The last 7 days, have been very crazy for me. Last weekend, I ended up in Los Angeles, for a couple days, and was able to grab some Cuban Pastries:

Before hopping back on a plane for Atlanta:

Back in Georgia, I felt very much at home when I spotted some familiar local scenery, a guy with a mullet in a camaro (with a killer “G-Force” bumper sticker), next to a man in a costume in the middle of traffic, asking for money:

Next, it was a Tuesday visit to the monthly Atlanta-Plone meeting. Where we discussed the upcoming Repoze Sprint/Visit:

On Thursday, we met with Tres and Chris, who happened to write supervisor, and they gave a tremendous talk on WSGI, Repoze, and Deliverance, that blew the PyAtl crowd away.

One of the more dramatic, show and tell, pieces, was a local demonstration of their “theme trac like Plone trick”. The crowd was blown away, when Tres and Chris stole, borrowed, pick your favorite word, the pyatl plone 3.0 site, and themed a localhost trac instance. We also saw a great debugging middleware WSGI tool, that “leaked” objects in the WSGI stack. WSGI is truly an incredible technology, and I am so excited about it, I almost can’t sleep.

Next on Friday, we hunkered down at Georgia Tech, and starting playing with Repoze a little more:

One silly idea that came up after a few beers at lunch, was writing the simplest possible WSGI application using the WSGI spec from Pep 333. By using Ian Bicking’s pythonpaste, Tres was able to walk me through setting up the most simple possible WSGI application. We used string substitution and pickle, and gave birth to A******Glue, AGlue, for short. AGlue is just a proof of concept, with a funny name.

If you are use virtualenv, and pythonpaste, it is quite simple to make a little web application using WSGI. You really only need to create an /etc directory in your virtualenv, that includeds a .ini file, such as this:

Step 1: Create a .ini file

[server:main]
use = egg:Paste#http
host = 127.0.0.1
port = 8080

[app:aglue]
paste.app_factory = aGlue.app:factory
path = %(here)s/../var

[pipeline:main]
pipeline = egg:Paste#evalerror aglue

Step 2: Next make some simple model.py like this:

class Book(object):
    """A book object"""

    def __init__(self, ISBN, title, reviewer=None):
        self.ISBN = ISBN
        self.title = title
        self.reviewer = reviewer

Step 3: Finally, make a app.py, or controller:

import os
import pickle
from paste.request import parse_formvars

from model import Book
template = """
<html>
<body>
<p>

<a href = "http://pyatl.org">pyatl.org</a>
</p>
"""
row = """
<p>%(title)s <form method="post"><input type="hidden" name="index" value = "%(index)d">
<input type = "submit" name = "delete" value="delete">
</form>
</p>
"""

epilogue="""

<form method="post">
<input type="text" name = "ISBN">
<input type="text" name = "title">
<input type="submit" name = "submit" value = "add">
</body></html>
"""
def middleFinger(environ, start_response):
    """Why did you use this, punk?
    """
    form = parse_formvars(environ)
    if form:
        if 'submit' in form:
            book = Book(ISBN=form['ISBN'],title=form['title'])
            books.append(book)
            saveList()
        elif 'delete' in form:
            index = int(form['index'])
            del books[index]
            saveList()
    print form
    page = [template]
    for index in range(len(books)):
        book = books[index]
        page.append(row%{'index':index,'title':book.title})
    page.append(epilogue)
    status = '200 OK'
    response_headers = [('Content-type', 'text/html')]
    start_response(status, response_headers)
    return [''.join(page)]

def saveList():
    file = open('/tmp/persistant.db', 'w')
    pickle.dump(books,file)
    file.close()

def factory(global_config, persist = '/tmp/persistant.db',**local_config):
    global books
    books = []
    if not os.path.exists(persist):
        saveList()
    else:
        file = open(persist)
        books = pickle.load(file)
    return middleFinger

With that little bit of code, you get something like this:

One thing I learned from the last few days, is that Ian Bicking is amazing! Between virtualenv, and pythonpaste alone, it is an incredible, how many tools he creates to help other Python programmers. Tres and Chris, are also equally amazing, and I would recommend trying to get them to come to your local user group for a Repoze/Deliverance talk too!

There will be a video posted this week of their talk this week on YouTube, and I will also upload a more refined version of AGlue, to the cheeseshop in a few days.

The zipfile module can be used to manipulate ZIP archive files.

First off, the “I” in the title does not refer to me; it refers to my coworker Jenny Walsh. Jenny was recently setting up a new Macbook Pro with Leopard on it and ran into a snag with PIL. Running setup.py for PIL for the first time said that she had no jpeg support. So, she installed libjpeg and tried again. This time, it said that she had jpeg support, but then it threw this error:

ld: in /Developer/SDKs/MacOSX10.4u.sdk/usr/local/lib/libJPEG.dylib, file is not of required architecture for architecture ppc

She tried compiling libjpeg and followed suggestions she had found from across the interweb including compiling as a “fat binary” (intel and ppc), but she still had the same level of unsuccess as before. Finally, in a fit of hacking frenzy, she removed all “-arch ppc ” from
/Library/Frameworks/Python.framework/Versions/2.5/lib/python2.5/config/Makefile,
re-ran setup.py for PIL, and all was right with her world again.

In trying to diagnose and help her with her problem, I stumbled across
this
blog post. They didn’t seem to have any trouble getting PIL and libjpeg installed on leopard. The compiled libjpeg as follows:

wget http://www.ijg.org/files/jpegsrc.v6b.tar.gz
tar zxvf jpegsrc.v6b.tar.gz
cd jpeg-6b/
./configure
make
sudo make install-lib

I tried the same thing on my laptop (which runs Tiger and not Leopard, btw), and it worked for me. But this just took my PIL installation from saying that it did not have jpeg support to saying that it did. Jenny was having a different problem. So, if you are having a problem with PIL blowing up when trying to set it up, you may want to give Jenny’s solution a spin. But make sure to make a backup copy of the Makefile.

The series “Yet Another Perl 6 Operator” is back with this brand new article

In the article on coercion operators, we got to know the prefix operator '?' which converts values into Bool::True or Bool::False. Like it happens with '~' for strings, '?' is recurrent for boolean operators.

In Perl 6, the usual infix boolean operators are:

?& - and
?| - or
?^ - xor

I was in Silicon Valley last week, and caught part of a demo of Composition on Grails. This is a project within SAP built on top of SAP NetWeaver Composition Environment.

I decided to change my plans, and had lunch with Will Gardella and his team. (Will gave the demo, and his team is building Composition on Grails within SAP.)

I’d never considered SAP or its business very interesting, because I misunderstood what SAP actually does. Though I very happily left the world of the Enterprise (twice, first as a system adminstrator and then as a consultant who wrote and maintained business software), and though SAP’s choice of technologies (ABAP, Java, WSDL, WS-*, shared-everything) are different from my preferences, it took just a few minutes for Will’s demo to convince me that I had overlooked something very interesting.

The BaseHTTPServer module includes classes which can form the basis of a web server.

Patrick Michaud is truly earning the Mozilla Foundation’s Perl 6 on Parrot Grant. He’s just published a Perl 6 on Parrot Roadmap for December 4, 2007, which describes the progress the project has made in the past couple of weeks.

In particular, he and Jerry Gay just switched the Perl 6 compiler in languages/perl6/ from the old compiler toolkit to the new compiler toolkit. This sounds like a small thing, but it’s actually a very large step.

As Jeremy and I get more down the road of finishing our book on Python for *NIX systems administration, working title, we are both going to start dishing out some meatier nuggets of Python that we expose in our book. I have a background in Feature Film Animation Pipelines, and I thought I would share an interesting Python module that Python programmers in the Animation world might enjoy. The module is called pyinotify, and it “monitor’s filesystem events with Python under Linux”. Sound cools right, well, it is, so lets get a little background.

Inotify went into the linux kernel in release 2.6.13, and, according to Wikipedia, “Inotify uses an API that uses minimal file descriptors, allowing programmers to use the established select and poll interface”, in plain english it notices changes to the filesystem and reports those changes to applications. In animation pipelines, generally, files need to make a round trip between CGI, and Editorial. The Animators are given a scene to create, and very large, raw image files, like 16 bit TIFFs, are created. The files generally need to be processed in many different ways depending on where those images need to go. They may need to be converted into a HD Quicktime Movie for viewing on a 2K or 4K, stands for thousands of pixels, digital projector, or they may need to be converted into a compressed format like MXF, or DNxHD, a variant on the MXF file format that Avid has developed. If the files are to get sent to the editorial department for editing, then they will need to be processed with a timecode, or keykode, value embedded into the metadata of the file.

Embedding either a timecode, or keykode, is mandatory, as it allows image files to be assembled automatically according to a shot list, or else they would need to be visually arranged by hand, which just wouldn’t work in an animation pipeline. One of the reasons why it wouldn’t work, is that the image files could be cut out of a scene, and it would be an incredible waste of money to animate a frame or many frames, that were cut out in editorial. This is just one of the reasons why embedded metadata in files is so important in animation. Of course things need to be kept track of, and that is why using something like SQLAlchemy could make a lot of sense. I am actually building a metadata management system into open source tool I am creating called Liten, and, when I get more time, it will use SQLAlchemy.

All of this rambling background material, leads me back to Python, and Pyinotify. Pyinotify, by talking the Linux Kernel API, can watch a directory or a whole filesystem, for the moment that say, a Maya Artist, has exported a sequence of frames to the “shot tree”, or file server, in plain english. At that point, when Pyinotify notices these changes, it could begun to process these files and perhaps move them to a High Speed Fibre SAN like Avid Unity, or XSAN, that is built for playing back HD media files.

Lets take a look at how that might work:

I threw this “toy code”, together in about an hour or so, and all it does is pretend to do things when a file is added to the /tmp directory and it closes. I might get around to actually making a useful tool this weekend and adding threading, etc.

If you would like to check this code out, I put up a Google Code Project here. These are some pictures of my “toy code” pretending to do things, when I create a file in a directory, I am watching. Thanks to author of pyinotify for making this so easy to work with!

import os
import sys
import optparse
from pyinotify import WatchManager, Notifier, ProcessEvent, EventsCodes

class PClose(ProcessEvent):
    """
    Processes on close event
    """

    def __init__(self, path):
        self.path = path
        self.file = file

    def process_IN_CLOSE(self, event):
        """
        process 'IN_CLOSE_*' events
        can be passed an action function
        """
        path = self.path
        if event.name:
            self.file = "%s" % os.path.join(event.path, event.name)
        else:
           self.file = "%s" % event.path
        print "%s Closed" % self.file
        print "Performing pretend action on %s...." % self.file
        import time
        time.sleep(2)
        print "%s has been processed" % self.file

class Controller(object):

    def __init__(self, path='/tmp'):
        self.path = path

    def run(self):
        self.pclose = PClose(self.path)
        PC = self.pclose
        # only watch these events
        mask = EventsCodes.IN_CLOSE_WRITE | EventsCodes.IN_CLOSE_NOWRITE

        # watch manager instance
        wm = WatchManager()
        notifier = Notifier(wm, PC)

        print 'monitoring of %s started' % self.path

        added_flag = False
        # read and process events
        while True:
            try:
                if not added_flag:
                    # on first iteration, add a watch on path:
                    # watch path for events handled by mask.
                    wm.add_watch(self.path, mask)
                    added_flag = True
                notifier.process_events()
                if notifier.check_events():
                    notifier.read_events()
            except KeyboardInterrupt:
                # ...until c^c signal
                print 'stop monitoring...'
                # stop monitoring
                notifier.stop()
                break
            except Exception, err:
                # otherwise keep on watching
                print err

def main():
    monitor = Controller()
    monitor.run()

if __name__ == '__main__':
    main()

Sound fun? if so, let me know.

The SocketServer module is a framework for creating network servers. It provides base classes for handling TCP, UDP, Unix streams, and Unix datagrams and supports both threading and forking servers, depending on what is most appropriate for your situation.

Need to monitor remote disk usage? Use snmpdf

1. Start and configure snmpd (edit /etc/snmp/snmpd.conf):

rocommunity superSecret
disk /


2. Run the command on a local machine and be amazed:

snmpdf -v 2c -c superSecret localhost

3. Setup and use SNMP v3 on a real machine you admin.

Do you have a thousands of lines of debug code slowing you down…use __debug__ and optimize it out with -O command line option.

My colleague Jim Shore has just released a transcript of a short talk he gave called Does It Work? Are We Done? Is It Right? (Keep It Light!). I share Jim’s thesis that there are three questions we need to answer in software development if we want to achieve any sort of success. In Jim’s words:

So I want to answer these quality questions, “does it work, are we done, is it right,” without incurring waste… and ideally, I’d like to do it in a way that makes me faster, not slower.

His talk specifically addressed testing, especially functional testing, but in working with him I’ve found that asking those questions of any part of a software development process is incredibly valuable.

For the past few days I’ve been one of several people helping Titus Brown set up the Python Software Foundation’s portion of the Google Highly Open Participation(TM) contest. GHOP is an extension of Google’s Summer of Code project, for students not yet in college. The goal of the contest is to attract young people to open source, and teach them how to participate. Check out the FAQ for more details.

The inspect module provides a variety of functions for introspecting on live objects and their source code.

Are you an IPython nut too? Here is your chance to help out testing this Thanksgiving weekend. In between bites of Turkey, and pecan pie, download the latest 0.8.2 version, dev egg here, and report any bugs to Trac

I finally found a copy of GVIM that works for Leopard. Download it here

Titus Brown is looking for small projects suitable for new developer to work on.

The urlparse module provides an interface for splitting up Uniform Resource Locator strings into their parts.

I’ve been digging into setuptools and easy_install lately, so you can expect to see more of these tips in the coming weeks.

One of the really cool features of easy_install is that you can install packages from the Python Cheese Shop, which is a web-based repository of Python packages. For example, in order to install IPython using easy_install and the Cheese Shop, you would simply type `easy_install ipython`. It’s all fine and dandy for open source projects to put their source code out there for the world to look at, but what if you work on (gasp) closed source code? Do you have to miss out on all this easy_install remote repository goodness? Not at all.

First, you have to setup a web server that will serve up your packages. I am using lighttpd on my laptop, which misses the point in practice since i could just as easily install the eggs locally rather than by pointing at http://localhost, but it works for example purposes. I have lighttp serving up a directory that contains a repository directory called “repo”. So, http://localhost/repo will give a directory listing of all the packages I can serve up.

Second, you need to build your packages and put them in a directory that your webserver can serve up, the “repo” directory in my case. I have 2 packages, foo v0.1 and bar v0.1, that I made into eggs. The filenames are bar-0.1-py2.5.egg and foo-0.1-py2.5.egg. In this example, foo has a dependency on bar. Since easy_install handles dependencies so well, I would expect an easy_install of foo to resolve the bar dependency and install them both. Step three will prove this assumption either correct or incorrect.

Third, and finally, you simply tell easy_install to look at your local repository for packages. Here is the command and output from installing from my local repository:

root@lanik:/usr/lib/python2.5/site-packages# easy_install -f http://localhost/repo foo
Searching for foo
Reading http://localhost/repo
Best match: foo 0.1
Downloading http://localhost/repo/foo-0.1-py2.5.egg
Processing foo-0.1-py2.5.egg
Moving foo-0.1-py2.5.egg to /usr/lib/python2.5/site-packages
Adding foo 0.1 to easy-install.pth file

Installed /usr/lib/python2.5/site-packages/foo-0.1-py2.5.egg
Processing dependencies for foo
Searching for bar==0.1
Best match: bar 0.1
Downloading http://localhost/repo/bar-0.1-py2.5.egg
Processing bar-0.1-py2.5.egg
Moving bar-0.1-py2.5.egg to /usr/lib/python2.5/site-packages
Adding bar 0.1 to easy-install.pth file

Installed /usr/lib/python2.5/site-packages/bar-0.1-py2.5.egg
Finished processing dependencies for foo

The “-f” flag tells easy_install where else it can look for packages. That’s it!

Last night teams were given a green flag and set off on the 44 hour race. All teams completed the HPCC benchmarks by 1:00am and results were handed in to the judges. Teams were then given data sets for GAMESS, POP, and POVRay, and will spend the rest of the available time working through them.

Arriving back about 6am, we found a few team members in the ‘understudy’ position (crashed out on the floor, sofa or under the tables). About half were in the midst of a team change, so there were a few bright eyes available. One team was reported to have to pull a team members fingers off the keyboard and send them back to the hotel for some sleep (and to stay within the rules).

About 12:20 the convention center experienced loss of power, and the Cluster Challenge teams’ equipment all suffered a hard crash. Not all came back fully, and the teams are working on it. Some times real world things happen and we learn from it: at least one team is now using checkpoint features in some of the applications so they don’t lose much runtime should they have this issue again.

Visitors to the event are enthusiastic, and are having excellent interaction with the teams. Kudos to the teams for taking the time to answer visitor questions while they are in the middle of this race.

Brent

After almost a year of preparation by the committee, a week of on-site infrastructure setup, and 2 days of on-site prep for the teams: we are finally at race day!

Tonight at about 8pm at the SC07 conference in Reno, we will officially kick-off the first attempt to build and race cluster-based supercomputers on the conference floor. The room is huge (20,000 ft^2) and beautiful, being decorated with banners, posters and even an airplane courtesy of the Reno Air Race Association.

If you are at SC07 and in the technical program, we invite you to visit us in hall 1 @ 8:00pm for the start and to cheer on your favorite team.

Brent Gorda

The Cluster Challenge at SC07 is in the preparation phase, with all 6 teams and their hardware on site in Reno Nevada. In a little over a day, the teams will begin a 44 hour computational competition (called the SC07 Cluster Challenge).

We have 4 teams from the US: Purdue, Indiana, University of Colorado, and Stony Brook
The University of Alberta from Canada is here, as well as the National Tsing Hua University from Taiwan.

Yesterday all the teams made it to the convention center and found their equipment. The energy of the students is huge at this point, and it is creating a level of excitement that is bound to grow throughout the week. The committee is rushing to complete last minute items and ensure preparation.

Stay tuned…

The pprint module includes a “pretty printer” for producing aesthetically pleasing representations of your data structures.

The SuperComputing 2007 (SC07) Cluster Challenge invites teams of students to Reno mid-November to compete in a demonstration of talent, technology and entry-level supercomputing. The activity seeks to highlight the gains in hardware performance, ease of use of clusters and the power and availability of simulation software. A half-rack (a full rack is about the size of a household refrigerator) of modern day servers, or “pizza boxes” is competitive with the number one system on the top500 from only 10 years ago!

The Cluster Challenge will be held in Reno the week of November 10-16, 2007 as part of the annual Super Computing conference. Each of the six international teams of undergraduates have designed their commodity cluster and are supported by their chosen vendor partner. Competition rules are simple: teams may use a peak of 26 amps on a 30 amp circuit. They will use their system to run the HPC Challenge benchmarks and three open source applications: POP, GAMESS, and POVRay.

The challenge starts Monday night during the gala opening where attendees attend to preview the exhibit hall and socialize with food and drink. At the start, teams will run the HPC Challenge benchmarks and post their results. Once they have done this, they will be given access to the data sets for the applications and will have the next 40+ straight hours to complete as much of this workload as they are able. At 4:00 pm on Wednesday, teams will be judged by a group of high performance computing experts lead by Jack Dongarra (founder of the Top500 website).

With the movement toward multi-core, it is clear that future performance gains will come from parallelism. The scientific community, with over 20 years of experience, has produced quality (and open) simulation software such as POP and GAMESS. Other software that might be thought of as not parallel, such as POVRay, can harness parallelism by running a copy on each processor.

We believe that computational simulation on this scale has attained a level of capability and accessibility wherein it is now a critical tool available (and soon to be necessary) to enhance the competitiveness of industry. By inviting undergraduates to design, build and then compete with these systems, we intend to demonstrate this. Through the selected applications we will show that interesting and useful simulations can be done on this modest amount of hardware.

It’s been crazy over the last couple of months with the book and with starting a new job, so I’ve been slack on blogging. Well, I’m trying to get back in the saddle again, so I’ll briefly mention something here that I only discovered recently.

If you are working on code that you are planning to release as an egg, it can be a huge pain to go through the code->bdist_egg->easyinstall->test cycle, slightly less of a pain to do code->setup.py install->test, and slightly less of a pain still to do export PYTHONPATH=/path/to/my/project->code->test. But there is a better way. If you do “easy_install develop”, then you can just enter into a code->test cycle. This option puts a .pth file in your site-packages directory and points to the set of code you’re working on. This keeps you from having to redeploy your code every time you want to test something. It also keeps you from having to remember to put your current working code in your PYTHONPATH. It’s just a really friendly option for easy_install that will make your life just a little easier. Thanks, PJE!

The shutil module includes high-level file operations such as copying, setting permissions, etc.

Google’s Webmaster Tools site provides a reporting feature to let you see who is linking to you. Unfortunately, the report is backwards from the orientation I want to read it.

I happen to enjoy going to a local grocery store that employs self service checkout. I find it very convenient to get a few items this way. This morning I went to get a few bottles of water, and some coffee, but was a little surprised to see this:

Since, I don’t use Windows in my household, it has been quite some time since I have seen a Blue Screen of Death, and it brought back some painful memories. This was kind of funny so I thought I would share it. (By the way, I snuck this photo on my iPhone).

It does bring the question to mind though, where are all of the OS X, and GNU/Linux, kiosks? I think Beryl or Cocoa both make very nice looking kiosks. I know I would probably use a grocery store just because it had a Linux or OS X kiosk. Anyone working on something like this?

A few people who read my blog are already aware that I was working on a little pet project to develop a command line interface to a Google Spreadsheets document that is being used by some of the administrative operations team at Python Magazine. The long and short of it is that I finally had about two hours to work on it yesterday, and got my little utility to the point where it’s actually useful to me: I can now add rows to the spreadsheet without opening a browser.

What’s even better is that it’s not specific to any particular spreadsheet. You can use it for any Google Spreadsheet you want. This code is 99% cut-n-pasted from Google’s examples and docs. The rest is the result of a bit of poking and prodding to figure out how to get at data elements that aren’t documented and I couldn’t find examples for. So I wanted to post it here so anyone could have it. It requires you to install the Google Data Python Client.

Save this to a file, execute it, and it’ll prompt you for your gmail account credentials, then show you all of the spreadsheets you have access to. Pick one, then pick a worksheet within that spreadsheet, and it’ll dump the contents, or (if you use the -a option) it’ll prompt you to fill in values for each column of a new row.

This is quick and dirty code, not production quality, and I probably do some un-Pythonic things in there somewhere, but a buddy told me he was having some issues with Google’s documentation too, so I figured that making more code available for people to read might help.

Enjoy!

#!/usr/bin/env python

try:
  from xml.etree import ElementTree
except ImportError:
  from elementtree import ElementTree
import gdata.spreadsheet.service
import gdata.service
import atom.service
import gdata.spreadsheet
import atom
import getpass
import string
from optparse import OptionParser

parser = OptionParser()
parser.add_option("-a", "--addrow", action="store_true", dest="addrow", default=False)
(options, args) = parser.parse_args()

gd_client = gdata.spreadsheet.service.SpreadsheetsService()
gd_client.email = raw_input('nEmail: ')
gd_client.password = getpass.getpass()
gd_client.source = 'pymag-test-1'
gd_client.ProgrammaticLogin()

def PromptForSpreadsheet(gd_client):
  # Get the list of spreadsheets
  feed = gd_client.GetSpreadsheetsFeed()
  PrintFeed(feed)
  input = raw_input('nSelection: ')
  return feed.entry[string.atoi(input)].id.text.rsplit('/', 1)[1]

def PrintFeed(feed):
  for i, entry in enumerate(feed.entry):
    if isinstance(feed, gdata.spreadsheet.SpreadsheetsCellsFeed):
      print '%s %sn' % (entry.title.text, entry.content.text)
    elif isinstance(feed, gdata.spreadsheet.SpreadsheetsListFeed):
      print '%s %s %sn' % (i, entry.title.text, entry.content.text)
    else:
      print '%s %sn' % (i, entry.title.text)

def PromptForWorksheet(gd_client, key):
  # Get the list of worksheets
  feed = gd_client.GetWorksheetsFeed(key)
  PrintFeed(feed)
  input = raw_input('nSelection: ')
  return feed.entry[string.atoi(input)].id.text.rsplit('/', 1)[1]

def ListGetAction(gd_client, key, wksht_id):
  # Get the list feed
  feed = gd_client.GetListFeed(key, wksht_id)
  return feed

def AddRow(columnfeed, spreadsheet, worksheet):
  # take the columnfeed.entry object and prompt for a value for each column
  # Build a dict from the resulting column:value pairs.
  dict = {}
  for key in columnfeed.entry[0].custom.keys():
      dict[key] = raw_input("%s: " % key)
  gd_client.InsertRow(dict, spreadsheet, worksheet)

spreadsheet_id = PromptForSpreadsheet(gd_client)
worksheet_id = PromptForWorksheet(gd_client, spreadsheet_id)
columnfeed = ListGetAction(gd_client, spreadsheet_id, worksheet_id)
if options.addrow:
  AddRow(columnfeed, spreadsheet_id, worksheet_id)
else:
  for attr, val in enumerate(columnfeed.entry):
    for key in val.custom.keys():
      print "%s:   %s" % (key, val.custom[key].text)
    print "n"

As I mentioned in Debugging GC Problems in Parrot, being able to find a failure as soon as possible helps with debugging. With a new runcore for GC debugging, we’ve found several memory problems and fixed most of them. (Some require rethinking certain design decisions.)

Here’s the process to finding and fixing bugs of this type.

Leopard uses dscl, directory services command line, tool to manage most things important. Here is how you switch to Z-Shell:

sudo dscl /Local/Default -create /Users/ngift UserShell /bin/zsh

Memory problems can be difficult to find and fix. I’m a huge fan of Valgrind, but it only works at the C level. The Parrot virtual machine allocates memory with malloc and releases it with free in a few places, and Valgrind is indispensable for making sure that those match.

Unfortunately for Valgrind, Parrot provides garbage collection, and two of its fundamental data structures rely on the correctness of the garbage collector. Some of the weirdest, and most difficult bugs to solve within Parrot are bugs in our implementation of garbage collection, usually where active objects get collected too soon.

Memory problems are often very unportable. Not only can one program demonstrate a problem where hundreds of other programs run without problems, but one operating system differs from another. Perhaps 64-bit platforms work just fine, but 32-bit platforms have a nasty segfault. Maybe the particulars of how you compiled the program may change memory layout sufficiently to avoid the problem.

Debugging GC-related problems reported on that one platform you don’t have access to is time-consuming and difficult. I discovered another way recently. Now reproducing GC problems in Parrot is possible across platforms, making them much easier to diagnose–and once you can diagnose a problem, you’ve done most of the work to fix them.

One of the hazards of working with multiple computers is keeping data synchronized between them. I know I should keep Joey’s advice about Keeping Your Life in Subversion, but configuration files aren’t they only offenders.

For example, my personal web site is completely static. I generally update only a single YAML file when I need to make a change, then run a short script to rebuild the affected pages and update them on my server. scp is great for transferring files once in a while, but there’s a better option for frequent updates: rsync.

I’m also slowly migrating users off of a machine being decommissioned to a new machine, and there’s an hourly cron job which uses rsync to copy all of their files between the machines. Because rsync transfers only the differences between the files, it’s efficient on network bandwidth (even if it still must perform a lot of file IO to traverse their directory trees). It’s a program I could have written myself, very badly, but I don’t have to, thanks to the Samba hackers. Best yet, I’m not even sure all of the places I have it running as part of scripts or projects; it just does its job and stays out of the way (at least once you skim the man page for the correct option… my one gripe is that I never use it manually often enough to remember exactly every flag I need in certain situations.)

Thanks to everyone who’s contributed to the project for making this useful tool.

The commands module contains utility functions for working with shell command output under Unix.

The nice folks at Apple have given us a workaround to get IPython tab completion to work on Leopard. I post the exact details here if you are curious.

Basically you manually import readline…

ln [1]: import readline
In [4]: readline.parse_and_bind (”bind ^I rl_complete”)

A while back, Jeremy and I asked about topics people would like to see covered in the book we are writing about Python for Systems Administration. I would like to take this one step further as ask if there are any essential open source libraries we should cover in our book. An example of this would be the unbelievably useful IPy Module, which my co-worker Doug introduced me to a while back. Since then, I have found the module indispensable.

Also, if you have done something really cool with Python and Systems Administration, send me an email, and I will see if I can give it some coverage in the book. Even if you plan on doing something cool, then make a google code project and send me a link.

The itertools module includes a set of functions for working with iterable (sequence-like) data sets.

I’ll be speaking at the hack.lu 2007 security conference in Luxembourg on October 20, 2007. My talk is titled Breaking and Securing Web Applications. The conference agenda is here.

The shlex module can be used to create mini-languages using simple syntaxes like the Unix shell. It is also handy for parsing quoted strings.

Adrian Howard asked on PerlMonks is there any way to access the contents of a block eval?. After catching an exception in Perl, can you see the source code that threw the exception, without using a source filter?

I wrote many of my parts of Perl Hacks by trying to do impossible things that no one had ever done before. (I don’t know that no one had ever done them, but I’d never heard of them before, which was close enough.) Because everyone thought it was impossible, I decided to try.

The difflib module contains several classes for comparing sequences, especially of lines of text from files, and manipulating the results.

How many open source relational databases can you name? My friend Gabrielle recently sent me the links to two of them. However, if you’re like most technical people, you probably don’t know any — just as I didn’t until recently. I can already imagine many of you saying “bulls**t”, what about MySQL and PostgreSQL?” (to name just two), but those are just databases, not relational databases. Noted (and controversial) database experts Chris Date and Hugh Darwen, building on the work of the founder of relational theory, Edgar F. Codd, have tried to educate people about the actual relational model but with little success. It’s a strange world of relations, relvars, attributes and other things which sound familiar, but when you look closely, they’re not.

Another article of the series “Yet Another Perl 6 Operator”

In the the last article, we’ve seen some of the usual relational operators in Perl 6 and their enhanced syntax through chaining (which allows expressions like a < b < c).

Another kind of comparison operators are those that, instead of true/false returns, identify the relative order between its operands: before, equal, or after.

Another article of the series “Yet Another Perl 6 Operator”

As expected, Perl 6 supports the usual comparison operators. This includes the numeric comparison operators:

== != < <= > >=

(where '!=' is a short for '!==', the negated version of '=='). These operators convert their terms into numbers before comparison.

The string comparisons operators are here as well.

Another article of the series “Yet Another Perl 6 Operator”

In Perl 5, we expect values to DWIM (”do what I mean”) in various contexts. For example, if we use a string containg “42″ as a number we expect it automagically act as a number. Perl 6 keeps this tradition of DWIMmery and introduces several new explicit coercion operations.

? to get booleans
+ to get numbers
~ to get strings

Michael Feathers addresses the question “How do you test private methods?” in The Deep Synergy Between Testability and Good Design. (If you’re stuck in a language with a fetish for compile-time access control on the part of the library writer, you have my sympathy.)

The answer is more interesting than the question. As Michael points out, the desire to test private methods extensively often indicates that he has too much behavior in the class. Other comments suggest that the barrier to creating new classes is too high–we don’t do it often enough.

I’ve often suggested that a major benefit of TDD is that it encourages better design, not only because of YAGNI but because you immediately have to use the API you’re designing. If that’s painful, or awkward, you may need to refactor. Testability is one part of the aesthetic necessary to write good code.

Issue 13 of [IN]Secure Magazine is now available. It contains my article: Social Engineering Social Networking Services: A LinkedIn Example (originally a blog post, but now with cool graphics). Download it here.

Do any of the iPhone users out there subscribe to video podcasts yet, or watch TV or Movies regularly on their iPhone? I am currently watching the internal release of the Pilot for “Spotlight on Free and Open Source Software”, and it looks quite good on an iPhone. More on that separate topic a bit later….

Another article of the series “Yet Another Perl 6 Operator”

Perl 6 has two repeat operators: one for replicating a string/buffer and the other for replicating lists.

String repeat 'x' takes a string as the left argument and the number of times to replicate as the right argument.

$string x $count

my $s = 'a' x 3; # 'aaa'
my $empty = 'foo' x 0; # ''
my $n = 2; my $dots = '.' x ($n - 3); # '' because ($n-3)<1

Another article of the series “Yet Another Perl 6 Operator”

Today’s operator is a very simple one, the string concatenation operator.

my $a = 'ab' ~ 'c'; # 'abc'

my $b = 'def';
my $c = $a ~ $b; # 'abcdef'

Perl 6 has an operator Z, named zip, to interleave elements of two or more arrays.

my @a = 1,2 Z -1,-2; # (1,-1),(2,-2)

The zip is one of the list generating operators that gives the language some flavor of functional programming. This gets further as the usual semantics for lists is to get lazy generation, which means easy/efficient handling of large lists (and also the extreme case of infinite lists).

You surely heard about the upcoming Perl 6 language. This language will be endowed with a set of features so rich that every Greek and Trojan is eager to see a full working implementation. Among these features, there are operators, many of them. Perl 6 was even said to be an operator-oriented language, with a yet larger diversity than Perl 5 already has.

I’ve used Vim for most of a decade now, having completely failed to understand Emacs, then going through a vi tutorial on an HP-UX 9.x box and watching how fast text editing can be. I’m proud that the Unix command-line is my IDE. I have plenty of great tools like Perl, grep, find, ack. I’m quick and productive.

I’ve known about Ctags, and I used it once or twice, but never really took advantage of it until last week.

I’ve used vim -t tag to open my editor to a function’s definition, but that seemed a little bit clunky. If I were in a Vim session already, I’d have to background the process, launch the new editor, and remember to switch back and forth between the two processes. (screen makes this easier, but it’s less of a benefit for short-lived processes.)

Then I had a thought, and looked it up in a Vim reference to confirm. Ctrl-] on an identifier jumps to the definition of that symbol. Ctrl-t jumps back. This works without having to start a new Vim process.

Thirty seconds of research bumped ctags from something I use once in a while to an indispensible tool for programming and debugging. Thanks to everyone who’s contributed both to ctags and to the Vim integration!

At our last PyAtl meeting we talked about Testing. I did a short presentation on Doctests, and Toby Ho did a talk on Test Driven Development and Behavioral Driven Development in Python.

I got inspired and stayed up until 4 AM on Friday/Saturday morning writing tests for the deduplication tool I am working on,Liten. You can grab a copy of it from the cheeshop as well. As a result, there is now version 0.1.2, which has pretty much full, doctest, and, unittest ,coverage. I also added the ability to search by bytes, KB, MB, GB, and TB and a –quiet option. I think I am test infected now.

I am also getting excited about this project. I hope to get the reporting a lot nicer in the next month when I release 0.1.3. I also am mulling over the best caching system to use, as I am not completely sure if I want to cache previous searches via a shelve or an ORM with sqlite. It looks like, I will probably have a deletion mechanism ready in 0.1.3 too.

I went camping with my family a couple of weeks ago. True to form for an ironic universe, the day before I left, I received a hard copy of a book manuscript to review, with final edits due my last day on the beach.

I finished everything but a sixty-page chapter before we left. I knew that final chapter would only take a couple of hours, and I knew that I could actually review the hardcopy on the trip… and if I could get web access, I could type my findings and then mail them in one quick shot. Sure, that would take a couple of hours out of my previous vacation time, but we’d meet the book deadlines and everything would be good.

That was my assumption, anyway.

I was working with some XUL that was eventually to be part of a Firefox extension, but at the time loading the XUL directly into Firefox. Didn’t take long until I stumbled into the infamous “Error: uncaught exception: Permission denied to create wrapper for object of class UnnamedClass”. Time to break out XULRunner. I hadn’t played with XULRunner since Ubuntu days and it was enough of a pain to set up just right on Ubuntu. On Mac, it’s a right headache.

So, I made good on my promise to start learning Ruby. I do python programming in my day job and want to get better at Test Driven Development, Test Enhanced Development and Behavioral Driven Development, etc, in Python. Basically, I want to take a very similar language to Python, like Ruby, and strictly start the “testing” way. I am not sure how many other people have done something like I am doing, but it would be fun if a Ruby person did the same thing with Python. It might be neat to exchange notes.

These are the reasons why I think my theory will work so far:
1. I have no ego with Ruby. I know I suck, so it is ok to be slow at first while I am only doing Test Driven Style Development. Basically, I won’t be tempted to just crank out some code without tests.

2. I don’t have any friends yet that use Ruby. This again allow me to bring in any preconceived notation of how I am supposed to do things. I will be an empty vessel.

3. There are things in Ruby that I can learn and apply to Python.

4. It is just as fun to program in Ruby, as it is in Python. Lets face it Dynamic Languages are fun!

If any Ruby experts have any advice on what is the proper way to do TDD or BDD in Ruby, please let me know. I DON’T KNOW ANYTHING. Ahh…that is fun to say. Any advice or guidance is appreciated. I suppose this is almost like a cultural exchange visit. I just learned about BDD, and rspec and they seem interesting.

Oh, and I visited the local Ruby meeting a couple of nights ago in Atlanta, GA, and found it to be quite fun and light, yet still interesting. I plan on going every month now. One of the most interesting things I noticed is that when there is only one web framework, it kind of focuses the discussions and everyone knows what you are talking about. I have to admit, this seems like a very refreshing environment for a Newbie to a language, as no matter who you ask, they ALL know ROR.

If you are in the Atlanta area and interested in learning Ruby, then I recommend visiting:
ATLRUG

Update: excellent tip from Eric Larson.

I’m a long-time CVS head, and I recognize CVS is quite showing is age, but I’ve never had much of a taste for the pundit’s heir apparent Subversion. I could go on about why, but I think it all boils down to SVN’s not fitting my head. I’ve been thinking of VCS and hosting options for my FOSS projects, and have discussed some of this in the community. I’m leaning heavily towards Mercurial (with Bazaar a close second). I decided to set up Hg on my MacBookPro so that I can play with it, and so that I can see if I can start doing local work on my machine in Hg and then push to a centralized SVN repo as a bit of insulation from SVN. Herein a few notes on the matter.

Most of the code that I’ve been writing for the book has been getting its own unit tests. I’ve been working on a chapter on networking for the past week and a half and have written a little code for the chapter. One of the challenges of writing tests for something like networking code is that there are so many variables which may influence a suite of unit tests. For example, if my unit tests rely on hitting some Google webserver and I encounter problems, trouble shooting questions may include: is my router acting up, is my ISP acting up, am I failing to get DNS resolution, is that particular server down, have they changed the URL for this resource, etc.

So, for the purpose of testing, I decided to bypass the socket module in this case and handle everything locally. I created a faux socket class fleshed out with the methods that I needed. I then monkey patched my module under test with the new faux socket class. All attempts to connect to a real socket actually “connected to” a fake socket from which I could totally control the behavior.

I’ve been reading Beautiful Code, picking out chapters here and there as I have time. While reading Brian Kernighan’s explanation of Rob Pike’s regular expression program from The Practice of Programming, I had an idle thought. “Hey, that’s a highly recursive program with complex behavior suitable for didactic purposes.”

Of course, Kernighan says that almost verbatim in the text. He also says “It’s a nicer example than Yet Another Fibonacci Sequence Generator.”

So I ported it to Haskell. I don’t promise it’s necessarily great Haskell, and I wouldn’t consider it entirely beautiful, but it appears to function.

I have been meaning for the longest time to scratch the personal itch of creating a robust command line tool to analyze duplicates on a file system. There are a few scripts floating around in various languages and the problem is not all that difficult to solve, but I went the whole nine yards and wrote a reasonably cool command line tool that uses md5 checksums to detect duplicates. A report is generated in addition to stdout dup messages in CSV format, so you can manually look through dupes and decide what you want to do with them.

Liten can be downloaded from the cheeseshop: http://cheeseshop.python.org/pypi/Liten/0.1a

GoogleCode: http://code.google.com/p/liten/

I have a rather long list of things to finish, like threading, daemonizing, caching ORM backend, way more unittesting etc. Give it a whirl and let me know what you think…

Oh, and thanks to the following people that I bugged with dumb questions like I usually do :)
Titus Brown, Shannon Behrens, Rick Copeland, Jeremy Jones, Scott Leerssen.

Why the Lucky Stiff’s fast, enjoyable Hpricot library makes hard Rails View tests effective and fun. Hpricot is a deep and useful HTML parser with a wide, flexible interface. It supports many clever systems to read and edit HTML. When we put it to work in Rails functional tests, it offers lots of different ways to solve hard problems.

I’m pleased to bring the Python Module of the Week series to ONLamp. The goal of the series is to cover one of the Python standard library modules each week with a brief description and examples.

I will post one or two of the popular past episodes here, but for the complete archive check out the main feed. Future posts will be posted to both sites.

Maybe you know how to drive a car. Maybe you can fix the carburetor. You probably don’t assume that you know how to design the car. However, programmers who can write huge SQL statements and understand the output of an EXPLAIN statement often assume that they can design a database. Admittedly, unless we’re comparing Oracle 9i with the 1967 Volkswagen Beetle, databases usually aren’t more complex than cars, but a properly designed database can be very hard to come by yet it’s the key to a solid application.

This is part 4 of an N part series on rewriting my podgrabber application. Here are links to part one, part two, and part three. In part 3, I outlined my strategy for synchronizing between mediaStores. This post will update that strategy slightly to show how I’m now handling threading.

For the curious, the code lives in a Bazaar repository at http://bzr.podgrabber.org/trunk/

The SyncManager now takes a taskManager in its constructor.

class SyncManager(object):
    """This is a concrete implementation of a syncronization manager which is
    intended to be subclassed if necessary.

    A SyncManager connects two mediaStores with filters and processing steps.
    It should be able to copy files from the fromStore to the toStore, exclude
    any files which were filtered out, and execute any processingSteps along
    the way.
    """
    def __init__(self, fromStore, toStore, copyFilters, deleteFilters, preProcessingSteps, postProcessingSteps, taskManager):
        self.fromStore = fromStore
        self.toStore = toStore
        self.copyFilters = copyFilters
        self.deleteFilters = deleteFilters
        self.preProcessingSteps = preProcessingSteps
        self.postProcessingSteps = postProcessingSteps
        self.taskManager = taskManager
        self._init()

And on copying a file, the SyncManager pushes the request to the task manager:

    def syncCopy(self):
        for mediaFile in self.getCopyList():
            print "ADDING MEDIA FILE", mediaFile
            logger.info("Copying file %s" % mediaFile)
            self.taskManager.addCopyFile(mediaFile, self.toStore, self.preProcessingSteps, self.postProcessingSteps)

Here is the task manager code in its entirity:

from Queue import Queue
import thread
import threading
import time

import logging
logger = logging.getLogger("podgrabber.syncTaskManager")

class Shutdown(object):
    pass

class CopyWorker(threading.Thread):
    def __init__(self, q, fileDict):
        self.q = q
        self.fileDict = fileDict
        threading.Thread.__init__(self)
    def run(self):
        #print "Running copy thread", self.getName()
        logger.info("Running")
        while 1:
            logger.debug("Blocking while pulling items from queue")
            mediaFile, mediaStore, preProc, postProc = self.q.get()
            if type(mediaFile) == Shutdown:
                #print "Break"
                logger.info("Shutting down")
                break
            logger.debug("Retrieved items from queue")
            for preProcessingStep in preProc:
                mediaFile = preProcessingStep.process(mediaFile)
            logger.debug("Retrieving file %s" % mediaFile)
            mediaStore.addFile(mediaFile)
            logger.debug("Done etrieving file %s" % mediaFile)
            for postProcessingStep in postProc:
                mediaFile = postProcessingStep.process(mediaFile)
            self.fileDict[mediaFile][1] = time.time()

class TaskManager(object):
    def __init__(self, numCopyThreads=5, numDeleteThreads=2):
        self.copyQueue = Queue()
        self.deleteQueue = Queue()
        self.numCopyThreads = numCopyThreads
        self.numDeleteThreads = numDeleteThreads
        self.threadList = []
        self.fileDict = {}
        for i in range(numCopyThreads):
            #thread.start_new_thread(self._copyFile, ())
            copyWorker = CopyWorker(self.copyQueue, self.fileDict)
            copyWorker.setDaemon(True)
            copyWorker.start()
            self.threadList.append(copyWorker)
        for i in range(numDeleteThreads):
            pass
    def addCopyFile(self, mediaFile, mediaStore, preProc, postProc):
        self.fileDict[mediaFile] = [time.time(), None]
        self.copyQueue.put((mediaFile, mediaStore, preProc, postProc))
    def addDeleteFile(self, mediaFile, mediaStore, preProc, postProc):
        self.deleteQueue.put((mediaFile, mediaStore, preProc, postProc))
    def _copyFile(self):
        while 1:
            mediaFile, mediaStore, preProc, postProc = self.copyQueue.get()
            if type(mediaFile) == Shutdown:
                break
            for preProcessingStep in preProc:
                mediaFile = preProcessingStep.process(mediaFile)
            mediaStore.addFile(mediaFile)
            for postProcessingStep in postProc:
                mediaFile = postProcessingStep.process(mediaFile)
    def _deleteFile(self):
        pass
    def shutdown(self):
        for i in range(self.numCopyThreads):
            self.copyQueue.put((Shutdown(), None, None, None))
        for i in range(self.numDeleteThreads):
            self.deleteQueue.put((Shutdown(), None, None, None))
        for t in self.threadList:
            t.join()

Basically, the task manager creates a queue for copies and one for deletes and a number of threads for each operation. When the sync manager passes the request to copy files to the task manager, it is a non-blocking call. The downloading/processing of each file happens N files at a time, depending on how many threads you’ve allowed to be active. The defaults are 5 for copying and 2 for deleting.

So far, this seems to be working pretty well. The only thing that I see that could use some immediate improvement is to either thread the downloading of the RSS feed(s), or to use Doug’s feedcache, or both. I’m going to try to work on trying to get that supported over the weekend.

The next area of functionality addition is that of creating a GUI. From the feedback I received in a post today, I’m going to have to check out wxPython.

Does anyone have any tips on GUI building on Mac using Python? It looks like PyGTK for Mac isn’t totally there yet. PyQT for Mac looks really out of date. Is building a Cocoa app using PyObjC my best bet? The more native, the better. The fewer dependencies, the better.

For everyone who read my A Taste of Haskell, A Taste of C, and whose eyes glazed over when I told Nat that Haskell functions only take one argument, John Goerzen explained what I meant in Haskell manipulates functions with the same ease that Perl manipulates strings..

If you watched A Taste of Haskell - Part I, Simon Peyton-Jones answers my question about parenthesizing expressions about halfway through; that’s when I was trying to explain this feature to Nat and made his brain hurt. (I realized halfway through SPJ’s answer that I had forgotten about associativity.)

If none of this makes sense to you and it still all sounds somehow cool (and once you get past the syntax and avoid some of the math, it’s seriously cool), check out Adam Turoff’s Why Haskell?, Pure Functions in Haskell, and Monads, for a great introduction to the language for LAMP programmers.

You could do a lot worse than to grab a lazy Saturday afternoon and work through the code. It’ll expand your mind in very good ways.

XPath is a complex query language that provides substantial benefits. It treats XML as a database, permitting queries as powerful as SQL SELECT. This post shows how to use a nifty visual explorer, XPath Checker, to write aggressive and accurate queries. Then we install these queries into test cases using assert_xpath.

I spent some time the past couple of days wrestling with HTTP authentication for a WSGI atom store implementation. It’s well known to be a tricky topic, and I went through a lot of bother, especially trying to figure out a Python WSGI library for HTTP auth that was clean, well-documented, and sported a flexible API that worked well across framework choices. I ended up using httplib2 for the client and decided on AuthKit on the WSGI server. I generally like to test my WSGI Web components with CherryPy, Pylons and raw Paste. In this case I didn’t get around to Pylons, I was able to get raw paste working well with code along the lines of the bundled example http://authkit.org/trac/browser/AuthKit/trunk/examples/authorize.py. I was never able to get things working with CherryPy, and I’m not sure why. I ran out of time to debug further. It seems CherryPy doesn’t like the HTTP status line sent by httplib2 with a www-authenticate response to a 401 using Digest authentication. I think this might have nothing to do with Authkit.

One problem I found with AuthKit is that I had to manually place ez_setup.py in the PYTHONPATH before the install would work. I might be doing something wrong, but this is not a problem I’ve had with other packages.

What Python tools do you use for your HTTP auth needs?

This is the third in an N part series on rewriting my podcast grabbing application. Here are the links to parts one and two. In part two, I promised to get into a common way of synchronizing media files between media stores.

I’ll be at the Black Hat briefings in Las Vegas this week. In addition to the briefings, I enjoy going to Black Hat to reconnect with old friends, and to make new friends in the security industry. It is also a delight to meet people who read my blog and to have the chance to hear their thoughts and philosophies.

If you will be there as well, and would like to catch up, please send me an email.

When a test case calls methods that write new records to a database, sometimes the test needs to fetch those records back and inspect them. This post develops assert_latest, an assertion that detects newly created records.

This post introduces developer tests that constrain exceptions. Our platform, as usual, is Ruby, yet these topics apply to any system. We will extend assert_raise() for more control over program faults.

The best developers write tests to keep their projects on track. Tests should cover every aspect of a program, and should take special care with program details that are sticky, hard, and mysterious. Exception handling is a murky topic, because when a program fails its control flow might not be obvious. Many a program has failed in the field because nobody in the lab tested all its error paths. Our test cases must ensure that faults make our programs degrade gracefully, not derail.

Billy Rios has let me know about another vulnerability he has found along with Nate McFeters. Here are the URLs, which when clicked from Firefox running on Windows should spawn cmd.exe and calc.exe in order to demonstrate remote execution flaws in Firefox:

I’ve seen at least two mock object libraries for Python (here and here). But I wonder, what is the benefit of using a simpler mock object over creating your own dummy class? It seems that if I created my own dummy class (a class which implements the same interface that it is attempting to “mock”), I would have tighter control over the behavior of the thing as well as have a nicer re-use experience. It seems that mock objects are typically defined on the fly and then thrown away. I’m sure you could re-use them, but if they are really intended to be use-once-then-throw-away, it may be a little harder.

I guess what I’d really like to see is something between mock objects and dummy classes, something where you define a dummy class to be used as one of your application classes, but which also contains the convenience methods that the two mock libraries have. Suggestions, anyone?

I’ve been carrying around an interest in text processing for several years now which began with my work with EDI. Even though I don’t work with EDI and my job doesn’t revolve primarily around text processing, I still maintain an interest in text processing in general and processing EDI specifically. I created the project ediplex using Novell forge probably two years ago, around the time I wrote this article for DevX. ediplex back then was specifically an EDI processing engine with hopes of converting EDI to other formats pretty easily.

Over time, ediplex has evolved. A goal that I had for ediplex even from the beginning was the ability to easily define new EDI file formats. In its inception, it only supported X12, which is primarily a North American standard. But I had hopes for supporting EDIFACT and TRADACOM, which are more in use in Europe.

Which leads me to today. The latest incarnation of ediplex doesn’t support EDI. Not yet, anyway. What it does is allows users to create custom document definitions which describe what a document’s header and footer should look like. It also allows users to create custom handlers to allow the engine to feed them with data for a specific document type. The latest rendition is in early alpha, but it looks like a document is being passed all the way from its input to its handler. If you’re interested you can `bzr branch http://bzr.ediplex.org/trunk/` and start poking around. (This requires the Bazaar version control client.)

The architecture for ediplex is layered, but pretty simple. The first layer is the input layer. This layer gets input from somewhere (file, socket, whatever) and passes data to the scanner, which is next. The input layer was designed to allow users to create their own custom types of input receivers as they see fit. The next layer is the scanner. While this layer can certainly be replaced and customized, that shouldn’t be necessary. The scanner receives data from the input receiver and determines which document type the text should be passed off to and passes it off. The next two layers are the document definition and the data handler. I combine there here, because they are combined in the ediplex code. The document definition doesn’t do much except for describe a new document type and tell the scanner if a certain string of text matches its definition. The handler is intended to be extremely customized. When it receives data, it gets to do whatever with it that its little heart (and its coding master) desires.

So, if you’re in the market for a text processing engine, check out ediplex. I don’t have a license statement in the source tree, but will soon. I’m strongly leaning toward the MIT license, but am also considering GPLv2. Questions, comments, flames welcome.

XSRF (Cross Site Request Forgery) is a huge security problem affecting most web applications. There have been a lot of articles written about XSRF, including the useful XSRF FAQ I linked to earlier.

There are quite a few free and commercial web application security assessment tools and static code analysis tools in the market today. A few commercial security assessment tool vendors have published white-papers about the importance of discovering XSRF vulnerabilities, yet their own products do not have the ability to assess for XSRF. I think there are multiple reasons for this, and here are my preliminary thoughts:

URI Use and Abuse written by my good friends Billy Rios, Nathan McFeters, and Raghav Dube (affectionately known as “baby Dube”) exposes how web browsers and applications fail to sanitize URIs leading to remotely exploitable conditions.

Billy started the ball rolling (after deriving inspiration from Thor’s Safari URI handling disclosure) when he discovered a remotely exploitable vulnerability in the firefoxurl handler. An example of his this can be exploited in IE is available from Billy’s disclosure: Click on this from IE to spawn cmd.exe (remote execution). Note: cmd.exe will spawn regardless of any IE or Firefox dialogs.

Large, complex, cross-platform applications with multiple developers sometimes have bugs. Some of those bugs never appear on your own machine; they lurk for a while until someone else builds and tests the software on a different platform, in different circumstances.

Tracing that bad behavior back to a particular checkin can be frustrating, even if you have a huge smoke farm that rigorously tests every configuration of every checkin on every important platform.

Parrot meets all of those criteria, except for the huge smoke farm. (Smokers welcome.) When I want to pinpoint a regression to a likely checkin culprit, I use a binary search. Will Coleda’s App::SVNBinarySearch promises to automate that process. Here’s what I found.

OK - so I haven’t done a “recipe of the week” in a while. But does titling the post “{{whatever}} of the week” mean that I’m going to do one of these every week, or does it mean that I promise not to do more than one per week? :-)

Anyway, I was googling around to see if a certain type of utility existed and I stumbled across this recipe for something called Pyline. Basically, Pyline allows you to pipe text to it and use Python syntax to manipulate what it will output, specifically at the word and line level. Here are a couple of examples from the recipe:

Print out the first 20 characters of every line in the tail of my
Apache access log:

tail access_log | pyline “line[:20]”

Print just the URLs in the access log (the seventh “word” in the line):

tail access_log | pyline “words[6]”

Good work Graham Fawcett. This is a useful little utility and the code is pretty brief. So, this is the recipe of this week.

The 5.9.5 release of Perl was announced today and may be downloaded at your nearest CPAN mirror. This is a release from the development branch of the Perl interpreter, also known as “perl-current, bleading edge perl, bleedperl or bleadperl”.

I just got myself an iPhone and I’m extremely pleased with it. I think it’s the best cell phone on the market - a sheer pleasure to use.

The purpose of this post is to alert new iPhone customers about a security vulnerability in AT&T/Cingular’s Voicemail system that has not been fixed for more than a year. I first wrote about this on February 1, 2006: Exploit Cingular Voicemail Vulnerability via Caller ID Spoofing. As soon as I got my new AT&T/Cingular number, I tested for this vulnerability and I can confirm that it still exists for new AT&T/Cingular accounts (atleast for iPhone customers). I can’t force AT&T / Cingular to fix this issue, but I can tell you about it so you know what to do to protect yourself from this vulnerability.

My involvement with the Wild West side of Python came somewhat accidently. I am helping organize PyAtl and on June 14th we had an incredible meeting! My company Racemi gave a mind boggling demo of our datacenter management tool that is written in all python. Our FlagShip Product Dynacenter allows any OS, including Windows to move around to different hardware in the time it takes to warm reboot…go Python! Finally, Google gave two presentations, one on Cross Site Scripting Attacks and one on Twisted. We also officially launched the PyAtl website that night which is running the bleeding edge Turbogears stack of Sqlalchemy,Genshi, and Toscawidgets. My friend Alberto Valverde is in charge of Toscawidgets and the concept is really awesome! If you haven’t met Alberto yet, you should, he is one of those rare exceptionally helpful, yet insanely smart people.

Here is where the the fun started…

I invited Mark Ramm and Jonathan Lacour to come to our meeting and talk about Turbogears. Mark and Jonathan mentioned that on the way up to the meeting they had a crazy idea. How about building Turbogears on top of Pylons? They announced an experimental sprint the next weekend and this is where things got wacky!

Rick Copeland, Jonathan, Mark,Mike Schinkel, and myself met at Jonathan’s house and started to experiment. We ran into an initial snag with understanding the pylons controller and I called up Shannon Behrens, another friend, who is insanely smart and incredibly helpful. Shannon works on the Pylons trunk and asked him how we would mount Turbogears on top of Pylons. After he got over the “you want to do what!”, he helped us with some good advice. At some point we all went to get some Pizza, then came back to watch Jonathan and Rick go into the “Zone”. After they came up for air, a controller was working and Frankenstein was born..mu ha, ha, ha, ha!

It was 1 in the morning by the time we all quit, but Mark, Jonathan, Rick and I decided to meet at Panera the next day at 1PM to finish it off. A little more work was done the next day, but part of the day was spent just hanging out and talking shop which was pretty cool as I hadn’t met Mark or Jonathan before. It turns out Mark and I have a bit in common as we both grew up on a “Ranch type compound” for parts of our lives, we both have been SysAdmins, and we are both writing a Python book right now. Mark is a really fun guy to hang out with for anyone who hasn’t met him yet!

So, after the weekend was over with I started to hear about some of the excitement. I emailed my most educated friend Mr. Phd from Caltech Titus and mentioned maybe he could contribute with some Twill stuff for TG2. I talked via email a little with Kevin Dangoor and noticed his big announcement.

Apparently, people were really fired up about the collaboration between Pylons and Turbogears. Lets face it, I am very excited that all of these smart people are working together! It now seems that some momentum in the battle for the perfect Python Web Application has shifted, as Pylons and Turbogears have the 800 lb Gorilla of ORM’s in SQLAlchemy, and they have Toscawidgets which is about to come into its own.

I have written several small web applications in Turbogears and Django and I like both. Currently Turbogears and Pylons don’t have a way to graphically manage the database like Django’s admin tool and the API isn’t as stable, but from what I hear this is about to change…..

I do get the impression that many people in the Turbogears/Pylons world feel left out and a common heard rallying cry is that Django has a “Not invented here attitude”. Whether this is true or not, I learned this past week that if smart python programmers feel they aren’t apart of the fold, they are capable of creating an uprising and doing just about anything!

I will close with this comment, Ian Bicking, who wrote paster which I think is pretty sweet, mentioned in a fairly famous post that it would be great, but unlikely that Pylons and Turbogears would merge, yet the impossible happened and the two frameworks are closely working together. May I suggest an equally implausible scenario? What if Django, Pylons and Turbogears worked on developing an interchangeable API? Is this impossible…you tell me!

If you read up on the Model-View-Controller (MVC) design pattern, you might find yourself a bit confused. In fact, I found myself confused by it when I first started reading about it, because there are plenty of resources out there to describe it, but so many of them seem to have different flavors of MVC and different diagrams explaining how data flows that it’s no wonder that programmers are bewildered about it. Fully believing that I don’t want perfect to be the enemy of the good, I’ll show a few practical implementation details of one way of looking at MVC, primarily focused on the Web needs.

Somehow I missed James Carr’s TDD Anti-Patterns late last year. I’ve perpetuated almost every one at least once. If you’re new to testing, browse the list, think about each entry, and watch for it in your own code.

I actually like fixing bugs and optimizing code. It’s satisfying to simplify a piece of code while making it perform better and use less memory.

I’m a terrible guesser, though. I guess about where bottlenecks are correctly perhaps half of the time, and likely less often than that. To make the most of my available time, I need a good profiler.

I’ve tried to use GNU gprof, but the requirement to recompile all of my software specifically to use gprof was too much. Instead, I use Callgrind.

Callgrind works like Valgrind (and it’s part of the Valgrind tools now). Run your program through Callgrind as normal (valgrind --tool=callgrind program_name opt1 ... optn); it will collect statistics about the run. Then run callgrind_annotate on the output and see a nice report about where your program spends its time. Though this is only the most basic of Callgrind’s features, it’s often sufficed for me to find and fix true bottlenecks.

If you need more features, I hear that KCachegrind is a useful visualizer of Callgrind’s statistics. I haven’t used it enough to discuss its value.

Because of Callgrind, I spend more time optimizing bottlenecks than I do finding them. Thanks to its developers and all contributors!

One of the sub-projects of Pugs is a series of Perl 6 sanity tests which define a minimal set of useful Perl 6 features. The idea behind those tests is that a Perl 6 implementation which can pass the sanity tests supports enough features so that it’s possible to bootstrap the rest of Perl 6 in that minimal implementation.

The Parrot project recently borrowed those sanity tests for the Perl 6 on Parrot implementation. (I work on Parrot in part because I believe that Parrot’s compiler tools are much more suitable for building compilers and languages than anything else I’ve ever used.)

Though I spend more of my Parrot time these days applying submitted patches, fixing bugs, and refactoring code, I try to make time for new development. I heard that we almost had all of the first suite of sanity tests passing and decided to see if I could improve the situation.

I’m a Vim bigot, but I reluctantly leave my comfortable off-white-on-black terminal windows for a web browser once in a while. Sometimes I even have to type more than a word or two in a textarea.

I used to grumble every time a site provided a tiny little text box for entry, or when I wanted to make an edit and left a row of j and k characters splattered through my text.

Now I use the It’s All Text Firefox extension and, before I let annoyance creep up on me, flick my mouse to a little blue box at the bottom right corner of the text area. With one click, up pops Gvim.

Suddenly, it’s worth typing more than a sentence into a web form again.

Thank you to all contributors to It’s All Text for making textareas usable.

If you’re still writing your own authentication for your websites, you may want to get with this program. Have a look at the bottom right of this page:
www.buxfer.com/index.php
Yep, almost everybody has one of those accounts these days, and more and more of those users are getting tired of endlessly multiplying username/password combinations.

I realize that Microsoft tried to do some Passport service in the past, but you can base your website’s auth on any site or combination of sites, even if they don’t have an API. As Tony Stubblebine has put it: “A login form is an API.”

I had been fighting with some silly old-fashioned servlet code. No need to say, I was not getting the upper hand. Never having been a web developer, I was baffled with why my POST request never got the contents I expected it to.

I spend a lot of time searching text files. More accurately, I spend a lot of time searching nested directories of text files. For source code, I know I should use Ctags, but I’ve never quite made the switch.

For plain text files (books, articles, stories, weblog entries, notes, contracts, et cetera), I’m still a GNU grep fan.

I spent a few hours in the past week editing a book manuscript and producing well-formed and valid DocBook XML. (I wrote two books in DocBook XML. While it’s a great file format for producing a book, it’s a face-stabbingly hateful format for actually writing a book.) Unfortunately, the conversion process to DocBook revealed some problems in the source material. In specific, certain links from one part of the manuscript to others were invalid.

I needed to find and fix the dangling links in all fifteen book chapters, spread out in several dozen individual files. Grep and a little bit of command-line magic made the task much, much easier. I ended up with the pattern:

vi $( grep -l 'L<refactoring_strategies>' ?_*/*.pod)

That is, search all of the .pod files in directories whose names start with one character and an underscore. For all of those files which contain a link to an anchor named refactoring_strategies, print their names. Open that list of files in Vim.

I still had to edit plenty of text, but finding only the files I needed saved me a tremendous amount of time. Throw in grep’s -r (recurse into subdirectories) and -i (use a case-insensitive match) switches, and I’m very happily productive.

Thank you to everyone who’s contributed to grep and GNU grep through the years. Your work helps me work, every day.

Google Gears, as you may have heard, is a browser extension that lets you develop applications that can run offline. If you haven’t already, try out the sample applications to get a feel for the functionality Google Gears has to offer. You can even use it to read Google Reader offline.

It’s a good idea to brain-storm in the possible security implications of Google Gears because it facilitates web code to act upon the user’s local disk (sand-boxed with the browser’s same origin policy). I’ve spent a few minutes looking at the architecture, and here are my initial thoughts:

My first patch to Perl 5 was a quick and dirty tiny feature enhancement. It also broke a couple of tests. That small act of public humiliation reinforced what I already knew was a good practice; automated testing is an important part of creating software that works.

I spent a couple of years chasing two goals. First, to create tools of such quality and ease of use that there’s no reason not to write good tests for Perl code. Second, to add tests so that we could immediately identify regressions and track them down to specific checkins.

Today, the core Perl 5 test suite (as of the most recent snapshot leading to Perl 5.8.9) has 121873 assertions. It could use more, but those tests cover the language and core libraries. Modern CPAN distributions are incomplete without tests written in the modern style, and test coverage and quality are topics of wider understanding and discussion.

I can’t imagine relying on a piece of software that I can’t verify with automated tests.

Analyzing the JRuby test suite, a recent weblog post from Christian Neukirchen stunned me. The most complete test suite for Ruby is the JRuby test suite and it has only 2747 assertions.

I know Ruby’s simpler than Perl, but it’s not that much simpler.

Yes, this is a Movable Type weblog. Yes, I accessed it through Firefox. Yet I hate typing in little text input boxes.

I’m writing this (surprisingly post-modern) entry in Vim, a tool I find almost indispensible. It seems like every time I use a computer, I end up wanting to use Vim.

I’ve used Vim to write all of my articles and all of my books. (I’ve used Vim to edit all of the articles and books I’ve edited too. I even wrote a two-line wiki in Vim, which I use to, among other things, keep track of the list of free software projects that deserve my thanks.

Speaking of software, I don’t know how I’d program without Vim. I’ve tried a few IDEs here and there, and there are some nice features, but the ability to work with text rapidly and quickly, through powerful muscle memory, keeps me using Vim.

So to Bram and all of the other developers and contributors to Vim, especially those who’ve shared a few of their secrets which I’ve incorporated into my personal corpus of productivity, thank you. Your work is indispensible.

Perl has a long history of copious documentation through the Plain Old Documentation format. This applies to much of CPAN, not just the core modules and documentation.

The perldoc utility is the main way to view this documentation. It has more features than people imagine (it was worthy of Hack #2 in Perl Hacks), but it’s a command-line tool only. Even for a CLI fan like me, sometimes hyperlinks are nice.

Pod::POM::Web is a CPAN distribution which turns all of the POD on your system into browsable, linked HTML. I use perldoc all the time; could anything displace it in whole or in part?

In my last post on the topic of rewriting my podgrabber utility, I promised to post the rewrite-code-in-progress to a Bazaar repository. You can branch from here if you’re interested. In this post, I’m going to discuss the paradigm I’m following for getting files from a webserver, pulling them onto a computer, then onto a portable media device.

In the current version of podgrabber, there was a concept of a download manager which would take a URL and save the file to a particular directory. This download manager was built with a small amount of extensibility in a very clunky way. I looked at the URL in order to determine how to download the file. After getting the files from the webserver to my computer, a single function would synchronize files between my computer and my portable media device.

This approach works, but it doesn’t provide a cohesive approach to the problems. It also isn’t very extensible. In order to come up with new file sources (such as FTP) would probably involve a lot of cut and paste and an ever-growing download method. And synchronizing downloaded files to anything other than some MP3 player that shows up as a USB disk drive would prove quite painful.

It is sometimes humbling to look back on code you’ve written. It is particularly humbling when you see a piece of your own code and wonder, “What was I thinking?” I’ve been going through this sort of programmer-introspection induced humiliation lately with my podgrabber project.

podgrabber began its life as a really simple Python script which would go through a set of RSS feeds, figure out what to download, then pull them in. I then decided to make it a little more interactive and allow the user to specify which of the undownloaded podcasts to download. A little coding, a little hacking and it was so. Somewhere along the way, I created a simple sync script to get the podcasts synced up on my MP3 player. (The MP3 player I had was a Sandisk Sansa e130 which showed up as a USB drive under Linux.) The final addition to podgrabber was a GUI (built in pyGTK) which would consolidate all of these features.

The GUI podgrabber has been pretty functional. I can add, remove, or update podcast feeds. I get a list of new podcasts and can select to either download all of them or just some of them. And I can go through a list of podcasts which are currently on my hard drive, delete them, and the next time I run “sync“, the old ones will be removed from my MP3 player and the new ones will be added.

These days, the perl6-language@perl.org mailing list is haunted by some passionate discussions, spawning long (often too long) threads. Just yesterday, someone posted yet another “Why Perl 6 has not such and such features” message which sparked a lot of discussion. After a while, someone detached one of the points of the original message and asked why Perl 6 still goes with explicit line termination with the semicolon. And then came an answer by Larry Wall (and they are always worth reading).

These sorts of things are almost never for a single reason. Some of
it is my prejudice against dangling syntax, and perhaps prejudice
against anything resembling Fortran. Some of it is not wanting to
distinguish different kinds of whitespace any more than we already do.
Some of it is simplicity of parsing, both for the human reader as
well as for the computer. I think if I had to pick one reason,
though, it’s that it allows the parser to understand the intent of
the writer much better and hence give more useful diagnostics when
something seems to be going wrong. Much more than other languages,
Perl depends on the prohibition against two terms in a row as a kind
of “self-clocking” mechanism to disambiguate programmer intent, and
not requiring a semicolon between the final term of one statement
and the first term of the next statement would tend to weaken that,
especially when the term starts with a prefix operator that could be
mistaken for an infix.

Last night at the Atlanta Python Meetup, I became aware that there are folks who have been around Python for a while who are unaware of the Python Cheese Shop. The “Cheese Shop” (named after the Monty Python skit) is intended to be a central repository for libraries and applications written in Python. Couple this with easy_install and you have a quick, easy, and clean way to install libraries and applications to your Python installation. By issuing the single command `easy_install ipython`, you will have the latest IPython installed on your system.

What’s happening in the front of Perl 5 development? I bring you some rumours that cheer me up.

There are nice markup languages out there. One of these is Textile. When writing the basic stuff, it lets you write uncluttered code (even with attributes, classes, ids). And when needed, you can jump the gun and write raw HTML.

You find Textile implementations in many programming languages, including the four P languages: PHP, Python, Perl and Ruby (the P language with R :).

• The newest PHP Textile implementation,
• PyTextile,
• Text::Textile,
• RedCloth.rb.

Textile looks to me like a stripped HTML variant, one that gets rid of all those angle brackets. It makes me feel lighter. Such a piece of text seems just right to me.

h1. Header

A paragraph with a *bold phrase* and an _italic phrase_.

"Nice looking quotes"! Pretty ellipsis... and beautiful rendering of 2 x 2, one(TM), two(R), and others. I also enjoy footnotes[1], @pieces of code
in monotype@, and %{color:red}more%. Try to paste that code into the "Textile development page":http://textile.thresholdstate.com/ .

fn1. Cool, isn't?

Who uses Textile? Do you feel the same as I do? Or am I wrong and these distinguishing features are just too common?

Update: fixed link mistake pointed by Tj.

And this is my first blog entry for O’Reilly. It’s such a horrible thing to do something for the first time. I wish I started it by the second one and I hope you enjoy the topics here. Maybe I even try an introduction some other time.

Alligator Eggs is a very cute puzzle game with a surprising mathematical model beneath. I wish it explained how to indent my alligators, though. They keep going out of alignment.

Hey, it’s that time again. If you have an idea that you think would be beneficial for the Perl community, please check out our Call for Proposals. Get paid for open source work!

I should listen more to Brian Aker. He gave me a tip at least two years ago that I should visit Linuxfest Northwest. He was right.

This free conference expanded to two days this year, with nearly a hundred talks. The latest estimate I’ve seen is that around 900 people attended. That’s impressive!

There are four talk slots per day, so if you go all weekend you can only catch eight full talks. I heard about everything from building a persistent file system on a USB drive for Ubuntu to LiveJournal’s scaling strategy to the open sourcing of Second Life’s code to the history and intent of copyright. Imagine a computer lab full of people from age three to sixty-plus all building their own Linux-capable thumb drives.

I didn’t expect that, and I’m supremely glad I went.

Of course, the Linden Lab and Silicon Mechanics-sponsored party in the American Museum of Radio and Electricity didn’t hurt, either. (A working theremin! A 75 year-old car phone! Free food and drink!)

If you’re in the Pacific Northwest next year (or can be), go to this conference.

Thank you to the founders, volunteers, sponsors, speakers, and attendees. I’ll be back.

A few days ago, April 24 2007 to be exact, I performed a search on apple.com and out of curiosity, performed another search with HTML characters to see if they would be echoed back into the HTML. In other words, I was trying to see if apple.com’s search feature was susceptible to XSS (Cross Site Scripting). I found one attack vector and immediately alerted product-security@apple.com. A XSS issue on apple.com is of significant risk because it can be exploited by attackers to steal data from users that are signed on to apple.com.

On April 25, 2007, I received a thank-you email from Apple letting me know that they were investigating the issue. The email also stated: “Because of the potentially sensitive nature of security vulnerabilities, we ask that this information remain between you and Apple while we investigate it further” and included a case number.

The PEP submission deadline for Python 3000 has just ended. One idea really caught my eye: Traits/Roles instead of ABCs. (ABC means abstract base class.)

I fiddled with the ideas that would become roles in 2003 and 2004 before Allison Randal handed me a copy of the Smalltalk Traits paper and asked “Is this what you were trying to tell everyone?” Since then, we added them to Perl 6 (see Apocalypse 12).

I’m very pleased to see Collin Winter’s proposal (and his reference to Roles: Composable Units of Object Behavior. The concept is very powerful and–if applied throughout the entire system–provides a different and more flexible way of thinking about types and objects and classes.

I still stand by my warning about redesigning a programming language, however much in the spirit of good-natured ribbing. Integrating powerful new concepts cleanly may require and inspire further changes.

I attend more than my share of conferences. Because I travel for work, it’s important to take my laptop with me–and there’s little more convenient than open, unfettered wireless Internet access. (Wireless power that doesn’t cook my innards is the only thing that comes to mind.)

The easier it is to find an open wireless network and join it, the better my life is. (Good wireless support is one of two things I though Mac OS X did well; see Switching Back to Desktop Linux.) Fortunately, I found WiFi Radar and life is easy.

For example, I connected my System 76 laptop to the Portland airport’s free wireless several months ago and haven’t thought of it since. I had some free time before a flight yesterday, so I booted my laptop and went to connect to the network, only to find that my system had already joined.

The fewer pieces of infrastructure I have to keep in my head, the better. If selecting an ESSID and entering a key once is sufficient to let me update code and fetch and send e-mail, great. Thanks to all WiFi Radar developers and contributors for making that process easy.

Preface: if you love XML, that’s fine. I’ve nothing against the technology per se, but it’s not always the best tool for the job.

I’ll be in Copenhagen next weekend for the Nordic Perl Workshop giving a talk about multi-language test suites. This will be based on the work done with TAP::Parser and it will contain a brief discussion of TAP (the Test Anything Protocol), a protocol which is almost 20 years old and is gaining in popularity.

One question I’m sometimes asked by those not involved with TAP is why we don’t use XML for our test results. This is a brief attempt to answer that.

This week on the Perl 6 mailing lists

“The current pugs implementation is just translating to the old form underneath, so it’s not surprising it’s a bit off. That’s the sort of thing that happens when the language designer gives the language implementor whiplash. However, I rather suspect the interpersonal metaphorical meaning was lost on the physicist/comic who decided that the 3rd derivative of position should be called ‘jerk’. :)”

– Larry Wall, in ‘What should file test operators return?’

This week on the Perl 6 mailing lists

“developers shouldn’t live in fear of $^O”

– Jerry Gay, in ‘Use of English pragma’

I believe that a programming language should never crash, even given bad input. There may be cases where it reports obscure syntax errors that are difficult to understand, but crashing is unacceptable.

One way to make sure that there are no crashes is to feed your parser as much invalid input as you can imagine and check that you only ever get syntax errors. (I suppose another way is to write formal proofs for your parser, but even then you may have bugs in your implementation.)

To do that, you need a large corpus of valid programs and a way to generate a large corpus of mostly-valid programs that aren’t quite right.

I installed Algorithm::MarkovChain and set to work.

This week on the Perl 6 mailing lists

“I don’t think that it’s possible to make this non-conformity a fatal heresy :-(
(gcc –spanish-inquisition)”

– Nicholas Clark in ‘[perl #42110] [PATCH] Returning values from void functions’

This week on the Perl 6 mailing lists

This week saw the introduction of the Perl 6 Microgrants. Read more about them in ‘Perl 6 Microgrants. Now accepting proposals.’

My colleague Jim Shore and I have been working with BlueTech to explore exercises for professional software developers.

One of the weirdest portability problems I’ve ever encountered is dealing with platforms with case-insensitive filesystems. Files I expected to be there mysteriously weren’t. Files I didn’t expect to be there mysteriously were.

Case-sensitivity in programming languages confuses novices too, especially on insensitive platforms. The capitalization of certain words matters within the language where it doesn’t on the filesystem.

Usually that only leads to mysterious error messages. Though a novice may not know enough about the language to decipher the message yet, there’s no silent failure. Unfortunately, there’s a case in Perl where there are silent failures: pragmata.

I feel awkward admitting that I don’t use primarily mutt as my mail client (I do use it when I ssh into various machines), but I’m a big fan of KMail.

I’ve never found a perfect mail client, but I’ve used KMail off and on as my primary client since 2000, and it’s definitely my favorite.

I strongly prefer IMAP, and only two clients I’ve tried have handled IMAP at all decently: Mail.app on Mac OS X (just about the only Mac OS X application I might reasonably miss) and KMail. My most recent flirtation was with Evolution, but as my mail folders grew larger and more numerous, its performance went from adequate to abysmal and, finally, unusable.

When I switched back to KMail, I set up my IMAP connections as cached IMAP connections, and my problems went away.

I have a few small gripes and questions that I really should ask on a #kmail or #kontact IRC channel sometime, but it’s only when something goes seriously weird that I even have to think about my mail program. That’s the sign of a quality program.

Thank you to all KMail and Kontact contributors and developers!

Way back in December, Tim Janik wrote State of the Gtk+ Maintenance.

Like many large projects, Gtk+ is an essential part of many free software desktops. Like many projects, it’s also grown organically. Like many projects, it has far fewer core developers than you might expect.

It can be difficult to mentor new developers through the process of making a first contribution to becoming full-fledged developers. That doesn’t happen very often, in my experience. What I appreciate most about Tim’s message is that he explores all of the necessary issues to improve the Gtk+ project to the point of making that goal more reasonable.

I’ve long believed that having source code available under a free license is no guarantee of utility, much less attractiveness to potential contributors. Thoughtful project governance and management is, perhaps, an order of magnitude more likely to make one project more attractive and sustainable.

I’m not a huge advocate of getting type checking into Python, but this is an interesting recipe. By applying a decorator, you can specify what types the input and output of a function/method should be. I like having the flexibility to be able to do this if I want to. (As an aside, one benefit for me of working with code that has explicit input and return types is knowing for certain what type of thing a method/function takes.)

The recipe can be found here. It’s not revolutionary and may be less relevant when signature annotations make it into Python 3000, but it’s really interesting to look at now. (Less relevant meaning in the immediate knowledge of what types something takes and returns by reading it in a Python 3000 signature-annotated method. I know that there aren’t plans for typechecking in py3k.)

Both Twitter and Jott authenticate users by their phone number. Twitter does this by validating users based upon the source of SMS messages sent to the phone number 40404 (US), and Jott does this by trusting the incoming Caller ID when someone calls 877-568-848. From a security perspective this means the following:

• Anyone who knows your phone number can update your Twitter page by spoofing a SMS message, i.e. post a Twitter entry as you.
• Anyone who knows your phone number can spoof his or her caller ID to send a Jott message as you.

I’m working my way through Graham Hutton’s Programming in Haskell. Despite the fact that I’m not a mathematician (and I still believe that Haskell has syntax only a mathematician could love), it’s an accessible computer science text. It’s nicely clear, too, despite its relatively short length.

Most of the exercises are good too… except for one stumper in the list comprehensions chapter.

This week on the Perl 6 mailing lists

Due to a lack of free time, I will be unable to continue creating the Perl 6 summaries after April. We are looking for a volunteer or group of volunteers to take over the task.

Please contact me if you would like more information about what the job entails (contact information can be found at the end of this post).

I’m not a fan of procmail. I like what it can do, and I deeply respect people who make it work and especially make it work for them. I use Email::Filter instead, and I’m extremely happy with it.

I get a lot of mail, and plenty of it comes from mailing lists. To direct mail from a new list to the proper folder, I only need to add a single mapping of the list ID to the folder name. A little Email::Filter program takes care of everything else. I haven’t needed to touch the program in years. I also don’t have to remind myself of how procmail works every three or four months, when I need to change a rule. I rarely even notice it’s there.

Thanks to rjbs, the Perl Email Project, and everyone who’s contributed somehow to procmail and Email::Filter. You’ve made my life much easier.

This week on the Perl 6 mailing lists

“Q: Can February March? A: No, but April May…”

– Larry Wall’s r14313 log message for a date correction

TAP::Parser is the intended replacement for the venerable Test::Harness module. The intent is to clean up the code in such a way that writing custom test harnesses and supporting new TAP features is possible. (I’ve hacked on Test::Harness:: Straps; it wasn’t the easiest programming task I’ve ever tackled.)

I added TODO tests to Parrot’s test tools a while ago, to make it easier to distinguish expected test failures from accidental failures. Unfortunately, Test::Harness displays very little information about TODO tests that passed. In TAP terms, these are bonus tests. The programmer expected them to fail, but they actually passed, so they need further investigation.

It would be nice to collect information on skipped, TODO, and bonus tests in the normal test run. Though I could write a harness via Test::Harness::Straps, I decided to try TAP::Parser instead. Here’s what I discovered.

This week’s recipe can be found here. It shows how to use closures to perform various sorting operations. Before you click on the link, let me point out the same thing as one of the commenters of this recipe: this recipe is pretty much obsoleted by mixing operator.itemgetter with list.sort(key=foo). I thought this recipe was interesting, though, because it showed a really good use for closures. Having a concrete idea of how a certain feature can be used sometimes helps to use the feature in other ways. Hopefully that will be the case here.

We had a situation come up at work the other day where we seemed to be receiving some spurious data from a data provider. The data providing process connects to one of our processes on some specific port and sends a relentless stream of data. Said spurious data uncovered a bug in our process which was causing it to die abnormally. My first action was to get tcpdump to show me what was going on. But the results were just wrong. I suspect the incorrect results I was seeing were caused by the antiquated version of tcpdump running on an antiquated FreeBSD machine and trying to view the results on Wireshark/Ethereal on a recent Ubuntu box.

So, I figured a logging proxy help. So I whipped one up using Twisted. It worked pretty well. I know I didn’t get everything right since I don’t regularly use Twisted. Basically, every connection that is made to the proxy from the data provider initiates a client connection to my server process. That connection also creates a log file on disk with a name that identifies where the connection came from. Each piece of data that is sent from the data provider is logged and forwarded on to my process. What it doesn’t handle properly is my process going down. I didn’t spend enough time to figure out exactly how to attach a reference to the server piece of the proxy onto the client piece.

Enter the recipe of the week. Just ten days ago, this excellent recipe was either submitted or updated (I can’t tell which). This recipe contains code for a proxy server which would fit my needs and log a hexdump of the received data. I haven’t tried it in the context of what I was trying to do, but given the testing I did with it, it looks like it would work quite nicely. The only thing I would change is the format of the logging. For my purposes, I’d still need to have a raw log of the transmitted data. But this is a great recipe that shows an example of a working proxy in Twisted.

Thinking of trying the Drupal open source content management system? It’s a powerful platform, but the learning curve can be steep, even if you’re already comfortable with its underlying technologies: PHP, MySQL and CSS. As the volunteer webmaster for the Monterey County (California) Democrats, I’ve gotten deeper into this stuff than I ever anticipated, and believe me, I know that learning curve well. Here’s a list of some of the top gotchas. Some of them are just plain good web development practice, but they become especially important with Drupal, and even more so if you’re using the CiviCRM contact relationship management module.

I have a love/hate relationship with GNU Make. Yes, it’s picky about syntax and it’s difficult to write cross-platform Makefiles (though that’s not really GNU Make’s fault), but a make utility of some sort is mostly ubiquitous across the free Unix-like platforms.

When I need to compile a project written in C or C++ (or when I want to automate certain system administration tasks, such as remembering to update my Postfix files when I update them), I use GNU Make. It does a difficult job without much thanks or thought. I suspect that its maintainers, like me, would like to see a cleaner and friendlier replacement sometime in the future, but for now, its ubiquity and its power are definite advantages.

Thanks to everyone who’s contributed to make and GNU Make!

While the idea of circumventing the privacy offered by Tor via DNS, Flash, and Java (applets) is nothing new, HD Moore’s “Torment” Tor server hack has made news at Securityfocus and ZDNet. Although I’m not quite sure why this big news now all of a sudden, it does have positive side effects for the Tor project (see my opinions below).

In yesterday’s installment (Testing FizzBuzz in Parrot), I explained a test file for testing multiple Parrot implementations of the FizzBuzz problem. I also promised to show two different ways to solve the problem in Parrot. The test framework requires both approaches to take a single integer describing how many FizzBuzz elements to produce and to return an Array-like PMC containing the FizzBuzz strings.

A recent discussion on interviewing programmers (in hopes of finding clueful ones) brought up the FizzBuzz challenge. Can you write a program to print the numbers from one to one hundred, printing also “Fizz” for multiples of three, “Buzz” for multiples of five, and “FizzBuzz” for multiples of three and five?

This ought to take no more than a few minutes for a developer with any proficiency in a language. I decided it would be fun to write it in Parrot’s PIR. There’s the straightforward procedural way, the array overloading way, an object-oriented way, the coroutine approach, and the generator technique.

I chose the first two, but I also decided to work entirely with test-driven development, even though this is normally the realm of a SpikeSolution–I thought that might be more interesting for everyone.