I'm excited about Django... Ruby On Rails is OK, but Ruby is a little too much like Perl for my tastes. If any language is going to knock Java down a notch, it will have to be powerful AND simple. There's too much black magic in Ruby... which makes it hard to maintain somebody else's code.
Anyway, the authors have decided to release the book open source, and are slowly making it available to the public: http://www.djangobook.com/
I'm really impressed with how they did this... only the first four chapters are available at the moment, but that's enough for you to get an idea of how easy it is to create web applications with Django. They focused on a simple framework that can be extended... unlike enterprise Java, which is a mind bogglingly complex framework that requires great effort to simplify.
But enterprise Java pays my bills, so I shan't complain... much...
The web version of the book has a nifty comments feature... you can leave feedback for each paragraph, so its easier to comment and correct their hundreds and hundreds of errors. The book application itself is an impresive example of online collaboration.
This should be an excellent book when its finished...
A collection of very relevant and totally true statements about SOA. A snippet:
- SOA is the only thing Chuck Norris can't kill.
- SOA is not complex. You are just dumb.
- One person successfully described SOA completely, and immediately died.
- If a tree falls in the forest, SOA knows about it.
- In a battle between a ninja and a jedi, SOA would win.
I didn't know that one about the ninja... I guess you learn something new every day.
Kind of a mild shock... there have been rumors running around lately. Of course, there were rumors running around for the past 4 years that Oracle was shopping around for a Content Management company. I shrugged it off as wishful thinking, but here we are...
I'm interested in how this thing will take shape. It's not a done-deal yet, and I know very few details... the Stellent folks will be giving us a FAQ at the company meeting on Friday.
I'll share whatever details are fit for civilians tomorrow... unless blogging is totally banned!
My coworker Rick Petty and I put together our own version of the cylon pumpkin I mentioned earlier. I had intended on following the instructions from evilmadscientist.com, but Rick intervened. "That's really old school," he opined... and convinced me to instead use a AT Mega 8 microcontroller.
The circuit was much simpler... far fewer wires. And then I could program the controller in C code with AVR GCC. And these chips only cost a buck! Much easier than the original plan.
Yes, for Halloween this year, I programmed a pumpkin.
The circuit is much simpler because all we need is LEDs with the positive end connected to the chip, and the negative end bussed through a resistor to ground. Then we can turn the pins on and off at will with the microcontroller. We used some super bright LEDs, and a 10 ohm resistor.
On the chip, we connected pins PD0 through PD7, and PC0 through PC6 to the LEDs. All microcontrollers also need a voltage regulator to supply the correct amount of voltage to the chip. We used 9V AC input, but needed 5V DC for the chip, so we used a
LM7805 voltage regulator, and a 100 microfarad capacitor.
I whipped up a prototype on a bread board, but the chip was busted. So I relied on Rick's inventory, and superior soldering skills to make the final version last weekend. He also gave me a crash course in microcontroller programming so I could write the code to run the dang thing. The final version lit up one pin brightly, dimly lights its immediate neighbors, and slowly panned from side to side.
To get the code on to the chip, we had to use what's called an AVR In-System Programmer. Plug the USB end into your computer, and the other end to power, ground, and the MISO / MOSI pins on the chip. It communicates over a serial bus, so you can even program you chip to output "Hello World!" if you are so inclined...
I really enjoyed this project, and I think Rick has got me hooked on microcontrollers. However, I would need a much better soldering iron to do this project alone... mine makes buzzing sounds and smells of ozone.
You don't gotta be Mr Wizard to know that ain't right...
I recently learned about something disturbing in Python... they have what they call a global interpreter lock (GIL). This means that only one path of execution will run in Python at any one time. They do not support multiple paths, such as Java's use of threads.
Essentially, if you want an application that runs multiple requests simultaneously (such as a web server), you need to spawn multiple Python processes. It also means its almost impossible for a Python application (in the abstract sense) to span multiple paths of execution.
Python's deal leader, Guido van Rossum, does not see this as a problem. Simply write your code to use multiple processes instead of multiple threads. Use events, such as those used in the Twisted Framework, and callbacks instead of threads if you want interprocess communication. It forces you to greatly simplify your code, and not do anything magic, which is kind of the Python credo.
True, a single request will be much faster if it uses the OS to schedule its time, and doesn't have the extra thread layer. However, interprocess communications is MUCH slower, so you should only do it when you ansolutely need to.
Sounds OK at first, but as my boss Sam White said, debugging interprocess communication is a baffling ordeal. In Java, debugging multiple threads is incredibly easy, because of the superior debugging tools. Of course, with Java threads you have the added danger of deadlocks, livelocks, and starvation. Oh my! In theory, the new concurrent libraries in Java 1.5 should fix a lot of these problems... but I'll reserve praise until I see them sufficiently battle-tested.
Anyway... as one astute commenter stated, he'd be fine with Python's GIL... if they would just build a fast, synchronized, multiple process dictionary object into the core language. Perhaps persisted on a filesystem and monitored with a semaphore. It gets a bit hairy if you want clustered servers...
Such an object would allow you to create a cache of information that is synchronized between multiple processes. That would be incredibly useful for caching resources, database tables, or user authorization information. If the Python geniuses could nail that one single problem, I'd bet 99% of all complaints about the GIL would disappear.
If there's a vote on what goes into Python 2.5 (or 2.6), that's on my list.
Threads? Bah! We don't need no stinkin' threads! If Python is good enough for Google, its good enough for you!
Apparently, I am one of about 265 Brian Huffs in the country, according to howmanyofme.com... how do you rank?
Brian is the 29th most popular first name. Not surprising. Huff is the 465th most popular last name... which did seem a bit odd. Surprisingly, there are only 50,000 John Smiths in the country...
Well, although the world is lousy with Brian Huffs, I can take heart in the fact that in a Google search for Brian Huff, three of the top 10 are about me :)
It even lights the LEDs in sequence, just like a good Cylon Raider... or a Cylon Centurion... or KITT from Knight Rider.
Its surprisingly not that complicated... the instructions cover a few microchips, some capacitors, a 9-volt battery, and some wires. Probably around $10 at Radio Shack.
I wonder which of my Battlestar Galactica fanboy friends will be the first to make this.
UPDATE: I did create one of these last weekend for halloween... but slightly different. Go see the results.
As you may or may not know, a lot of cyber crime is waged from networks of zombie computers, also known as botnets. This scary name refers to the hordes of personal computers that have been infected with spyware, adware, or viruses. Such computers are frequently involved in denial-of-service attacks, or to allow criminals to send spam, hide files, or generally cover their tracks.
Yes, if you have a computer virus, your computer was most likely involved in a crime. Anything from blackmail, to piracy, to smuggling child pornography.
The original attackers are getting harder and harder to find. The number of attackers is growing, they are more organized, and the software bugs are getting worse.
So what's the answer? I believe the first step is to begin fining individuals who have viruses on their computers. Yes, they are innocent victims, yes once a system is compromised its difficult to recover, but we need bold actions to solve this problem.
Punish The Victim!
Isn't this punishing the victim? Yes it is. And it may be the only solution.
These reverse-punishment systems are not unheard of. In Italy, just after World War 2, there was a huge rash of kidnappings. It continued for quite a while, during which the police were powerless to help... perhaps they were even in on the kidnappings.
Anyway, in a bold move, the Italian government decided to solve the problem by making it illegal to pay ransom.
The government reasoned, kidnapping is horrible and should be stopped. However, the government had little power to stop the kidnappers... but they did have power over the hapless victims. Therefore, they made it illegal to pay ransom on the grounds that it puts money into the hands of criminals, and makes kidnapping more common.
Now, a lot of these zombie networks perform denial-of-service attacks against medium to small business, as I've covered before. This can knock a small business off the internet entirely. They then demand money from the businesses to prevent future attacks.
So, why not make it illegal for these corporations to pay ransom? Isn't that a better analogy?
It would be, except these attacks never make the news, nor is there ever a police report. The companies want to hide the existence of the crime at all costs. So, we're back at square one.
The blame lays in two places: companies releasing software for wide distribution before it's been battle tested, and computer illiterate people who never follow basic security protocols.
So shouldn't we punish the software industry? Absolutely, but that will yield only limited success. Windows got a lot better after Service Pack 2, although IE is still a wasteland of bugs... However, even if Windows was rock-solid, that would still not prevent a foolish user from installing a piece of malicious software, or running services they don't need.
One Possible Solution
Here's what I believe should be the first few steps in the solution:
- Create minor fines (say $100) for any individual who connects a virus-laden zombie computer to the internet.
- Allow waivers for these fines for security researchers.
- Make it a law that the zombie's homeowners insurance company must cover the fine without a deductible.
This will force insurance companies to pay the $100 fine, if the user has homeowner's insurance. This will relieve most of the burden off of the user, at least for a time.
Since insurance companies are now involved, they can make demands of their policy holders, or risk a raise in rates. For example, they might require a computer safety course, similar to an auto safety course. Or they might give a break if you own for one of those $30 firewall/router combos from Linksys. They would probably give you a nice bonus for owning a Mac...
People have said for years that we need to get the insurance companies involved if there is ever going to be any progress on computer security / safety. That's what it took to prevent fires due to bad wiring or poor construction. But getting them involved is not easy if we only focus on software companies...
To really get the insurance industry involved, we have to punish the zombies.
These innocent victims are making the internet a dangerous place, and a haven for criminals. The solution to this problem is complex, and I do not believe we will find it until enough money is involved. If the insurance companies had to pay $100 per zombie, they would start out by passing that fee along to the customer... but would then rapidly look for a solution.
Estimates of the costs of cyber crime range from 10 to 100 billion annually, and its only increasing. Spending a few billion on a workable solution is a no-brainer.
The BBC recently reported on some interesting trends on corporate corruption. This study asked how frequently people lost business because the competition offered a bribe. In Hong Kong, 76% of people claim to have lost a contract because the competition offer a bribe. In Brazil is was 42%. In the UK, it was 22%. And 32% of people believe the problem is getting worse.
Hmmm... I don't think this is the most reliable metric... What's to stop a lousy salesman to say, "yeah, the deal was going along great, until the competition plunked two bags of money at their feet."
The standard metric is the 2005 Corruption Perception Index (CPI), which is also worth a peek if doing business abroad.
Another corruption index, which I liked a lot, was reported in the Atlantic Monthly recently... This one simply measured how many unpaid parking tickets that United Nations diplomats have.
Because of diplomatic immunity, diplomats from other countries do not have to pay parking tickets. However, its a simple nicety to either not park illegally, or pay the damn ticket if you get one.
The theory is that the number of tickets will reflect cultural norms about corruption. Quite clever...
Some individuals have a sense of entitlement regarding social status. Once they achieve a certain rank (ie. diplomat, CEO, or government clerk), they no longer have to play by the rules if it will enrich them. They might just consider bribery as one of the perks of the job. Such people exist in all cultures, but this metric might be a good indicator of how socially accepted it is.
Oddly enough, the number of unpaid parking tickets that the country's UN diplomats correlates nicely with the CPI. Countries with zero tickets include Canada, Israel, Norway, Sweden, and Denmark. Countries with hundreds of tickets include Kuwait, Egypt, Chad, Sudan, Bulgaria, and Pakistan.
Of course, this metric could be easily gamed. If Kuwait was losing foreign business, they could simply force their diplomats to pay their tickets... so it might not be as useful in 2007.
Bottom line, if bribery is a social norm, don't expect it to go away any time soon. If you are doing business in Kuwait or Hong Kong, be sure to bring big wads of cash.
I wonder if the IRS allows companies to write off bribes as a business expense?
I read an excellent essay today, called No Silver Bullet. Joel Spolsky linked to it from his blog about the future of Java. He said that to this day, it is one of the better essays on the limits of software languages.
The essence of No Silver Bullet is that there is a law of diminishing returns when it comes to new software tools and programming languages. At the beginning, the first few tools like compilers, C, and Unix increased productivity tremendously. However, every new technology gave fewer and fewer gains.
Why not? Because these tools are not addressing the actual problem.
Gathering requirements, transforming them into logic, and finally into a working application will always be difficult. There is no silver bullet to fix this. New tools and techniques help, but only so much. Java's memory management made some things easier, as did scripting languages with loose typing, as did the concept of reusable code modules. However, none of these were a panacea that allowed non-technical people to create applications.
No Silver Bullet is nearly 20 years old... considering how quickly the software industry changes, its remarkable how much of his advice is still relevant. Its also a sobering reminder at how skeptical we should all be about any fancy new tool or technique that promises productivity gains...
[ Next: Code Visualization Tools Are Crap ]
I blogged last week about a company named Allerca, which claimed to have bred hypoalergenic cats.
It turns out, not so much.
BoingBoing reported some very weird things about the company... such as the cats have a license agreement, so you're not allowed to sell them to other people! There was also an article at the San Diego Tribune that questioned their credibility.
Perhaps this was a publicity stunt for somebody who is close, but needs some extra capital before finishing... but that's a risky gabit, even if it is true.
One alert Boinger mentioned that the president of Allerca offered to breed a two headed cat for his father.
Creepy... and just in time for Halloween!
Oh well... its a good idea, but perhaps Allerca just doesn't have the stuff yet.
I guess being a dopey, sarcastic blogger means you don't get the cool press releases. Oh well!
At first glance, Apex makes me very nervous... if you don't know the innards of Salesforce.com, how can you create a safe, secure, high-performance application?
I had hoped that they would release tools could be run locally. That would allow you to do mashup between Salesforce.com data, and internal data repositories... alas, no. It looks like Apex will allow you to write custom apps so they will be hosted on Salesforce.com.
That will make it easy to do mashups of public data on the internet, but what about private data in your custom repository? Nothing yet.
Plus, you're still saddled with the limitation that somebody else over yonder owns your data, and you can't get at it with any current web-based APIs.
If they are paranoid about opening up their APIs, they should at least consider creating a Salesforce.com web appliance... synch data to a local server every once in a while, and allow Apex apps to run inside a paranoid enterprise.
Then I'd be in mashup heaven!
Google has recently discussed an interesting new project... the Google Truth Predictor.
They haven't released many details, but in theory they could index specific facts into a fact database, along with the source, and the number of people who have verified it.
Then, a user could type in a question, such as "the US economy has improved 5%", and search for its truthfulness (versus its truthiness).
In theory, Google would take this question, and break it down into a topic (the economy), a trend (improvement), and a measurement (5%). Then, they could compare it with all existing data, and supply a list of evidence for and against the statement. Then, based on some weighing scheme, they could associate a probability of truthfulness.
The supposed goal would be to know instantly whether a politician is lying or not...
I, however, am not so skeptical...
For example, lets say a congressman in a heated debate says "Every day my opponent visits Washington, a car bomb goes off in Iraq. Therefore, we should keep him out of Washington."
Strangely enough, this statement could be 100% true... but its just a coincidence, and therefore irrelevant. Its formally called the correlation implies causation fallacy. What would Google Truth® do with that statement?
Well, I'm no linguist, but it does seem that logical fallacies do have a similar pattern -- they usually have the word therefore in them -- therefore, a decent human language search engine should be able to identify these patterns. Once a pattern is found, it could also give a probability of a fallacious argument.
Even better, the search engine could warn the user that the statement was not actually a fact, and was probably designed to manipulate them. It could then educate them on what logical fallacy was being used, and why the speaker was being irrational.
Framing, however, is a more difficult issue. Calling the Inheretance Tax the Death Tax is a classic example of framing: use bad words to make something sound worse than it is commonly believed. Likewise, notice the terms Pro Life and Pro Choice. Both very positive sounding, and both designed to elicit a positive reaction.
Framing is as old as Alexander Hamilton. He called his political group The Federalist Party, and called the other guys the Anti Federalists... which in 1780 was the same as calling somebody Anti-American. Naturally, his party won more popular support.
This is despite the fact that Federalism by definition meant strong state governors, and a weak central government... despite the fact that The Federalists lobbied for exactly the opposite form of government.
I hate that Alexander Hamilton soooooooo much...
So, since framing is so context sensitive, how on earth can you defend against it?
The good news is that its really easy to lie, or throw out a logical fallacy, but its pretty hard to frame.
You can spit out a quick lie once to move on to a new issue, and never come back to it. However, to frame an issue, you need to repeat it over and over and over and over. If somebody asked you about the Death Tax five years ago, you probably wouldn't have a clue what they meant. But since it was repeated many times within the context of inheritance, you'd probably catch on.
That means that there is most likely a finite number of topics that are being framed in manipulative ways... and a critical thinker would probably catch them before they have infected the general population. Google could just keep a short list of these red flag words, and give a special warning when found.
My first test? Run Alexander Hamilton's old speeches through the truth predictor. Once it hits 0%, then I'm happy.
Sounds weird, huh? Usually they only fuse advertisements with TV shows when it comes to children's cartoons... and Star Trek... and product placement on Friends... and...
Anyway, it was loosely based on some kind of dystopian future, like 1984, where people were unable to turn off their TVs. Even the newscasters had TVs on while they presented the news. They would put a blanket over them so the viewers would not get distracted.
Anyway, one of the episodes was about people who tried to live off the grid, who called themselves "blanks". They did not have phones, or TVs, or ID cards. And they even read books. They were, of course, considered criminals.
At the beginning of the episode, one of these blanks was taken before a computer terminal by men in black suits. They scanned her hand, and it said something like "Citizen #00000000. Judgment: Guilty." She was led away into what we assume must be a prison, all while shouting "Blank is beautiful! Blank is beautiful!"
Ow. That line hurts my ears to this day. Its been 20 years and I'm still recovering.
What's this have to do with China? Well, in order to streamline their legal system, China has adopted computerized sentencing systems!
Yep... just type in what the criminal did, to whom, and any mitigating circumstances, and *ping* you get your punishment!
Now I'm not too sure what to do with this information... such a system could be good if the system is clogged with hanging judges who give people 10 years in prison for loitering... but once you take human compassion and experience out of the judicial system, its subject to extreme abuse.
And god forbid the clerk is a bad speller...
Hopefully these are just sentencing guidelines, and the judge will still be given discression. Otherwise, this is very bad news.
83%. An MIT-grade high champion nerd.
I believe the test is somewhat skewed against computer geeks who have degrees in physics and just happen to retain a working knowledge of the periodic table of elements. Or mabye I'm in denial.
<!-- ckey="46DF9D5B" -->
I was wondering when somebody would get around to doing this...
If Adobe intends to attract web developers to the desktop, they will really need to make it easy. Since they now own Flash, they might actually be able to pull this thing off...
I know its way too soon, but I'll throw in my two cents in the Apollo versus XUL debate, and side with Apollo.
Apollo only runs on OSX and Windows, and will probably have a larger footprint than XUL. However, Adobe plans on releasing a bunch of free command-line tools that make it easy to create Apollo applications. They'll probably have a tight integration with Flash Studio, but probably not other IDEs.
If you like Microsoft Visual Studio .NET, or Eclipse, better get used to the command-line stuff...
There are several sites like this, but I believe this is the only one who offers their data as an RSS Feed!
RSS Feeds are great, because then political junkies can get an instant fix, even when they're not watching CSPAN. Using the feeds, you could basically get an email every time your congressman voted, or refused to vote, along with info on the bill.
Having the data in an easily shared, XML format is a nice step towards transparency... but politics are so polarized these days that most of them vote along party lines. Often, you don't need 500 feeds, you really only need two.
Kind of disappointing... so I had better get busy mocking them.
So here's my latest mashup idea:
- Download the vote data for every senator via RSS
- Filter the data for votes that go against the party line.
- Do a mashup with Google Maps to display the districts of the offending congressman.
Now, any time a vote occurs, and somebody dares to challenge the status quo in congress, a little warning will pop-up over their district. It will contain the vote info, and links to learn more.
I call it The Independent Thought Alarm. It should help those thumb breakers in congress crack down on those pesky bipartisan coalitions, and their evil attempts to make the world a better place!
Now if I could only cross-reference it with how much pork-barrel spending each district gets... but the bill that would allow citizens to access a database of pork barrel government spending projects got killed... stupid secret senate holds.
Maybe next year.
UPDATE: For those of you coming here from googlemapsmania, this project is not yet complete... I hope to find time to finish it by next week or so.
New Scientist recently put out an article on preliminary tests of the space elevator.
I am not pleased.
For those who don't know, a space elevator is a half baked idea about how to launch vehicles into space more cheaply. Basically, you put a huge rock in orbit around the earth, one big enough to destroy a whole country if it fell out of orbit. Then you tie a big rope around it, and climb up the rope to get to space.
Its only a little less crazy than it sounds.
In theory, an elevator would need to expend a great deal less energy than a rocket in order to get to space. Some numbers I saw a few years back made it sound like you could deploy something into orbit for about 100 times the cost of sending it via Fed Ex.
Neat! but there has to be a catch...
What concerns me is that nobody in the news seems to be talking about how incredibly dangerous it would be to have a rope 20,000 miles long stretching into space. What if something goes wrong? Weather? Asteroid? Terrorist? That tether could do considerable damage, even if the giant rock stays in orbit...
What concerns me more is that they are doing these initial tests without resolving the problems with nanotube toxicology! All of these tethers are made with nanotubes, since they are light and incredibly strong... but they have a nasty side effect of killing fish even in minute quantities. Many scientists ignore this, despite the fact that every proposed construction site in the middle of the ocean.
Stupid! Stupid! Stupid! Stupid! Stupid!
I must say shame on New Scientist for not mentioning this fact in their latest article, because their own website posted two articles about how nanotubes cause brain damage in fish, and suffocate other marine creatures, one in March 2004, and again in April 2004. Don't they read their own articles?
It is reckless and irresponsible for scientists to be performing tests out in the open environment with materials known to be this toxic. They need to discover what species are effected by nanotubes, and why, so we can either create better nanotubes or try something else. Preliminary data suggests that there may be even inhalation toxicity for mammals... which means the asbestos problem all over again.
We don't need the space elevator any time soon... but we sure do need fish in the ocean!
On September 11, Wired magazine posted an article about the relative risks of a terror attack. It was compiled with data over the past 11 years, which included the terrorist attacks in Oklaholma City.
They placed the results in the familiar color-coded terrorism danger meter... with the biggest dangers in red, and lowest dangers in green. The results? Terrorists are far less of a threat to your health than simply walking down the street:
| S E V E R E
Driving off the road: 254,419
Accidental poisoning: 140,327
| H I G H
Dying from work: 59,730
Walking down the street: 52,000.
Accidentally drowning: 38,302
| E L E V A T E D
Killed by the flu: 19,415
Dying from a hernia: 16,742
| G U A R D E D
Accidental firing of a gun: 8,536
| L O W
Being shot by law enforcement: 3,949
Carbon monoxide in products: 1,554
This is hot on the heels of a Cato Institute report about how politicians are making the war on terror worse by making people fear terrorists.
Since fear is the #1 weapon of terrorists, why are our own politicians trying so hard to make us fear terrorists?! They spend more time doing that than they spend protecting our borders and ports...
Why, oh why, do they do this? Because it gets them votes.
Grrr... looks like I'm back to my age old system of choosing politicians: never vote for an incumbent unless they are mind-blowingly awesome. If everybody adopted that system, we'd have to get some decent guys in there eventually...
At first I was skeptical, since Allerca is a biotech company. However they used the super organics technique I discussed last week to create these cats.
They tested the DNA of hundreds of cats, looking for those that naturally lack the glycoprotein Fel d'1, which is what causes alergic reactions in some people. Then, they used standard breeding techniques (catnip and Barry White?) to get them to mate.
In other words, these are not frankenstein cats... these are bred with normal techniques, but genetic testing was needed to determine which mating pairs were optimal.
Sounds good so far but hold on... In general, I'm weary of pure breeds. In many cases, they do not live as long as other mixed breed animals, and have more health problems. Hopefully, Allergca will continue to screen new cats, and keep breeding new one to keep the gene pool growing. Otherwise in a few years inbreeding could be a problem...
I might get one some day... but since they are $4000 and have a waiting list, I might wait for Klean Kitty 2.0.
UPDATE: This company might not be telling the whole truth... It might be a scam.