introduces a new scalar data-type: the “junction”. A junction is a single scalar value that can act like two or more values at once.

example                 a value which acts like

any(1,2,3)              1 or 2 or 3
all(@vals)              all members of @vals at the same time
one(<moe curly larry>)  one of the three stooges
none(@bad_guys)         none of the listed bad guys

The operators '|', '&' and '^' are now junction constructors, providing a syntactical complement to the functional variants any, all, one and none.

$a  | $b                 any($a, $b)
$x  & $y                 all($x, $y)
$me ^ $you               one($me, $you)

I spent a little time this weekend writing a mashup portal using the Grok, Python web framework, for my personal domain. Grok is based on Zope 3. I used Zope Template Pages with the Google AJAX FEED API , to aggregate both my O’Reilly Feeds and my Personal Blog Feeds into Web 2.0 goodness. I also threw in a little bit of JQuery which interacted quite nicely with Grok. I attached a link to the site I developed at the bottom, if you are curious to see what the AJAX Feed API looks like. You will obviously see this blog posting, which is meta-cool, or meta-blog, or meta-something…

So what did I learn from Zope? Well, it was super easy to do AJAX with the default ZPT, or Zope Page Template engine. In fact, it was quick and fun, and one of the least painful experiences I have ever had writing a web application. This is not your grandpa’s Zope, that is for sure. Things went so much more quickly and smoothly than I expected, that I had time to work onTurbogears, Django, and web.py projects as well.

I also like the Grok slogon, “Now even cavemen can use Zope 3″. I am 6′2″ 235, and once worked as a bouncer, in College, with the “Iceman”. I kind of look like a caveman, and my wife often says I act like a cavemen too. Well, this caveman gets Grok, and gives it a clubs up! As a side note, I will be releasing a screencast sometime this week on using AJAX techniques with Grok.

Links
noahgift.com

The weakref module lets you refer to an object without preventing it from being garbage collected.

A running joke in the Perl 6 world is that we’ll release a stable Perl 6.0.0 by Christmas. We just won’t tell you which Christmas.

As many community-developed projects have noticed, long blocks of holidays can be very productive for contributors. Both Parrot and Perl 6 on Parrot have made a lot of visible progress in the past couple of weeks.