Saturday, March 19, 2011

Why I'm starting to truly love #Python

I've been busy the last two weeks putting the finishing touches on everything TweetFree: TweetFree Relay Server, TweetFree Network Server, and TweetFree Mobile have all kept me crazy busy and working in two or three languages all while learning some new concepts like oAuth. I have to say, it's been quite a ride.

The amount of code I've had to write wasn't bad for what it accomplishes. In fact, the mobile client probably ended up containing more code than either the Relay or Network server but that's probably because I did a lot of crap I didn't have to since I'm not very familiar with Java (which is what the mobile client is written in).

But here's the real reason for this post: I want to say I am falling in love (and I mean toe curling, cuddling together, long term relationship type love) with the Python programming language. If you've not tried the language yet, you might not understand why I'm so head over heals in love with it but let me give you an example:

When I originally wrote TweetFree Netork Server, I did so in PHP because that's the web language I am most comfortable in. The code was OK, but when I was dealing with Twitter's oAuth, it got a little tricky. Overall, the Network Server ended up being a little over 360 lines of code.

Tonight, I decided to see how Python would handle it so I fired up my text editor and starter to write. I'll be the first to say that I am NOT a Python programmer and generally have to look almost everything up. But even at my semi-novice level, I was able to rewrite the entire server in about 30 minutes with only 110 lines of code. And we're not talking hard to read, obfuscated code here, we're talking code that probably is a little to 'chatty' and could be optimized even more.

Can you see now why I'm in love with Python? Readability also comes into play to. Let me give you one more example:

Let's say we have a HTML form that passes a username, password, and group name through a POST request. To prepare those for use in PHP, I'd generally use the following code:

$username = striplashes($_POST['username']);
$password = stripslashes($_POST['password');
$grp = stripslashes($_POST['group']

That takes the POST variables and sticks them safe local variables that have been properly escaped and are ready to use in my script. No, it's not difficult code at all and it's easy to understand for even a novice PHP programmer. But look at the same Python code:

myForm = cgiFieldStorage()
username = myForm["username"].value
password = myForm["password"].value
grp = myForm["group"].value

Yes, there's an extra line of code, but it's not too much and I think the readability of the code went way up.

Am I ready to switch all my web development to Python now? Not yet. But I am rather intrigued with this powerful language that keeps the simple stuff simple and makes the hard stuff easy.

Wednesday, March 16, 2011

What can the open source community learn from Microsoft?

If there's one unifying thread that runs throughout the open source community it seems to be the almost universal disdain of Microsoft. While there are no doubt very valid reasons for such hate, I think it prevents the community from not only competing effectively with Microsoft but also using the company's own resources to our advantage.

Regardless of our opinion of Microsoft's business practices, security problems, or its executives, one thing we can all agree on is, by its sheer size, market penetration, and near ubiquity within the business world, the company not only exploits technology trends but drives them. In their effort to be 'everything to everyone everywhere', exploiting trends also means having the ability the accurately predict trends months, and sometimes years, before they occur. Microsoft has spent billions of dollars doing market research, focus groups, and customer interviews in their constant effort to better understand the markets they operate in and anticipate what their customers are going to need in future.

That's where I think the open source community can truly benefit and it's something we're missing out on in a huge way.

Let's be honest for a moment: with very few exceptions, the creators of most open source technologies suck at both marketing and understanding trends. For the most part, open source seems to be a constant game of 'catch up' where, when a technology becomes popular, an open source version of it appears. Sure, that's not *always* the case and there has been a good bit of innovation within the community but, for the most part, it's always chasing proprietary technology.

In order for us to really compete, we have to get better at not only providing technology users (customers) need today, but anticipating what they're going to need tomorrow and making sure that technology is available when that time finally comes.

This is where Microsoft can help. The company has thousands of whitepapers and case studies, gigabytes of video discussing future technology trends, hundreds or thousands of pieces of marketing material, and volumes of other things that we can use to our advantage. By tapping into Microsoft's business research, we can gain valuable insight into what our customers are going to need and use the collective power of our community to deliver better, more stable, solutions that can truly compete with their proprietary cousins.

There's an old saying that says "keep your friends close and your enemies closer" that I think applies here. Microsoft is no friend to the open source community but they can be an asset to it. It's time we move past the blind hate and disgust and learn to derive value from their considerable resources.

Open source is moving out of the 'scratching your own itch' phase and into an area where we're being seen as a serious option by both large and small businesses. But we won't ever get the traction we need by playing catch up. Microsoft will continue to dominate the market if for no other reason than they successfully anticipate trends and deliver solutions that address those trends quickly. It's not enough to have better solutions; we have to deliver those solutions to the customers who need them when they need them. Telling someone "our solution will be better in a few years" won't win converts or business.

Microsoft has presented the open source community with incredible resources. It's time we stop denying the value of what they provide and start to exploit it.

Monday, March 14, 2011

Rethinking openness in the face of oppression and murder

As most of you who read this blog know, I'm a true-blue believer in Free and Open Source Software (FOSS). I believe that having the right to modify the programs you own is a fundemental right of software ownership and that denying a user that right is downright unethical. I really do believe that,but a project I'm currently working on has me seriously weighing the benefits of open vs closed in specific circumstances.

In 2009, during the Iranian presidential election protests, the Iranian government decided to try to quell the protestors communication by blocking social networking sites like Twitter and Facebook. The entire world responded and programmers jumped to creating software solutions to get around the blocks and restore protesters access to these vital communication tools. For my part, I developed a small PHP script that I dubbed "TweetFree" and released it into the wild after announcing it on Twitter.

TweetFree provided a distributed way for people to post to Twitter via the concept of a relay network. The idea was that anyone could run a TweetFree server and the protestors would access the various servers set up around the world to post their updates to Twitter, thereby bypassing the government blockage of the service.

Of course, the software was open source. When I wrote it, I thought 'If I don't open source this, people aren't going to trust it and it won't be used'. And, by the nature of PHP being an interpreted plain text language as opposed to a compiled one, open sourcing the code was a natural thing to do and an easy decision.

Now, two years later, I'm rewriting TweetFree in Real Software's RealBasic (a fully compiled language) and I'm seriously considering not open sourcing the software. Yes, I can hear the outraged gasps of the FOSS community but please put the pitchforks up while I explain my reasoning.

Open source code is fantastic. It allows anyone to modify the code to suit their specific needs instead of relying on a vendor who may or may not be responsible to their needs. Maybe YOU as a user aren't a programmer but you can always hire one to modify the software to your needs.

While that makes incredible sense in the consumer software space, I'm not so sure it works quite as well in human rights work within an oppressive and murderous regime. In fact, the main strength of open source within the consumer community actually makes it a liability within the human rights field.

Let's consider Iran as an example here. In 2009, Iranian government IT teams were all over social networking sites and blogs trying to find out where people were posting updates from and who they were. If they found these people, they were arrested, brutalized, and, sometimes, killed. One of my biggest fears during the protests was that the government of Iran would download and modify TweetFree and set up a rogue server to track and trap protesters into giving up their IP addresses. So, shortly after it was posted to the net, I made the heartwrenching decision to pull the code from the Internet in order to protect protesters lives.

Fast forward a year and a half and I'm again seeing a need for software like TweetFree. But this time, I'm more wary about open sourcing the code and I'm wrestling with the ethics of users right to modify the code versus the absolute requirement to protect the lives of those who use the service to raise their voice. In the end, I believe the need to protect lives outweighs the need to modify software. Not being able to modify software might be an inconvenience, but it's not going to get you raped, tortured, or murdered; falling victim to a rogue server that tracks you will. Not that tough of a decision is it?

Still, I believe that, for nothing more than the sake of maintaining trust, openness is important - especially in this type of enviroment. I'm going to address that by making the code inspectable by anyone who wants to inspect it. I'll even compile the code for you while you wait just to show you that the hash signatures between what I'm showing you and what you're running are the same. I'll do whatever it takes to make sure users understand that there is nothing 'spooky' or secret about the software, but I'm not going to release the code into the wild.

I'm sure this will cause some controversy among the free software purist who will say that all code, regardless of the enviroment, must be free. But as a socially focused developer, my first priority is not to cater to my own or anyone elses ideologies. My first priority is to protect the lives and safety of the people who use the tools I create. That outweighs everything. That outweighs all ideologies. That is, to borrow a line from Star Trek, the Prime Directive.

So as TweetFree Relay nears its release in the next few days, I want to encourage those of you who shy away from running any non-free code to seriously rethink your position. Your contribution to the network is desperately needed and you can make a real difference in the lives of oppressed people around the world. Don't let a technical ideology get in the way of doing a good thing. Don't let personal bias or the opinion of a bearded guru deter you from stepping in and changing the world.

The opportunity is before us and it has no ideology. It simply demands that we do the right thing.

Monday, March 7, 2011

Linux Tip of the Day: Generating a secure password

If you're like most people, you find it incredibly difficult to generate truly random and secure password. Good passwords should be at least 8 characters long, contain numbers and letters and a good mix of both uppercase and lowercase letter. Think about that for a moment and you'll see why many people use really easy passwords the includes their names, pets and spouses names, or important dates.

Linux users have a great tool for generating secure passwords called 'pwgen'. Using pwgen, you can generate completely secure password of any length by typing a simple command.

If you don't already have pwgen installed and you happen to be using a Debian based system (like Debian or Ubuntu) you can install it by typing in the terminal

sudo apt-get install pwgen

Once the software is installed, you can generate a secure password of any length by typing something similar to

pwgen 8 1

That command will generate a single eight character password with a complete mix of numbers and both upper and lower case letters.

It's very easy to use and pretty intuitive. Now, you have no excuse to use insecure passwords again!