O’Reilly is soon to release its first graphic novel, Hackerteen, a book teaching young people basic Internet technology and a deeper understanding of where and why Internet use can be risky. Around the time Hackerteen went to the printer, I read an interesting study in the March 2008 issue of Communications of the ACM that gives me hope we’re on the right track for educating our youth about computer security.

As security experts routinely say, the big challenges are more psychological than technical. One of the findings in the article, “Promoting Personal Responsibility for Internet Safety,” by LaRose et al., demonstrates this point in regard to fear, the pervasive motivator for installing virus scanners and adopting safe surfing habits. Here’s the problem: if people start out indifferent about security, or unconfident that they can do something about it, fear can actually decrease protective actions. The authors’ experiment produces a different relationship from the relationships found in the other articles they cite, but they conclude: “without knowing the level of risk perceived by each individual threatening messages have the potential to discourage safe behavior.” (Emphasis in original.)

As a solution, the authors recommend building what they call “self-efficacy”: the users’ belief that they can protect themselves. This requires education and assurances (but not unrealistic assurances). Self-efficacy is not the same as technical skill, but is certainly related. As the article states:

Fear is most likely to work if the threat information is coupled with information about how to cope with them, since the coping information raises self-efficacy.

Another point in the article is that education can fall on deaf ears if the learners don’t acknowledge personal responsibility for security. Frustratingly enough, the authors found that urging people to take responsibility might actually make things worse. People who possess some interest and skill (measured in ways not made clear in the article) increased their protective behaviors in response to such browbeating, but those who started out indifferent and uneducated reacted quite negatively; their protective behaviors decreased.

There are several other subtle points in the article (which of course represents only a few studies out of many in the field), but I think that what I’ve summarized so far backs up the goal of Hackerteen. The purpose of the book, as I’ve thought of it during the editing process, is threefold:

1. To get young people interested in computer and Internet technology, teachin\g them some facts along the way
2. To teach users precautions for protecting themselves online
3. To promote ethical behavior

These goals map onto three big concerns of youth: mastery, safety, and morality. Although parents and teachers are probably more concerned with safety and morality, I consider the promise of mastery (understanding technology so you can use it to enhance your life) to be critical. And the CACM article suggests that a feeling of mastery is required before one takes steps to protect one’s safety.

Our presentation should fit the psychology of our mission. First, we provide an exciting story, presented with gorgeously colored graphics, to disarm the readers’ recalcitrance about facing security problems. Security becomes fun, and therefore something worth getting to know better. If the novel stimulates learning, it will stimulate self-efficacy, and the novel’s strong message about personal responsibility can also take hold.

The typical psychology of comic books is all about sublimating fears and worries about adolescent potency–most of all, fears about facing the dark side of one’s own strong feelings and power. This psychology comes to the fore in Hackerteen, as the principal character Yago discovers his own power for both good and ill, and has to deal with the consequences of the use of that power. It’s a good story with a good message, and one I hope will bring joy as well as empowerment to a new generation.

I presented Bad Sushi: Beating Phishers at their Own Game (with Billy) at Blackhat Europe (Amsterdam) 2008 last week. I always enjoy doing this talk, and the feedback was quite positive. For more information, check out Nate’s coverage of the conference over at ZDNet’s Zero Day.

I’ll be presenting the Bad Sushi talk at Microsoft’s BlueHat conference in May this year. I’ll be apartment hunting and visiting friends in the Seattle area the last week of April, right before the conference, so if you happen to be in Seattle at that time just let me know!

The urllib module provides a simple interface for network resource access.

Whether you’re a Dojo veteran or a developer who is just starting to kick the tires, you should be excited about Dojo 1.1! I’ll leave you to the announcement and the release notes for now, but rest assured that we’ll be all over it in the ensuing Dojo Goodness episodes.

I chuckled at a couple of quotes in Java performance improvements touted, specifically one from Cliff Click:

As your program grows in size, the lack of strong typing basically kills your ability to handle a very large program and so you don’t find the million-line Perl program.

I’ve met Cliff, and he’s very smart, but I have to disagree on two points. First, no one who’s used anything with a better static type system than Java consider’s Java type system “strong”. (If you can still get a NullPointerException from a generic-enhanced collection, Java has a ways to go.)

Second, the reason that there aren’t many million-line Perl programs is that the people who are capable of writing and managing million-line Perl programs have better ways to organize their projects than glomming a million lines of Java into a single shared-everything instance. That’s setting aside the qualities of encapsulation and abstraction that Java-the-language doesn’t have, preferring instead to push that problem to tool vendors and AbstractFactoryFactoryInjectors which consume vast swaths of XML to get around Java’s static code fetish. I can only imagine how much larger the Java code would be without all of those XML files.

I also recommend James Robertson’s take on things, from Earth to Sun.

I’m curious to hear how many million-line Java applications exist in the world and what they do. I suspect that they’re primarily web applications that speak SOAP or REST over strict SOA or HTTP boundaries — just the sort of boundaries beyond which it doesn’t matter if your code is Java, Perl, C++, or the Korn shell. You know, because they’re completely network bound.

I use Drupal to power both a personal site (my OgasaWalrus Freeware and Open Source apps blog) and an Intranet blog in my office. So, I was more than a little envious when I read Garrett Serack’s mini trip report for Drupalcon 2008.

How a cowboy spends two days in Boston: Drupalcon 2008

Drupal’s been attracting quite a bit of attention over the past year or two. And, the commercial support available for the product is a good for the product’s long term survival and growth. Several Drupal’s main figures (including its creator - Dries Buytaert) formed Acquia last year to provide value-added software products and services for the Drupal social publishing system. SpikeSource provides a for-fee Drupal sandboxed package (with Apache, PostgreSQL, and PHP) for Linux and Windows called Drupal SpikeIgnited.

Chris Pirollo just announced his Drupal-based community social network platform project. Check out his blog and videocast to learn more about this project.

This week’s installment of Dojo Goodness demonstrates dojo.xhrGet, an easy way to sprinkle some AJAX into your application and one of the biggest staples in Dojo. (In case the “xhr” part of that API call is a curve ball, it simply refers to the XMLHttpRequest object.) The xhrGet function streamlines the work entailed in issuing a GET request to the server, is included in Base, and is intuitive to use in that you pass it some descriptive keyword arguments; the default behavior is to issue an asynchronous request.

Hello. My name is Andrew Kutz, and I am honored to be blogging for ONLamp on the topic of virtualization. Please watch this space for news on VMware, Xen, KVM, and other virtualization technologies. I’ll be creating my first real post later today. If you have any ideas with regards to what type of content you would like to see, please let me know by shooting me an email at akutz at lostcreations dot com.

Thought for the day: If the preferred scaling strategy of Java web applications is shared-everything in a beefy JVM with plenty of threads in myriad pools (and it seems to be) and the preferred scaling strategy of LAMP applications is a shared-nothing architecture across plenty of boxes with memcached in front of a replicated database, what changes will be necessary to run popular apps written with shared-nothing in mind in a shared-everything environment?

Bonus question: besides web applications and language research, are dynamic languages on the JVM interesting? (The clever reader will see where this line of thought leads.)

I’ve been using MySQL since early 2002 and Sun’s purchase of MySQL has me quite concerned (unnecessarily, I hope). I’ve been hedging my bets in case Sun decides to radically change MySQL’s Community Edition (the free version) availability or make it too experimental to use in production or near-production environments (forcing MySQL users to the for-fee Enterprise Edition). One hedge is getting familiar with PostgreSQL. I’ve invested a bit of time building it from source code on a test Linux box and then testing upgrading a datbase from version 8.2 to 8.3. That was quite painful compared to MySQL, btw. I was surprised I had to perform a full database dump from 8.2 and then import everything back in to the 8.3 installation.

EnterpriseDB has been selling a repackaged version of PostgreSQL since 2004. They relaunced the product this week and renamed it Postgres Plus and Postgres Plus Advanced Server. The Postgres Plus edition seems similar to the MySQL Community Edition in that both are available with easy to use binary installers. Postgres Plus Advanced Server is priced at US$5,995 per socket. It provides additional features such as the ability to run applications designed to work with Oracle, database migration tools to move from Oracle and other commercial databases, and advanced management and monitoring tools. The Advanced Server developer edition is free. This is a good idea and one that MySQL should emulate with its Enterprise Edition.

I haven’t looked a the Windows or Mac OS X versions of Postgres Plus (the free version). But, I did download the Linux distribution and found that the gzipped download contained a single bin file. This really appealed to me since PostgreSQL’s binary versions consisted of what seemed like an endless list of RPMs to choose from and download. In fact, I decided to install from source code on Linux since it seemed easier than figuring out which RPM files I needed.

Old PostgreSQL hands probably don’t have any great need to take a look at EnterpriseDB’s offerings. However, newbies like me looking for a quick, painless, and correct installation of multiple PostgreSQL components across multiple OS platforms to create a stable platform from which to learn will probably benefit from EnterpriseDB’s Postgres Plus offerings.

FYI: Those of you considering running PostgreSQL or Postgres Plus on Microsoft Windows might want to take a look at these two PDF documents available from Microsoft’s Port 25 site…

PostgreSQL on Windows: A Primer

Connecting Office Applications to MySQL and PostgreSQL via ODBC

In my (painfully) long career as a software engineer, I’ve often run across the attitude that code has intrinsic value. You see this frequently in the industry when ‘code reuse’ is used as a metric of efficiency. At several companies I’ve worked at, old and badly bit-rotted products have not been rewritten because “we’ve invested umpty-umph million dollars in that code, we’re not just going to throw it away.” This whole attitude is bull-doodoo, and here’s why.

At PyAtl, the Atlanta Python User’s Group, we will be having a special presentation on Object Oriented Programming, “Object Oriented Python: From the Basics all the way to Voodoo”.

Jonathan LaCour, a Turbogears, and Elixir, developer will be giving a talk on Metaclasses. Drew Smathers will be giving a talk on MRO, and I will be giving a 10 minute talk on properties.

Everyone will be meeting at 6PM, at Six Feet Under before hand, and you can find directions there here.

There are still a few 10 minute talks we could squeeze in, so if you want to prove your Object Oriented chops, then grab something off list and volunteer to give a presentation on it. I would personally like to see a presentation on Mix-Ins, Static Methods and Class methods, and Operator Overloading.

You can RSVP for the event here.

PowerShell (formerly referred to by its codename Monad) was created by Microsoft as its next generation command line environment and scripting language. Although it is not an Open Source product itself, you can see the influence FOSS dynamic languages like Perl and Python had on it. There’s an interesting interview (part 1 of 2) that Jonathan Walz & Hal Rottenberg had with PowerShell’s architect Jeffrey Snover on their…

PowerScripting Podcast (Podcast 21)

One of the interesting discussion topics that came up during this part of the interview was a need for something like Perl’s CPAN (or Ruby’s RubyGems or PHP’s PEAR) to ease the download and installation of community contributed components.

You can find an older video discussion between Port 25’s Sam Ramji and Jeffrey Snover here…

Powershell Released: An interview with Architect Jeffrey Snover

Apparently, if you learn the hot, new, buzzworthy, Grok Python Web Framework, it helps you meet women. Grok was built on top of Zope, and I used it to build my website, and I think it is rather sexy. I have all the buzzwords, AJAX, Google Mashup, Python, Grok, JQuery, although I might need to do something with Comet..hmmm.

The collections module includes container data types beyond the builtin types list and dict.

Microsoft’s Open Source Labs Manager Stephen Zarkos posted a photo tour of the facilities there at…

Inside the OSS Lab

I had a chance to take a peek inside the server room when I dropped by Building 17 a year ago. The photo above is a closeup I took of the tux penguins seen with the human lab inhabitants in the final photo of Steve’s photo tour. You’ll note that the tux-es look healthy and happy. No daggers or other sharp objects have been hurled at them :-)

In amusing synchronicity, I was reviewing Bernard Golden’s Open Source Maturity Model earlier today. Then I read My Visit to Sun, where he describes a conversation he had with Simon Phipps before giving a talk at Sun.

In particular:

Many enterprises seeem to operate in a vendor-centric model: they select a vendor and from then on rely on the vendor to define when new technologies should be adopted, when new releases should be rolled out, even what complementary technologies should be implemented. It’s obvious that this causes middle-of-the-pack performance, lock-in, and lack of pricing power. Without rehashing all of those arguments, consider the other implication of this approach: it fosters dependence — an inability to self-direct in technology direction, custom architecture, and unique business offerings. If all you can offer is off the standard menu, you will never serve up differentiation.

When you give away software and trade license fees and pre-sales for support contracts and free downloads, you break the passive-adversarial model between vendor and customer that has served IT so poorly for the past two and a half decades.

That’s not a safe thing, nor an easy thing. That’s still a good thing.

I was reading through some new postings on a local LUG mailing list here in Louisiana, and saw a note from Chris J. about Microsoft’s Windows vs. Red Hat page. Chris brought up some good points, and I wanted to respond to them.

CJ: Now, let’s rip this FUD apart. First, Microsoft acts as if RedHat is the only option that enterprises would ever go with, and they say that while RedHat itself is cheap, it’s $2500 a year for support. Okay, that’s support, Microsoft. Why don’t we compare apples to apples, and point out that Microsoft’s support is somewhere around $700 per incident? To me, $2500 a year is FAR cheaper

The cost of Red Hat. Okay, in all seriousness, Red Hat is a little expensive on the front end. We often deploy it for clients, and the base cost of RHEL is a little high, especially since it’s a subscription model (you pay it every year) and not a one-time purchase (as with Windows Server). That said, Windows CAL licensing can add up very quickly. So, personally, I would have argued the point based on CALs. But as far as upfront purchase-the-shrinkwrap costs, Windows tends to be cheaper than Red Hat. As far as support costs, well, the RHEL subscription does get you support, but it’s not like your local ABC IT company. And most people don’t call Microsoft OR Red Hat for support.

CJ: I also find a lot of issue with the fact that Microsoft claims that every distro of Linux is so different that migrating from, say RedHat to SuSE is very difficult, if not impossible. One of the key strengths of any UNIX architecture is the portability of files. The file structure is based on an open standard, and you could very easily take files from something like Turbolinux, and easily bring it back up on any other distro of Linux, or perhaps BSD, Solaris, OSX, HPUX, etc… Linux admins tend to keep the data files on seperate drives/partitions from the OS, so you could simply install another OS on a new hard drive, and mount the old data partitions under that OS, and continue right where you left off. If you need something like a database, it’s not hard to dump SQL to a file and reimport it on the new server. And the configuration files are generally flat text files, so how is your data somehow married to the OS/distro that it originated on?

File System Differences. To me, this is a valid point actually. The directory structure across UNIX systems, or even across Linux distros, may be technically something of a standard, but in reality it’s not. Even within the Linux eco-system, it can be hard to remember what is where. Are installs in /opt/ or /usr/local/? How are my rc files organized? Where are my network configuration files? The Linux Standard Base (LSB) group is working hard to address this, but the cold hard reality is that it’s in fact a pain if you are managing more than just a few Linux servers.

Migrating SQL databases. Good point. That is pretty easy (thanks SQL). It’s also very easy to copy a MS-SQL database from one server to another.

CJ: Also, they make the claim that Windows 2003 has fewer published vulnerabilities than Linux. We all know that more bugs will be FOUND in Linux, and they will of course be squashed rapidly. But, due to Windows’ closed nature, how many bugs actually EXIST but have yet to be FOUND?

Vulnerabilities. There has been a bit of a fuss these days about vulnerability counts in Linux. The core of Linux, i.e., the OS proper, is stable and generally secure. It’s rather rare to see a published vulnerability for the kernel or any of the base operating system programs. However, most Linux distros do commit the cardinal sin of installing everything and the kitchen sink, and it’s an entirely valid argument to say that a vulnerability in an installed-by-default application is a point against Linux. This is very similar to how people group vulnerabilities in IIS and Exchange with “Windows”. Tit-for-tat. That or we need to all step back and stop grouping vulnerabilities in this way.

CJ: The only valid argument that Microsoft brings up in this article is about the management interfaces. They hands down win in that department, but that’s why you hear of UNIX guys working at places like NASA, making $200,000 a year. UNIX OS’s are definitely not easier, and you do have to know what you’re doing to accomplish the same thing that you can do in Windows with a mouse click. So what? It is what it is. I also love how Microsoft neglects to mention the fact that Windows Server 2008 is playing catchup with the UNIX world by adding a new feature called Windows Server 2008 Core. The core mode basically turns Windows Server into a GUI-less command-line-based server OS. That way, it can run faster, without the bloat and massive overhead associated with a GUI. Sound like any OS you’ve ever used? Oh, that’s right…UNIX/Linux/etc… And of course, once you are using Windows Server 2008 in core mode, you suddenly lose that one advantage that Windows has: its GUI based management interfaces. Those are some great arguments, Microsoft.

GUI. Actually, I tend to strongly disagree here about the focus on the Windows GUI. First, I think that most Linux servers, especially those used in large, commercial deployments, have pretty good GUI management tools. Second, whether in Windows or Linux/UNIX environments, if you have more than several servers to manage you usually manage a lot of it via scripting and automatic deployments (again, this applies to both Windows and Linux/UNIX). That said, you are right that Windows is pushing a more “scriptable” environment (e.g., with WMI, PowerShell, etc.), although even back to NT4, there was the ability to script a lot of tasks if you could live with the pain of using Windows shell scripting and/or of WSH.

I’m neither an Eclipse user (though I download it every now and then but never get around to actually trying it :-) or a Java developer. But, I read Sam Ramji’s blog post…

Supernova

…with quite a bit of interest when he announced that Microsoft would be collaborating with the Eclipse Foundation to help Eclipse developers building software for Windows. Yeah, sure, you might say. They are just doing this to sell more copies of Windows. But, it is the way they are doing it these days that interests and even impresses me. Just think back to the message and rhetoric coming out of Redmond 4 or 5 years ago. Who would have thought that they would have forged relationships with JBoss, MySQL, Zend, Samba, Xen Source, and Eclipse? Not to mention hiring the brains behind IronPython and IronRuby?

If their collaboration with Open Source projects helps me get better tools, I’m glad to see it. Have I lost all of my skepticism and paranoia? Um, ok, not all of it. But, I’m happier with the way things are now than they were a couple of years ago.

Do you know a student interested in compilers, virtual machines, and programming languages? The Perl Foundation is a mentoring organization for Google’s Summer of Code again this year.

Perl 6 and Parrot have several project suggestions for students, and there are plenty of other places where you or your student can participate. In particular, anything related to a modern virtual machine or compiler or programming language implementation is fair game, including garbage collection, JIT, register allocation, compiler optimizations, and parsing strategies.

The most interesting ideas on the list so far include the integration of parts of LLVM with Parrot, particularly its JIT, though making Parrot compile with LLVM’s clang is an interesting project in its own right.

There are plenty of tasks for someone more interested in building a compiler than a virtual machine, however. Start with Klaas-Jan Stol’s Building a Compiler with Parrot articles on the Parrot weblog, and you’ll be able to build your own small language in a couple of days.

Finally, Bernhard Schmalhofer released Parrot “P&P” 0.6.0 on Tuesday. Besides the inevitable bug fixes, language improvements, and minor spit and polish we always provide, this release features reworked internals of our polymorphic fundamental data types. This was one of our milestones, and we’re still on track to the 1.0 release in the medium-to-near future.

Ooh. Okay, so this is news to me. There is a freeware tool to recover ext2/ext3 filesystems from Windows. Wow, that’s a change. Is it just me or do most of the free and open source recovery tools seem to run under Linux these days? (Microsoft even has an article about how to recover NTFS with Linux.)

Well, hmm, on a second look it looks like DiskInternals Linux Recovery is free but not necessarily open source. Correct me if I’m wrong.

Thinking along these lines, I’m curious about the current state of accessing NTFS from Linux. I know that back in the day you could read an NTFS disk from Linux, but you could sometimes corrupt the NTFS volume. So, I did a quick Google and found the Linux-NTFS Wiki.

Okay, so here’s the deal apparently (pulled right from the Wiki):

• kernel driver: fast, reliable, read-only. Most people already have it.
• ntfsmount: fast, reliable, read/write, userspace.
• ntfsprogs: various tools for managing ntfs, like mkntfs, ntfsresize and ntfsclone.

So it looks like the status quo has been maintained to some extent. You can read NTFS right off the bat. To write to NTFS, you need to install ntfsmount.

Looking more into ntfsprogs, I see ntfsclone. Nifty! I was thinking this may be a free way to Ghost (say, if you could use ntfsclone, Knoppix, and an NFS filesystem somewhere), but apparently you have boot issues if you just move NTFS to another computer without doing a little legwork. OR. You can run GAG, a graphical boot manager. Check it out.

One of the sites you often see mentioned in the Microsoft Port 25 blog is CodePlex where Microsoft technology related Open Source projects are found. I pop over there from time to time to see if there are any interesting projects that might be useful in my own work. I found PHPExcel 1.6.0 on my most recent visit. It was last updated on Feb. 13 and provides PHP classes to read and write Excel 2007 spreadsheet files.

The examples section provides simple to read and understand PHP code to get a handle on how to use the classes as well as 16 sample XLSX sample spreadsheet files to test interpreting spreadsheet features such as formulas, conditional formatting, and page breaks.

A dose of animation can give your app that extra bit of pizzazz that it sometimes needs to impress the customer/ladies/gentlemen/whatever-floats-your-boat, so I thought it might be a good idea to quickly showcase some of Dojo’s animation facilities.

If you’re just now tuning in, you can click on my mugshot or this link to get to the first two posts of the ongoing “Dojo Goodness” series that I’m writing to promote my upcoming book, Dojo: The Definitive Guide, which is available on Amazon as well as the O’Reilly catalog.

I arrived at PyCon 2008 on Thursday and attended the Eggs, Buildout, and Virtualenv tutorial given by Jeff Rush. It was quite good, and I would recommend going to any tutorial by Jeff Rush as I have been impressed by his ShowMeDo screencasts, and how thoroughly he prepares for his presentations. His slides for the tutorial are available at the python.org wiki.

Next, I attended the Generator Tricks for Systems Programmers Tutorial by David Beazly. This was my favorite technical talk at PyCon and I learned quite a bit. It happens that his book on Python is one of my favorite all time python books, so it was great to learn from him in person. If you get a chance to do a training session with David, do it, it. You will get more than your money’s worth.

Finally, I attended the web testing tutorial with Titus and Grig. I learned quite a bit about testing web applications, and I am glad I attended.

On Friday, I gave a talk on Creating Agile Unix Command Line Tools With Python, you can download the slides and source code for the presentation there, or at my personal site here. I was a bit surprised at the turnout for the talk, as the room was completely packed. The talk went pretty well, although it would have gone better, if I would have had network access to demonstrate discovering a subnet in a few seconds. I think the source code has some really cool stuff in it, so hopefully people download it and play with it.

I should add that my time leading up to and during PyCon 2008 was pretty crazy. The rough draft for the book I am working on with Jeremy Jones was due on Monday of PyCon, and then on Friday I had my talk. Finally, Brandon Craig Rhodes and I were working on an article on ZODB that we finished on Monday. It was a great lesson in managing stress to get all of this done, attend PyCon, and hang out with friends. Whew, glad this week is over though! I turns out that I have written 14 articles this year, in addition to writing a book, and having a full time job. What was I thinking!

The talks that I enjoyed the most were:

Supervisor: Chris McDonough and Mike Naberezny.

Supervisor is really an interesting tool, and I found out it was based on something Guido originally wrote, which makes it even cooler. I love it when people write tools that are immediately useful, and are simple to understand and use.

Managing Complexity: Matt Harrison

Managing Complexity was an educational talk that exposed me to several ideas that were packaged in a novel way. More than anything, I brought away from the talk that simplicity is the key to reliable software. While I personally enjoy solving the most complex problems I can find, I also highly value the simplest possible solution to a problem. I suppose we as software engineer’s still need to learn that All other things being equal, the simplest solution is the best”.

Nose: Jason Pellerin

The Nose talk was a little hard to hear because Jason had a cold, but he had one of the best quotes when he was asked to compare py.test to nose. He said,” py.test is a like a Belgian Ale, and nose is like bud light”. I again am very interested in starting to use nose more than my brief experiments, because it is simple, and designed to be simple.

Testing OLPC: Titus Brown

Titus gave a very entertaining talk on testing OLPC, and came up with a cool XML-RPC testing harness that detected lines of code that were executed. Apparently he wrote this during PyCon, in some “spare time”, when he wasn’t getting free dinners from my book editor, Julie Steele :)

Due to my crazy schedule, I did miss a few talks that I really wanted to attend, but for some reason missed out on. One in particular was Using Grok To Walk Like a Duck by Brandon. My wife arrived on Saturday, and on a spur of the moment JJ convinced us to grab an authenticate Chicago sandwich. The sandwich was good, but we didn’t make it back in time. Oh, well, I can always force Brandon to do this talk for PyAtl.

Random Thoughts

I had a wonderful time at PyCon this year, and would highly recommend it to anyone considering whether to go next year. Sure, there were a few things that could have been better, like not having to endure a guy in the room next door pulling a Fear and Loathing at PyCon Hotel. At one point, the “scented” smoke coming from next door was so bad, I wondered if there was somebody burning a campfire of dried hemp in their room. Not sure, why PyCon was the ideal spot to “hot box” a hotel room for a week, but whatever dude.

I also was a bit bummed about the wireless problems during tutorials and talks, but hopefully we can improve on this next year. Wireless is a tricky thing to get right, so I am sure everyone was doing their best.

I did not attend any of the Lightening talks this year, so I can’t comment on whether they were good or bad. It turned out that every time there was a lightening talk, I met somebody interesting to talk to, and didn’t get a chance to see them. I agree that half the fun of PyCon is meeting other people in the community, sharing ideas, and catching up.

A met quite a few interesting people including Eric Dahl, the CTO of Zenoss. Having used Zenoss, I will say it is a great product, and now having met Eric, I can say he is a very sharp guy. Zenoss has been doing some extremely innovative things with Python, and is a very good example of how Python can be used in the Enterprise. In addition, to having a great SNMP monitoring solution, Zenoss has also been doing some innovative work with Python, SAMBA, and WMI. If you don’t currently use SNMP to monitor your network, or if you are curious about what a Python solution would look like, download a virtual machine, and let it discover your datacenter in a few minutes.

I also got to talk with Guido, who needs no introduction, Alex Martelli, Steve Holden, Ian Bicking, Jeff Rush, Kevin Dangoor, Ben Bangert, and many other people for the first time. Jeremy and I got to work with Jullie Steele, the editor for our book, and it was a pleasure to meet her in person for the first time. I think our book is in good hands.

Brian Dorsey the creator of Noon Hat was fun to hang out with and we chatted quite a bit. It is always cool to meet new friends. I also got to chat it up with Mike Orr a bit at breakfast on Tuesday morning, and that was a blast as well.

For the first part of the week, I got to hang out with Grig, Titus, and JJ, who I email quite a bit during the year, so that was also pretty cool to see them again after a year. Overall, it was a great experience, and I can’t wait to catch up with everyone again next year.

Summary

The main thing I am going to take away from this PyCon is to embrace simplicity.

As announced earlier on my personal blog, I launched an open source project on Google Code called “loghetti”. It’s written in Python, and is a foundation for what I hope will become a very flexible tool to help admins (myself included) get whatever data they need out of their Apache logs.

Here are a couple of examples of stuff it can do:

Get a list of all of the 500 errors:

./loghetti.py –code=500 access.log

This will send all matching lines in access.log to STDOUT. To get a bit more complex:

./loghetti.py –ip=192.168.1.2 –code=500 –month=11 –day=21 –urlbase=index.php –count access.log

This will *not* return the lines that match all of those rules - but rather a simple count of the matching lines. This request is a somwhat typical support scenario. You have a client at 192.168.1.2 reporting 500 errors they received on some arbitrary date, when trying to reach your intranet’s home page. It’s not unusual in a support role to have the client say “it happened like, a million times”. Of course, –count will dutifully report that it happened 4 times (for example), which is likely closer to the truth.

Ok, one more example, because I happen to be a fan of this feature:

./loghetti.py –urldata=foo:bar access.log

This causes loghetti to parse the query string, and return lines where the query parameter “foo” matches argument “bar”. In other words, lines that look something like this:

http://www.yourdomain.com?stuff=things&foo=bar&this=that

There are billions of features I’d like to implement, but I figured since the tool is useful to me already, it would likely be useful to others, and maybe others can help get features that might help them implemented more quickly.

Let me know your thoughts!

The 4Suite.org projects are moving from CVS to Mercurial. I’m still quite happy with Mercurial having used it for several newer projects. One last test I anted was to convert the bigger projects from CVS to see how smooth the transition might be.

Plenty of people have said that Perl is dead. (Some of them post on this site.) Rather than looking in the rear-view mirror of book sales (and I keep arguing with our research group that we need to normalize that data to account for the huge sell-in spike for a frontlist title and the inevitable batch of returns three months later) or a naive search for “X programming”, Tim Bunce gathered job posting statistics and other information particular to the Perl community to demonstrate that the duct tape of the Internet is still alive and well.

Tim’s focus changes halfway through the video to discuss the development process of Perl 6 and how that’s sped up dramatically in recent months as well. Though the video’s difficult to read in places, it’s very much worth your time to watch, if for no other reason than Tim’s impressive and polite understatements, such as my personal favorite:

“The web development community tends to wear blinkers.”

Update: The link is Perl Myths Debunked.

Companies are constantly opening new veins of ore as they attempt to mine the Internet for useful information. Developers and open source system users will be particularly interested in a SourceLabs announcement of a service called Self-Support Suites that has been in beta since December. This tool combines enormous amounts of information indexed by SourceLabs from bug trackers, technical mailing lists, and other sites to help open source users diagnose problems. They’ve just put up a free download.

The proof of concept I heard from Byron Sebastian, CEO of SourceLabs, concerned a site that spent two weeks trying to track down the failure of an Apache Project module. SourceLabs’s system found a bug report with the fix in a few minutes by finding a match between a stack trace provided by the user and a stack trace provided by a question in a public forum message. This search was more difficult than it might sound, because stack traces don’t match precisely and their contents are not unique strings that are easy to search for. Sebastian says that stack traces and log files tend to have the most useful information–but if other information was organized better, it might rise in value.

Oh, joy. Adobe is at it again.

AIR applications are deployed as a single AIR file that works identically cross-platform. The api’s within AIR are identical across different operating systems so any application behavior will work the same regardless of where it is running. Regardless if you use HTML/AJAX or Flash/Flex to build your application the API’s are identical and run on MAC/WIN/LIN without issue.

Ted Patrick, Why Adobe AIR?

Given that Adobe’s evangelists have a very difficult time telling the truth about which platforms Adobe actually supports (particularly pernicious with regard to Flash; see Uh, Thanks for the “Linux” Support for one example), does anyone really think that AIR will run on anything more exotic than 32-bit x86 GNU/Linux? Set aside the fact that, as much as Ted’s quote may make you think that AIR runs on “Linux” right now, it sounds like no one outside of Adobe will see that binary blob until later this year.

When I think about cross-platform support, I think about the first time I sent e-mail on the Internet via a FidoNet gateway accessed through a PC bulletin board from my Commodore 128 over modem-to-modem dialup in the very early ’90s.

Again (I always have to disclaim this), Adobe has every right to support only the platforms and processors it wants to support. I have no problem with that.

As usual, I offer any Adobe evangelist, manager, or developer the chance to prove me wrong, publicly, by successfully installing a publicly released version of Adobe Flash on the GNU/Linux laptop sitting six feet behind me in my office. (Good luck; it has a PPC CPU.)

Just don’t tell me that you offer cross-platform support and then stick me in a ghetto because I’m using the wrong operating system and the wrong processor. I know what cross-platform support means — you can still browse the web on a Commodore 64 — and your walled garden isn’t it. For all its flaws (don’t get me started on the codec licensing nonsense), Moonlight has a better claim to cross-platform compatibility. For starters, it doesn’t lock you out if you happen to be using the wrong type of CPU.

(I thought one of the goals of high-level programming languages and frameworks and virtual machines was so that you don’t have to worry about the details of the lower levels. Of course, I thought one of the goals of web applications was independence of platform at the level of operating system and below. Shows what I know.)

Microsoft’s Port 25 has underwritten a number of technical notes (which they refer to as a technical analysis) providing detailed instructions on getting Windows and Open Source projects working together. One of the more popular topics is Apache httpd. I went through Port 25’s blogs and collected these Apache web server related technical notes.

Technical Analysis: Installing Apache on Windows

Technical Analysis: Installing Apache with SSL on Windows

Technical Analysis: Apache with mod_auth_kerb and Windows Server

You can find the Apache httpd 2.2.8 source code and installer binaries (with and without OpenSSL) at…

Download - The Apache HTTP Server Project

The official Apache 2.2 web server documentation for the Windows platform is found here…

Using Apache with Microsoft Windows

The datetime module includes functions and classes for doing date parsing, formatting, and arithmetic.