O’Reilly is soon to release its first graphic novel, Hackerteen, a book teaching young people basic Internet technology and a deeper understanding of where and why Internet use can be risky. Around the time Hackerteen went to the printer, I read an interesting study in the March 2008 issue of Communications of the ACM that gives me hope we’re on the right track for educating our youth about computer security.

As security experts routinely say, the big challenges are more psychological than technical. One of the findings in the article, “Promoting Personal Responsibility for Internet Safety,” by LaRose et al., demonstrates this point in regard to fear, the pervasive motivator for installing virus scanners and adopting safe surfing habits. Here’s the problem: if people start out indifferent about security, or unconfident that they can do something about it, fear can actually decrease protective actions. The authors’ experiment produces a different relationship from the relationships found in the other articles they cite, but they conclude: “without knowing the level of risk perceived by each individual threatening messages have the potential to discourage safe behavior.” (Emphasis in original.)

As a solution, the authors recommend building what they call “self-efficacy”: the users’ belief that they can protect themselves. This requires education and assurances (but not unrealistic assurances). Self-efficacy is not the same as technical skill, but is certainly related. As the article states:

Fear is most likely to work if the threat information is coupled with information about how to cope with them, since the coping information raises self-efficacy.

Another point in the article is that education can fall on deaf ears if the learners don’t acknowledge personal responsibility for security. Frustratingly enough, the authors found that urging people to take responsibility might actually make things worse. People who possess some interest and skill (measured in ways not made clear in the article) increased their protective behaviors in response to such browbeating, but those who started out indifferent and uneducated reacted quite negatively; their protective behaviors decreased.

There are several other subtle points in the article (which of course represents only a few studies out of many in the field), but I think that what I’ve summarized so far backs up the goal of Hackerteen. The purpose of the book, as I’ve thought of it during the editing process, is threefold:

1. To get young people interested in computer and Internet technology, teachin\g them some facts along the way
2. To teach users precautions for protecting themselves online
3. To promote ethical behavior

These goals map onto three big concerns of youth: mastery, safety, and morality. Although parents and teachers are probably more concerned with safety and morality, I consider the promise of mastery (understanding technology so you can use it to enhance your life) to be critical. And the CACM article suggests that a feeling of mastery is required before one takes steps to protect one’s safety.

Our presentation should fit the psychology of our mission. First, we provide an exciting story, presented with gorgeously colored graphics, to disarm the readers’ recalcitrance about facing security problems. Security becomes fun, and therefore something worth getting to know better. If the novel stimulates learning, it will stimulate self-efficacy, and the novel’s strong message about personal responsibility can also take hold.

The typical psychology of comic books is all about sublimating fears and worries about adolescent potency–most of all, fears about facing the dark side of one’s own strong feelings and power. This psychology comes to the fore in Hackerteen, as the principal character Yago discovers his own power for both good and ill, and has to deal with the consequences of the use of that power. It’s a good story with a good message, and one I hope will bring joy as well as empowerment to a new generation.

I presented Bad Sushi: Beating Phishers at their Own Game (with Billy) at Blackhat Europe (Amsterdam) 2008 last week. I always enjoy doing this talk, and the feedback was quite positive. For more information, check out Nate’s coverage of the conference over at ZDNet’s Zero Day.

I’ll be presenting the Bad Sushi talk at Microsoft’s BlueHat conference in May this year. I’ll be apartment hunting and visiting friends in the Seattle area the last week of April, right before the conference, so if you happen to be in Seattle at that time just let me know!

The urllib module provides a simple interface for network resource access.

Whether you’re a Dojo veteran or a developer who is just starting to kick the tires, you should be excited about Dojo 1.1! I’ll leave you to the announcement and the release notes for now, but rest assured that we’ll be all over it in the ensuing Dojo Goodness episodes.

I chuckled at a couple of quotes in Java performance improvements touted, specifically one from Cliff Click:

As your program grows in size, the lack of strong typing basically kills your ability to handle a very large program and so you don’t find the million-line Perl program.

I’ve met Cliff, and he’s very smart, but I have to disagree on two points. First, no one who’s used anything with a better static type system than Java consider’s Java type system “strong”. (If you can still get a NullPointerException from a generic-enhanced collection, Java has a ways to go.)

Second, the reason that there aren’t many million-line Perl programs is that the people who are capable of writing and managing million-line Perl programs have better ways to organize their projects than glomming a million lines of Java into a single shared-everything instance. That’s setting aside the qualities of encapsulation and abstraction that Java-the-language doesn’t have, preferring instead to push that problem to tool vendors and AbstractFactoryFactoryInjectors which consume vast swaths of XML to get around Java’s static code fetish. I can only imagine how much larger the Java code would be without all of those XML files.

I also recommend James Robertson’s take on things, from Earth to Sun.

I’m curious to hear how many million-line Java applications exist in the world and what they do. I suspect that they’re primarily web applications that speak SOAP or REST over strict SOA or HTTP boundaries — just the sort of boundaries beyond which it doesn’t matter if your code is Java, Perl, C++, or the Korn shell. You know, because they’re completely network bound.

I use Drupal to power both a personal site (my OgasaWalrus Freeware and Open Source apps blog) and an Intranet blog in my office. So, I was more than a little envious when I read Garrett Serack’s mini trip report for Drupalcon 2008.

How a cowboy spends two days in Boston: Drupalcon 2008

Drupal’s been attracting quite a bit of attention over the past year or two. And, the commercial support available for the product is a good for the product’s long term survival and growth. Several Drupal’s main figures (including its creator - Dries Buytaert) formed Acquia last year to provide value-added software products and services for the Drupal social publishing system. SpikeSource provides a for-fee Drupal sandboxed package (with Apache, PostgreSQL, and PHP) for Linux and Windows called Drupal SpikeIgnited.

Chris Pirollo just announced his Drupal-based community social network platform project. Check out his blog and videocast to learn more about this project.

This week’s installment of Dojo Goodness demonstrates dojo.xhrGet, an easy way to sprinkle some AJAX into your application and one of the biggest staples in Dojo. (In case the “xhr” part of that API call is a curve ball, it simply refers to the XMLHttpRequest object.) The xhrGet function streamlines the work entailed in issuing a GET request to the server, is included in Base, and is intuitive to use in that you pass it some descriptive keyword arguments; the default behavior is to issue an asynchronous request.

Hello. My name is Andrew Kutz, and I am honored to be blogging for ONLamp on the topic of virtualization. Please watch this space for news on VMware, Xen, KVM, and other virtualization technologies. I’ll be creating my first real post later today. If you have any ideas with regards to what type of content you would like to see, please let me know by shooting me an email at akutz at lostcreations dot com.

Thought for the day: If the preferred scaling strategy of Java web applications is shared-everything in a beefy JVM with plenty of threads in myriad pools (and it seems to be) and the preferred scaling strategy of LAMP applications is a shared-nothing architecture across plenty of boxes with memcached in front of a replicated database, what changes will be necessary to run popular apps written with shared-nothing in mind in a shared-everything environment?

Bonus question: besides web applications and language research, are dynamic languages on the JVM interesting? (The clever reader will see where this line of thought leads.)

I’ve been using MySQL since early 2002 and Sun’s purchase of MySQL has me quite concerned (unnecessarily, I hope). I’ve been hedging my bets in case Sun decides to radically change MySQL’s Community Edition (the free version) availability or make it too experimental to use in production or near-production environments (forcing MySQL users to the for-fee Enterprise Edition). One hedge is getting familiar with PostgreSQL. I’ve invested a bit of time building it from source code on a test Linux box and then testing upgrading a datbase from version 8.2 to 8.3. That was quite painful compared to MySQL, btw. I was surprised I had to perform a full database dump from 8.2 and then import everything back in to the 8.3 installation.

EnterpriseDB has been selling a repackaged version of PostgreSQL since 2004. They relaunced the product this week and renamed it Postgres Plus and Postgres Plus Advanced Server. The Postgres Plus edition seems similar to the MySQL Community Edition in that both are available with easy to use binary installers. Postgres Plus Advanced Server is priced at US$5,995 per socket. It provides additional features such as the ability to run applications designed to work with Oracle, database migration tools to move from Oracle and other commercial databases, and advanced management and monitoring tools. The Advanced Server developer edition is free. This is a good idea and one that MySQL should emulate with its Enterprise Edition.

I haven’t looked a the Windows or Mac OS X versions of Postgres Plus (the free version). But, I did download the Linux distribution and found that the gzipped download contained a single bin file. This really appealed to me since PostgreSQL’s binary versions consisted of what seemed like an endless list of RPMs to choose from and download. In fact, I decided to install from source code on Linux since it seemed easier than figuring out which RPM files I needed.

Old PostgreSQL hands probably don’t have any great need to take a look at EnterpriseDB’s offerings. However, newbies like me looking for a quick, painless, and correct installation of multiple PostgreSQL components across multiple OS platforms to create a stable platform from which to learn will probably benefit from EnterpriseDB’s Postgres Plus offerings.

FYI: Those of you considering running PostgreSQL or Postgres Plus on Microsoft Windows might want to take a look at these two PDF documents available from Microsoft’s Port 25 site…

PostgreSQL on Windows: A Primer

Connecting Office Applications to MySQL and PostgreSQL via ODBC

In my (painfully) long career as a software engineer, I’ve often run across the attitude that code has intrinsic value. You see this frequently in the industry when ‘code reuse’ is used as a metric of efficiency. At several companies I’ve worked at, old and badly bit-rotted products have not been rewritten because “we’ve invested umpty-umph million dollars in that code, we’re not just going to throw it away.” This whole attitude is bull-doodoo, and here’s why.

At PyAtl, the Atlanta Python User’s Group, we will be having a special presentation on Object Oriented Programming, “Object Oriented Python: From the Basics all the way to Voodoo”.

Jonathan LaCour, a Turbogears, and Elixir, developer will be giving a talk on Metaclasses. Drew Smathers will be giving a talk on MRO, and I will be giving a 10 minute talk on properties.

Everyone will be meeting at 6PM, at Six Feet Under before hand, and you can find directions there here.

There are still a few 10 minute talks we could squeeze in, so if you want to prove your Object Oriented chops, then grab something off list and volunteer to give a presentation on it. I would personally like to see a presentation on Mix-Ins, Static Methods and Class methods, and Operator Overloading.

You can RSVP for the event here.

PowerShell (formerly referred to by its codename Monad) was created by Microsoft as its next generation command line environment and scripting language. Although it is not an Open Source product itself, you can see the influence FOSS dynamic languages like Perl and Python had on it. There’s an interesting interview (part 1 of 2) that Jonathan Walz & Hal Rottenberg had with PowerShell’s architect Jeffrey Snover on their…

PowerScripting Podcast (Podcast 21)

One of the interesting discussion topics that came up during this part of the interview was a need for something like Perl’s CPAN (or Ruby’s RubyGems or PHP’s PEAR) to ease the download and installation of community contributed components.

You can find an older video discussion between Port 25’s Sam Ramji and Jeffrey Snover here…

Powershell Released: An interview with Architect Jeffrey Snover

Apparently, if you learn the hot, new, buzzworthy, Grok Python Web Framework, it helps you meet women. Grok was built on top of Zope, and I used it to build my website, and I think it is rather sexy. I have all the buzzwords, AJAX, Google Mashup, Python, Grok, JQuery, although I might need to do something with Comet..hmmm.

The collections module includes container data types beyond the builtin types list and dict.

Microsoft’s Open Source Labs Manager Stephen Zarkos posted a photo tour of the facilities there at…

Inside the OSS Lab

I had a chance to take a peek inside the server room when I dropped by Building 17 a year ago. The photo above is a closeup I took of the tux penguins seen with the human lab inhabitants in the final photo of Steve’s photo tour. You’ll note that the tux-es look healthy and happy. No daggers or other sharp objects have been hurled at them :-)

In amusing synchronicity, I was reviewing Bernard Golden’s Open Source Maturity Model earlier today. Then I read My Visit to Sun, where he describes a conversation he had with Simon Phipps before giving a talk at Sun.

In particular:

Many enterprises seeem to operate in a vendor-centric model: they select a vendor and from then on rely on the vendor to define when new technologies should be adopted, when new releases should be rolled out, even what complementary technologies should be implemented. It’s obvious that this causes middle-of-the-pack performance, lock-in, and lack of pricing power. Without rehashing all of those arguments, consider the other implication of this approach: it fosters dependence — an inability to self-direct in technology direction, custom architecture, and unique business offerings. If all you can offer is off the standard menu, you will never serve up differentiation.

When you give away software and trade license fees and pre-sales for support contracts and free downloads, you break the passive-adversarial model between vendor and customer that has served IT so poorly for the past two and a half decades.

That’s not a safe thing, nor an easy thing. That’s still a good thing.

I was reading through some new postings on a local LUG mailing list here in Louisiana, and saw a note from Chris J. about Microsoft’s Windows vs. Red Hat page. Chris brought up some good points, and I wanted to respond to them.

CJ: Now, let’s rip this FUD apart. First, Microsoft acts as if RedHat is the only option that enterprises would ever go with, and they say that while RedHat itself is cheap, it’s $2500 a year for support. Okay, that’s support, Microsoft. Why don’t we compare apples to apples, and point out that Microsoft’s support is somewhere around $700 per incident? To me, $2500 a year is FAR cheaper

The cost of Red Hat. Okay, in all seriousness, Red Hat is a little expensive on the front end. We often deploy it for clients, and the base cost of RHEL is a little high, especially since it’s a subscription model (you pay it every year) and not a one-time purchase (as with Windows Server). That said, Windows CAL licensing can add up very quickly. So, personally, I would have argued the point based on CALs. But as far as upfront purchase-the-shrinkwrap costs, Windows tends to be cheaper than Red Hat. As far as support costs, well, the RHEL subscription does get you support, but it’s not like your local ABC IT company. And most people don’t call Microsoft OR Red Hat for support.

CJ: I also find a lot of issue with the fact that Microsoft claims that every distro of Linux is so different that migrating from, say RedHat to SuSE is very difficult, if not impossible. One of the key strengths of any UNIX architecture is the portability of files. The file structure is based on an open standard, and you could very easily take files from something like Turbolinux, and easily bring it back up on any other distro of Linux, or perhaps BSD, Solaris, OSX, HPUX, etc… Linux admins tend to keep the data files on seperate drives/partitions from the OS, so you could simply install another OS on a new hard drive, and mount the old data partitions under that OS, and continue right where you left off. If you need something like a database, it’s not hard to dump SQL to a file and reimport it on the new server. And the configuration files are generally flat text files, so how is your data somehow married to the OS/distro that it originated on?

File System Differences. To me, this is a valid point actually. The directory structure across UNIX systems, or even across Linux distros, may be technically something of a standard, but in reality it’s not. Even within the Linux eco-system, it can be hard to remember what is where. Are installs in /opt/ or /usr/local/? How are my rc files organized? Where are my network configuration files? The Linux Standard Base (LSB) group is working hard to address this, but the cold hard reality is that it’s in fact a pain if you are managing more than just a few Linux servers.

Migrating SQL databases. Good point. That is pretty easy (thanks SQL). It’s also very easy to copy a MS-SQL database from one server to another.

CJ: Also, they make the claim that Windows 2003 has fewer published vulnerabilities than Linux. We all know that more bugs will be FOUND in Linux, and they will of course be squashed rapidly. But, due to Windows’ closed nature, how many bugs actually EXIST but have yet to be FOUND?

Vulnerabilities. There has been a bit of a fuss these days about vulnerability counts in Linux. The core of Linux, i.e., the OS proper, is stable and generally secure. It’s rather rare to see a published vulnerability for the kernel or any of the base operating system programs. However, most Linux distros do commit the cardinal sin of installing everything and the kitchen sink, and it’s an entirely valid argument to say that a vulnerability in an installed-by-default application is a point against Linux. This is very similar to how people group vulnerabilities in IIS and Exchange with “Windows”. Tit-for-tat. That or we need to all step back and stop grouping vulnerabilities in this way.

CJ: The only valid argument that Microsoft brings up in this article is about the management interfaces. They hands down win in that department, but that’s why you hear of UNIX guys working at places like NASA, making $200,000 a year. UNIX OS’s are definitely not easier, and you do have to know what you’re doing to accomplish the same thing that you can do in Windows with a mouse click. So what? It is what it is. I also love how Microsoft neglects to mention the fact that Windows Server 2008 is playing catchup with the UNIX world by adding a new feature called Windows Server 2008 Core. The core mode basically turns Windows Server into a GUI-less command-line-based server OS. That way, it can run faster, without the bloat and massive overhead associated with a GUI. Sound like any OS you’ve ever used? Oh, that’s right…UNIX/Linux/etc… And of course, once you are using Windows Server 2008 in core mode, you suddenly lose that one advantage that Windows has: its GUI based management interfaces. Those are some great arguments, Microsoft.

GUI. Actually, I tend to strongly disagree here about the focus on the Windows GUI. First, I think that most Linux servers, especially those used in large, commercial deployments, have pretty good GUI management tools. Second, whether in Windows or Linux/UNIX environments, if you have more than several servers to manage you usually manage a lot of it via scripting and automatic deployments (again, this applies to both Windows and Linux/UNIX). That said, you are right that Windows is pushing a more “scriptable” environment (e.g., with WMI, PowerShell, etc.), although even back to NT4, there was the ability to script a lot of tasks if you could live with the pain of using Windows shell scripting and/or of WSH.

I’m neither an Eclipse user (though I download it every now and then but never get around to actually trying it :-) or a Java developer. But, I read Sam Ramji’s blog post…

Supernova

…with quite a bit of interest when he announced that Microsoft would be collaborating with the Eclipse Foundation to help Eclipse developers building software for Windows. Yeah, sure, you might say. They are just doing this to sell more copies of Windows. But, it is the way they are doing it these days that interests and even impresses me. Just think back to the message and rhetoric coming out of Redmond 4 or 5 years ago. Who would have thought that they would have forged relationships with JBoss, MySQL, Zend, Samba, Xen Source, and Eclipse? Not to mention hiring the brains behind IronPython and IronRuby?

If their collaboration with Open Source projects helps me get better tools, I’m glad to see it. Have I lost all of my skepticism and paranoia? Um, ok, not all of it. But, I’m happier with the way things are now than they were a couple of years ago.

Do you know a student interested in compilers, virtual machines, and programming languages? The Perl Foundation is a mentoring organization for Google’s Summer of Code again this year.

Perl 6 and Parrot have several project suggestions for students, and there are plenty of other places where you or your student can participate. In particular, anything related to a modern virtual machine or compiler or programming language implementation is fair game, including garbage collection, JIT, register allocation, compiler optimizations, and parsing strategies.

The most interesting ideas on the list so far include the integration of parts of LLVM with Parrot, particularly its JIT, though making Parrot compile with LLVM’s clang is an interesting project in its own right.

There are plenty of tasks for someone more interested in building a compiler than a virtual machine, however. Start with Klaas-Jan Stol’s Building a Compiler with Parrot articles on the Parrot weblog, and you’ll be able to build your own small language in a couple of days.

Finally, Bernhard Schmalhofer released Parrot “P&P” 0.6.0 on Tuesday. Besides the inevitable bug fixes, language improvements, and minor spit and polish we always provide, this release features reworked internals of our polymorphic fundamental data types. This was one of our milestones, and we’re still on track to the 1.0 release in the medium-to-near future.

Ooh. Okay, so this is news to me. There is a freeware tool to recover ext2/ext3 filesystems from Windows. Wow, that’s a change. Is it just me or do most of the free and open source recovery tools seem to run under Linux these days? (Microsoft even has an article about how to recover NTFS with Linux.)

Well, hmm, on a second look it looks like DiskInternals Linux Recovery is free but not necessarily open source. Correct me if I’m wrong.

Thinking along these lines, I’m curious about the current state of accessing NTFS from Linux. I know that back in the day you could read an NTFS disk from Linux, but you could sometimes corrupt the NTFS volume. So, I did a quick Google and found the Linux-NTFS Wiki.

Okay, so here’s the deal apparently (pulled right from the Wiki):

• kernel driver: fast, reliable, read-only. Most people already have it.
• ntfsmount: fast, reliable, read/write, userspace.
• ntfsprogs: various tools for managing ntfs, like mkntfs, ntfsresize and ntfsclone.

So it looks like the status quo has been maintained to some extent. You can read NTFS right off the bat. To write to NTFS, you need to install ntfsmount.

Looking more into ntfsprogs, I see ntfsclone. Nifty! I was thinking this may be a free way to Ghost (say, if you could use ntfsclone, Knoppix, and an NFS filesystem somewhere), but apparently you have boot issues if you just move NTFS to another computer without doing a little legwork. OR. You can run GAG, a graphical boot manager. Check it out.

One of the sites you often see mentioned in the Microsoft Port 25 blog is CodePlex where Microsoft technology related Open Source projects are found. I pop over there from time to time to see if there are any interesting projects that might be useful in my own work. I found PHPExcel 1.6.0 on my most recent visit. It was last updated on Feb. 13 and provides PHP classes to read and write Excel 2007 spreadsheet files.

The examples section provides simple to read and understand PHP code to get a handle on how to use the classes as well as 16 sample XLSX sample spreadsheet files to test interpreting spreadsheet features such as formulas, conditional formatting, and page breaks.

A dose of animation can give your app that extra bit of pizzazz that it sometimes needs to impress the customer/ladies/gentlemen/whatever-floats-your-boat, so I thought it might be a good idea to quickly showcase some of Dojo’s animation facilities.

If you’re just now tuning in, you can click on my mugshot or this link to get to the first two posts of the ongoing “Dojo Goodness” series that I’m writing to promote my upcoming book, Dojo: The Definitive Guide, which is available on Amazon as well as the O’Reilly catalog.

I arrived at PyCon 2008 on Thursday and attended the Eggs, Buildout, and Virtualenv tutorial given by Jeff Rush. It was quite good, and I would recommend going to any tutorial by Jeff Rush as I have been impressed by his ShowMeDo screencasts, and how thoroughly he prepares for his presentations. His slides for the tutorial are available at the python.org wiki.

Next, I attended the Generator Tricks for Systems Programmers Tutorial by David Beazly. This was my favorite technical talk at PyCon and I learned quite a bit. It happens that his book on Python is one of my favorite all time python books, so it was great to learn from him in person. If you get a chance to do a training session with David, do it, it. You will get more than your money’s worth.

Finally, I attended the web testing tutorial with Titus and Grig. I learned quite a bit about testing web applications, and I am glad I attended.

On Friday, I gave a talk on Creating Agile Unix Command Line Tools With Python, you can download the slides and source code for the presentation there, or at my personal site here. I was a bit surprised at the turnout for the talk, as the room was completely packed. The talk went pretty well, although it would have gone better, if I would have had network access to demonstrate discovering a subnet in a few seconds. I think the source code has some really cool stuff in it, so hopefully people download it and play with it.

I should add that my time leading up to and during PyCon 2008 was pretty crazy. The rough draft for the book I am working on with Jeremy Jones was due on Monday of PyCon, and then on Friday I had my talk. Finally, Brandon Craig Rhodes and I were working on an article on ZODB that we finished on Monday. It was a great lesson in managing stress to get all of this done, attend PyCon, and hang out with friends. Whew, glad this week is over though! I turns out that I have written 14 articles this year, in addition to writing a book, and having a full time job. What was I thinking!

The talks that I enjoyed the most were:

Supervisor: Chris McDonough and Mike Naberezny.

Supervisor is really an interesting tool, and I found out it was based on something Guido originally wrote, which makes it even cooler. I love it when people write tools that are immediately useful, and are simple to understand and use.

Managing Complexity: Matt Harrison

Managing Complexity was an educational talk that exposed me to several ideas that were packaged in a novel way. More than anything, I brought away from the talk that simplicity is the key to reliable software. While I personally enjoy solving the most complex problems I can find, I also highly value the simplest possible solution to a problem. I suppose we as software engineer’s still need to learn that All other things being equal, the simplest solution is the best”.

Nose: Jason Pellerin

The Nose talk was a little hard to hear because Jason had a cold, but he had one of the best quotes when he was asked to compare py.test to nose. He said,” py.test is a like a Belgian Ale, and nose is like bud light”. I again am very interested in starting to use nose more than my brief experiments, because it is simple, and designed to be simple.

Testing OLPC: Titus Brown

Titus gave a very entertaining talk on testing OLPC, and came up with a cool XML-RPC testing harness that detected lines of code that were executed. Apparently he wrote this during PyCon, in some “spare time”, when he wasn’t getting free dinners from my book editor, Julie Steele :)

Due to my crazy schedule, I did miss a few talks that I really wanted to attend, but for some reason missed out on. One in particular was Using Grok To Walk Like a Duck by Brandon. My wife arrived on Saturday, and on a spur of the moment JJ convinced us to grab an authenticate Chicago sandwich. The sandwich was good, but we didn’t make it back in time. Oh, well, I can always force Brandon to do this talk for PyAtl.

Random Thoughts

I had a wonderful time at PyCon this year, and would highly recommend it to anyone considering whether to go next year. Sure, there were a few things that could have been better, like not having to endure a guy in the room next door pulling a Fear and Loathing at PyCon Hotel. At one point, the “scented” smoke coming from next door was so bad, I wondered if there was somebody burning a campfire of dried hemp in their room. Not sure, why PyCon was the ideal spot to “hot box” a hotel room for a week, but whatever dude.

I also was a bit bummed about the wireless problems during tutorials and talks, but hopefully we can improve on this next year. Wireless is a tricky thing to get right, so I am sure everyone was doing their best.

I did not attend any of the Lightening talks this year, so I can’t comment on whether they were good or bad. It turned out that every time there was a lightening talk, I met somebody interesting to talk to, and didn’t get a chance to see them. I agree that half the fun of PyCon is meeting other people in the community, sharing ideas, and catching up.

A met quite a few interesting people including Eric Dahl, the CTO of Zenoss. Having used Zenoss, I will say it is a great product, and now having met Eric, I can say he is a very sharp guy. Zenoss has been doing some extremely innovative things with Python, and is a very good example of how Python can be used in the Enterprise. In addition, to having a great SNMP monitoring solution, Zenoss has also been doing some innovative work with Python, SAMBA, and WMI. If you don’t currently use SNMP to monitor your network, or if you are curious about what a Python solution would look like, download a virtual machine, and let it discover your datacenter in a few minutes.

I also got to talk with Guido, who needs no introduction, Alex Martelli, Steve Holden, Ian Bicking, Jeff Rush, Kevin Dangoor, Ben Bangert, and many other people for the first time. Jeremy and I got to work with Jullie Steele, the editor for our book, and it was a pleasure to meet her in person for the first time. I think our book is in good hands.

Brian Dorsey the creator of Noon Hat was fun to hang out with and we chatted quite a bit. It is always cool to meet new friends. I also got to chat it up with Mike Orr a bit at breakfast on Tuesday morning, and that was a blast as well.

For the first part of the week, I got to hang out with Grig, Titus, and JJ, who I email quite a bit during the year, so that was also pretty cool to see them again after a year. Overall, it was a great experience, and I can’t wait to catch up with everyone again next year.

Summary

The main thing I am going to take away from this PyCon is to embrace simplicity.

As announced earlier on my personal blog, I launched an open source project on Google Code called “loghetti”. It’s written in Python, and is a foundation for what I hope will become a very flexible tool to help admins (myself included) get whatever data they need out of their Apache logs.

Here are a couple of examples of stuff it can do:

Get a list of all of the 500 errors:

./loghetti.py –code=500 access.log

This will send all matching lines in access.log to STDOUT. To get a bit more complex:

./loghetti.py –ip=192.168.1.2 –code=500 –month=11 –day=21 –urlbase=index.php –count access.log

This will *not* return the lines that match all of those rules - but rather a simple count of the matching lines. This request is a somwhat typical support scenario. You have a client at 192.168.1.2 reporting 500 errors they received on some arbitrary date, when trying to reach your intranet’s home page. It’s not unusual in a support role to have the client say “it happened like, a million times”. Of course, –count will dutifully report that it happened 4 times (for example), which is likely closer to the truth.

Ok, one more example, because I happen to be a fan of this feature:

./loghetti.py –urldata=foo:bar access.log

This causes loghetti to parse the query string, and return lines where the query parameter “foo” matches argument “bar”. In other words, lines that look something like this:

http://www.yourdomain.com?stuff=things&foo=bar&this=that

There are billions of features I’d like to implement, but I figured since the tool is useful to me already, it would likely be useful to others, and maybe others can help get features that might help them implemented more quickly.

Let me know your thoughts!

The 4Suite.org projects are moving from CVS to Mercurial. I’m still quite happy with Mercurial having used it for several newer projects. One last test I anted was to convert the bigger projects from CVS to see how smooth the transition might be.

Plenty of people have said that Perl is dead. (Some of them post on this site.) Rather than looking in the rear-view mirror of book sales (and I keep arguing with our research group that we need to normalize that data to account for the huge sell-in spike for a frontlist title and the inevitable batch of returns three months later) or a naive search for “X programming”, Tim Bunce gathered job posting statistics and other information particular to the Perl community to demonstrate that the duct tape of the Internet is still alive and well.

Tim’s focus changes halfway through the video to discuss the development process of Perl 6 and how that’s sped up dramatically in recent months as well. Though the video’s difficult to read in places, it’s very much worth your time to watch, if for no other reason than Tim’s impressive and polite understatements, such as my personal favorite:

“The web development community tends to wear blinkers.”

Update: The link is Perl Myths Debunked.

Companies are constantly opening new veins of ore as they attempt to mine the Internet for useful information. Developers and open source system users will be particularly interested in a SourceLabs announcement of a service called Self-Support Suites that has been in beta since December. This tool combines enormous amounts of information indexed by SourceLabs from bug trackers, technical mailing lists, and other sites to help open source users diagnose problems. They’ve just put up a free download.

The proof of concept I heard from Byron Sebastian, CEO of SourceLabs, concerned a site that spent two weeks trying to track down the failure of an Apache Project module. SourceLabs’s system found a bug report with the fix in a few minutes by finding a match between a stack trace provided by the user and a stack trace provided by a question in a public forum message. This search was more difficult than it might sound, because stack traces don’t match precisely and their contents are not unique strings that are easy to search for. Sebastian says that stack traces and log files tend to have the most useful information–but if other information was organized better, it might rise in value.

Oh, joy. Adobe is at it again.

AIR applications are deployed as a single AIR file that works identically cross-platform. The api’s within AIR are identical across different operating systems so any application behavior will work the same regardless of where it is running. Regardless if you use HTML/AJAX or Flash/Flex to build your application the API’s are identical and run on MAC/WIN/LIN without issue.

Ted Patrick, Why Adobe AIR?

Given that Adobe’s evangelists have a very difficult time telling the truth about which platforms Adobe actually supports (particularly pernicious with regard to Flash; see Uh, Thanks for the “Linux” Support for one example), does anyone really think that AIR will run on anything more exotic than 32-bit x86 GNU/Linux? Set aside the fact that, as much as Ted’s quote may make you think that AIR runs on “Linux” right now, it sounds like no one outside of Adobe will see that binary blob until later this year.

When I think about cross-platform support, I think about the first time I sent e-mail on the Internet via a FidoNet gateway accessed through a PC bulletin board from my Commodore 128 over modem-to-modem dialup in the very early ’90s.

Again (I always have to disclaim this), Adobe has every right to support only the platforms and processors it wants to support. I have no problem with that.

As usual, I offer any Adobe evangelist, manager, or developer the chance to prove me wrong, publicly, by successfully installing a publicly released version of Adobe Flash on the GNU/Linux laptop sitting six feet behind me in my office. (Good luck; it has a PPC CPU.)

Just don’t tell me that you offer cross-platform support and then stick me in a ghetto because I’m using the wrong operating system and the wrong processor. I know what cross-platform support means — you can still browse the web on a Commodore 64 — and your walled garden isn’t it. For all its flaws (don’t get me started on the codec licensing nonsense), Moonlight has a better claim to cross-platform compatibility. For starters, it doesn’t lock you out if you happen to be using the wrong type of CPU.

(I thought one of the goals of high-level programming languages and frameworks and virtual machines was so that you don’t have to worry about the details of the lower levels. Of course, I thought one of the goals of web applications was independence of platform at the level of operating system and below. Shows what I know.)

Microsoft’s Port 25 has underwritten a number of technical notes (which they refer to as a technical analysis) providing detailed instructions on getting Windows and Open Source projects working together. One of the more popular topics is Apache httpd. I went through Port 25’s blogs and collected these Apache web server related technical notes.

Technical Analysis: Installing Apache on Windows

Technical Analysis: Installing Apache with SSL on Windows

Technical Analysis: Apache with mod_auth_kerb and Windows Server

You can find the Apache httpd 2.2.8 source code and installer binaries (with and without OpenSSL) at…

Download - The Apache HTTP Server Project

The official Apache 2.2 web server documentation for the Windows platform is found here…

Using Apache with Microsoft Windows

The datetime module includes functions and classes for doing date parsing, formatting, and arithmetic.

Here is the presentation I just gave a few minutes ago at PyCon:

Slides: Using Python to Create Agile Unix Tools
Source: Using Python to Create Agile Unix Tools

References:
IBM Developerworks Article: Using Python To Create Unix Command Line Tools

Okay, this is funny. I just read a little blog by Jamie about ComicCon and saw a link to this site. Um. Okay. So I see a preview comic strip and then click it, as told (I’m quite the sheep), and then am asked to download Silverlight. Sigh. Great, another plug-in.

Why does everything require a plug-in?

Please, someone tell me.

Anyway, I’m a little crazy so I click the Download Silverlight link and then get the luxury of reading what is perhaps the shortest license I’ve seen in about a decade:

http://www.microsoft.com/silverlight/resources/LicenseWin.aspx

Well, that’s refreshing.

Oops. Except now I’m told I can’t “work around any technical limitations in the software” (which basically means I have to use the software as I’m told, at least if this could stand up in court).

At this point I give up.

Whatever happened to clicking on a link and seeing the latest Dilbert cartoon?

I’m thinking this comic strip is probably meant to showcase Silverlight, thus the requirement to download the plug-in, but, really…

At least give me an alternative URL option. ;)

I saw Jamie Cannon’s announcement that the second Microsoft Open Source ISV Forum will be held at the upcoming Infoworld Open Source Buisness Conference (OSBC) later this month.

NXT Up: OSBC

Any chance for interoperability discussions between Microsoft and Open Source developers is good news for end users like me. But, what really caught my attention was this quote from Jim Zemlin (Linux Foundation Executive Director) in InfoWorld…

Linux Foundation: We’d love to work with Microsoft

InfoWorld: Apparently, Microsoft is going to get together with the Eclipse Foundation next week. Are there any accommodations between or collaborations between Microsoft and the Linux Foundation?

Zemlin: Not at this time, but we’d love to do it.

I think the article’s title is a bit of an overstatement based on the actual response to the interview question. But, what the heck :-)

Ooh, nifty! Sun and the Texas Advanced Computing Center at the University of Texas have released one of the “fastest supercomputers in the world”, at least according to Sun. Hmm, so 500 teraflops of computing power. That’s pretty darn fast. Sure, not as fast as my dual-core laptop, but.. Well, okay, maybe that fast, at least when my AV is scanning a Word doc before it opens. (Is it just me, or does AV tend to make your computer seem SLOW at times?)

Anyway, this got me thinking about where Microsoft is with High Performance Computing (HPC). Historically, HPC has always been in the realm of the traditional Cray-style supercomputer and, more recently, big, powerful, and distributed UNIX clusters. Microsoft has been kind-of sort-of dipping its toes into the HPC realm, but there’s certainly no concerted effort. There are at least two reasons for this that I can see:

• HPC is unfamiliar territory for Microsoft. Without any qualification, HPC is an entirely new market to Microsoft. I’m not even sure they have a business model for it.
• Microsoft is unfamiliar territory for HPC. In other words, there’s no history of HPC users working with the Windows platform. If you’ve ever looking at code that runs in these types of environments you’ll see a lot of reliance on libraries and utilities designed to distribute load either across a cluster of servers or the code is very intelligent about how to use the several hundred processors on the supercomputer. I’m curious how many of those libraries have been ported to Windows?

Oh, and one final bullet point:

• Microsoft is about software, not hardware. As far as I know, vendors that implement HPC sell hardware. On the Sun end, there is… well, Sun. For Linux we have hardware vendors like Linux NetworX. Who’s pushing this with Windows?

Should I be expecting a 2000-node Windows HPC cluster anytime soon?

A tad unrelated to the theme of this blog, but I found this very interesting. Apparently, HP is leaving the Identity Management market (refer to my recent post about Linux and Windows Identity Management). Hmm. Interesting. To be honest though, I haven’t ever come across an HP IDM installation, although I know they are out there. Typically, we work with and see CA, Sun, Novell, Oracle, and others, but not HP.

So is this a case of one of the weaker players just bailing out?

Microsoft’s Director of their Open Source Software Lab told us…

Why I’m excited about Yahoo!

…in a Port 25 blog entry. Sam’s comments are very positive and his excitement is understandable. Here’s my take on MicroHoo/YahooSoft.

The Feds and the EU approved Google to acquire Doubleclick. So, Microsoft and Yahoo should get through that hoop too. Yahoo (YHOO) is not only underperforming compared to Google (GOOG) and Apple (AAPL), it is also underperforming compared to the NASDAQ index. I found it kind of interesting that Microsoft and the NASDAQ tracked each other nearly perfectly over the past two years too. The chart is from Yahoo Finance, btw. I really like its charting features.

I think the acquisition is inevitable for the simple reason that Yahoo’s major investors must be pretty restless given what looks to my financially untrained eye as a two-year loss of market cap only broken when Microsoft made the move to acquire it. But hey, I don’t claim to be a financial expert or to see into the future.

Yahoo has a lot of good stuff and good people that aren’t reflected in their awful market performance. And, it would be interesting, as Sam implies, if those people stay on after the acquisition. But, having been one of many peons involved in a past mega-merger, I’m not so sure the Yahoo superstars will hang around long enough for the acqusition to close. That’s too bad, because I think the addition of Yahoo’s Open Source superstars to places like the Microsoft Open Source Labs might really ignite Microsoft’s detente with Open Source and turn it into a really productive path for Microsoft. And, yes, I can see some of your raising your eyes to the air and saying this is all this detente stuff is pretense on Microsoft’s part. I felt exactly the same way when I heard that Microsoft had an Open Source Lab a few years ago. I felt for sure it must be some kind of propoganda FUD team. But, I decided to visit there while on vacation and was able to meet and speak with Bill Hilf (the Director of the Labs at the time). I visited the Labs again last year (again while in the area on vacation) and met with more of the team. Guess what? I think these people are sincere in their efforts to get Microsoft and Open Source people and projects together.

I think it would be really interesting to see a huge influx of Open Source and web talent come in from Yahoo and, potentially, make a sea change there. Time will tell.

I was recently poking through some of the more interesting blog entries on Port25, and I came across “Active Directory and Linux Identity Management”, which is not a bad intro to integrating Linux into Active Directory. (You can also view a PowerPoint presentation that I did on a past road-show about Linux and Active Directory integration here.) Alas, I was thinking it would be about the broader concepts of identity management in heterogeneous networks. And that’s the thing..

At my consulting company, we do a huge amount of work in identity and access management, and I see two classes of clients:

• SMBs. These clients know AD and just want to get away from having to create accounts for users in multiple places. This usually means Linux/UNIX integration with AD at the operating system level (e.g., with Samba) and sometimes at the application level (e.g., by plugging Apache or Tomcat into Kerberos).
• Enterprises. These clients know a lot more than AD, and they want to have a solid set of provisioning and access controls in place to ensure that users have only the accounts and access that they need, and this means a strong and granular set of access control features. (Think CA eTrust Admin/Identity Manager, Sun Identity Manager, etc.)

I think it’s important that SMBs start to see “identity and access management” as being more about ACCESS than IDENTITIES. Or, more to the point, about CONTROL and not ACCOUNTS. SMBs tend to push integration so that they can reduce workload, while enterprise pushes identity and access management so that they can increase their control and audit capabilities.

The thing is, you can do a lot after integrating Linux/UNIX into AD, but most admins just stop at “Great, now I don’t have to create accounts several times when a new employee is hired.” So, take a step back and reevaluate what you’re trying to accomplish.

Inkscape developer (and fellow PDXer) Bryce Harrington mused about fixing critical bugs in Inkscape 0.46 to be in The paradox of FOSS projects supporting Windows.

Unlike the philosophical argument described in The Dubious Benefits of Porting FOSS to Windows, Bryce makes a more concrete, more pragmatic argument. In particular, the ratio of potential contributors to users on non-free platforms is measurably smaller than the same ratio on free platforms.

I’ve noticed this problem in some of my own projects. There are plenty of users willing to try a piece of software that may or may not work well on a non-free platform, but when it comes time to debug and fix these problems, their motivation goes away.

I’m sympathetic; it’s not fun to try to build and debug software on Windows. I don’t use it. I don’t understand it. I’m not the person you want telling someone how to install any of the free compilers that somehow don’t come bundled with Windows, just so that someone might be able to produce an interesting backtrace.

I’m not sure there’s a good solution, at least without enfranchising users to become contributors — and that seems to require Free platforms.

In my last post, I ran through the fundamentals of getting Dojo loaded into the page via AOL’s Content Delivery Network and showed just how easy it is to query the DOM with dojo.query. In this post, I wanted to briefly show off some out-of-the-box Dijit (Dojo widget) goodness with a simple login page. Take a look at the sample page below that uses the TextBox and Button widgets to create a great looking form with virtually no effort required.

Ivan Krstić is the security director for OLPC. He recently wrote Astounded in Arahuay about his experience in Peru, where the ministry of education is deploying 260,000 XOs.

I’ve always found discussions of OLPC highly tedious, mostly because so many of the comments seem to be “Let’s help our little brown brothers get clean water and rice and comb their hair and wash their faces before giving them computers, because that’s what they really need.” (Unlike some of the jingoists who express this sentiment, I’ve actually been to Saharan Africa.) It’s nice to have an actual experience report from a remote mountain village where the XO is improving education — achieving its goals.

Back in December, I was one of the 170,000 eager Linux geeks who forked out $400 for the privilege of getting my hands on a One Laptop Per Child XO. To be honest, my initial impression was not great. For one thing, the keyboard was (and continues to be) the wrong size and feel for productive typing by an adult. I really can’t complain about this, as it wasn’t designed for adults, and I have managed to adapt somewhat to get something approaching a reasonable typing speed.

More troubling was the poor state of the WiFi stack, which seemed incapable of connecting to a WPA encrypted network. Even when using WEP or no encryption at all, getting and keeping a connection seemed to be a hit or miss adventure. And while the Sugar OS was certainly innovative, it really started to grate on me when I tried to do the kinds of things I wanted to do with it.

Leaving aside the issue of why someone would want to use a WAMP environment for the moment, I wanted to point out that Chris Travers wrote an instructional document that provides an annotated httpd.conf for people who want to i install the Apache 2.2 web server on a Microsoft Windows platform. You can find the PDF file linked at this Microsoft Port 25 blog item…

Technical Analysis: Installing Apache on Windows

If you are thinking about installing Apache under Windows Vista (as someone who is testing PHP on a desktop or notebook might want to do), pay special attention to what Chris has to say about the dreaded Vista UAC (User Access Control).

A quote from Steve Jobs during the iPhone SDK Press Conference last week:

If they write a malicious application we [will] track them down and tell their parents.

In other words, the iPhone applications will need to be digitally signed by Apple, and the developers will be required to register with Apple. It will be interesting to see what kind of information developers will be required to provide to Apple to register. Will they ask for the developer’s credit card number? How will the developers authenticate their identity with Apple before they are allowed to submit their applications to be included in the store inventory?

The time module provides functions for working with dates and times.

If observation is the first stage of scientific discovery, watching what people are doing in a field will tell you what the academics and theorists will write about in a few years. By this reasoning, SD West and SD Best Practices are important bellwethers for programming theory, even though there’s little theoretical about the conferences.

Microsoft announced its Document Interoperability Initiative and the release of version 1.1 of the translator between ODF and Open XML for Microsoft Excel (spreadsheet) and Microsoft PowerPoint (presentation) applications.

Press release: Microsoft Launches Document Interoperability Initiative

The odd thing is that nothing in the press release tells you how to actually find this translator. It’s on SourceForge and here’s where you can find it:

OpenXML/ODF Translator Add-in for Office

If you head over to its download page, you will find individual add-ins for PowerPoint and Excel. Although both were mentioned in the March 6 press release, the Excel add-in has a Dec. 4, 2007 release date attached to it and is listed as version 1.0, not 1.1. The PowerPoint add-in is version 1.1, however.

On March 10, O’Reilly will release Jonathan Zdziarski’s book iPhone Open Application Development, currently available as an online RoughCut. Online and brick-and-mortar bookstores will have the book as soon as shipping permits.

Apple has just released a toolkit for application development on the iPhone. Readers will naturally ask: what is the relationship between the material in the book and Apple’s development environment? Can they apply what they learn in the book to Apple’s toolkit?

I’ve always been a big proponent of virtualization for many reasons, one of the most powerful of which is that it is making the underlying platform less and less important. For years, there has been the struggle for the “desktop” by Windows and X, where X has been OS/2, Apple, or Linux. (Yes, I said OS/2. Yes, that was before the invention of the wheel.)

Anyway, I think it’s important to keep in mind that the underlying platform that runs the box in front of you will become less important from a technical standpoint.

For Linux, this is a good thing.

Obviously, Linux wins on the upfront licensing end of things. Windows has some clout in the enterprise desktop market of course because of its huge third-party market, manageability in terms of policies and AD, and… well, because everybody knows it. Linux of course can be just as easily managed, but it’s just not as big a dot on the radar as Windows.

One reason for that is the fact that Linux takes a different skill set that Windows. And the supply of that skill set is much smaller than what is available for Windows.

But as virtualization continues to centralize application management and deployment (think Altiris for Windows and Linux), and as we move more toward the seamless windows in servers offering Windows-based applications, there is less reason to run Windows for management reasons and more reason to focus strictly on upfront costs.

I’m curious about Microsoft’s plans to face this threat to its desktop domination? Or is this in fact part of its plan? Where are things headed really?

Some people may be familiar with my writing/blogging about Windows Mobile, Mac applications, or Freeware and Free & Open Source Software for Windows & Macs. Microsoft gave me a unique way to discuss why I’m so interested in getting Open Source and Proprietary software products to work together. You can find three short videos of me talking about what I do and why I do it at…

Microsoft Open Source Heroes - Todd’s profile

There are a couple of minor detail glitches in the text part. But, you know how things get lost-in-translation :-) In any case, it is an interesting way for me to say “hello” to you all. So, Iet’s see how this works.

Hope to “see” (read) your comments to the blog topics Dustin and I write about for Inside Port 25.

The last time I installed PHP on Windows for serious testing (with Windows that is) was probably in 2002. It was a really painful process that involved (if I recall correctly) manually copying ISAPI DLLs and other obscure (to me) files to various directories to get it up and running with the Apache web server for Windows. And, after installng it… well, there were still some oddities that left me uncomfortable. However, the story from Microsoft, Zend, and SpikeSource for the past week has been that FastCGI fixes those performance issues. I’ll find out what installing and configuring PHP for Windows and IIS is like when I test it out myself this weekend on Windows Server 2008 in a virtual machine (in case I mess up :-). In the meantime, check out the commentary from Microsoft’s Hank Janssen about working with Zend to optimize PHP for Windows…

PHP on Windows

You can also find a video about configuring PHP with IIS7 and then modifying Wordpress to use IIS7’s Forms Authentication.

Installing PHP Applications on IIS7 (13 minutes)

You can see and hear Hank himself along with John Bocharov talk about the SQL Server Drive for PHP running on Windows at..

John Bocharov and Hank Janssen: Introduction to SQL Server Driver for PHP (SQLPHP)

Brandon Craig Rhodes, a local PyAtl, Python wizard, has released an incredibly easy to understand screencast on Buildout. Since I “strong armed him”, into making this screencast, it is only fair I blog about it

Background: Buildout is a tool that Jim Fulton, a.k.a, the Zope Pope, of Zope Corporation has developed. While not directly aiming to solve world peace, it perhaps will play a role in the future, as people will be less angry about application deployment and will have more time for making love and music.

Brandon Craig Rhodes, a local PyAtl, Python wizard, has released an incredibly easy to understand screencast on Buildout. Since I “strong armed him”, into making this screencast, it is only fair I blog about it

Background: Buildout is a tool that Jim Fulton, a.k.a, the Zope Pope, of Zope Corporation has developed. While not directly aiming to solve world peace, it perhaps will play a role in the future, as people will be less angry about application deployment and will have more time for making love and music.

Since I had “Windows vs. Linux” on the brain (as opposed to “Windows and Linux”, which happens now and then as well), I was thinking back to a recent meeting I had for the Baton Rouge Information Systems Security Association, which is part of the national ISSA. We were discussing upcoming topics, and one item that came up was log management.

Things that we all agreed needed to be discussed in a presentation were issues such as:

* How in the world do you view the logs from all of your servers?
* How do you filter out noise from important events?
* How do you store logs for future review, audits, and regulatory compliance?

The funny thing about that discussion is that the group that had the biggest problem understanding possible solutions were those that ran Windows.

Outside of enterprise settings, log management is just a completely under-served Windows market. Now, don’t get me wrong, there are plenty of log management solutions that work just great with Windows; some are open source, and some are commercial. But that’s not the point. The real issue is even if Linux and UNIX sysadmins aren’t actively managing their logs, they at least understand that it is possible. But a lot of Windows sysadmins don’t even think about this problem, much less try and pursue a solution.

This reminds me of the Shapir-Worf Hypothesis, which I learned in an anthropology class at LSU a long, long time ago. Essentially, Shapir-Worf says that the language you think in has a very big impact on how you think. A tad simplistic, but it makes sense to some extent.

It seems to me that an IT’ish Shapir-Worf is also at play here. Your view of the world in IT, and the problems and solutions available in that world, is in large part dictated by your platform of choice.

Obvious? Perhaps.

So, I just pointed out how this has limited Windows sysadmins to some point. In what way has this limited non-Windows sysadmins? What about Linux sysadmins?

I just read an interesting if short blog from Ann All about Linux in the SMB market. Basically, the question is: How far has Linux penetrated into small and medium sized businesses?

That’s a great question.

I’m a big fan that, in most situations, the best product is the most supportable product. Now, with a platform choice like the one people make between Linux and Windows, there are a lot of variables that go into “supportable”, including:

* Knowledge of the OS. Easy enough. Do you have the knowledge, or can you find someone that has the knowledge, to manage the servers. Far too often I see people with Windows and Linux servers that are horribly configured and frighteningly insecure.

* Vendor support. Does the vendor actively support the product at a reasonable cost? This one bullet item could start a flame war, but I have to say that I don’t think either side is better than the other on this. At the end of the day, most SMB-level organizations have to pay a vendor for post-installation support.

* Community support. Again, another flame war possibility here, but in my opinion both the Windows and Linux camps do well here. If nothing else, both camps have some very smart people in forums and newsgroups that can help.

* Third-party support. Okay, here is where Windows has a lead. Let’s be honest, there are a lot of really cool commercial applications for Windows and not so many for Linux.

All that said, Linux really packs a punch when it comes to upfront costs. Most people use free versions of Linux (e.g., Debian, CentOS), the servers run powerful and free software (e.g., Apache, PHP), and it just works.

So why isn’t Linux in more than “a fourth” of SMBs?

P.S. And of course, there is PHP on Windows..

When I read Bill Hilf’s See Change blog entry reflecting on Microsoft’s Feb. 21 Open Source Interoperability announcement, I didn’t think this direction shift would be felt by the Internet Explorer team. I mean IE7 doesn’t leak like Firefox 2 does (on both my Windows and Mac boxes). But, IE7 sure breaks a lot of web pages (including my personal Windows Mobile focused blog) that Firefox renders without issues. But, check on the announcements made today (March 3) regarding Internet Explorer 8.

Press Release: Microsoft Expands Support for Web Standards

IE Blog: Microsoft’s Interoperability Principles and IE8 by Dean Hachamovitch, General Manager, Internet Explorer

Dean’s blog comments…

Microsoft recently published a set of Interoperability Principles. Thinking about IE8’s behavior with these principles in mind, interpreting web content in the most standards compliant way possible is a better thing to do.

We think that acting in accordance with principles is important, and IE8’s default is a demonstration of the interoperability principles in action. While we do not believe any current legal requirements would dictate which rendering mode a browser must use, this step clearly removes this question as a potential legal and regulatory issue. As stated above, we think it’s the better choice.

…really caught my attention. I wasn’t paying much attention to IE8’s development up until today. I was just waiting for Firefox 3 to get further along in its development before trying it out. Now, I’m paying attention to IE8.

You know, I’m really starting to wonder about OpenOffice after reading this note from Ed Moltzen. So great, OpenOffice 2.4 is about to be released. That’s.. boring. Who really cares? There just doesn’t seem to be much of a vibe around OpenOffice anymore.

Obviously, the problem here is Google. Without question, Google stole all of OpenOffice’s thunder (well, what thunder there was) with Google Docs.

Personally, I use Microsoft Office 2003 (yes, I’m behind the times). I write a good bit, as a consultant I work with documents internally in our office as well as with clients, and, frankly, Office just works. But if I had to change, I’d just take the plunge and try an online office suite like Google Docs. Why take the effort to jump to OpenOffice just so I can.. well, nothing. What does OpenOffice offer me that would make me want to change? Not much. Google Docs is another story. Everything is “up there” in the Big Network In the Sky. How cool.

I think OpenOffice is going to get more and more marginalized over time. I don’t see how that can’t happen.

P.S. Okay, okay, so OpenOffice gets a mention about how well the overall architecture works and its impact on Microsoft. I’m still not blown away.

Todd just commented on WISP (Windows, IIS, SQL Server, PHP) and I have to say I’m curious. I have to admit I wonder how viable WISP really is. With LAMP (Linux, Apache, MySQL, PHP), most developers are relying on the built-in “free” of, well, Linux, Apache, MySQL, and PHP. But with Windows that’s not the case. At a minimum, you have licensing cost for Windows, and also SQL Server if you aren’t using Express.

An obvious rebuttal here is that the savings is in systems management. If you have systems administrators that are used to managing Windows, then I can certainly see where Linux may be a bad idea. But it just seems to me that most people that want to run most of the open applications, such as phpBB, Moodle, and Mantis are going to be at least familiar with Linux.

Speaking of Moodle.. well, maybe I’ll hold off on Moodle for a later discussion.

Anyway, please, someone tell me what real advantage WISP has in the real-world? If nothing else, most Windows-based web servers are doing .NET these days. I just don’t see PHP on Windows often—at all.

The last time I installed Apache httpd in Microsoft Windows was, hmm, early 2002, I think. And, I’ve never tried installing Tomcat under Windows. So, I read through Garrett Serack’s comments on Microsoft’s Port 25 site with interest since two of his recent blog items talked about Apache team members visiting Microsoft.

The Apache Visit to Microsoft Campus: Day One

The Apache Visit to Microsoft Campus: Day Two

One comment I found interesting in the Day Two blog entry was: a few things were uncovered, primarily around UAC, data redirection (where Windows redirects writes to the file system and registry to safe locations for low-rights processes). Argh. UAC (User Access Control) drives me nuts when I use Windows Vista. I know you can turn it off. But, that seems to defeat its important purpose of improved security. UAC should be priority one for Windows 7. The other item the comment brought to mind is this: From my limited Windows Server 2008 experience, it looks like its end-user UAC-isms are better behaved than Windows Vista. But, I thought the two OSes shared a great deal of the same code. So, why does the user experience on Windows Server 2008 seem so much better than the workstation-oriented Windows Vista?

The IIS7 administrative interface looks a lot different than IIS6 to me. So much so, in fact, that I suspect it is probably easier for an experienced Apache httpd web server administrator to install it on Windows Server 2008 than an experienced IIS6 admin would have configuring IIS7. So, I hope Microsoft and Apache can quickly iron out the issues Garrett mentions in his blog items to make the transition even smooth for Apache web server admins.

Use EasyDialogs to include Mac OS-native dialogs in your Python scripts.

I just heard about Cobra. Too busy to talk about it, but posting the slides from the SoCal Piggies meetings

http://cobra-language.com/docs/papers-etc/Cobra-Socal-Piggies-2008-02-Slides.pdf