https://alexgaynor.net/blog/ Recent content in Blogs on Alex Gaynor Hugo -- gohugo.io en-us Mon, 22 Dec 2025 00:00:00 +0000 https://alexgaynor.net/2025/dec/22/unsafe-defaults-statutory-severability/ Mon, 22 Dec 2025 00:00:00 +0000 https://alexgaynor.net/2025/dec/22/unsafe-defaults-statutory-severability/ (I’m not a lawyer, and I did precious little research in drafting this. It should be understood as a thought experiment and intellectual provocation. It’s also possible, if not likely, that this is a well-known observation and adds nothing novel.) From time to time, federal courts find that part of a statute is incompatible with the constitution. When this happens, the court must decide what remedy follows from this – which frequently means choosing which portions of a statute to hold invalid. https://alexgaynor.net/2025/dec/09/relish/ Tue, 09 Dec 2025 00:00:00 +0000 https://alexgaynor.net/2025/dec/09/relish/ I’ve recently created and open sourced a new serialization format, named Relish1, and a Rust library implementing it. They can be found here. I don’t expect many people to adopt it – there are quite a few choices for serialization libraries available to people already – however, it has some nice design properties that I want to describe. Relish is a binary serialization format; it does not have an IDL. I drew ideas primarily from ASN. https://alexgaynor.net/2025/oct/20/motion-to-dismiss/ Mon, 20 Oct 2025 00:00:00 +0000 https://alexgaynor.net/2025/oct/20/motion-to-dismiss/ When a project receives a vulnerability report, what’s the first question they should ask? I believe the correct answer is that we should ask: In what way does the claimed vulnerability violate our threat model? A lot of times the answer is obvious, we don’t need to spend a lot of time interrogating how SQL injection or a buffer overflow violates our threat model. But it’s not always obvious: does it violate the threat model for a privileged user to be able to write to a given path on disk? https://alexgaynor.net/2025/jun/20/serialize-some-der/ Fri, 20 Jun 2025 00:00:00 +0000 https://alexgaynor.net/2025/jun/20/serialize-some-der/ (Editor’s Note: My day job is at Anthropic.) This story starts where all good stories start, with ASN.1. ASN.1 is… I guess you’d call it a meta-serialization format? It’s a syntax for describing data abstractly (a notation, you might say), and then there’s a bunch of different actual encodings that you can use to turn data into bytes. There’s only one encoding I choose to acknowledge, which is DER (the Distinguished Encoding Representation, it’s got a monocle and tophat). https://alexgaynor.net/2025/jun/02/what-is-a-benchmark/ Mon, 02 Jun 2025 00:00:00 +0000 https://alexgaynor.net/2025/jun/02/what-is-a-benchmark/ Benchmarks are how we measure performance, obviously. They’re a program that we run to tell us how fast our code is. This intuitive definition is what most of us would say if presented with the title question. But I want to suggest a simple question: if benchmarks tell us how fast something is, what does that make production performance metrics? Try to answer this question without admitting that benchmarks are doing something other than “telling us how fast a system is”. https://alexgaynor.net/2025/may/19/standard-libraries/ Mon, 19 May 2025 00:00:00 +0000 https://alexgaynor.net/2025/may/19/standard-libraries/ Standard libraries are among the most debated topics in programming language design. They are by turns the most widely used APIs in any programming ecosystem and also the most criticized. This post will explore what makes standard libraries what they are. It is entirely non-normative; my goal is to describe what standard libraries are, not specify what they should be. A standard library is the set of libraries/APIs that are available to users of a programming language without needing to take any additional action. https://alexgaynor.net/2025/apr/08/putting-a-price-tag-on-open-source/ Tue, 08 Apr 2025 00:00:00 +0000 https://alexgaynor.net/2025/apr/08/putting-a-price-tag-on-open-source/ I’ve previously written about common reasons that developing open source software is not funded. That post focused mostly on the individual circumstances and choices of open source maintainers and projects. In contrast, this post attempts to apply a more systemic lens to the same question. My conclusion is that by using some of the tools of antitrust economics we find a structural explanation for why so many open source maintainers fail to capture value from their projects (in the form of their work being unfunded). https://alexgaynor.net/2025/mar/25/postels-law-and-the-three-ring-circus/ Tue, 25 Mar 2025 00:00:00 +0000 https://alexgaynor.net/2025/mar/25/postels-law-and-the-three-ring-circus/ Postel’s Law famously states that “implementations should follow a general principle of robustness: be conservative in what you do, be liberal in what you accept from others.” For many years, this was considered a bedrock design principle for internet ecosystems, but in recent years it has fallen out of favor. In this post I will explain the deterioration that ecosystems which endeavor to follow Postel’s Law frequently experience, and why it produces particularly pernicious results in the context of open source software. https://alexgaynor.net/2025/mar/22/coreutils-in-rust/ Sat, 22 Mar 2025 00:00:00 +0000 https://alexgaynor.net/2025/mar/22/coreutils-in-rust/ Canonical recently announced that they’re on the path to switching the coreutils that Ubuntu ships from being the venerable upstream GNU coreutils to a newer Rust implementation. This has made some people very excited and some people very upset (no one appears to be in the middle, though I suspect that’s just a sampling bias). This post will analyze some of the merits for/against this change. The place to start is with the usual strongest argument in favor of programs written in Rust: memory safety. https://alexgaynor.net/2025/mar/06/things-have-reasons/ Thu, 06 Mar 2025 00:00:00 +0000 https://alexgaynor.net/2025/mar/06/things-have-reasons/ Toby: I read it, I think, 16 years ago. It was about El Salvador and he had it stricken from the record and there was a reason. Will: What? Toby: I don’t know, but things have reasons. Will: Do they? Toby: Yes, they do. – The West Wing, Inauguration Part I We might describe this as a Chesterton’s Fence sentiment. Chesterton’s Fence is the principle that one should not remove a fence until they understand why it was put there in the first place. https://alexgaynor.net/2025/mar/05/generality/ Wed, 05 Mar 2025 00:00:00 +0000 https://alexgaynor.net/2025/mar/05/generality/ Once upon a time, a group of scientists built a machine learning model to predict whether a radiological scan contained a tumor. They trained it against a random subset of labeled data, tested it against data that had been held back, and determined that it performed well. When they went to test it with real patients, it was useless. Another group of researchers built a model to predict whether TCP packets were malicious or not. https://alexgaynor.net/2025/feb/19/tech-workers-monopoly-and-monopsony/ Wed, 19 Feb 2025 00:00:00 +0000 https://alexgaynor.net/2025/feb/19/tech-workers-monopoly-and-monopsony/ In the United States, federal antitrust law is composed of several complementary statutes, one of the centerpieces of which is Section 2 of the Sherman Act.1 Section 2 prohibits monopolization (and attempted monopolization). Monopolization does not merely mean to posses a monopoly, rather it means (a) “possession of monopoly power in the relevant market”, and (b) “the willful acquisition or maintenance of that power as distinguished from growth or development as a consequence of a superior product, business acumen, or historic accident”. https://alexgaynor.net/2025/feb/07/sso-tax-smart-business-bad-security/ Fri, 07 Feb 2025 00:00:00 +0000 https://alexgaynor.net/2025/feb/07/sso-tax-smart-business-bad-security/ For years, people have criticized the “SSO Tax”, SaaS companies' practices of limiting single-sign-on to only their more expensive plans, effectively imposing a tax on organizations that care about security. The critique is straight-forward: SSO is good for security, if you charge more for it fewer people will buy it, and you’ll get less security. Sometimes this is generalized into: it’s bad to charge for any security features, for the same reason (some people replace “bad” with “unethical”). https://alexgaynor.net/2025/jan/27/stop-demanding-performance/ Mon, 27 Jan 2025 00:00:00 +0000 https://alexgaynor.net/2025/jan/27/stop-demanding-performance/ Often in life, we want something from someone else. For example, as a citizen we want a politician to enact some policy, as a regulator we want a company to secure people’s data effectively, or as a customer we want a company to behave in a way we find ethical. A through line to these examples is that while we can clearly articulate the overall goal, just knowing the goal doesn’t necessarily tell the other party what actions it must take to achieve it. https://alexgaynor.net/2025/jan/13/challenges-funding-open-source/ Mon, 13 Jan 2025 00:00:00 +0000 https://alexgaynor.net/2025/jan/13/challenges-funding-open-source/ I’ve had the good fortune to get paid to write open source as part of my job several times. For more than 15 years, I’ve also done a lot of open source development in my free time as a volunteer. Along the way, there’s been a fairly constant refrain that it’d be better if more open source maintainers were paid to maintain their projects. And I’ve seen a lot of ideas for how that could happen. https://alexgaynor.net/2024/oct/21/risky-business/ Mon, 21 Oct 2024 00:00:00 +0000 https://alexgaynor.net/2024/oct/21/risky-business/ There are a variety of professions whose job it is to help businesses manage risks, for example, information security, accounting, and legal. And we generally expect those professions to reduce risk. But we also know that businesses take risks all the time, because while these professions reduce risk, and may even eliminate some risks, they don’t eliminate all risks. What is the responsibility of a professional in one of these fields when a business is taking a risk in their domain? https://alexgaynor.net/2024/sep/27/cryptographic-philosophies/ Fri, 27 Sep 2024 00:00:00 +0000 https://alexgaynor.net/2024/sep/27/cryptographic-philosophies/ I’ve maintained a popular cryptography library for years and in that time I’ve realized that many of the differences between cryptographic libraries flow from their creators' philosophies. Users of those libraries also have philosophies, which shape their expectations. These philosophies are often both in tension with one another, but also often implicit, leading to frustrating conversations. The goal of this post is to flesh out common philosophies, and how they come to be in tension with one another. https://alexgaynor.net/2024/sep/09/signatures-are-like-backups/ Mon, 09 Sep 2024 00:00:00 +0000 https://alexgaynor.net/2024/sep/09/signatures-are-like-backups/ I’m indebted to a colleague who many years ago succinctly told me: Backups don’t matter, only restores matter. It’s a deceptively simple observation: if your goal is durability, what you truly care about is your ability to restore from a backup. The existence of the backup itself is meaningless – backups are not magic totems of durability. Teams that are serious about durability don’t just take backups; they actually verify that they can restore from them. https://alexgaynor.net/2024/aug/30/impact-of-memory-safety-on-sandboxing/ Fri, 30 Aug 2024 00:00:00 +0000 https://alexgaynor.net/2024/aug/30/impact-of-memory-safety-on-sandboxing/ Sandboxing and memory safety are generally considered two orthogonal, and therefore complementary, approaches to improving security. Memory safety reduces the likelihood of a vulnerability being introduced, and sandboxing reduces the impact if a vulnerability is exploited. However, I think this over-simplifies what sandboxing looks like in sophisticated multi-process architectures like web browsers and leads us to miss the potential implications of ubiquitous memory safety on sandboxing. Sandboxing generally has two similar, yet distinct, purposes. https://alexgaynor.net/2024/aug/18/safer-c-plus-plus/ Sun, 18 Aug 2024 00:00:00 +0000 https://alexgaynor.net/2024/aug/18/safer-c-plus-plus/ I am an unrepentant advocate for migrating away from memory-unsafe languages (C and C++) to memory safe languages in security-relevant contexts. Many people reply that migrating large code bases to new languages is expensive, and we’d be better off making C++ safer. This is a reasonable response, after all there’s an enormous amount of C++ in the wild. Even on an incredibly aggressive timeline for replacing every line of C++ in the world with Rust or Swift or Go, we’ll have a lot of C++ attack surface for a long time. https://alexgaynor.net/2023/oct/02/defining-the-memory-safety-problem/ Mon, 02 Oct 2023 00:00:00 +0000 https://alexgaynor.net/2023/oct/02/defining-the-memory-safety-problem/ I’m a staunch advocate for need to migrate away from memory unsafe programming languages, in order to address the endemic security issues they produce. This sentence contains a number of terms that are worth defining, and a number of asterisks that are worth explicating. My objective with this blog post is to add increased precision to this discussion. What is a memory unsafe language? It’s a programming language which, by default, allows code to introduce memory-related vulnerabilities (use after free, buffer over/under flow, use of uninitialized memory, type confusion) and undefined behavior, and as a result code written in this language suffers an increased rate of security issues. https://alexgaynor.net/2022/oct/23/buffers-on-the-edge/ Sun, 23 Oct 2022 00:00:00 +0000 https://alexgaynor.net/2022/oct/23/buffers-on-the-edge/ One of my least favorite kinds of bug is when two different systems are interacting and the result has bad behavior but it’s difficult to say which (if either!) system is at fault. This is one of those stories, about Python’s buffer protocol and Rust’s memory model. Python buffer protocol Python’s Buffer Protocol is a set of APIs which allow Python objects to expose their backing memory, so that 0-copy interoperability is possible between different data structures. https://alexgaynor.net/2021/oct/07/whats-in-a-version-number/ Thu, 07 Oct 2021 00:00:00 +0000 https://alexgaynor.net/2021/oct/07/whats-in-a-version-number/ Software packages have version numbers. Thinking about them from scratch, the first thing we might want from version numbers is to know if two pieces of software are the same, we could accomplish this by making version numbers into an opaque value, like a UUID. Of course, a UUID isn’t a very useful version number because in practice we also want to do things like order versions, to know which is newer. https://alexgaynor.net/2020/nov/30/why-software-ends-up-complex/ Mon, 30 Nov 2020 00:00:00 +0000 https://alexgaynor.net/2020/nov/30/why-software-ends-up-complex/ Complexity in software, whether it’s a programming languages, an API, or a user interface, is generally regarded as a vice. And yet complexity is exceptionally common, even though no one ever sets out to build something complex. For people interested in building easy to use software, understanding the causes of complexity is critical. Fortunately, I believe there is a straightforward explanation. The most natural implementation of any feature request is additive, attempting to leave all other elements of the design in place and simply inserting one new component: a new button in a UI or a new parameter to a function. https://alexgaynor.net/2020/sep/24/csv-good-bad-ugly/ Thu, 24 Sep 2020 00:00:00 +0000 https://alexgaynor.net/2020/sep/24/csv-good-bad-ugly/ CSVs are a relatively popular data format, it seems particularly common as a format for providing exports of medium-sized datasets. My day job involves processing lots of these types of data sets, and so I’ve developed a set of strong opinions on CSVs, which are documented here. One feature of CSVs that is often considered a big advantage is that it’s an incredibly simple file format. However, this can be misleading. https://alexgaynor.net/2020/may/27/science-on-memory-unsafety-and-security/ Wed, 27 May 2020 00:00:00 +0000 https://alexgaynor.net/2020/may/27/science-on-memory-unsafety-and-security/ There are not a lot of very strong empirical results in the field of programming languages. This is probably because there’s a huge amount of variables to control for, and most of the subjects available to researchers are CS undergraduates. However, I have recently found a result replicated across numerous codebases, which as far as I can tell makes it one of the most robust findings in the field: If you have a very large (millions of lines of code) codebase, written in a memory-unsafe programming language (such as C or C++), you can expect at least 65% of your security vulnerabilities to be caused by memory unsafety. https://alexgaynor.net/2020/apr/10/dayenu-open-source/ Fri, 10 Apr 2020 00:00:00 +0000 https://alexgaynor.net/2020/apr/10/dayenu-open-source/ Every Passover, Jews around the world sing Dayenu, which translates roughly as “it would have been enough”. The lyrics are basically a list of things God did for the Jewish people, any of them alone would have been enough. “Taking us out of Egypt, that alone would have been enough. Giving us the Sabbath, that alone would have been enough. Giving us the Torah, that alone would have been enough.” https://alexgaynor.net/2020/feb/18/scaling-software-development/ Tue, 18 Feb 2020 00:00:00 +0000 https://alexgaynor.net/2020/feb/18/scaling-software-development/ software engineering is programming integrated over time This quote, from Titus Winters, expresses an important notion: that software engineering as a discipline must be considered not just with programming at a point in time, but with programming over an extended period. One of the things that tends to happen to a codebase as time is added, is that it tends to scale. We often think of scale in terms of amount of traffic to be served, or volumes of data to be processed. https://alexgaynor.net/2019/dec/24/security-wish-list-2019-review/ Tue, 24 Dec 2019 00:00:00 +0000 https://alexgaynor.net/2019/dec/24/security-wish-list-2019-review/ In January of this year, I put together a wish list for security in 2019. As the year draws to a close, I wanted to look back and reflect on what was accomplished, and where there’s still work to do. Rust breakthrough Original success criteria: Adoption of Rust as an official development language by another major OS and browser. Public talks/writing from teams that adopted Rust in these domains describing the value it added from a security perspective. https://alexgaynor.net/2019/nov/07/on-safety-critical-software/ Thu, 07 Nov 2019 00:00:00 +0000 https://alexgaynor.net/2019/nov/07/on-safety-critical-software/ When you read “safety critical software” your mind probably went to something like medical device software (perhaps the Therac-25), or maybe avionics software, or perhaps industrial control systems that run nuclear power plants. It’s pretty unlikely that you thought of the operating system kernel on a cell phone or a web browser. Congratulations, you have a solid command of the threat model for the overwhelming majority of people. For nearly everyone, even a complete and total failure of their phone or web browser’s security would not be catastrophic. https://alexgaynor.net/2019/sep/02/memory-safety-research-agenda/ Mon, 02 Sep 2019 00:00:00 +0000 https://alexgaynor.net/2019/sep/02/memory-safety-research-agenda/ I’ve been a ferocious critic of C, C++, and other memory unsafe languages, and a booster of memory safe languages such as Swift, Go, and particularly Rust. And though I believe there is a more-than-sufficient body of evidence to support the claim that the time to start migrating is now, there are still open questions related to how we migrate systems to memory safe languages more scalably, and how we maximize the safety of code written in these languages. https://alexgaynor.net/2019/aug/12/introduction-to-memory-unsafety-for-vps-of-engineering/ Mon, 12 Aug 2019 00:00:00 +0000 https://alexgaynor.net/2019/aug/12/introduction-to-memory-unsafety-for-vps-of-engineering/ What is memory unsafety? Memory unsafety is a property of some programming languages where they allow the programmer to introduce certain types of bugs and allow these bugs to cause serious security issues. These bugs deal with errors in how memory is used spatially and temporally. To begin understanding these bugs, we’ll consider the example of an application that maintains to do lists for many users. We’ll first look at the spatial errors. https://alexgaynor.net/2019/jul/11/read-code-more/ Thu, 11 Jul 2019 00:00:00 +0000 https://alexgaynor.net/2019/jul/11/read-code-more/ As software engineers, we overwhelmingly focus on the skill of writing code. This is clear from how we teach new programmers, how we interview software engineers for jobs, how we encourage engineers to improve their craft, and the kinds of talks you find at conferences. The lack of emphasis on developing code reading as a skill does people a disservice. Reading code is a distinct skill and practicing software engineers should work to improve this skill. https://alexgaynor.net/2019/apr/21/modern-c++-wont-save-us/ Sun, 21 Apr 2019 00:00:00 +0000 https://alexgaynor.net/2019/apr/21/modern-c++-wont-save-us/ I’m a frequent critic of memory unsafe languages, principally C and C++, and how they induce an exceptional number of security vulnerabilities. My conclusion, based on reviewing evidence from numerous large software projects using C and C++, is that we need to be migrating our industry to memory safe by default languages (such as Rust and Swift). One of the responses I frequently receive is that the problem isn’t C and C++ themselves, developers are simply holding them wrong. https://alexgaynor.net/2019/apr/10/notes-on-challenges-to-security-key-adoption/ Wed, 10 Apr 2019 00:00:00 +0000 https://alexgaynor.net/2019/apr/10/notes-on-challenges-to-security-key-adoption/ It’s no secret that I’m a big believer in the adoption of security keys. I think they provide a strong technical solution to a problem that was previously unsuccessfully solved in user-hostile ways (don’t click on links in your email! look at the URL when entering your password!): security keys are the only second factor which are resilient to credential phishing. They’re also more ergonomic than many other second factors. However, the ecosystem is not without challenges, my goal here is to document a few of them. https://alexgaynor.net/2019/mar/07/chrome-windows-exploit-security-beyond-bugfixes/ Thu, 07 Mar 2019 00:00:00 +0000 https://alexgaynor.net/2019/mar/07/chrome-windows-exploit-security-beyond-bugfixes/ Earlier this week the Google Security Team disclosed a pair of vulnerabilities, known to be exploited in the wild, one in Windows and the other in Chrome. These represent a fairly standard exploit chain: code execution in Chrome’s sandboxed renderer process and then a kernel bug to escape the sandbox and gain privileged code execution. There’s a publicly visible patch for the Chrome bug, however there aren’t a lot of details on the Windows kernel bug. https://alexgaynor.net/2019/feb/05/notes-fuzzing-imagemagick-graphicsmagick/ Tue, 05 Feb 2019 00:00:00 +0000 https://alexgaynor.net/2019/feb/05/notes-fuzzing-imagemagick-graphicsmagick/ ImageMagick and GraphicsMagick are two popular libraries for manipulating images. GraphicsMagick is a fork of ImageMagick that diverged well over a decade ago. OSS-Fuzz provides continuous fuzzing for high impact open source projects. In December, 2017 Paul Kehrer and I worked to add ImageMagick to Google’s OSS-Fuzz, and in February, 2018 we added GraphicsMagick. Both ImageMagick and GraphicsMagick had been widely fuzzed and audited before this. Hanno Böck 1 observed: “In the past it was pretty easy to fuzz bugs in imagemagick, but after some review by Google most of them have been fixed and these days there are at least no more trivial to find fuzzing issues. https://alexgaynor.net/2019/jan/06/security-wish-list-2019/ Sun, 06 Jan 2019 00:00:00 +0000 https://alexgaynor.net/2019/jan/06/security-wish-list-2019/ About 3 years ago I wrote about five projects I thought were very important for advancing the state of computer security. Looking back at that old post, I was reasonably pleased to find that all are having real positive impacts and none turned out to be busts. So I decided to take a stab at writing down the things I want to see happen in 2019, in the hopes that the universe will provide a few of them. https://alexgaynor.net/2018/dec/13/optimize-for-auditability/ Thu, 13 Dec 2018 00:00:00 +0000 https://alexgaynor.net/2018/dec/13/optimize-for-auditability/ When we write code, we optimize for many different things. We optimize for writability: how easy it is to write the code in the first place? We optimize for maintainability: how easy it is to make ongoing changes? We optimize for readability: how easy it is to understand what the code does? However, we rarely optimize for auditability: how easy it is to tell if the code has a security vulnerability? https://alexgaynor.net/2018/jul/20/worst-truism-in-infosec/ Fri, 20 Jul 2018 00:00:00 +0000 https://alexgaynor.net/2018/jul/20/worst-truism-in-infosec/ Attackers just need one vulnerability, defenders need to be perfect This may be the single most repeated truism in information security. Just this week, a colleague invoked this, with the quip that those of us who’ve chosen defense must be pretty dumb, given the challenge of that task, and the possibility of an easier career in offense. There’s just one problem: it’s not actually true, and it’s harmful to reasoning about information security, particularly for non-practitioners. https://alexgaynor.net/2018/mar/20/lessons-learned-usds/ Tue, 20 Mar 2018 00:00:00 +0000 https://alexgaynor.net/2018/mar/20/lessons-learned-usds/ From 2015 to 2017 I worked for the United States Digital Service, a team within the US Government, created after the launch failure of healthcare.gov, dedicated to improving the government’s ability to use technology. I learned about a lot of different things there: bureaucracy and PowerBuilder, organizational transformation and Classic ASP, to name a few. However this post will instead be about two meta-lessons I learned from my time at USDS. https://alexgaynor.net/2018/feb/20/known-unknowns-zero-days-in-the-wild/ Tue, 20 Feb 2018 00:00:00 +0000 https://alexgaynor.net/2018/feb/20/known-unknowns-zero-days-in-the-wild/ This past week Google’s Project Zero disclosed an unfixed security issue in Microsoft’s Edge browser. This is not the first time Microsoft failed to patch an issue within Project Zero’s disclosure timeline. This produces strong feelings in the information security community, generally in one of three categories: praising Google’s vulnerability research criticizing Microsoft’s response criticizing Google for publicly disclosing the vulnerability before it was patched The debate over what the correct vulnerability disclosure policy is is not a new one. https://alexgaynor.net/2018/jan/29/mysterious-case-of-deny-dynamic-code-generation/ Mon, 29 Jan 2018 00:00:00 +0000 https://alexgaynor.net/2018/jan/29/mysterious-case-of-deny-dynamic-code-generation/ My day job is working on sandboxing for Firefox. In the context of a browser, sandboxing refers to the processes that run web pages, generally called “content” or “renderer” processes. These are in contrast to the “parent” or “browser” process, which coordinates the content processes and is not sandboxed, so it can do things like write files anywhere on disk to save downloaded files or access the camera. A related computer security technique is exploit mitigation. https://alexgaynor.net/2017/nov/20/a-vulnerability-by-any-other-name/ Mon, 20 Nov 2017 00:00:00 +0000 https://alexgaynor.net/2017/nov/20/a-vulnerability-by-any-other-name/ Heartbleed, POODLE, Shellshock. Giving vulnerabilities names may be controversial, but there’s no doubt it’s effective. These, and many other, vulnerabilities attracted widespread awareness and drove tons of work improving ecosystem security. Heartbleed drew attention to OpenSSL’s small team of maintainers and drove funding and code quality improvements. POODLE led to SSLv3 being disabled on clients and servers nearly overnight. Shellshock directed researchers' attention to bash and resulted in a series of vulnerabilities being discovered. https://alexgaynor.net/2017/oct/13/rosenstein-encryption-response/ Fri, 13 Oct 2017 00:00:00 +0000 https://alexgaynor.net/2017/oct/13/rosenstein-encryption-response/ This week Deputy Attorney General Rod Rosenstein gave two speeches on encryption; one at the U.S. Naval Academy and one at the Global Cyber Security Summit. I recommend you read them, as the remainder of this post will make considerably more sense. I would like to focus on the structure of the second speech. Mr. Rosenstein states that he wants to describe “the scope of the global cybersecurity threat that confronts us” and “the challenges we face in countering the threat”. https://alexgaynor.net/2017/sep/18/surviving-struts-cve/ Mon, 18 Sep 2017 00:00:00 +0000 https://alexgaynor.net/2017/sep/18/surviving-struts-cve/ If you’re a software engineer or work in tech, there’s a decent chance that your first thought after hearing about the Equifax breach was “oh my god, how incompetent do you have to be to get owned like that?” Don’t worry, I had the same reaction. After a few days of introspection and reviewing the evidence, I’ve come to the conclusion that Equifax made one uncommonly disastrous mistake: not upgrading Struts immediately after a remote-code-execution vulnerability was disclosed in it; everything else about the situation was exceptionally common. https://alexgaynor.net/2017/sep/11/categorizing-security-engineering-work/ Mon, 11 Sep 2017 00:00:00 +0000 https://alexgaynor.net/2017/sep/11/categorizing-security-engineering-work/ There’s a lot of different types of work that tend to get put into the bucket “security engineering”. This goal of this post is to describe how I categorize different kinds of work, and why this is useful. At the highest level, security work goes into one of four buckets: Work that prevents us from getting owned. In this bucket are things like fixing bugs as well fixing root causes so bugs don’t appear. https://alexgaynor.net/2017/apr/26/forward-secrecy-is-the-most-important-thing/ Wed, 26 Apr 2017 00:00:00 +0000 https://alexgaynor.net/2017/apr/26/forward-secrecy-is-the-most-important-thing/ An alternate title for this post would be “Why GPG isn’t ok in 2017”. Imagine you were designing a new encrypted messaging system, what kinds of things would you worry about? You’d want to make sure you were using good encryption algorithms, authentication for senders, a high quality random number generator, maybe you’d spend some time thinking about side channels for things like message length. Unfortunately, if you’re thinking about your protocol in the context of something like email, it’s very likely that you’re not thinking about forward secrecy. https://alexgaynor.net/2017/apr/17/certificate-transparency-for-server-operators/ Mon, 17 Apr 2017 00:00:00 +0000 https://alexgaynor.net/2017/apr/17/certificate-transparency-for-server-operators/ Say you’ve got a website, and because you care about protecting the privacy of your visitors and the integrity of the content you serve to them, your website is served over HTTPS. If your website is particularly high impact, you might be concerned about some other CA misissuing a certificate for your domain; or perhaps you have a very distributed engineering organization and it’s hard to keep track of who is issuing what certs. https://alexgaynor.net/2017/mar/26/year-of-tracking-http/ Sun, 26 Mar 2017 00:00:00 +0000 https://alexgaynor.net/2017/mar/26/year-of-tracking-http/ For a year or so I’ve been running a Chrome extension I wrote, which tracks which origins my Chrome makes the most http:// requests to, in an effort to make my https:// advocacy more data driven. Websites that top this list are disrespectful of my privacy and show no regard for whether bytes make their way to me unmodified. Over the past year, I’ve seen several websites that used to top this list migrate to https://, for example Amazon, Netflix, and the Washington Post. https://alexgaynor.net/2017/feb/26/sha1-and-richard-feynman/ Sun, 26 Feb 2017 00:00:00 +0000 https://alexgaynor.net/2017/feb/26/sha1-and-richard-feynman/ In Richard Feynman’s appendix to the Roger’s Commission report on the Space Shuttle Challenger disaster, one of the issues he describes is a lack of understanding of the term “safety factor” by NASA managers: This is a strange use of the engineer’s term, “safety factor.” If a bridge is built to withstand a certain load without the beams permanently deforming, cracking, or breaking, it may be designed for the materials used to actually stand up under three times the load. https://alexgaynor.net/2016/dec/23/looking-for-work/ Fri, 23 Dec 2016 00:00:00 +0000 https://alexgaynor.net/2016/dec/23/looking-for-work/ For the past 2 years I’ve been working for the US Government at the United States Digital Service. It’s been a privilege, and I’m incredibly proud of the things we’ve accomplished. Alas, all good things come to an end, and I’m now looking for my next job. I’m a software engineer, and I’ve worked on many different things. In my career I’ve worked on just-in-time compilers for dynamic languages, large scale web applications, and cryptography, to name a few. https://alexgaynor.net/2016/dec/03/oss-fuzz-initial-impressions/ Sat, 03 Dec 2016 00:00:00 +0000 https://alexgaynor.net/2016/dec/03/oss-fuzz-initial-impressions/ In case you haven’t heard, this week Google announced a project called OSS-Fuzz. The basic idea of fuzz testing is take random inputs, throw them at a program, and see if it breaks. The basic idea of OSS-Fuzz is to use buttloads of servers that Google has lying around to do fuzz testing for open source. OSS-Fuzz already has an impressive trophy case of vulnerabilities found, from running over 4 trillion test cases per week. https://alexgaynor.net/2016/jul/29/intro-to-threat-modeling/ Fri, 29 Jul 2016 00:00:00 +0000 https://alexgaynor.net/2016/jul/29/intro-to-threat-modeling/ What is threat modeling? Threat modeling is a computer security technique to help defenders (that’s you, I assume) understand their own systems and drive the process of building better defenses. Core to the idea of a threat model is the idea that the things you need to do to protect yourself vary depending on what you’re defending against. Therefore, threat modeling forces you to be explicit about who you’re going to defend against. https://alexgaynor.net/2016/mar/14/anatomy-of-a-crypto-vulnerability/ Mon, 14 Mar 2016 00:00:00 +0000 https://alexgaynor.net/2016/mar/14/anatomy-of-a-crypto-vulnerability/ Before I describe the vulnerability, I want to give huge thanks to Ben Bangert and Alessandro Molina for quickly responding to my report, and to Paul Kehrer for reviewing and confirming my findings. Sessions are a core part of many web applications. Put an opaque identifier (e.g. a UUID) in a cookie, then in your web app find the session in a database of some sort. The session might contain data like the currently logged in user, whatever. https://alexgaynor.net/2016/jan/20/announcing-letsencrypt-aws/ Wed, 20 Jan 2016 00:00:00 +0000 https://alexgaynor.net/2016/jan/20/announcing-letsencrypt-aws/ If you haven’t heard, Let’s Encrypt is a brand new certificate authority offering free, automated, and trusted HTTPS certificates. It’s extremely exciting. Let’s Encrypt is built on a protocol called “ACME”, which defines a standard HTTP API for a certificate authority. letsencrypt-aws is built on that to easily orchestrate your AWS infrastructure to make sure certificates are automatically issued and kept up to date. You can grab a copy on Github. https://alexgaynor.net/2016/jan/19/dont-have-environments/ Tue, 19 Jan 2016 00:00:00 +0000 https://alexgaynor.net/2016/jan/19/dont-have-environments/ Almost every good idea this blog post comes from [David Reid], the bad ones are mine. Let’s say you’re making a website. Your customers (and randos who maybe you’d like to be your customers) need to access it, so you create a production environment at https://my-great-or-maybe-not-so-great-whatever-product.com and you tell people to go there. Then you start working on the next great feature. It’s basically done, but you want to run it by some other folks and coordinate a launch plan for it, so you merge it into master and create a production branch without it. https://alexgaynor.net/2015/dec/29/shrinking-code-review/ Tue, 29 Dec 2015 00:00:00 +0000 https://alexgaynor.net/2015/dec/29/shrinking-code-review/ It's an unfortunate reality, but one of the few things we know about software quality is that lines of code is positive correlated with bugs, or as Notorious B.I.G. would say, "Mo Code Mo Problems". Code review faces a similar challenge: the larger a patch you're reviewing, the less effective your code review is [1]. There's a few reasons for this: The more code you're changing, the more you need to focus on the big picture. https://alexgaynor.net/2015/nov/28/5-critical-security-projects/ Sat, 28 Nov 2015 00:00:00 +0000 https://alexgaynor.net/2015/nov/28/5-critical-security-projects/ Information security is hard. Really hard. But all too often the face of our failure is not cutting edge research with intricate implementation, but rather trivial buffer overflows, databases with plaintext passwords, or binaries named tacos_and_malware.exe. ‘tis a bleak and barren landscape of horrors and awful things untold. That said, amidst our dystopian present, there are a few critically important projects doing great work to push the needle forward on security, and I’d like a moment in this festive Thanksgiving season to recognize their outstanding work: https://alexgaynor.net/2015/sep/03/telemetry-for-open-source/ Thu, 03 Sep 2015 00:00:00 +0000 https://alexgaynor.net/2015/sep/03/telemetry-for-open-source/ What’s the biggest difference between offering some functionality as an open source library, and in offering it as an HTTP API? To me the single biggest difference is that running a web service lets you instrument whats users are using, and collect telemetry, while shipping an open source library doesn’t. For a combination of social and technical reasons, the open source community has basically never added instrumentation to libraries which reports back to its authors on how it’s being used. https://alexgaynor.net/2015/jul/20/rust-modern-programming-language/ Mon, 20 Jul 2015 00:00:00 +0000 https://alexgaynor.net/2015/jul/20/rust-modern-programming-language/ I’ve been following along with Rust for quite a while. It’s a pretty neat language which offers the promise of the control (and performance) of C, with unparalleled safety, protecting both against segfaults and against concurrency bugs. I spent the weekend playing with Rust, and the thing that struck me most was not the language itself, but how refreshing the tooling around Rust was. Rust comes with a build and packaging system named Cargo. https://alexgaynor.net/2015/jun/08/tips-for-improving-your-companys-security/ Mon, 08 Jun 2015 00:00:00 +0000 https://alexgaynor.net/2015/jun/08/tips-for-improving-your-companys-security/ Security is hard. That’s not a secret. Defenders need to be perfect, attackers only need to find one mistake. That said, there’s a lot you can do to improve your company’s security. User Credentials Store your users' passwords for your site responsibly. This means using PBKDF2 (with high iteration count), bcrypt, or scrypt. There’s no reason for you to use anything else. Offer two factor authentication for your users. If your product is for teams, make it easy for administrators to check if their team members have two factor enabled, and require it. https://alexgaynor.net/2015/may/27/tips-for-scaling-web-apps/ Wed, 27 May 2015 00:00:00 +0000 https://alexgaynor.net/2015/may/27/tips-for-scaling-web-apps/ This blog post is a short list of things you can do, on basically any web project, to improve performance, scalability, and cost. In 2015, a medium sized server (8 cores, 24GB of RAM) is capable of serving hundreds-to-thousands of HTTP requests per second. This post is a guide to making sure you aren’t wasting your resources on things that are already solved problems. All of these assume you have monitoring to track your availability, and metrics to track various aspects of your site’s performance. https://alexgaynor.net/2015/apr/13/introduction-to-fuzzing-in-python-with-afl/ Mon, 13 Apr 2015 00:00:00 +0000 https://alexgaynor.net/2015/apr/13/introduction-to-fuzzing-in-python-with-afl/ Fuzzing is a technique in computer testing and security where you generate a bunch of random inputs, and see how some program handles it. For example, if you had a JPEG parser, you might create a bunch of valid images and broken images, and make sure it either parses them or errors out cleanly. In C (and other memory unsafe languages) fuzzing can often be used to discover segfaults, invalid reads, and other potential security issues. https://alexgaynor.net/2015/mar/30/red-hat-open-source-community/ Mon, 30 Mar 2015 00:00:00 +0000 https://alexgaynor.net/2015/mar/30/red-hat-open-source-community/ Red Hat has a pretty interesting business model, which is offering support for software that is a decade old, and which its maintainers want nothing to do with. This post isn’t about whether maintaining old software is a good or a bad idea. It’s about the effect it has on the community. The Python core developers have ceased providing any support for Python 2.6 as of October 2013, but Red Hat will continue to support it in RHEL 5, until 2020. https://alexgaynor.net/2015/mar/06/devops-vs-platform-engineering/ Fri, 06 Mar 2015 00:00:00 +0000 https://alexgaynor.net/2015/mar/06/devops-vs-platform-engineering/ If I put 10 people in a room and asked them what “DevOps” was all about, I think I’d get 17 different answers. As my colleague David Reid says though, “DevOps is something you do, not something you are.” So what practices are associated with DevOps? Using software to automate operations tasks Using configuration management tools such as Chef and Puppet Treating servers as “cattle not pets” Database as a Service is to Database as Load Balancer as a Service is to Load Balancer as Platform as a Service is to ____________. https://alexgaynor.net/2015/feb/03/software-of-the-people-by-the-people-for-the-people/ Tue, 03 Feb 2015 00:00:00 +0000 https://alexgaynor.net/2015/feb/03/software-of-the-people-by-the-people-for-the-people/ 22 days ago I became a founding member of the new Digital Service team at the United States Department of Veterans Affairs. We’re a group of developers, designers, and other folks who are passionate about using our technology skills to make a difference. Our goal is to dramatically improve the ability of the VA to use technology to execute on its mission of serving veterans. More broadly, my hope is that our work will demonstrate that all of government is capable of delivering fantastic user-centric sites and services. https://alexgaynor.net/2014/dec/30/state-of-news-tls-part-ii/ Tue, 30 Dec 2014 00:00:00 +0000 https://alexgaynor.net/2014/dec/30/state-of-news-tls-part-ii/ About six weeks ago I blogged about the state of the news and TLS. Spoiler alert, it wasn’t great. Happily, there’s been some good news on this front. First, the New York Times wrote a piece calling for more news websites to expose their content over TLS. While the Times is not yet available over TLS, based on this post I’m hopeful it will happen in 2015. The second major piece of news was the Chrome Security Team’s announcement of their plans to move towards a negative security-indicator for plain-HTTP websites. https://alexgaynor.net/2014/dec/21/west-wing-revisited-let-barlet-be-barlet/ Sun, 21 Dec 2014 00:00:00 +0000 https://alexgaynor.net/2014/dec/21/west-wing-revisited-let-barlet-be-barlet/ Two commissioners resign from the Federal Elections Committee. Though nominations for the FEC are made by the President, traditionally the nominees have been selected by the congressional leadership from both sides of the aisle. Danny Concannon, the White House correspondent for the Washington Post, has obtained a copy of a memo Mandy Hampton, a senior member of President Bartlet’s campaign and now White House staffer, had written while she was working a Democratic senator who opposed the President. https://alexgaynor.net/2014/nov/12/state-of-news-tls/ Wed, 12 Nov 2014 00:00:00 +0000 https://alexgaynor.net/2014/nov/12/state-of-news-tls/ I’ve previously written about the importance of TLS. There are few domains that I can imagine the protections TLS offers are more important for than the news. The idea that articles I read could be manipulated be an attacker on the network is absolutely frightening to me, and the fact that I have no privacy from anyone else on the network with respect to which articles I’m reading is similarly disturbing. https://alexgaynor.net/2014/oct/30/i-hope-twitter-goes-away/ Thu, 30 Oct 2014 00:00:00 +0000 https://alexgaynor.net/2014/oct/30/i-hope-twitter-goes-away/ About seven months ago, I abruptly quit Twitter. Though I’d been thinking about it for a while, ultimately leaving was a snap decision for me. Lately I’ve been reflecting on why I hate Twitter so much. The obviously uniquely identifying feature of Twitter is the 140 character limit, but I don’t think that’s a sufficient explanation for why Twitter is the way it is. I think Twitter is defined by the fact that it’s about broadcast. https://alexgaynor.net/2014/oct/27/ideal-development-environment/ Mon, 27 Oct 2014 00:00:00 +0000 https://alexgaynor.net/2014/oct/27/ideal-development-environment/ Here’s what a day looks like in my ultimate development environment: Get into the office on Monday morning at 9; I’m a big fan of working from an office on a “normal” schedule (it’s not important to me that everyone else do this though). I’ll take a look at the issue tracker, and find the top priority outstanding bug. I like to get started with a bug fix, rather than feature work, I couldn’t tell you why. https://alexgaynor.net/2014/oct/19/west-wing-revisited-six-meetings-before-lunch/ Sun, 19 Oct 2014 00:00:00 +0000 https://alexgaynor.net/2014/oct/19/west-wing-revisited-six-meetings-before-lunch/ After three months, Robert Mendoza is confirmed by the Senate as Associate Justice, United States Supreme Court. The President’s nominee for Assistant Attorney General, Civil Rights, wrote an endorsement for a book advocating slavery reparations for African-Americans in the US. This has made several members of the Senate Judiciary Committee upset. We don’t see any of his confirmation hearings, but we’re left with the impression that he’ll get the position. https://alexgaynor.net/2014/oct/18/west-wing-revisited-the-white-house-pro-am/ Sat, 18 Oct 2014 00:00:00 +0000 https://alexgaynor.net/2014/oct/18/west-wing-revisited-the-white-house-pro-am/ Our episode begins with the First Lady and a 14-year old boy appearing on television to talk about the exploitation of child labor around the world. Then Bernie Dahl, the Chair of the Federal Reserve passes away suddenly. (In the process of these discussions, it’s confirmed that the economy is still humming along nicely.) The President announces that out of respect for Dahl’s memory, he’s waiting a day to nominate a successor (who is widely reported to by Ron Erlich). https://alexgaynor.net/2014/oct/17/west-wing-revisited-20-hours-in-la/ Fri, 17 Oct 2014 00:00:00 +0000 https://alexgaynor.net/2014/oct/17/west-wing-revisited-20-hours-in-la/ The President is taking a trip to Los Angeles! To get his day started right, a bill is introduced into congress to ban gays from serving in the military (we later learn that the West Wing universe presently has a Don’t Ask, Don’t Tell policy). No one seems to take the bill very seriously. There’s also a Senate vote on an ethanol tax credit, it looks like it’s going to be 50-50, which means the Vice President would have to break the tie. https://alexgaynor.net/2014/oct/16/west-wing-revisited-celestial-navigation/ Thu, 16 Oct 2014 00:00:00 +0000 https://alexgaynor.net/2014/oct/16/west-wing-revisited-celestial-navigation/ Today’s episode contains more behind-the-scenes than usual. That’s because in this episode Josh Lyman speaks at a university, describing his job, anything he shared there I considered fair game. Our story begins with the Secretary of Housing and Urban Development calling a Republican congressman a racist. The President signs a major education bill, and then while taking questions from the press, says that he will ask the Secretary to apologize. Concurrent to this, C. https://alexgaynor.net/2014/oct/15/west-wing-revisited-take-this-sabbath-day/ Wed, 15 Oct 2014 00:00:00 +0000 https://alexgaynor.net/2014/oct/15/west-wing-revisited-take-this-sabbath-day/ The President is flying back from Stockholm on a Friday evening when the Supreme Court reject a request for a stay of execution for Simon Cruz, a man convicted of multiple murders. It was expected that the Supreme Court was going to send the case back to the 6th circuit court. The President seeks council from the Pope as to whether he should commute Cruz’s sentence. Ultimately, the President does nothing and Simon Cruz is executed. https://alexgaynor.net/2014/oct/14/west-wing-revisited-take-out-the-trash-day/ Tue, 14 Oct 2014 00:00:00 +0000 https://alexgaynor.net/2014/oct/14/west-wing-revisited-take-out-the-trash-day/ This episode covers “take out the trash day”, a Friday where the White House releases all the news stories that they don’t want to get too much attention (the idea being each of the stories will compete with the others, ensuring none get too much attention). As a result, there’s quite a few items in the public eye, but in the show’s cannon, none of them get too much attention. https://alexgaynor.net/2014/oct/13/advocating-for-the-devil/ Mon, 13 Oct 2014 00:00:00 +0000 https://alexgaynor.net/2014/oct/13/advocating-for-the-devil/ There’s a trend I’ve seen recently where folks will make ridiculous or offensive arguments, and then say “I’m just playing devil’s advocate” as if that means something. Devil’s advocacy is not a license to make ridiculous, incoherent, or illogical arguments. Advocating for the devil means taking a position opposite your usual one. You are still bound by all the same rules of debate and logic, to make a coherent argument. And if all the arguments you find yourself coming up with are racist or sexist, the lesson is perhaps that the position has no merit and there’s nothing we can learn from it. https://alexgaynor.net/2014/oct/13/west-wing-revisited-he-shall-from-time-to-time/ Mon, 13 Oct 2014 00:00:00 +0000 https://alexgaynor.net/2014/oct/13/west-wing-revisited-he-shall-from-time-to-time/ It’s January, and the State of the Union is just a few days. We learn that the economy is doing pretty well overall, which highlights the fact that the economy has hardly been mentioned thus far. However, the President collapses in the Oval Office, with flu-like symptoms. It’s not totally clear to me whether this would be public or not, but I’ve decided to err on the side of completeness. https://alexgaynor.net/2014/oct/12/west-wing-revisited-lord-john-marbury/ Sun, 12 Oct 2014 00:00:00 +0000 https://alexgaynor.net/2014/oct/12/west-wing-revisited-lord-john-marbury/ As a result of Congressman Lillienfield’s claim that one in three White House staffers used drugs, Josh Lyman performed an internal investigation. Now, a group named “Freedom Watch” is subpoenaing senior White House staff to learn about the results of the investigation, pursuant to the Freedom of Information Act. It’s unclear how much of this would be known by the public, but all the facts are at least notionally available. https://alexgaynor.net/2014/oct/11/west-wing-revisited-in-excelsis-deo/ Sat, 11 Oct 2014 00:00:00 +0000 https://alexgaynor.net/2014/oct/11/west-wing-revisited-in-excelsis-deo/ A gay high school senior is killed in an extremely gruesome hate crime in Minnesota. The case garners national attention. The President has a Christmas photo-op with some extremely photogenic seven year olds. https://alexgaynor.net/2014/oct/10/west-wing-revisited-the-short-list/ Fri, 10 Oct 2014 00:00:00 +0000 https://alexgaynor.net/2014/oct/10/west-wing-revisited-the-short-list/ Justice Joseph Crouch of the Supreme Court announces that he’s retiring. It’s widely reported that the President will nominate Judge Payton Cabot Harrison III as his replacement. Concurrent to that, Congressman Peter Lillienfield holds a press conference at which he states that one in three White House staffers use recreational drugs on a regular basis. The White House says it’s looking into it. The President nominates Judge Roberto Mendoza for Associate Justice, United States Supreme Court. https://alexgaynor.net/2014/oct/09/west-wing-revisited-enemies/ Thu, 09 Oct 2014 00:00:00 +0000 https://alexgaynor.net/2014/oct/09/west-wing-revisited-enemies/ This episode is all about a major banking reform bill in the house. It’s just about to pass, when at the last minute two congresspeople attach a land use rider. The President declares the land in question, Big Sky, Montana, to be a national park and states that he will sign the bill. It seems a bit too cute to ever happen in real life, but frankly, I’m salivating at the idea of a real president slamming the door on an overreaching congress. https://alexgaynor.net/2014/oct/08/west-wing-revisited-state-dinner/ Wed, 08 Oct 2014 00:00:00 +0000 https://alexgaynor.net/2014/oct/08/west-wing-revisited-state-dinner/ The White House is holding a state dinner for the President of Indonesia and his wife. During the President’s toast (which I assume is the only public part of the event itself), he whacks Indonesia over the head for their human rights abuses. With that in the foreground, there are a number of events going on in the country that the White House is interacting with, all of them public. https://alexgaynor.net/2014/oct/07/west-wing-revisited-mr-willis-ohio/ Tue, 07 Oct 2014 00:00:00 +0000 https://alexgaynor.net/2014/oct/07/west-wing-revisited-mr-willis-ohio/ Welcome back to “The West Wing Revisited”, where I try to track down what the plots of The West Wing would look like to the general public. First up for this episode, a “mentally unbalanced” woman hops the fence of The White House. Unlike in our present reality, where the Director of the Secret Service just resigned over a similar incident, no one loses their job. Next up, we have a census bill. https://alexgaynor.net/2014/oct/06/how-to-code-review-without-being-a-jerk/ Mon, 06 Oct 2014 00:00:00 +0000 https://alexgaynor.net/2014/oct/06/how-to-code-review-without-being-a-jerk/ Last year I wrote about how it was possible to do code review without being a jerk, but I didn’t show you how. Linus and LKML, once again, find themselves in the spotlight, so I thought I would show how it can be done. On a whim today, I clicked on a random message from Linus, here’s what I found: Yeah, this is pure crap. It doesn’t even compile. https://alexgaynor.net/2014/oct/06/http-considered-unethical/ Mon, 06 Oct 2014 00:00:00 +0000 https://alexgaynor.net/2014/oct/06/http-considered-unethical/ Returning visitors: notice anything different? No, not the design (although thanks Kenneth Love!). I’m talking about the lock icon! Accessing this website now requires TLS (and a fairly modern client to boot). But Alex, it’s just your blog! There’s nothing confidential on here, why does it need TLS? First, TLS doesn’t just guarantee confidentiality, it also provides authentication and guarantees the integrity of this page. That prevents an attacker on the network from serving you bogus content, and pretending like it’s from me. https://alexgaynor.net/2014/oct/06/west-wing-revisited-crackpots-these-women/ Mon, 06 Oct 2014 00:00:00 +0000 https://alexgaynor.net/2014/oct/06/west-wing-revisited-crackpots-these-women/ This episode covers “Big Block of Cheese Day”, where individuals who normally couldn’t get the time of the day from the White House get to meet with senior staffers to pitch their pet issue. This episode shows the viewer that the senior staff are dedicated and hard working public servants, committed to serving the issues. Absolutely none of this episode is public however. How could our real public servants ever compete with the standard set by the fictional ones? https://alexgaynor.net/2014/oct/05/west-wing-revisited-five-votes-down/ Sun, 05 Oct 2014 00:00:00 +0000 https://alexgaynor.net/2014/oct/05/west-wing-revisited-five-votes-down/ This episode follows the White House’s attempt to get a gun control bill through congress. The episode begins with the staff finding out that they’re five votes down, and tracks their attempts to win the votes back. As a result, almost all the political wrangling is invisible to the general public. There’s a few side-plot elements that are public though. First, the Chief of Staff, Leo McGarry, breaks up with his wife. https://alexgaynor.net/2014/oct/03/west-wing-revisited-a-proportional-response/ Fri, 03 Oct 2014 00:00:00 +0000 https://alexgaynor.net/2014/oct/03/west-wing-revisited-a-proportional-response/ The last episode ended with the Syrian Army downing a US military air craft carrying more than 50 people. This episode takes place three days later. It’s not clear what’s been said publicly thus far, but based on the President’s crappy demeanor, not much. Most of this episode is behind the scenes on how the President is handling the situation, but there are a few public story lines. First, the President hires a new body man, this might make the news, every once in a while the press in real life wrote a story about Reggie Love (President Obama’s body man). https://alexgaynor.net/2014/oct/02/west-wing-revisited-post-hoc-ergo-propter-hoc/ Thu, 02 Oct 2014 00:00:00 +0000 https://alexgaynor.net/2014/oct/02/west-wing-revisited-post-hoc-ergo-propter-hoc/ Welcome to the second edition of “The West Wing Revisited”. Today’s episode touched on a few different plot lines. First, a prominent Democratic senator agreed to leave Bill 443 in committee, since the White House didn’t like it. It’s never said what the substance of the bill was (my guess is social security or medicare related). In reality it would never become public that it was the White House which put the kibbosh on a bill like this, so this would probably be another “Democrats can’t get their shit together” news item. https://alexgaynor.net/2014/sep/23/python-for-ada/ Tue, 23 Sep 2014 00:00:00 +0000 https://alexgaynor.net/2014/sep/23/python-for-ada/ Last year I wrote about why I think it's important to support diversity within our communities, and about some of the work the Ada Initiative does to support this. The reasons I talked about are good, and (sadly) as relevant today as they were then. I'd like to add a few more reasons I care about these issues: I'm tired of wondering if I should recommend a local meetup to a friend: what if a known harasser shows up? https://alexgaynor.net/2014/sep/21/west-wing-revisited/ Sun, 21 Sep 2014 00:00:00 +0000 https://alexgaynor.net/2014/sep/21/west-wing-revisited/ (This post contains spoilers) Regular readers of this blog will know, I’m a big Aaron Sorkin fan (If you’re not a regular reader, now would be a good time to get started, there’ll be a quiz at the end). The West Wing, specifically, is one of my favorite television shows. I don’t fit particularly well into the political spectrum, but most folks would say I’m a liberal. As a result, I have a lot of conversations with liberal friends, and they say things like: “I wish Jed Bartlet was our president” or “I wish the White House was more like that”. https://alexgaynor.net/2014/aug/04/math-games/ Mon, 04 Aug 2014 00:00:00 +0000 https://alexgaynor.net/2014/aug/04/math-games/ When I was in the third grade my friend Alexander and I invented a math game (whereby invented I mean, “I’m unable to precisely track down the origins of this game, so I’m assuming we created it entirely on our own”). In this post I’m going to describe how to play the game, and why I think it was really a really excellent tool for teaching several skills. Rules To start with, you need a deck of cards, we used some special math cards where the number of cards with each value were not evenly distributed, and the cards went 1-20 (possibly zero was included). https://alexgaynor.net/2014/jul/04/your-python-has-evolved/ Fri, 04 Jul 2014 00:00:00 +0000 https://alexgaynor.net/2014/jul/04/your-python-has-evolved/ This year has been marked, for me, by many many discussions of Python versions. Finally, though, I’ve acquiesced, I’ve seen the light, and I’m doing what many have suggested. I’m taking the first steps: I’m changing my default Python. Yes indeed, my global python is now something different: $ python Python 2.7.6 (32f35069a16d, Jun 06 2014, 20:12:47) [PyPy 2.3.1 with GCC 4.2.1 Compatible Apple LLVM 5.0 (clang-500.2.79)] on darwin Type "help", "copyright", "credits" or "license" for more information. https://alexgaynor.net/2014/may/26/quo-vadimus/ Mon, 26 May 2014 00:00:00 +0000 https://alexgaynor.net/2014/may/26/quo-vadimus/ I’ve spent just about every single day for the last 6 months doing something with Python 3. Some days it was helping port a library, other days it was helping projects put together their porting strategies, and on others I’ve written prose on the subject. At this point, I am very very bored of talking about porting, and about the health of our ecosystem. Most of all, I’m exhausted, particularly from arguing about whether or not the process is going well. https://alexgaynor.net/2014/may/19/service/ Mon, 19 May 2014 00:00:00 +0000 https://alexgaynor.net/2014/may/19/service/ If you’ve been around an Open Source community for any length of time, you’ve probably heard someone say, “We’re all volunteers here”. Often this is given as an explanation for why some feature hasn’t been implemented, why a release has been delayed, and in general, why something hasn’t happened. I think when we say these things (and I’ve said them as much as anyone), often we’re being dishonest. Almost always it’s not a question of an absolute availability of resources, but rather how we prioritize among the many tasks we could complete. https://alexgaynor.net/2014/apr/17/best-of-pycon-2014/ Thu, 17 Apr 2014 00:00:00 +0000 https://alexgaynor.net/2014/apr/17/best-of-pycon-2014/ This year was my 7th PyCon, I’ve been to every one since 2008. The most consistent trend in my attendance has been that over the years, I’ve gone to fewer and fewer talks, and spent more and more time volunteering. As a result, I can’t tell you what the best talks to watch are (though I recommend watching absolutely anything that sounds interesting online). Nonetheless, I wanted to write down the two defining events at PyCon for me. https://alexgaynor.net/2014/mar/20/house-twitter/ Thu, 20 Mar 2014 00:00:00 +0000 https://alexgaynor.net/2014/mar/20/house-twitter/ When I was younger, I started watching the TV show House M.D., and I really liked it. At some point my mom asked me if I was more sarcastic since I started watching the show. I said of course not, I’ve always been extremely sarcastic. I was wrong. Watching House made being sarcastic cool. Using Twitter makes being snarky and not putting thought into things cool. So I’m quitting Twitter. I’m already snarky and not-thoughtful enough, I don’t need something to incentivize it for me. https://alexgaynor.net/2014/feb/12/why-crypto/ Wed, 12 Feb 2014 00:00:00 +0000 https://alexgaynor.net/2014/feb/12/why-crypto/ People who follow me on twitter or github have probably noticed over the past six months or so: I've been talking about, and working on, cryptography a lot. Before this I had basically zero crypto experience. Not a lot of programmers know about cryptography, and many of us (myself included) are frankly a bit scared of it. So how did this happen? At first it was simple: PyCrypto (probably the most used cryptographic library for Python) didn't work on PyPy, and I needed to perform some simple cryptographic operations on PyPy. https://alexgaynor.net/2014/jan/06/why-travis-is-great-for-the-python-community/ Mon, 06 Jan 2014 00:00:00 +0000 https://alexgaynor.net/2014/jan/06/why-travis-is-great-for-the-python-community/ In the unlikely event you’re both reading my blog, and have not heard of Travis CI, it’s a CI service which specifically targets open source projects. It integrates nicely with Github, and is generally a pleasure to work with. I think it’s particularly valuable for the Python community, because it makes it easy to test against a variety of Pythons, which maybe you don’t have at your fingertips on your own machine, such as Python 3 or PyPy (Editor’s note: Why aren’t you using PyPy for all the things? https://alexgaynor.net/2014/jan/03/pypi-download-statistics/ Fri, 03 Jan 2014 00:00:00 +0000 https://alexgaynor.net/2014/jan/03/pypi-download-statistics/ For the past few weeks, I’ve been spending a bunch of time on a side project, which is to get better insight into who uses packages from PyPI. I don’t mean what people, I mean what systems: how many users are on Windows, how many still use Python 2.5, do people install with pip or easy_install, questions like these; which come up all the time for open source projects. Unfortunately until now there’s been basically no way to get this data. https://alexgaynor.net/2013/dec/30/about-python-3/ Mon, 30 Dec 2013 00:00:00 +0000 https://alexgaynor.net/2013/dec/30/about-python-3/ Python community, friends, fellow developers, we need to talk. On December 3rd, 2008 Python 3.0 was first released. At the time it was widely said that Python 3 adoption was going to be a long process, it was referred to as a five year process. We’ve just passed the five year mark. At the time of Python 3’s release, and for years afterwards I was very excited about it, evangelizing it, porting my projects to it, for the past year or two every new projects I’ve started has had Python 3 support from the get go. https://alexgaynor.net/2013/nov/30/gender-neutral-language-faq/ Sat, 30 Nov 2013 00:00:00 +0000 https://alexgaynor.net/2013/nov/30/gender-neutral-language-faq/ I’d like to refer to a hypothetical person in my documentation Try something like this: When a user visits the website, they will be assigned a session ID, and it will be transmitted to them in the HTTP response and stored in their browser. But not like this! When a user visits the website, he will be assigned a session ID, and it will be transmitted to him in the HTTP response and stored in his browser. https://alexgaynor.net/2013/nov/27/affirmative-action/ Wed, 27 Nov 2013 00:00:00 +0000 https://alexgaynor.net/2013/nov/27/affirmative-action/ Whenever the topic of affirmative action comes up, you can be sure someone will ask the question: “How would you feel if you found out that you got your job, or got into college, because of your race?” It’s funny, no one ever asks: “How would you feel if you got your job, or got into college, because you were systemically advantaged from the moment you were born?” Interesting. https://alexgaynor.net/2013/oct/19/security-process-open-source-projects/ Sat, 19 Oct 2013 00:00:00 +0000 https://alexgaynor.net/2013/oct/19/security-process-open-source-projects/ This post is intended to describe how open source projects should handle security vulnerabilities. This process is largely inspired by my involvement in the Django project, whose process is in turn largely drawn from the PostgreSQL project’s process. For every recommendation I make I’ll try to explain why I’ve made it, and how it serves to protect you and your users. This is largely tailored at large, high impact, projects, but you should be able to apply it to any of your projects. https://alexgaynor.net/2013/oct/12/meritocracy/ Sat, 12 Oct 2013 00:00:00 +0000 https://alexgaynor.net/2013/oct/12/meritocracy/ Let’s start with a definition, a meritocracy is a group where leadership or authority is derived from merit (merit being skills or ability), and particularly objective merit. I think adding the word objective is important, but not often explicitly stated. A lot of people like to say open source is a meritocracy, the people who are the top of projects are there because they have the most merit. I’d like to examine this idea. https://alexgaynor.net/2013/oct/02/thoughts-lavabit/ Wed, 02 Oct 2013 00:00:00 +0000 https://alexgaynor.net/2013/oct/02/thoughts-lavabit/ If you haven’t already, you should start by reading Wired’s article on this. I am not a lawyer. That said, I want to walk through my take on each stage of this. The government served Lavabit with an order requiring them to supply metadata about every email, as well as mailbox accesses, for a specific user. Because this was “metadata” only the government was not required to supply probable cause. https://alexgaynor.net/2013/sep/26/effective-code-review/ Thu, 26 Sep 2013 00:00:00 +0000 https://alexgaynor.net/2013/sep/26/effective-code-review/ Maybe you practice code review, either as a part of your open source project or as a part of your team at work, maybe you don’t yet. But if you’re working on a software project with more than one person it is, in my view, a necessary piece of a healthy workflow. The purpose of this piece is to try to convince you its valuable, and show you how to do it effectively. https://alexgaynor.net/2013/sep/22/being-negative/ Sun, 22 Sep 2013 00:00:00 +0000 https://alexgaynor.net/2013/sep/22/being-negative/ From time to time I joke that Bob Knight stole the title of my autobiography with his, which is titled “The Power of Negativity”. I’ve never read the book, but it’s very easy for me to imagine how it could apply to me. Many people who know me would immediately identify me as a negative person. They’re not wrong, and it’s a constant source of struggle for me. To be clear: I’m sarcastic, I’m critical, I’m a perfectionist and impossible to impress, and I have a capacious ego. https://alexgaynor.net/2013/sep/17/doing-release-too-hard/ Tue, 17 Sep 2013 00:00:00 +0000 https://alexgaynor.net/2013/sep/17/doing-release-too-hard/ I just shipped a new release of alchimia. Here are the steps I went through: Manually edit version numbers in setup.py and docs/conf.py. In theory I could probably centralize this, but then I’d still have a place I need to update manually. Issue a git tag (actually I forgot to do that on this project, oops). python setup.py register sdist upload -s to build and upload some tarballs to PyPi python setup. https://alexgaynor.net/2013/sep/15/you-guys-know-who-philo-farnsworth-was/ Sun, 15 Sep 2013 00:00:00 +0000 https://alexgaynor.net/2013/sep/15/you-guys-know-who-philo-farnsworth-was/ Friends of mine will know I'm a very big fan of the TV show Sports Night (really any of Aaron Sorkin's writing, but Sports Night in particular). Before you read anything I have to say, take a couple of minutes and watch this clip: I doubt Sorkin knew it when he scripted this (I doubt he knows it now either), but this piece is about how Open Source happens (to be honest, I doubt he knows what Open Source Software is). https://alexgaynor.net/2013/sep/08/your-project-doesnt-mean-your-playground/ Sun, 08 Sep 2013 00:00:00 +0000 https://alexgaynor.net/2013/sep/08/your-project-doesnt-mean-your-playground/ Having your own open source project is awesome. You get to build a thing you like, obviously. But you also get to have your own little playground, a chance to use your favorite tools: your favorite VCS, your favorite test framework, your favorite issue tracker, and so on. And if the point of your project is to share a thing you’re having fun with with the world, that’s great, and that’s probably all there is to the story (you may stop reading here). https://alexgaynor.net/2013/aug/28/why-i-support-diversity/ Wed, 28 Aug 2013 00:00:00 +0000 https://alexgaynor.net/2013/aug/28/why-i-support-diversity/ I get asked from time to time why I care about diversity in the communities I’m a part of, particularly the Django, Python, and the broader software development and open source community. There’s a lot of good answers. The simplest one, and the one I imagine just about everyone can get behind: diverse groups perform better at creative tasks. A group composed of people from different backgrounds will do better work than a homogeneous group. https://alexgaynor.net/2013/aug/03/open-letter-security-community/ Sat, 03 Aug 2013 00:00:00 +0000 https://alexgaynor.net/2013/aug/03/open-letter-security-community/ Your community appears to be a disaster. I’ve already read about the following happening in your community/conferences: Women stripping being used as a prize in hacker jeopardy Jeopardy game features the category “hot pussy” Invites to parties being handed out to male speakers and not female speakers Objectifying content on slides Hacking devices of new users at conferences is considered completely acceptable I can only conclude you don’t want to be welcoming to new users. https://alexgaynor.net/2013/jul/16/you-dont-have-be-jerk-code-review/ Tue, 16 Jul 2013 00:00:00 +0000 https://alexgaynor.net/2013/jul/16/you-dont-have-be-jerk-code-review/ By this point it’s likely you’ve read about the discussion Sarah Sharp started on the Linux Kernel Mailing List (LKML) about the abusive nature of some of the comments there, she also wrote about it on her blog. The negative responses to this broadly fall into two categories: 1) The Linux development process works, stop trying to change it, and 2) professionalism means sugar coating things and that leads to backstabbing and people writing terrible patches. https://alexgaynor.net/2013/jul/15/your-tests-are-not-benchmark/ Mon, 15 Jul 2013 00:00:00 +0000 https://alexgaynor.net/2013/jul/15/your-tests-are-not-benchmark/ I get a lot of feedback about people’s experiences with PyPy. And a lot of it is really great stuff for example, “We used to leave the simulation running over night, now we take a coffee break”. We also get some less successful feedback, however quite a bit of that goes something like, “I ran our test suite under PyPy, not only was it not faster, it was slower!”. Unfortunately, for the time being, this is really expected, we’re working on improving it, but for now I’d like to explain why that is. https://alexgaynor.net/2013/jul/11/thoughts-openstack/ Thu, 11 Jul 2013 00:00:00 +0000 https://alexgaynor.net/2013/jul/11/thoughts-openstack/ Since I joined Rackspace a little over a month ago, I’ve gotten involved with OpenStack, learning the APIs, getting involved in discussions, and contributing code. I wanted to write a bit about what some of my experiences have been, particularly with respect to the code and contribution process. Architecture Were I to have started to design a system similar to OpenStack, and particularly components like Swift (Object store), the first thing I would have done would be build a (or select an existing) general purpose distributed database. https://alexgaynor.net/2013/jun/20/weekly-updates/ Thu, 20 Jun 2013 00:00:00 +0000 https://alexgaynor.net/2013/jun/20/weekly-updates/ One of the great luxuries of my new job at Rackspace is that basically everything I work on is open source, which means I also have the ability to write and talk about almost everything I do! Since a large chunk of my time is dedicated to working on open source projects of my choice, I wanted to start writing regularly about what I’m doing with that time. To that end I’m going to try to write regularly (hopefully every Monday) about my goals for the week. https://alexgaynor.net/2013/may/06/moving-rackspace/ Mon, 06 May 2013 00:00:00 +0000 https://alexgaynor.net/2013/may/06/moving-rackspace/ As you may have heard by now, I’m joining Rackspace. This was a very hard decision, I love my job at Rdio, I love my coworkers, and I love the product we’re building. However, Rackspace has given me an opportunity to make my work on open source projects (particularly PyPy) a major part of my job. I’ll also be spending time on OpenStack, the SDKs, and internal developer evangelism. I’ll be staying in San Francisco. https://alexgaynor.net/2013/apr/16/perception/ Tue, 16 Apr 2013 00:00:00 +0000 https://alexgaynor.net/2013/apr/16/perception/ I’ve been reading Sheryl Sandberg’s “Lean In”. It’s a good book and I recommend it. One passage recently caught my attention. Writing about her first day at a new job: “‘I can’t believe you’ve gotten this far, or even how you can understand basic economics, without knowing how to use Lotus.’ I went home convinced that I was going to get fired.” (p62) A number of years ago my college roommate and I both had summer internships and we were discussing them. https://alexgaynor.net/2013/feb/16/disambiguating-bson-and-msgpack/ Sat, 16 Feb 2013 00:00:00 +0000 https://alexgaynor.net/2013/feb/16/disambiguating-bson-and-msgpack/ I had a fairly fun project at work recently, so I thought I’d write about it. We currently store BSON blobs of data in many places. This is unfortunate, because BSON is bloated and slow (an array is internally stored as a dictionary mapping the strings "0", "1", "2", etc. to values). So we wanted to migrate to msgpack, which I’ve measured as requiring 46% of the space of BSON, and being significantly faster to deserialize (we aren’t concerned with serialization speed, though I’m relatively confident that’s faster as well). https://alexgaynor.net/2013/jan/06/software-design-8020-libraries/ Sun, 06 Jan 2013 00:00:00 +0000 https://alexgaynor.net/2013/jan/06/software-design-8020-libraries/ I'm trying a new format for content, instead of writing I've recorded some audio, I think this will be a better format for my to share ideas. You can find the audio here. PS: If you know a better workflow for sharing audio like this, please let me know. https://alexgaynor.net/2012/sep/03/linux-desktop-dead/ Mon, 03 Sep 2012 00:00:00 +0000 https://alexgaynor.net/2012/sep/03/linux-desktop-dead/ At 10:40 AM this morning Linux on the desktop was pronounced dead by Dr. Randall Gnu at GPL Memorial Hospital in Portland, Oregon. The cause of death is, as yet, unknown but it is believed to be the result of two decades of constant exposure to FUD. Friends and colleagues were shocked and saddened at the loss of Linux on the desktop. Said one, “It was so shocking to hear it passed away, it had been doing so well lately, more users than ever, more non-technical users”. https://alexgaynor.net/2012/jul/12/compiler-rarely-knows-best/ Thu, 12 Jul 2012 00:00:00 +0000 https://alexgaynor.net/2012/jul/12/compiler-rarely-knows-best/ This is a response to http://pwang.wordpress.com/2012/07/11/does-the-compiler-know-best/ if you haven’t read it yet, start there. For lack of any other way to say it, I disagree with nearly every premise presented and conclusion derived in Peter’s blog post. The post itself doesn’t appear to have any coherent theme, besides that PyPy is not the future of Python, so I’ll attempt to reply to Peter’s statements more or less in order. First, and perhaps most erroneously, he claims that “PyPy is an even more drastic change to the Python language than Python3”. https://alexgaynor.net/2012/jul/04/why-personal-funding/ Wed, 04 Jul 2012 00:00:00 +0000 https://alexgaynor.net/2012/jul/04/why-personal-funding/ First, I have to apologize, because this post is incredibly self-serving, I believe everything I write here applies to myself, and if you do what I suggest, it will be to my benefit. I believe every single word I’m writing, but you have no way of knowing that, except trusting me. I can only hope I’ve written persuasively enough. If you’ve ever asked an open source developer why they haven’t fixed a bug or added a feature, the answer probably fell into one of three categories: https://alexgaynor.net/2012/may/26/5-years-2-months-and-28-days/ Sat, 26 May 2012 00:00:00 +0000 https://alexgaynor.net/2012/may/26/5-years-2-months-and-28-days/ 5 years, 2 months, and 28 days ago I dropped out of high school, and in a few hours I’m going to graduate from college. This journey has been surreal, and that it’s coming to an end hasn’t even begun to sink in. I lack the words to express my thanks to my family and friends who’ve been with me through this. However, I think I owe an even greater thanks to the open source communities I’ve worked with. https://alexgaynor.net/2011/dec/23/perils-polyglot-programming/ Fri, 23 Dec 2011 00:00:00 +0000 https://alexgaynor.net/2011/dec/23/perils-polyglot-programming/ Polyglot programming (the practice of knowing and using many programming languages) seems to be all the rage these days. Its adherents claim two benefits: Using the right tool for every job means everything you do is a little bit easier (or better, or faster, or all of the above). Knowing multiple programming paradigm expands your mind and makes you better at programming in every language. I’m not going to dispute either of these. https://alexgaynor.net/2011/nov/28/why-del-defaultdictk-should-raise-error/ Mon, 28 Nov 2011 00:00:00 +0000 https://alexgaynor.net/2011/nov/28/why-del-defaultdictk-should-raise-error/ Raymond Hettinger recently asked on twitter what people thought del defaultdict()[k] did for a k that didn’t exist in the dict. There are two ways of thinking about this, one is, “it’s a defaultdict, there’s always a value at a key, so it can never raise a KeyError”, the other is, “that only applies to reading a value, this should still raise an error”. I initially spent several minutes considering which made more sense, but I eventually came around to the second view, I’m going to explain why. https://alexgaynor.net/2011/nov/18/rcos-numpy-talk/ Fri, 18 Nov 2011 00:00:00 +0000 https://alexgaynor.net/2011/nov/18/rcos-numpy-talk/ I just delivered a talk at RCOS (the open source center on campus) on some of the work I’ve been doing this semester on PyPy’s implementation of NumPy. You can find the slides here, they’re built using html5slides, which is pretty swell (for a tool that makes me write HTML directly that is). https://alexgaynor.net/2011/oct/11/run-time-distinction/ Tue, 11 Oct 2011 00:00:00 +0000 https://alexgaynor.net/2011/oct/11/run-time-distinction/ At PyCodeConf I had a very interesting discussion with Nick Coghlan which helped me understand something that had long frustrated me with programming languages. Anyone who’s ever taught a new programmer Java knows this, but perhaps hasn’t understood it for what it is. This thing that I hadn’t been appreciating was the distinction some programming languages make between the language that exists at compile time, and the language that exists at run-time. https://alexgaynor.net/2011/jul/10/so-you-want-write-fast-python/ Sun, 10 Jul 2011 00:00:00 +0000 https://alexgaynor.net/2011/jul/10/so-you-want-write-fast-python/ Thinking about writing your own Python implementation? Congrats, there are plenty out there 1, but perhaps you have something new to bring to the table. Writing a fast Python is a pretty hard task, and there’s a lot of stuff you need to keep in mind, but if you’re interested in forging ahead, keep reading! First, you’ll need to write yourself an interpreter. A static compiler for Python doesn’t have enough information to do the right things 1 1, and a multi-stage JIT compiler is probably more trouble than it’s worth 1. https://alexgaynor.net/2011/jun/07/djangocon-europe-2011-slides/ Tue, 07 Jun 2011 00:00:00 +0000 https://alexgaynor.net/2011/jun/07/djangocon-europe-2011-slides/ I gave a talk at DjangoCon Europe 2011 on using Django and PyPy (with another talk to be delivered tomorrow!), you can get the slides right on bitbucket, and for those who saw the talk, the PyPy compatibility wiki is here. https://alexgaynor.net/2011/may/06/this-summer/ Fri, 06 May 2011 00:00:00 +0000 https://alexgaynor.net/2011/may/06/this-summer/ For the past nearly two years I’ve been an independent contractor working primarily for Eldarion, and it’s been fantastic, I can’t say enough good things. However, this summer I’m shaking things up a bit and heading west. I’ll be an intern at Quora this summer. They’re a Python shop, and it’s going to be my job to make everything zippy. Specifically I’ll be making the site run on PyPy, and then tuning the hell out of both their codebase and PyPy itself. https://alexgaynor.net/2011/apr/03/my-experience-computer-language-shootout/ Sun, 03 Apr 2011 00:00:00 +0000 https://alexgaynor.net/2011/apr/03/my-experience-computer-language-shootout/ For a long time we, the PyPy developers, have known the Python implementations on the Computer Language Shootout were not optimal under PyPy, and in fact had been ruthlessly microoptimized for CPython, to the detriment of PyPy. But we didn’t really care or do anything about it, because we figured those weren’t really representative of what people like to do with Python, and who really cares what it says, CPython is over 30 times slower than C, and people use it just the same. https://alexgaynor.net/2011/mar/09/pypy-san-francisco-tour-recap/ Wed, 09 Mar 2011 00:00:00 +0000 https://alexgaynor.net/2011/mar/09/pypy-san-francisco-tour-recap/ Yesterday was the last day of my (our) tour of the Bay Area, so I figured I’d post a recap of all the cool stuff that happened. Sprints I got in on Friday night (technically Saturday morning, thanks for the ride Noah!) and on Saturday and Sunday we held sprints at Noisebridge. They have a very cool location and we had some pretty productive sprints. The turnout was less than expected, based on the people who said they’d show at the Python user group, however we were pretty productive. https://alexgaynor.net/2011/feb/17/django-and-python-3-take-2/ Thu, 17 Feb 2011 00:00:00 +0000 https://alexgaynor.net/2011/feb/17/django-and-python-3-take-2/ About 18 months ago I blogged about Django and Python 3, I gave the official roadmap. Not a lot has changed since then unfortunately, we’ve dropped 2.3 entirely, 2.4 is on it’s way out, but there’s no 3.X support in core. One fun thing has changed though: I get to help set the roadmap, which is a) cool, b) means the fact that I care about Python 3 counts for something. https://alexgaynor.net/2011/jan/21/announce-vcs-translator/ Fri, 21 Jan 2011 00:00:00 +0000 https://alexgaynor.net/2011/jan/21/announce-vcs-translator/ For the past month or so I’ve been using a combination of Google, Stackoverflow, and bugging people on IRC to muddle my way through using various VCS that I’m not very familiar with. And all too often my queries are of the form of “how do I do git foobar -q in mercurial?”. A while ago I tweeted that someone should write a VCS translator website. Nobody else did, so when I woke up far too early today I decided I was going to get something online to solve this problem, today! https://alexgaynor.net/2011/jan/21/pycon-2011-going-be-awesome/ Fri, 21 Jan 2011 00:00:00 +0000 https://alexgaynor.net/2011/jan/21/pycon-2011-going-be-awesome/ If you hang out with Pythonistas you’ve probably already heard, but if you haven’t, come to PyCon! It’s going to be awesome. Here are just a few reasons why: The talks will be great, I’ve got 2 that I’m super excited about, but here are five more I wouldn’t miss for the world: “Dude, Where’s My RAM?” - A deep dive into how Python uses memory Writing great documentation Panel: Python in Schools: Teaching It and Teaching With It. https://alexgaynor.net/2010/dec/31/2010-review/ Fri, 31 Dec 2010 00:00:00 +0000 https://alexgaynor.net/2010/dec/31/2010-review/ Now that the decades almost over (or maybe not, if the millennium started in 2001 did the decade start then as well?), it’s time for a little year in review: Finished another year of school, I can see the light at the end of the tunnel. Went to PyCon, attended the language summit, gave a talk, had a blast. Got an iMac. Went to DjangoCon.eu, gave a talk, had a blast. https://alexgaynor.net/2010/dec/17/getting-most-out-tox/ Fri, 17 Dec 2010 00:00:00 +0000 https://alexgaynor.net/2010/dec/17/getting-most-out-tox/ tox is a recent Python testing tool, by Holger Krekel. It’s stated purpose is to make testing Python projects against multiple versions of Python (or different interpreters, like PyPy and Jython) much easier. However, it can be used for so much more. Yesterday I set it up for django-taggit, and it’s an absolute dream, it automates testing against four different versions of Python, two different versions of Django, and it automates building the docs and checking for any warnings from Sphinx. https://alexgaynor.net/2010/nov/19/programming-languages-terminology/ Fri, 19 Nov 2010 00:00:00 +0000 https://alexgaynor.net/2010/nov/19/programming-languages-terminology/ This semester I’ve been taking a course titled “Programming Languages”. Since I’m a big languages and compilers nerd this should be wonderful. Unfortunately every time I’m in this class I’m reminded of just what a cluster-fuck programming language terminology is. What follows are my definitions of a number of terms: Dynamic typing (vs static typing): Values do not have a type until runtime. Has nothing to do with the declaration of types (i. https://alexgaynor.net/2010/nov/18/symptoms-and-diseases/ Thu, 18 Nov 2010 00:00:00 +0000 https://alexgaynor.net/2010/nov/18/symptoms-and-diseases/ When you have a cold you treat the symptoms you deal with the runny nose, the fever, and the cough independently (each with chicken soup) because there’s nothing you can do about the cold. When you have lung cancer you treat the disease, because if all you do is treat the cough you have you’re going to die of cancer very quickly. When your country has the occasional random terrorist attack you deal with it with the appropriate security measures, when you have a series of system terror attempts by an organized group you should probably start thinking about doing something about the root cause: whatever you’re doing to piss them off, because no security is 100%. https://alexgaynor.net/2010/nov/04/staticly-typed-language-id-actually-want-use/ Thu, 04 Nov 2010 00:00:00 +0000 https://alexgaynor.net/2010/nov/04/staticly-typed-language-id-actually-want-use/ Nearly a year ago I tweeted, and released on github a project I’d been working. It’s called shore, and it’s the start of a compiler for a statically typed language I’d actually like to use. Programming is, for me, most fun when I can work at the level that suits the problem I have: when I’m building a website I don’t like to think about how my file system library is implemented. https://alexgaynor.net/2010/nov/04/not-everything-sucks/ Thu, 04 Nov 2010 00:00:00 +0000 https://alexgaynor.net/2010/nov/04/not-everything-sucks/ Since I seem to be failing at this blogging thing, tonights post is a simple thought: just because something is imperfect doesn’t mean it sucks. https://alexgaynor.net/2010/nov/02/continuous-integration-i-want/ Tue, 02 Nov 2010 00:00:00 +0000 https://alexgaynor.net/2010/nov/02/continuous-integration-i-want/ Testing is important, I’ve been a big advocate of writing tests for a while, however when you’ve got tests you need to run them. This is a big problem in open source, Django works on something like six versions of Python (2.4, 2.5, 2.6, 2.7, Jython, and PyPy), 4 databases (SQLite, PostgreSQL, MySQL, Oracle, plus the GIS backends, and external backends), and I don’t even know how many operating systems (at least the various Linuxes, OS X, and Windows). https://alexgaynor.net/2010/nov/01/national-blog-post-month/ Mon, 01 Nov 2010 00:00:00 +0000 https://alexgaynor.net/2010/nov/01/national-blog-post-month/ It’s November again, and that means National Blog Post Month (or NAMBLA), and it’s also the second anniversary of me having a blog. Once again I’m going to be making an effort to blog post every day, as you can tell I’m off to a great start with this post, Murphy willing the content will improve as the month goes on. https://alexgaynor.net/2010/oct/24/priorities/ Sun, 24 Oct 2010 00:00:00 +0000 https://alexgaynor.net/2010/oct/24/priorities/ When you work on something as large and multi-faceted as Django you need a way to prioritize what you work on, without a system how do I decide if I should work on a new feature for the template system, a bugfix in the ORM, a performance improvement to the localization features, or better docs for contrib.auth? There’s tons of places to jump in and work on something in Django, and if you aren’t a committer you’ll eventually need one to commit your work to Django. https://alexgaynor.net/2010/oct/21/cui-bono/ Thu, 21 Oct 2010 00:00:00 +0000 https://alexgaynor.net/2010/oct/21/cui-bono/ Cui bono is Latin, meaning “to whose benefit”. It is typically used as a mode of thought for judicial inquiry, by Occam’s razor a perpetrator who stands to gain something from a crime is more likely to have committed it than one with no standing. However, it can similarly be used as a mode of thought to analyze the motives and practical realities of international relations. Specifically, it calls our attention to the inherent dichotomy of the US mission in Afghanistan to combat terrorism (clearly the proximate cause for the US invasion following 9/11) and the mission to establish a democracy (the oft trodden out political justification). https://alexgaynor.net/2010/oct/14/prohibition-doesnt-work/ Thu, 14 Oct 2010 00:00:00 +0000 https://alexgaynor.net/2010/oct/14/prohibition-doesnt-work/ Since the 2001 US and allied invasion of Afghanistan one of the major international efforts has been to reduce the output of opium from Afghanistan. Nonetheless, since 2001 the output has been increasingly, however the September 2010 report from the UN indicates there has been a nearly 50% reduction in the potential production of opium for all of Afghanistan, however it also notes a 38% increase in the total farm-gate value of opium production; that is the total value of the opium produced nearly doubled despite halving the output. https://alexgaynor.net/2010/oct/06/pakistan-problem/ Wed, 06 Oct 2010 00:00:00 +0000 https://alexgaynor.net/2010/oct/06/pakistan-problem/ Since the US began military operations in Afghanistan in 2001 Pakistan has been a crucial ally. Pakistan has provided both a supply route for supplies arriving at Karachi (the nearest major seaport) as well providing logistic support against insurgents operating on the Afghanistan/Pakistan border. Despite this support there are a number of fundamental issues with the US-Pakistan relationship that make the long term relationship a dicey proposition. The greatest issue is that until recently Pakistan was ruled by a military dictatorship, and a great many individuals in their military (particular the ISI, their intelligence apparatus) still hold loyalty to their military leadership, not the civilian government. https://alexgaynor.net/2010/oct/03/us-interventionism-and-its-fallout/ Sun, 03 Oct 2010 00:00:00 +0000 https://alexgaynor.net/2010/oct/03/us-interventionism-and-its-fallout/ Though the first foreign policy promulgated by the United States was that of non-interventionism, George Washington’s warning to avoid foreign entanglements. However, shortly there after, and ever since, following the Monroe Doctrine US foreign policy has actively tended towards interventionism. The results of this, however, have been almost universally disastrous, particularly in cases where we’ve acted against our own principles our of convenience. This same fate can be seen in the US’s support of local warlords in the current war in Afghanistan, as those who ignore history are doomed to repeat it. https://alexgaynor.net/2010/sep/29/dynamic-and-static-programming-languages-and-teaching/ Wed, 29 Sep 2010 00:00:00 +0000 https://alexgaynor.net/2010/sep/29/dynamic-and-static-programming-languages-and-teaching/ Lately I’ve seen the sentiment, “Why do all teachers need to prepare their own lesson plans” in a few different places, and it strikes me as representative of a particular mindset about education and teaching. To me, it seems like a fundamental question about pedagogical philosophy that’s akin to the great programming debate between which is better dynamic or static languages (although it might be more apt to say compiled versus interpreted). https://alexgaynor.net/2010/sep/26/us-counterinsurgency-and-terrorism-policy/ Sun, 26 Sep 2010 00:00:00 +0000 https://alexgaynor.net/2010/sep/26/us-counterinsurgency-and-terrorism-policy/ Over the course of the last nine years the United States has attempted to implement a number of policies to combat terrorism, and to engage in a counter insurgency, the formal on a global scale, and the latter primarily in Iraq and Afghanistan. However, viewed in a broader historical context current policies represent a nearly 180 degree shift. In the wake of 9/11 there was a potential for a passive jurisdictional fight: the FBI has jurisdiction in domestic terrorism cases, NYPD had jurisdiction under local murder statutes, the National Transportation Safety Board has jurisdiction in the event of an accident, and while the Department of Defense and intelligence apparatus formally have no jurisdiction any international response is within their purview. https://alexgaynor.net/2010/sep/21/afghani-elections/ Tue, 21 Sep 2010 00:00:00 +0000 https://alexgaynor.net/2010/sep/21/afghani-elections/ The following is in response to an Associated Press article today. One of the long stated purposes of the United State invasion, and subsequent occupation of Afghanistan has been to unseat the Taliban government, and to replace it with a democracy. In 2004 Afghanistan first held public elections, following the United States invasion, to replace the transitional government, led by Hamid Karzai. Since then Karzai has been president of Afghanistan. He was reelected in 2009, amidst reports of low voter turnout, ballot stuffing, intimidation, and other forms of election fraud. https://alexgaynor.net/2010/sep/21/django-taggit-09-released/ Tue, 21 Sep 2010 00:00:00 +0000 https://alexgaynor.net/2010/sep/21/django-taggit-09-released/ It’s been a long time coming, since taggit 0.8 was released in June, however 0.9 is finally here, and it brings a ton of cool bug fixes, improvements, and cleanups. If you don’t already know, django-taggit is an application for django to make tagging simple and awesome. The biggest changes in this release are: The addition of a bunch of locales. Support for custom tag models. Moving taggit.contrib.suggest into an external package. https://alexgaynor.net/2010/sep/20/political-religion/ Mon, 20 Sep 2010 00:00:00 +0000 https://alexgaynor.net/2010/sep/20/political-religion/ For the vast majority of human history religion has been a centerpiece of any government, the notion of a separation between church and state is a relatively recent notion, by and large dating back to Thomas Jefferson (ignoring Jesus of Nazareth’s dictum to, “render unto Caesar that which is Caeser’s and unto God that which is god’s”, which was mostly ignored for the two millennium that followed). However, recently this notion has been almost completely rejected by both radical American conservatives, and fanatic Muslims, an exceptionally odd parallel. https://alexgaynor.net/2010/sep/14/democracy-colonial-areas/ Tue, 14 Sep 2010 00:00:00 +0000 https://alexgaynor.net/2010/sep/14/democracy-colonial-areas/ Throughout the second millennium one of the defining realities of international relations was colonialism. European powers did everything they could do spread their influence around the globe, leading to realities like, “the sun never set on the British empire”. It was through such colonies that the United States came to being, becoming the world’s first modern democracy. As many other colonies divorced themselves from their parent nations some adopted democratic governments, however others merely moved themselves to autocratic rule by natives. https://alexgaynor.net/2010/sep/14/upcoming-content/ Tue, 14 Sep 2010 00:00:00 +0000 https://alexgaynor.net/2010/sep/14/upcoming-content/ This semester I am taking a course titled, “War in Afghanistan”. One of the assignments for this course is to write bi-weekly blog posts about the course content. Out of convenience these will be living here. https://alexgaynor.net/2010/sep/13/djangocon-2010-slides/ Mon, 13 Sep 2010 00:00:00 +0000 https://alexgaynor.net/2010/sep/13/djangocon-2010-slides/ DjangoCon 2010 was a total blast this year, and deserves a full recap, however for now I only have the time to post the slides from my talk on “Rethinking the Reusable Application Paradigm”, the video has also been uploaded. Enjoy. https://alexgaynor.net/2010/aug/16/education-slides/ Mon, 16 Aug 2010 00:00:00 +0000 https://alexgaynor.net/2010/aug/16/education-slides/ This past weekend I attended a symposium on authentic learning, in Santa Barbara, California. I gave a talk there about Open Source, and how we emulate the practices of a learning community (as often seen in colleges and universities) and whether the pedagogal practices we engange in (to help get new contributors started, and hopefully guide them to becoming committers) are applicable to other fields. Unfortunately the talk wasn’t recorded, however my slides are available online, there is also an accompanying paper that will be available in the future. https://alexgaynor.net/2010/aug/02/pyohio-slides/ Mon, 02 Aug 2010 00:00:00 +0000 https://alexgaynor.net/2010/aug/02/pyohio-slides/ I’ve (finally) uploaded the slides from my PyOhio talk (I gave a similar talk at ChiPy). You can get them right here, I’ll be putting all my slides on Scribd from here on out, they were much easier to upload to than SlideShare, plus HTML5 is awesome! https://alexgaynor.net/2010/jul/06/testing-utilities-django/ Tue, 06 Jul 2010 00:00:00 +0000 https://alexgaynor.net/2010/jul/06/testing-utilities-django/ Lately I’ve had the opportunity to do some test-driven development with Django, which a) is awesome, I love testing, and b) means I’ve been working up a box full of testing utilities, and I figured I’d share them. Convenient get() and post() methods If you’ve done testing of views with Django you probably have some tests that look like: def test_my_view(self): response = self.client.get(reverse("my_url", kwargs={"pk": 1})) response = self.client.post(reverse("my_url", kwargs={"pk": 1}), { "key": "value", }) This was a tad too verbose for my tastes so I wrote: https://alexgaynor.net/2010/jun/26/multimethods-python/ Sat, 26 Jun 2010 00:00:00 +0000 https://alexgaynor.net/2010/jun/26/multimethods-python/ Every once and a while the topic of multimethods (also known as generic dispatch) comes up in the Python world (see here, and here, here too, and finally here, and probably others). For those of you who aren’t familiar with the concept, the idea is that you declare a bunch of functions with the same name, but that take different arguments and the language routes your calls to that function to the correct implementation, based on what types you’re calling it with. https://alexgaynor.net/2010/jun/08/hey-could-someone-write-app-me/ Tue, 08 Jun 2010 00:00:00 +0000 https://alexgaynor.net/2010/jun/08/hey-could-someone-write-app-me/ While doing some work today I realized that generating fixtures in Django is way too much of a pain in the ass, and I suspect it’s a pain in the ass for a lot of other people as well. I also came up with an API I’d kind of like to see for it, unfortunately I don’t really have the time to write the whole thing, however I’m hoping someone else does. https://alexgaynor.net/2010/may/24/djangoconeu-slides/ Mon, 24 May 2010 00:00:00 +0000 https://alexgaynor.net/2010/may/24/djangoconeu-slides/ I just finished giving my talk at DjangoCon.eu on Django and NoSQL (also the topic of my Google Summer of Code project). You can get the slides over at slideshare. My slides from my lightning talk on django-templatetag-sugar are also up on slideshare. https://alexgaynor.net/2010/may/15/pypy-future-python/ Sat, 15 May 2010 00:00:00 +0000 https://alexgaynor.net/2010/may/15/pypy-future-python/ Currently the most common implementation of Python is known as CPython, and it’s the version of Python you get at python.org, probably 99.9% of Python developers are using it. However, I think over the next couple of years we’re going to see a move away from this towards PyPy, Python written in Python. This is going to happen because PyPy offers better speed, more flexibility, and is a better platform for Python’s growth, and the most important thing is you can make this transition happen. https://alexgaynor.net/2010/may/09/tour-django-taggit-internals/ Sun, 09 May 2010 00:00:00 +0000 https://alexgaynor.net/2010/may/09/tour-django-taggit-internals/ In a previous post I talked about a cool new customization API that django-taggit has. Now I’m going to dive into the internals. The public API is almost exclusively exposed via a class named TaggableManager, you attach one of these to your model and it has some cool tagging APIs. This class basically masquerades as ManyToManyField, this is how it gets cool things like filtering and forms automatically. If you look at its definition you’ll see it has a bunch of attributes that it never actually uses, basically all of these act to emulate the Field interface. https://alexgaynor.net/2010/may/06/why-utilitarianism-fails/ Thu, 06 May 2010 00:00:00 +0000 https://alexgaynor.net/2010/may/06/why-utilitarianism-fails/ This semester I’ve been taking a course in ethics, and while it hasn’t changed my perspective on any issues, it has allowed me to form some opinions about ethical systems. In particular, I’ve found that utilitarianism is an awful ethical system, with almost no merit. The major problems with it being that it is conditional, and that it’s impossible to attempt to apply. The first problem with utilitarianism is that it is conditional. https://alexgaynor.net/2010/may/04/cool-new-django-taggit-api/ Tue, 04 May 2010 00:00:00 +0000 https://alexgaynor.net/2010/may/04/cool-new-django-taggit-api/ A little while ago I wrote about some of the issues with the reusable application paradigm in Django. Yesterday Carl Meyer pinged me about an issue in django-taggit, it uses an IntegerField for the GenericForeignKey, which is great. Except for when you have a model with a CharField, TextField, or anything else for a primary key. The easy solution is to change the GenericForeignKey to be something else. But that’s lame, a pain in the ass, and a hack (more of a hack than a GenericForeignKey in the first place). https://alexgaynor.net/2010/apr/16/making-django-and-pypy-play-nice-part-1/ Fri, 16 Apr 2010 00:00:00 +0000 https://alexgaynor.net/2010/apr/16/making-django-and-pypy-play-nice-part-1/ If you track Django’s commits aggressivly (ok so just me…), you may have noticed that there have been a number of commits to improve the compatibility of Django and PyPy in the last couple of days. In the run up to Django 1.0 there were a ton of commits to make sure Django didn’t have too many assumptions that it was running on CPython, and that it could work with systems like Jython and PyPy. https://alexgaynor.net/2010/mar/29/designer-developer-relations/ Mon, 29 Mar 2010 00:00:00 +0000 https://alexgaynor.net/2010/mar/29/designer-developer-relations/ Lately I’ve been working with quite a few designers so I’ve been thinking about what exactly constitutes the ideal working relationship. Here are some of the models I’ve seen, in order of best to worst. Best The ideal relationship would be I write a view function, let the designer know what template they need to write, and what context is available, then they can ask me if they need any extra logic stuff available. https://alexgaynor.net/2010/mar/28/towards-application-objects-django/ Sun, 28 Mar 2010 00:00:00 +0000 https://alexgaynor.net/2010/mar/28/towards-application-objects-django/ Django’s application paradigm (and the accompanying reusable application environment) have served it exceptionally well, however there are a few well known problems with it. Chief among these is pain in extendability (as exemplified by the User model), and abuse of GenericForeignKeys where a true ForeignKey would suffice (in the name of being generic), there are also smaller issues, such as wanting to install the same application multiple times, or having applications with the same “label” (in Django parlance this means the path. https://alexgaynor.net/2010/mar/15/languages-dont-have-speeds-or-do-they/ Mon, 15 Mar 2010 00:00:00 +0000 https://alexgaynor.net/2010/mar/15/languages-dont-have-speeds-or-do-they/ Everyone knows languages don’t have speeds, implementations do. Python isn’t slow; CPython is. Javascript isn’t fast; V8, Squirrelfish, and Tracemonkey are. But what if a language was designed in such a way that it appeared that it was impossible to be implemented efficiently? Would it be fair to say that language is slow, or would we still have to speak in terms of implementations? For a long time I followed the conventional wisdom, that languages didn’t have speeds, but lately I’ve come to believe that we can learn something by thinking about what the limits on how fast a language could possibly be, given a perfect implementation. https://alexgaynor.net/2010/mar/08/pycon-roundup-days-2-4/ Mon, 08 Mar 2010 00:00:00 +0000 https://alexgaynor.net/2010/mar/08/pycon-roundup-days-2-4/ As I said in my last post PyCon was completely and utterly awesome, but it was also a bit of a blur. Here’s my attempt at summarizing everything that happened during the conference itself. Day 2 Day 2 (the first day of the conference itself) started out with Guido’s keynote. He did something rather unorthodox, instead of delivering a formal talk he just took audience questions via Twitter, starting out using Twitterfall, but it was a tad slow so Jacob Kaplan-Moss switched it out for the PyCon Live Stream that Eric Florenzano, Brian Rosner, and I built, switch was very awesome (seeing your creation on four projectors in front of an audience is a pretty good ego boost). https://alexgaynor.net/2010/feb/26/pycon-roundup-days-0-and-1/ Fri, 26 Feb 2010 00:00:00 +0000 https://alexgaynor.net/2010/feb/26/pycon-roundup-days-0-and-1/ This year’s PyCon was completely and utterly awesome, to the point where anything I point in writing won’t do it justice. But I’m going to try to anyways. Day 0 Day 0 was Wednesday, I got in pretty late and didn’t do much of anything besides meet up with people in the hotel lobby for an hour or two. Still, it was good to be able to catch up with people, and put some faces to people I knew exclusively via the internet. https://alexgaynor.net/2010/feb/25/committer-models-unladen-swallow-pypy-and-django/ Thu, 25 Feb 2010 00:00:00 +0000 https://alexgaynor.net/2010/feb/25/committer-models-unladen-swallow-pypy-and-django/ During this year’s PyCon I became a committer on both PyPy and Unladen Swallow, in addition I’ve been a contributer to Django for quite a long time (as well as having commit privileges to my branch during the Google Summer of Code). One of the things I’ve observed is the very different models these projects have for granting commit privileges, and what the expectations and responsibilities are for committers. Unladen Swallow Unladen Swallow is a Google funded branch of CPython focused on speed. https://alexgaynor.net/2010/feb/02/thoughts-hiphop-php/ Tue, 02 Feb 2010 00:00:00 +0000 https://alexgaynor.net/2010/feb/02/thoughts-hiphop-php/ This morning Facebook announced, as had been rumored for several weeks, a new, faster, implementation of PHP. To someone, like me, who loves dynamic languages and virtual machines this type of announcement is pretty exciting, after all, if they have some new techniques for optimizing dynamic languages they can almost certainly be ported to a language I care about. However, because of everything I’ve read (and learned about PHP, the language) since the announcement I’m not particularly excited about HipHop. https://alexgaynor.net/2010/jan/27/why-open-source-works/ Wed, 27 Jan 2010 00:00:00 +0000 https://alexgaynor.net/2010/jan/27/why-open-source-works/ Open source works for a lot of reasons, but there is one that stands out. Open source is basically an application of democracy to a programming community, in fact it’s the most perfect implementation of democracy yet. The central idea of a democracy is that the governing party draws it’s authority from the willing consent of the governed. In most modern democracies this is more or less true, but not exactly. https://alexgaynor.net/2010/jan/15/i-have-talent/ Fri, 15 Jan 2010 00:00:00 +0000 https://alexgaynor.net/2010/jan/15/i-have-talent/ I read a blog post the other day titled “I Have No Talent”, and I found it to be pretty interesting, and what the author says probably resonates with a lot of people. But not with me. I disagree with the article on a basic premises, that perseverance is less of an innate ability than talent. If you read the post in question, the author argues that he doesn’t have any innate ability to program, or use Ruby, but he does have a good work ethic, and this makes it possible for him to still get stuff done, as long as he’s still willing to put in the time. https://alexgaynor.net/2010/jan/12/dive-python-3-review/ Tue, 12 Jan 2010 00:00:00 +0000 https://alexgaynor.net/2010/jan/12/dive-python-3-review/ Disclosure: I received a free review copy of Dive into Python 3 from Apress. Unlike a ton of people I know in the Python world, my experience in learning Python didn’t include the original Dive into Python at all, in fact I didn’t encounter it until quite a while later when I was teaching a friend Python and I was looking for example exercises. Since Dive into Python is really a book for people who don’t know Python a lot of my views on it are based on how helpful I think it would have been while teaching my friend, since it’s pretty difficult to imagine myself not knowing Python as I do. https://alexgaynor.net/2010/jan/11/hot-django-wsgi-action-announcing-django-wsgi/ Mon, 11 Jan 2010 00:00:00 +0000 https://alexgaynor.net/2010/jan/11/hot-django-wsgi-action-announcing-django-wsgi/ For a long time it’s been possible to deploy a Django project under a WSGI server, and in the run up to Django’s 1.0 release a number of bugs were fixed to make Django’s WSGI handler as compliant to the standard as possible. However, Django’s support for interacting with the world of WSGI application, middleware, and frameworks has been less than stellar. However, I recently got inspired to improve this situation. https://alexgaynor.net/2010/jan/08/new-home/ Fri, 08 Jan 2010 00:00:00 +0000 https://alexgaynor.net/2010/jan/08/new-home/ Welcome to the new home of my blog! I’ve finally gotten around to setting up everything for myself, no more Blogspot (not that they weren’t gracious hosts). This blog runs a custom blogging engine built on Django, with django-taggit for tagging, and Disqus for comments. Hosting is graciously provided by the Steward of Gondor (Brian Rosner). Mike Malone has given me the domain (you can find the remnants of this domain’s former glory here). https://alexgaynor.net/2009/dec/02/a-few-thoughts-on-education/ Wed, 02 Dec 2009 00:00:00 +0000 https://alexgaynor.net/2009/dec/02/a-few-thoughts-on-education/ Lately I’ve been thinking quite a lot about education, both my own and in general. I ended up writing quite a bit about it. You can find all my thoughts here (PDF warning). I stuck it in a PDF because I think it’s a more canonical form. I’m interested in hearing any thoughts people have, both about what I wrote and about education. https://alexgaynor.net/2009/dec/01/month-review-2/ Tue, 01 Dec 2009 00:00:00 +0000 https://alexgaynor.net/2009/dec/01/month-review-2/ I’ve now been blogging for 30 days in a row, so tonight is just going to be a simple post to finish the month of. First of all, WOW, another month of blogging every day completed. This month was great fun, and I managaged to keep the bullshit filler posts to a minimum (3 or 4 by my count). I also finished the month with 42700 total hits (easily a record), including hitting reddit and Hacker News several times. https://alexgaynor.net/2009/nov/30/you-built-a-metaclass-for-what/ Mon, 30 Nov 2009 00:00:00 +0000 https://alexgaynor.net/2009/nov/30/you-built-a-metaclass-for-what/ Recently I had a bit of an interesting problem, I needed to define a way to represent a C++ API in Python. So, I figured the best way to represent that was one class in Python for each class in C++, with a functions dictionary to track each of the methods on each class. Seems simple enough right, do something like this: class String(object): functions = { "size": Function(Integer, []), } We’ve got a String class with a functions dictionary that maps method names to Function objects. https://alexgaynor.net/2009/nov/29/getting-started-with-testing-in-django/ Sun, 29 Nov 2009 00:00:00 +0000 https://alexgaynor.net/2009/nov/29/getting-started-with-testing-in-django/ Following yesterday’s post another hotly requested topic was testing in Django. Today I wanted to give a simple overview on how to get started writing tests for your Django applications. Since Django 1.1, Django has automatically provided a tests.py file when you create a new application, that’s where we’ll start. For me the first thing I want to test with my applications is, “Do the views work?”. This makes sense, the views are what the user sees, they need to at least be in a working state (200 OK response) before anything else can happen (business logic). https://alexgaynor.net/2009/nov/28/django-and-python-3/ Sat, 28 Nov 2009 00:00:00 +0000 https://alexgaynor.net/2009/nov/28/django-and-python-3/ Today I’m starting off doing some of the posts people want to see, and the number one item on that list is Django and Python 3. Python 3 has been out for about a year at this point, and so far Django hasn’t really started to move towards it (at least at a first glance). However, Django has already begun the long process towards moving to Python 3, this post is going to recap exactly what Django’s migration strategy is (most of this post is a recap of a message James Bennett sent to the django-developers mailing list after the 1. https://alexgaynor.net/2009/nov/27/why-metausing-was-removed/ Fri, 27 Nov 2009 00:00:00 +0000 https://alexgaynor.net/2009/nov/27/why-metausing-was-removed/ Recently Russell Keith-Magee and I decided that the Meta.using option needed to be removed from the multiple-db work on Django, and so we did. Yesterday someone tweeted that this change caught them off guard, so I wanted to provide a bit of explanation as to why we made that change. The first thing to note is that Meta.using was very good for one specific use case, horizontal partitioning by model. Meta. https://alexgaynor.net/2009/nov/26/just-a-small-update/ Thu, 26 Nov 2009 00:00:00 +0000 https://alexgaynor.net/2009/nov/26/just-a-small-update/ Unfortunately, I don’t have an interesting, contentful post today. Just a small update about this blog instead. I now have a small widget on the right hand side where you can enter topics you’d like to hear about. I don’t always have a good idea of what readers are interested in, and far too often I reject blog post ideas because I think either, “no one cares about that” or “everyone always knows that” so hopefully this will be both a good way for me to write interesting content that people want to read about, as well as a good way for me to overcome any writers block. https://alexgaynor.net/2009/nov/25/final-review-of-python-essential-reference/ Wed, 25 Nov 2009 00:00:00 +0000 https://alexgaynor.net/2009/nov/25/final-review-of-python-essential-reference/ Disclosure: I received a free review copy of the book. Today I finished reading the Python Essential Reference and I wanted to share my final thoughts on the book. I’ll start by saying I still agree with everything I wrote in my initial review, specifically that it’s both a great resource as well as a good way to find out what you don’t already know. Reading the second half of the book there were a few things that really exemplified this for me. https://alexgaynor.net/2009/nov/24/filing-a-good-ticket/ Tue, 24 Nov 2009 00:00:00 +0000 https://alexgaynor.net/2009/nov/24/filing-a-good-ticket/ I read just about every single ticket that’s filed in Django’s trac, and at this point I’e gotten a pretty good sense of what (subjectively) makes a useful ticket. Specifically there are a few things that can make your ticket no better than spam, and a few that can instantly bump your ticket to the top of my “TODO” list. Hopefully, these will be helpful in both filing ticket’s for Django as well as other open source projects. https://alexgaynor.net/2009/nov/23/using-ply-for-parsing-without-using-it-for-lexing/ Mon, 23 Nov 2009 00:00:00 +0000 https://alexgaynor.net/2009/nov/23/using-ply-for-parsing-without-using-it-for-lexing/ Over the past week or so I’ve been struggling with attempting to write my own parser (or parser generator) by hand. A few days ago I finally decided to give up on this notion (after all the parser isn’t my end goal) as it was draining my time from the interesting work to be done. However, I wanted to keep my existing lexer. I wrote the lexer by hand in the method I described in a previous post, it’s fast, easy to read, and I rather like my handiwork, so I wanted to keep it if possible. https://alexgaynor.net/2009/nov/22/a-bit-of-benchmarking/ Sun, 22 Nov 2009 00:00:00 +0000 https://alexgaynor.net/2009/nov/22/a-bit-of-benchmarking/ PyPy recently posted some interesting benchmarks from the computer language shootout, and in my last post about Unladen Swallow I described a patch that would hopefully be landing soon. I decided it would be interesting to benchmarks something with this patch. For this I used James Tauber’s Mandelbulb application, at both 100x100 and 200x200. I tested CPython, Unladen Swallow Trunk, Unladen Swallow Trunk with the patch, and a recent PyPy trunk (compiled with the JIT). https://alexgaynor.net/2009/nov/21/things-college-taught-me-that-the-real-world-didnt/ Sat, 21 Nov 2009 00:00:00 +0000 https://alexgaynor.net/2009/nov/21/things-college-taught-me-that-the-real-world-didnt/ A while ago Eric Holscher blogged about things he didn’t learn in college. I’m going to take a different spin on it, looking at both things that I did learn in school that I wouldn’t have learned else where (henceforth defined as my job, or open source programming), as well as thinks I learned else where instead of at college. Things I learned in college: Big O notation, and algorithm analysis. https://alexgaynor.net/2009/nov/19/announcing-django-admin-histograms/ Thu, 19 Nov 2009 00:00:00 +0000 https://alexgaynor.net/2009/nov/19/announcing-django-admin-histograms/ This is just a quick post because it’s already past midnight here. Last week I realized some potentially useful code that I extracted from the DjangoDose and typewar codebases. Basically this code let’s you get simple histogram reports for models in the admin, grouped by a date field. After I released it David Cramer did some work to make the code slightly more flexible, and to provide a generic templatetag for creating these histograms anywhere. https://alexgaynor.net/2009/nov/19/another-pair-of-unladen-swallow-optimizations/ Thu, 19 Nov 2009 00:00:00 +0000 https://alexgaynor.net/2009/nov/19/another-pair-of-unladen-swallow-optimizations/ Today a patch of mine was committed to Unladen Swallow. In the past weeks I’ve described some of the optimizations that have gone into Unladen Swallow, in specific I looked at removing the allocation of an argument tuple for C functions. One of the “on the horizon” things I mentioned was extending this to functions with a variable arity (that is the number of arguments they take can change). This has been implemented for functions that take a finite range of argument numbers (that is, they don’t take *args, they just have a few arguments with defaults). https://alexgaynor.net/2009/nov/17/writing-a-lexer/ Tue, 17 Nov 2009 00:00:00 +0000 https://alexgaynor.net/2009/nov/17/writing-a-lexer/ People who have been reading this blog since last year (good lord) may recall that once upon a time I did a short series of posts on lexing and parsing using PLY. Back then I was working on a language named Al. This past week or so I’ve started working on another personal project (not public yet) and I’ve once again had the need to lex things, but this time I wrote my lexer by hand, instead of using any sort of generator. https://alexgaynor.net/2009/nov/16/my-next-blog/ Mon, 16 Nov 2009 00:00:00 +0000 https://alexgaynor.net/2009/nov/16/my-next-blog/ I’ve been using this Blogspot powered blog for over a year now, and it is starting to get a little long in the tooth. Therefore I’ve been planning on moving to a new, shinny, blog of my own in the coming months. Specifically it’s going to be my goal to get myself 100% migrated over my winter break. Therefore I’ve started building myself a list of features I want: Able to migrate all my old posts. https://alexgaynor.net/2009/nov/15/initial-review-python-essential-reference/ Sun, 15 Nov 2009 00:00:00 +0000 https://alexgaynor.net/2009/nov/15/initial-review-python-essential-reference/ Disclosure: I received a free review copy of Python Essential Reference, Fourth Edition. I’ve never really used reference material, I’ve always loved tutorials, howtos, and guides for learning things, but I’ve usually shunned reference material in favor of reading the source. Therefore, I didn’t think I’d have a huge use for this book. However, so far (I’ve read about half the book so far) I’ve found it to be an exceptional resource, and I definitely plan on keeping it on my bookshelf. https://alexgaynor.net/2009/nov/14/why-jquery-shouldnt-be-in-the-admin/ Sat, 14 Nov 2009 00:00:00 +0000 https://alexgaynor.net/2009/nov/14/why-jquery-shouldnt-be-in-the-admin/ This summer as a part of the Google Summer of Code program Zain Memon worked on improving the UI for Django’s admin, specifically he integrated jQuery for various interface improvements. I am opposed to including jQuery in Django’s admin, as far as I know I’m the only one. I should note that on a personal level I love jQuery, however I don’t think that means it should be included in Django proper. https://alexgaynor.net/2009/nov/13/syntax-matters/ Fri, 13 Nov 2009 00:00:00 +0000 https://alexgaynor.net/2009/nov/13/syntax-matters/ Yesterday I wrote about why I wasn’t very interested in Go. Two of my three major complaints were about the syntax of Go, and based on the comments I got here and on Hacker News a lot of people didn’t seem to mind the syntax, or at least didn’t think it was worth talking about. However, the opposite is true, for me the syntax is among the single most important things about a programming language. https://alexgaynor.net/2009/nov/12/why-im-not-very-excited-about-go/ Thu, 12 Nov 2009 00:00:00 +0000 https://alexgaynor.net/2009/nov/12/why-im-not-very-excited-about-go/ When I first heard Rob Pike and Ken Thompson had created a new programming language my first instinct is, “I’m sure it’ll be cool, these are brilliant guys!” Unfortunately that is not the case, mostly because I think they made some bad design choices, and because the “cool new things” aren’t actually that new, or cool. The first major mistake was using a C derived syntax: braces and semicolons. I know some people don’t like significant whitespace, but if you aren’t properly indenting your code it’s already beyond the point of hopelessness. https://alexgaynor.net/2009/nov/11/when-django-fails-a-response/ Wed, 11 Nov 2009 00:00:00 +0000 https://alexgaynor.net/2009/nov/11/when-django-fails-a-response/ I saw an article on reddit (or was in hacker news?) that asked the question: what happens when newbies make typos following the Rails tutorial, and how good of a job does Rails do at giving useful error messages? I decided it would be interesting to apply this same question to Django, and see what the results are. I didn’t have the time to review the entire Django tutorial, so instead I’m going to make the same mistakes the author of that article did and see what the results are, I’ve only done the first few where the analogs in Django were clear. https://alexgaynor.net/2009/nov/10/the-state-of-multidb-in-django/ Tue, 10 Nov 2009 00:00:00 +0000 https://alexgaynor.net/2009/nov/10/the-state-of-multidb-in-django/ As you, the reader, may know this summer I worked for the Django Software Foundation via the Google Summer of Code program. My task was to implement multiple database support for Django. Assisting me in this task were my mentors Russell Keith-Magee and Nicolas Lara (you may recognize them as the people responsible for aggregates in Django). By the standards of the Google Summer of Code project my work was considered a success, however, it’s not yet merged into Django’s trunk, so I’m going to outline what happened, and what needs to happen before this work is considered complete. https://alexgaynor.net/2009/nov/09/software-that-deserves-a-thank-you/ Mon, 09 Nov 2009 00:00:00 +0000 https://alexgaynor.net/2009/nov/09/software-that-deserves-a-thank-you/ Today’s post was originally supposed to be about my work on multiple database support for Django, but I’m exceptionally tired so that’s been bumped to tomorrow, sorry. Instead I’m going to use today’s post to give a thank you to some software I use that doesn’t get enough press, and that surely deserves a thanks. I’m not going to be listing any libraries or programming languages just the desktop software I run day to day: https://alexgaynor.net/2009/nov/08/another-unladen-swallow-optimization/ Sun, 08 Nov 2009 00:00:00 +0000 https://alexgaynor.net/2009/nov/08/another-unladen-swallow-optimization/ This past week I described a few optimizations that the Unladen Swallow team have done in order to speed up CPython. In particular one of the optimizations I described was to emit direct calls to C functions that took either zero or one argument. This improves the speed of Python when calling functions like len() or repr(), who only take one argument. However, there are plenty of builtin functions that take a fixed number of arguments that is greater than one. https://alexgaynor.net/2009/nov/07/my-workflow/ Sat, 07 Nov 2009 00:00:00 +0000 https://alexgaynor.net/2009/nov/07/my-workflow/ About a year ago I blogged about how I didn’t like easy_install, and I alluded to the fact that I didn’t really like any programming language specific package managers. I’m happy to say I’ve changed my tune quite drastically in the past 2 months. Since I started working with Eldarion I’ve dived head first into the pip and virtualenv system and I’m happy to say it works brilliantly. The nature of the work is that we have lots of different projects all at once, often using wildly different versions of packages in all sorts of incompatible ways. https://alexgaynor.net/2009/nov/06/towards-a-better-template-tag-definition-syntax/ Fri, 06 Nov 2009 00:00:00 +0000 https://alexgaynor.net/2009/nov/06/towards-a-better-template-tag-definition-syntax/ Eric Holscher has blogged a few times this month about various template tag definition syntax ideas. In particular he’s looked at a system based on Surlex (which is essentially an alternate syntax for certain parts of regular expressions), and a system based on keywords. I highly recommend giving his posts a read as they explain the ideas he’s looked at in far better detail than I could. However, I wasn’t particularly satisfied with either of these solution, I love Django’s use of regular expressions for URL resolving, however, for whatever reason I don’t really like the look of using regular expressions (or an alternate syntax like Surlex) for template tag parsing. https://alexgaynor.net/2009/nov/05/the-pycon-program-committee-and-my-pycon-talk/ Thu, 05 Nov 2009 00:00:00 +0000 https://alexgaynor.net/2009/nov/05/the-pycon-program-committee-and-my-pycon-talk/ Last year I presented at a conference for the first time in my life at PyCon, I moderated a panel on ORMs and I enjoyed it a ton (and based on the feedback I’ve gotten at least a few people enjoyed attending it). Above and beyond that the two PyCons I’ve attended have both been amazing conferences, tons of awesome talks, great people to hang out with, and an awesome environment for maximizing both. https://alexgaynor.net/2009/nov/04/djangos-manytomany-refactoring/ Wed, 04 Nov 2009 00:00:00 +0000 https://alexgaynor.net/2009/nov/04/djangos-manytomany-refactoring/ If you follow Django’s development, or caught next week’s DjangoDose Tracking Trunk episode (what? that’s not how time flows you say? too bad) you’ve seen the recent ManyToManyField refactoring that Russell Keith-Magee committed. This refactoring was one of the results of my work as a Google Summer of Code student this summer. The aim of that work was to bring multiple database support to Django’s ORM, however, along the way I ran into refactor the way ManyToManyField’s were handled, the exact changes I made are the subject of tonight’s post. https://alexgaynor.net/2009/nov/03/diving-into-unladen-swallows-optimizations/ Tue, 03 Nov 2009 00:00:00 +0000 https://alexgaynor.net/2009/nov/03/diving-into-unladen-swallows-optimizations/ Yesterday I described the general architecture of Unladen Swallow, and I said that just by switching to a JIT compiler and removing the interpretation overhead Unladen Swallow was able to get a performance gain. However, that gain is nowhere near what the engineers at Google are hoping to accomplish, and as such they’ve been working on building various optimizations into their JIT. Here I’m going to describe two particularly interesting ones they implemented during the 3rd quarter (they’re doing quarterly releases). https://alexgaynor.net/2009/nov/02/introduction-to-unladen-swallow/ Mon, 02 Nov 2009 00:00:00 +0000 https://alexgaynor.net/2009/nov/02/introduction-to-unladen-swallow/ Unless you’ve been living under a rock for the past year (or have zero interest in either Python or dynamic languages, it which case why are you here?) you’ve probably heard of Unladen Swallow. Unladen Swallow is a Google funded branch of the CPython interpreter, with a goal of making CPython significantly faster while retaining both API and ABI compatibility. In this post I’m going to try to explain what it is Unladen Swallow is doing to bring a new burst of speed to the Python world. https://alexgaynor.net/2009/nov/01/another-month-of-blogging/ Sun, 01 Nov 2009 00:00:00 +0000 https://alexgaynor.net/2009/nov/01/another-month-of-blogging/ Last year I started this blog during the November, blog every day for a month month. This year I’m hoping to repeat the feat, blogging every single day this month. Today’s post is a bit light on content, but I’m hoping to give a preview of what I’m going to be blogging about. This month I’m hopping to blog about advanced Django techniques, Comet (and other HTTP push technology), and I’m probably going to be adding some more political content to the usual technical content of this blog. https://alexgaynor.net/2009/oct/10/optimising-compilers-are-there-so-that-you-can-be-a-better-programmer/ Sat, 10 Oct 2009 00:00:00 +0000 https://alexgaynor.net/2009/oct/10/optimising-compilers-are-there-so-that-you-can-be-a-better-programmer/ In a discussion on the Django developers mailing list I recently commented that the performance impact of having logging infrastructure, in the case where the user doesn’t want the logging, could essentially be disregarded because Unladen Swallow (and PyPy) are bringing us a proper optimising (Just in Time) compiler that would essentially remove that consideration. Shortly thereafter someone asked me if I really thought it was the job of the interpreter/compiler to make us not think about performance. https://alexgaynor.net/2009/aug/14/django-filter-05-released/ Fri, 14 Aug 2009 00:00:00 +0000 https://alexgaynor.net/2009/aug/14/django-filter-05-released/ I’ve just tagged and uploaded Django-filter 0.5 to PyPi. The biggest change this release brings is that the package name has been changed from filter to django_filters in order to avoid conflicts with the Python builtin filter. Other changes included the addition of an initial argument on Filters, as well as the addition of an AllValuesFilter which is a ChoiceFilter who’s choices are any values currently in the DB for that field. https://alexgaynor.net/2009/jul/12/pyvcs-2-released/ Sun, 12 Jul 2009 00:00:00 +0000 https://alexgaynor.net/2009/jul/12/pyvcs-2-released/ Hot on the heels of our .1 release (it’s only been a week!) I’m pleased to announce the .2 release of pyvcs. This release brings with it lots of new goodies. Most prominent among these are the newly-added Subversion and Bazaar backends. There are also several bug fixes to the code browsing features of the Mercurial backend. This release can be found at: PyPi: http://pypi.python.org/pypi/pyvcs Github: http://github.com/alex/pyvcs/ If you find any bugs with this release please report them at: https://alexgaynor.net/2009/jul/05/announcing-pyvcs-django-vcs-and-piano-man/ Sun, 05 Jul 2009 00:00:00 +0000 https://alexgaynor.net/2009/jul/05/announcing-pyvcs-django-vcs-and-piano-man/ Justin Lilly and I have just released pyvcs, a lightweight abstraction layer on top of multiple version control systems, and django-vcs, a Django application leveraging pyvcs in order to provide a web interface to version control systems. At this point pyvcs exists exclusively to serve the needs of django-vcs, although it is separate and completely usable on its own. Django-vcs has a robust feature set, including listing recent commits, pretty diff rendering of commits, and code browsing. https://alexgaynor.net/2009/jun/04/a-response-to-python-sucks/ Thu, 04 Jun 2009 00:00:00 +0000 https://alexgaynor.net/2009/jun/04/a-response-to-python-sucks/ I recently saw an article on Programming Reddit, titled, “Python sucks: Why Python is not my favourite programming language”. I personally like Python quite a lot (see my blog title), but I figured I might read an interesting critique, probably from a very different point of view from mine. Unfortunately that is the opposite of what I found. The post was, at best, a horribly misinformed inaccurate critique, and at worst an intentionally dishonest, misleading, farce. https://alexgaynor.net/2009/may/05/eurodjangocon-2009/ Tue, 05 May 2009 00:00:00 +0000 https://alexgaynor.net/2009/may/05/eurodjangocon-2009/ EuroDjangoCon 2009 is still going strong, but I wanted to share the materials from my talk as quickly as possible. My slides are on Slide Share: Forms, Getting Your Money's WorthView more documents from Alex Gaynor.And the first examples code follows: fromdjango.forms.utilimport ErrorListfromdjango.utils.datastructuresimport SortedDictdefmultiple_form_factory(form_classes, form_order=None): if form_order: form_classes = SortedDict([(prefix, form_classes[prefix]) for prefix in form_order]) else: form_classes = SortedDict(form_classes) return type('MultipleForm', (MultipleFormBase,), {'form_classes': form_classes})classMultipleFormBase(object): def__init__(self, data=None, files=None, auto_id='id_%s', prefix=None, initial=None, error_class=ErrorList, label_suffix=':', empty_permitted=False): if prefix is None: prefix = '' self. https://alexgaynor.net/2009/apr/16/ajax-validation-aministrivia/ Thu, 16 Apr 2009 00:00:00 +0000 https://alexgaynor.net/2009/apr/16/ajax-validation-aministrivia/ Small administrative note, now that Github has it’s own issue tracker users wishing to report issues with django-ajax-validation can now do so on Github, instead of the old Google Code page. Django-filter users can also report issues on its Github page, in place of the former system of “message or email me”, which, though functional, wasn’t very convenient. https://alexgaynor.net/2009/mar/30/orm-panel-recap/ Mon, 30 Mar 2009 00:00:00 +0000 https://alexgaynor.net/2009/mar/30/orm-panel-recap/ Having now completed what I thought was a quite successful panel I thought it would be nice to do a review of some of the decisions I made, that some people had been asking about. For those who missed it you can find a live blog of the event by James Bennett at his blog, and a video should hopefully be going up sometime soon. Why Google App Engine As Guido pointed out App Engine does not have an ORM, as App Engine doesn’t have a relational datastore. https://alexgaynor.net/2009/mar/30/pycon-wrapup/ Mon, 30 Mar 2009 00:00:00 +0000 https://alexgaynor.net/2009/mar/30/pycon-wrapup/ With PyCon now over for me(and the sprints just begining for those still there) I figured I’d recap it for those who couldn’t be there, and compare notes for those who were. I’ll be doing a separate post to cover my panel, since I have quite a brain dump there. Day One We start off the morning with lightning talks, much better than last year due to the removal of so many sponsor talks(thanks Jacob), by now I’ve already met up with quite a few Django people. https://alexgaynor.net/2009/mar/15/google-moderator-for-pycon-orm-panel/ Sun, 15 Mar 2009 00:00:00 +0000 https://alexgaynor.net/2009/mar/15/google-moderator-for-pycon-orm-panel/ I’m going to be moderating a panel this year at PyCon between 5 of the Python ORMs(Django, SQLAlchemy, SQLObject, Google App Engine, and web2py). To make my job easier, and to make sure the most interesting questions are asked I’ve setup a Google Moderator page for the panel here. Go ahead and submit your questions, and moderate others to try to ensure we get the best questions possible, even if you can’t make it to PyCon(there will be a recording made I believe). https://alexgaynor.net/2009/feb/14/announcing-django-filter/ Sat, 14 Feb 2009 00:00:00 +0000 https://alexgaynor.net/2009/feb/14/announcing-django-filter/ Django-filter is a reusable Django application I have been working on for a few weeks, individuals who follow me on Github may have noticed me working on it. Django-filter is basically an application that creates a generic interface for creating pages like the Django admin changelist page. It has support for defining vairous filters(including custom ones), filtering a queryset based on the user selections, and displaying an HTML form for the filter options. https://alexgaynor.net/2009/feb/10/a-second-look-at-inheritance-and-polymorphism-with-django/ Tue, 10 Feb 2009 00:00:00 +0000 https://alexgaynor.net/2009/feb/10/a-second-look-at-inheritance-and-polymorphism-with-django/ Previously I wrote about ways to handle polymorphism with inheritance in Django’s ORM in a way that didn’t require any changes to your model at all(besides adding in a mixin), today we’re going to look at a way to do this that is a little more invasive and involved, but also can provide much better performance. As we saw previously with no other information we could get the correct subclass for a given object in O(k) queries, where k is the number of subclasses. https://alexgaynor.net/2009/jan/31/building-a-magic-manager/ Sat, 31 Jan 2009 00:00:00 +0000 https://alexgaynor.net/2009/jan/31/building-a-magic-manager/ A very common pattern in Django is to create methods on a manager to abstract some usage of ones data. Some people take a second step and actually create a custom QuerySet subclass with these methods and have their manager proxy these methods to the QuerySet, this pattern is seen in Eric Florenzano’s Django From the Ground Up screencast. However, this requires a lot of repetition, it would be far less verbose if we could just define our methods once and have them available to us on both our managers and QuerySets. https://alexgaynor.net/2009/jan/24/django-ajax-validation-010-released/ Sat, 24 Jan 2009 00:00:00 +0000 https://alexgaynor.net/2009/jan/24/django-ajax-validation-010-released/ I’ve just uploaded the first official release of Django Ajax Validation up to PyPi. You can get it there. For those that don’t know it is a reusable Django application that allows you to do JS based validation using you’re existing form definitions. Currently it only works using jQuery. If there are any problems please let me know. https://alexgaynor.net/2009/jan/19/optimizing-a-view/ Mon, 19 Jan 2009 00:00:00 +0000 https://alexgaynor.net/2009/jan/19/optimizing-a-view/ Lately I’ve been playing with a bit of a fun side project. I have about a year and half worth of my own chatlogs with friends(and 65,000 messages total) and I’ve been playing around with them to find interesting statistics. One facet of my communication with my friends is that we link each other lots of things, and we can always tell when someone is linking something that we’ve already seen. https://alexgaynor.net/2009/jan/14/new-admin-urls/ Wed, 14 Jan 2009 00:00:00 +0000 https://alexgaynor.net/2009/jan/14/new-admin-urls/ I’m very happy to announce that with revision 9739 of Django the admin now uses normal URL resolvers and its URLs can be reversed. This is a tremendous improvement over the previous ad hoc system and it gives users the distinct advantage of being able to reverse the admin’s URLs. However, in order to make this work a new feature went into the URL resolving system that any user can use in their own code. https://alexgaynor.net/2009/jan/03/2008-and-2009/ Sat, 03 Jan 2009 00:00:00 +0000 https://alexgaynor.net/2009/jan/03/2008-and-2009/ Eric Florenzano recently wrote an excellent post titled, “2008 in Review & 2009 Goals”. I am now going to blantly steal his idea. 2008: Joined Twitter Voted for the first time Had a blast at PyCon Wrote a reusable Django application and open sourced it Learned git Got accepted at, and began studying Computer Science at RPI Wrote a blog post every day for 30 days in a row Started work on my programming language, Al Contributed heavily to Django Started a blog Proposed a panel for PyCon 2009 and was accepted And probably quite a bit more. https://alexgaynor.net/2008/dec/28/building-a-read-only-field-in-django/ Sun, 28 Dec 2008 00:00:00 +0000 https://alexgaynor.net/2008/dec/28/building-a-read-only-field-in-django/ One commonly requested feature in Django is to have a field on a form(or in the admin), that is read only. Such a thing is going may be a Django 1.1 feature for the admin, exclusively, since this is the level that it makes sense at, a form is by definition for inputing data, not displaying data. However, it is still possible to do this with Django now, and it doesn’t even take very much code. https://alexgaynor.net/2008/dec/25/building-a-function-templatetag/ Thu, 25 Dec 2008 00:00:00 +0000 https://alexgaynor.net/2008/dec/25/building-a-function-templatetag/ One of the complaints often lobbied against Django’s templating system is that there is no way to create functions. This is intentional, Django’s template language is not meant to be a full programming language. However, if one wants to it is entirely possible to build a templatetag to allow a user to create, and call functions in the template language. To get started we need to build a tag to create functions, first we need our parsing function: https://alexgaynor.net/2008/dec/25/many-thanks-to-webfaction/ Thu, 25 Dec 2008 00:00:00 +0000 https://alexgaynor.net/2008/dec/25/many-thanks-to-webfaction/ One of my recent projects has been to build a website for someone so that they could put their portfolio online. Building the site with Django, was of course, a snap. However, I would like to take a moment to thank Webfaction for the painless deployment. It’s a small website, so shared hosting is perfect for it, and Webfaction made it a breeze. Setting up a PostgreSQL database was a snap. https://alexgaynor.net/2008/dec/15/pycon-09-here-i-come/ Mon, 15 Dec 2008 00:00:00 +0000 https://alexgaynor.net/2008/dec/15/pycon-09-here-i-come/ This past year I attended PyCon 2008 in Chicago, which was a tremendous conference. I had a chance to meet people I knew from the community, listen to some amazing talks, meet new people, and get to sprint. As a result of this tremendous experience I decided for this year to submit a talk proposal. I found out just a few minutes ago that my proposal has been accepted. I proposed a panel on “Object Relational Mapper Philosophies and Design Decisions”. https://alexgaynor.net/2008/dec/05/playing-with-polymorphism-in-django/ Fri, 05 Dec 2008 00:00:00 +0000 https://alexgaynor.net/2008/dec/05/playing-with-polymorphism-in-django/ One of the most common requests of people using inheritance in Django, is to have the a queryset from the baseclass return instances of the derives model, instead of those of the baseclass, as you might see with polymorphism in other languages. This is a leaky abstraction of the fact that our Python classes are actually representing rows in separate tables in a database. Django itself doesn’t do this, because it would require expensive joins across all derived tables, which the user probably doesn’t want in all situations. https://alexgaynor.net/2008/dec/02/a-month-in-review/ Tue, 02 Dec 2008 00:00:00 +0000 https://alexgaynor.net/2008/dec/02/a-month-in-review/ Today is the last day of blogging every day for a month. It was harder than I expected, but I ultimately made it, which also surprised me. For my last post(of the month) I figured I’d share some stats about the blog from the month. About 10k visitors and 13k page views My 3 post popular posts were “What Python learned from Economics”, “How the heck do Django Models Work”, and “A Timeline View in Django” My top 3 referers were reddit, ycombinator, and the Django project site. https://alexgaynor.net/2008/dec/01/a-few-more-thoughts-on-the-identity-mapper/ Mon, 01 Dec 2008 00:00:00 +0000 https://alexgaynor.net/2008/dec/01/a-few-more-thoughts-on-the-identity-mapper/ It’s late, and I’ve my flight was delayed for several hours so today is going to be another quick post. With that note here are a few thoughts on the identity mapper: We can optimize it to actually execute fewer queries by having it run the query as usual, and then use the primary key to check the cache, else cache the instance we already have. As Doug points out in the comments, there are built in caching utilities in Django we should probably be taking advantage of. https://alexgaynor.net/2008/dec/01/fixing-up-our-identity-mapper/ Mon, 01 Dec 2008 00:00:00 +0000 https://alexgaynor.net/2008/dec/01/fixing-up-our-identity-mapper/ The past two days we’ve been looking at building an identity mapper in Django. Today we’re going to implement some of the improvements I mentioned yesterday. The first improvement we’re going to do is it have it execute the query as usual and just cache the results, to prevent needing to execute additional queries. This means changing the iter method on our queryset class: def __iter__(self): for obj in self.iterator(): try: yield get_from_cache(self. https://alexgaynor.net/2008/nov/29/building-a-simple-identity-map-in-django/ Sat, 29 Nov 2008 00:00:00 +0000 https://alexgaynor.net/2008/nov/29/building-a-simple-identity-map-in-django/ In Django’s ticket tracker lies ticket 17, the second oldest open ticket, this proposes an optimisation to have instances of the same database object be represented by the same object in Python, essentially that means for this code: a = Model.objects.get(pk=3) b = Model.objects.get(pk=3) a and b would be the same object at the memory level. This can represent a large optimisation in memory usage if you’re application has the potential to have duplicate objects(for example, related objects). https://alexgaynor.net/2008/nov/29/other-orm-goodies/ Sat, 29 Nov 2008 00:00:00 +0000 https://alexgaynor.net/2008/nov/29/other-orm-goodies/ In addition to the aggregate work, the GSOC student had time to finish ticket 7210, which adds support for expressions to filter() and update(). This means you’ll be able to execute queries in the form of: SELECT * FROM table WHERE height > width; or similar UPDATE queries. This has a syntax similar to that of Q objects, using a new F object. So the above query would look like: https://alexgaynor.net/2008/nov/27/some-thoughts-on-blogging/ Thu, 27 Nov 2008 00:00:00 +0000 https://alexgaynor.net/2008/nov/27/some-thoughts-on-blogging/ As we come to the close of November, I thought I’d take a comment to reflect on blogging. For one, this is by far more writing than I’ve ever done. Also, who thought blog-everyday-month should be November, Thanksgiving at the end really makes it hard to finish strong. Right now I’m pretty brain dry, hopefully I’ll think of something good to finish off the month. For now I’m just trying to enjoy the long weekend. https://alexgaynor.net/2008/nov/27/what-aggregates-are-going-to-look-like/ Thu, 27 Nov 2008 00:00:00 +0000 https://alexgaynor.net/2008/nov/27/what-aggregates-are-going-to-look-like/ Prior to Django 1.0 there was a lot of discussion of what the syntax for doing aggregate queries would like. Eventually a syntax was more or less agreed upon, and over the summer Nicolas Lara implemented this for the Google Summer of Code project, mentored by Russell Keith-Magee. This feature is considered a blocker for Django 1.1, so I’m going to outline what the syntax for these aggregates will be. https://alexgaynor.net/2008/nov/26/home-sweet-home/ Wed, 26 Nov 2008 00:00:00 +0000 https://alexgaynor.net/2008/nov/26/home-sweet-home/ In the interest of keeping up with post-a-day, I figured at a minimum I’d have a post explaining why I didn’t have a real post for today. I just got home from college today for Thanksgiving, so I’ve been busy today, sorry :( . https://alexgaynor.net/2008/nov/24/a-timeline-view-in-django/ Mon, 24 Nov 2008 00:00:00 +0000 https://alexgaynor.net/2008/nov/24/a-timeline-view-in-django/ One thing a lot of people want to do in Django is to have a timeline view, that shows all the objects of a given set of models ordered by a common key. Unfortunately the Django ORM doesn’t have a way of representing this type of query. There are a few techniques people use to solve this. One is to have all of the models inherit from a common baseclass that stores all the common information, and has a method to get the actual object. https://alexgaynor.net/2008/nov/23/a-quick-update/ Sun, 23 Nov 2008 00:00:00 +0000 https://alexgaynor.net/2008/nov/23/a-quick-update/ I’ve now set up Al to be using GMP for all integers, and I’ll be doing the same for floats once they get implemented. I haven’t started benchmarking yet, but it can compile and calculate the factorial of 50000 pretty quickly, and in Python vanilla that would result in a RuntimeError due to a stack overflow, so it’s a good starting point. Sorry for such a short post, I’m pretty tired today. https://alexgaynor.net/2008/nov/23/thinking-about-netbooks/ Sun, 23 Nov 2008 00:00:00 +0000 https://alexgaynor.net/2008/nov/23/thinking-about-netbooks/ At present I use a fairly powerful laptop as my all in one machine, it’s my development environment, it’s my gaming machine, and I use it for class. Before I came to college I used my desktop machine for everything. However, I’m beginning to think neither of these is the best solution. My laptop can do everything my desktop used to do, however it isn’t as a good at being super portable as a laptop could be, nor does it have the potential to be a powerhouse like a desktop machine can be. https://alexgaynor.net/2008/nov/21/my-programming-language-status-update/ Fri, 21 Nov 2008 00:00:00 +0000 https://alexgaynor.net/2008/nov/21/my-programming-language-status-update/ Over the past few weeks I’ve been working on compiling my programming language. At present it works by translating the source into C++, and then you compile that with your compiler of choice. It’s garbage collected, using the excellent Boehm GC library. At present it can only compile a limited subset of what it can actually parse, or what the interpreter supports. As of today thought it can compile and run a factorial function, however it can’t calculate any factorial greater than 12, due to integer overflow issues. https://alexgaynor.net/2008/nov/20/why-i-dont-use-easy_install/ Thu, 20 Nov 2008 00:00:00 +0000 https://alexgaynor.net/2008/nov/20/why-i-dont-use-easy_install/ First things first, this post is not meant as a flame, nor should it indicate to you that you shouldn’t use it, unless of course you’re priorities are perfectly aligned with my own. That being said, here are the reasons why I don’t use easy_install, and how I’d fix them. No easy_uninstall. Zed mentioned this in his PyCon ‘08 lightning talk, and it’s still true. Yes I can simply remove these files, and yeah I could write a script to do it for me. https://alexgaynor.net/2008/nov/19/uncoupled-code-is-good-but-doesnt-exist/ Wed, 19 Nov 2008 00:00:00 +0000 https://alexgaynor.net/2008/nov/19/uncoupled-code-is-good-but-doesnt-exist/ Code should try to be as decoupled from the code it depends as possible, I want me C++ to work with any compiler, I want my web framework to work with any ORM, I want my ORM to work with any database. While all of these are achievable goals, some of the decoupling people are searching for is simply not possible. At DjangoCon 2008 Mark Ramm made the argument that the Django community was too segregated from the Python community, both in terms of the community itself, and the code, Django for example doesn’t take enough advantage of WSGI level middlewear, and has and ORM unto itself. https://alexgaynor.net/2008/nov/18/what-python-learned-from-economics/ Tue, 18 Nov 2008 00:00:00 +0000 https://alexgaynor.net/2008/nov/18/what-python-learned-from-economics/ I find economics to be a fairly interesting subject, mind you I’m bored out of my mind about hearing about the stock markets, derivatives, and whatever else is on CNBC, but I find what guys like Steven Levitt and Steve E. Landsburg do to be fascinating. A lot of what they write about is why people do what they do, and how to incentivise people to do the right thing. Yesterday I was reading through David Goodger’s Code Like a Pythonista when I got to this portion: https://alexgaynor.net/2008/nov/17/running-the-django-test-suite/ Mon, 17 Nov 2008 00:00:00 +0000 https://alexgaynor.net/2008/nov/17/running-the-django-test-suite/ This question came up in IRC yesterday, so I figured I’d run through it today. Django has a very extensive test suite that tests all of the components of Django itself. If you’ve ever written a patch for Django you probably know that tests are a requirement, for both new features and bug fixes. I’m going to try to run down how to setup your own testing envrioment. First you need to have Django installed somewhere, for now I’ll assume you have it in ~/django_src/. https://alexgaynor.net/2008/nov/16/what-im-excited-about-in-django-11/ Sun, 16 Nov 2008 00:00:00 +0000 https://alexgaynor.net/2008/nov/16/what-im-excited-about-in-django-11/ This past week, Jacob Kaplan-Moss put together the list of all of the features proposed for Django 1.1, and began to solicit comments on them. This is going to be a list of features I’m excited about. Making admin URLs reversable. Currently the Django Admin uses a bit of a convulted scheme to route URLs. The proposal is to have them work using the current URL scheme. This is something I’ve been working on for a while, and hoping to see it to completion. https://alexgaynor.net/2008/nov/15/python-things/ Sat, 15 Nov 2008 00:00:00 +0000 https://alexgaynor.net/2008/nov/15/python-things/ I wasn’t really sure what to name today’s post, but it’s basically going to be nifty things you can do in Python, and general tips. SystemExit, sys.exit() raises SystemExit, if you actually want to keep going, you can just catch this exception, nothing special about it. iter(callable, terminal), basically if you use iter in this way, it will keep calling the callable until the callable returns terminal, than it beaks. https://alexgaynor.net/2008/nov/14/and-now-for-the-disclaimer/ Fri, 14 Nov 2008 00:00:00 +0000 https://alexgaynor.net/2008/nov/14/and-now-for-the-disclaimer/ I’ve been discussing portions of how the Django internals work, and this is powerful knowledge for a Django user. However, it’s also internals, and unless they are documented internals are not guaranteed to continue to work. That doesn’t mean they break very frequently, they don’t, but you should be aware that it has no guarantee of compatibility going forward. Having said that, I’ve already discussed ways you can use this to do powerful things by using these, and you’ve probably seen other ways to use these in your own code. https://alexgaynor.net/2008/nov/13/django-models-digging-a-little-deeper/ Thu, 13 Nov 2008 00:00:00 +0000 https://alexgaynor.net/2008/nov/13/django-models-digging-a-little-deeper/ For those of you who read my last post on Django models you probably noticed that I skirted over a few details, specifically for quite a few items I said we, “added them to the new class”. But what exactly does that entail? Here I’m going to look at the add_to_class method that’s present on the ModelBase metaclass we look at earlier, and the contribute_to_class method that’s present on a number of classes throughout Django. https://alexgaynor.net/2008/nov/12/what-software-do-i-use/ Wed, 12 Nov 2008 00:00:00 +0000 https://alexgaynor.net/2008/nov/12/what-software-do-i-use/ Taking a page from Brain Rosner’s book, today I’m going to overview the software I use day to day. I’m only going to cover stuff I use under Ubuntu, I keep Windows XP on my system for gaming, but I’m not going to cover it here. Ubuntu, I’ve been using the current version, Intrepid Ibex, since Alpha 4, and I love it. You quite simply couldn’t get me to go back to Windows. https://alexgaynor.net/2008/nov/10/getting-started-ply-part-3/ Mon, 10 Nov 2008 00:00:00 +0000 https://alexgaynor.net/2008/nov/10/getting-started-ply-part-3/ As promised, today we’ll be looking at implementing additional arithmetic operations, dealing with order of operations, and adding variables to our languages, so without further ado, let’s jump into the code. We can replace our old addition rule with this: import operator def p_expression_arithmetic(p): ''' expression : expression PLUS expression | expression MINUS expression | expression TIMES expression | expression DIVIDE expression ''' OPS = { '+': operator.add, '-': operator.sub, '*': operator. https://alexgaynor.net/2008/nov/10/how-heck-do-django-models-work/ Mon, 10 Nov 2008 00:00:00 +0000 https://alexgaynor.net/2008/nov/10/how-heck-do-django-models-work/ Anyone who has used Django for just about any length of time has probably used a Django model, and possibly wondered how it works. The key to the whole thing is what’s known as a metaclass, a metaclass is essentially a class that defines how a class is created. All the code for this occurs is here. And without further ado, let’s see what this does. So the first thing to look at is the method, __new__, __new__ is sort of like __init__, except instead of returning an instance of the class, it returns a new class. https://alexgaynor.net/2008/nov/09/getting-started-ply-part-2/ Sun, 09 Nov 2008 00:00:00 +0000 https://alexgaynor.net/2008/nov/09/getting-started-ply-part-2/ Yesterday we created our tokens, and using these we can parse our language (which right now is a calculator) into some tokens. Unfortunately this isn’t very useful. So today we are going to start writing a grammar, and building an interpreter around it. In PLY, grammar rules are defined similarly to tokens, that is, using docstrings. Here’s what a few grammar rules for out language might look like: def p_expression_plus(p): ''' expression : expression PLUS expression ''' p[0] = p[1] + t[3] def p_expression_number(p): ''' expression : NUMBER ''' p[0] = [1] So the first docstring works is, an expression is defined as expression PLUS expression. https://alexgaynor.net/2008/nov/08/getting-started-ply/ Sat, 08 Nov 2008 00:00:00 +0000 https://alexgaynor.net/2008/nov/08/getting-started-ply/ The other day I mentioned I was using PLY in my post about building a language, so today I’m going to describe getting started with PLY, specifically the tokenization phase. For those who don’t know much about parsing a language, the tokenization phase is where we take the source file, and turn it into a series of tokens. For example, turning a = 3 + 4 into, NAME EQUALS 3 PLUS 4. https://alexgaynor.net/2008/nov/07/s-not-change-we-can-believe/ Fri, 07 Nov 2008 00:00:00 +0000 https://alexgaynor.net/2008/nov/07/s-not-change-we-can-believe/ Yesterday president-elect Obama’s campaign unveiled their transitional website, change.gov. So, as someone who’s interested in these things I immediately began to look at what language, framework, or software package they were using. The first thing I saw was that they were using Apache, however beyond that there were no distinctive headers. None of the pages had tell-tale extensions like .php or .aspx. However, one thing that struck me was that most pages were at a url in the form of /page/*/, which is the same format of the Obama campaign website, which I knew was powered by Blue State Digital’s CMS. https://alexgaynor.net/2008/nov/06/building-programming-language-python/ Thu, 06 Nov 2008 00:00:00 +0000 https://alexgaynor.net/2008/nov/06/building-programming-language-python/ One of my side projects of late has been building a programming language in Python, using the PLY library. PLY is essentially a Python implementation of the classic Lex and Yacc tools. The language, at present, has a syntax almost exactly the same as Python’s (the notable difference, in so far as features that have been implemented, is that you are not allowed to have multiple statements on the same line, or to put anything following a colon on the same line). https://alexgaynor.net/2008/nov/05/pygtk-and-multiprocessing/ Wed, 05 Nov 2008 00:00:00 +0000 https://alexgaynor.net/2008/nov/05/pygtk-and-multiprocessing/ Yesterday was election day, and for many people that meant long nights following the results, waiting to see who would be declared the next president of the United States of America. Politics is a game of numbers, and it’s nice to offload the crunching to our computers. I had written up a simple application for projecting win likelihood for the candidates based on the likelihood of a win in an individual state. https://alexgaynor.net/2008/nov/04/more-laziness-foreign-keys/ Tue, 04 Nov 2008 00:00:00 +0000 https://alexgaynor.net/2008/nov/04/more-laziness-foreign-keys/ Yesterday we looked at building a form field to make the process of getting a ForeignKey to the User model more simple, and to provide us with some useful tools, like the manager. But this process can be generalized, and made more robust. First we want to have a lazy ForeignKey field for all models(be careful not to confuse the term lazy, here I use it to refer to the fact that I am a lazy person, not the fact that foreign keys are lazy loaded). https://alexgaynor.net/2008/nov/03/lazy-user-foreign-keys/ Mon, 03 Nov 2008 00:00:00 +0000 https://alexgaynor.net/2008/nov/03/lazy-user-foreign-keys/ A very common pattern in Django is for models to have a foreign key to django.contrib.auth.User for the owner(or submitter, or whatever other relation with User) and then to have views that filter this down to the related objects for a specific user(often the currently logged in user). If we think ahead, we can make a manager with a method to filter down to a specific user. But since we are really lazy we are going to make a field that automatically generates the foreign key to User, and gives us a manager, automatically, to filter for a specific User, and we can reuse this for all types of models.