10 Year Anniversary Dinner

Last night I went to the LinuxSA 10 year anniversary dinner. Wow. 10 years. And Geoffrey has been very faithful, leading the whole thing the whole time. Thanks Geoffrey for your continued efforts!

So we had a good time, talked about a variety of interesting geek-related topics over some decent chinese food. The usual suspects were all there, although some piked at the last moment or couldn't make it. There were as per usual new faces to get to know too. Thanks to all who came and made it a fun night!

tech/LinuxSA | 20 Dec 2006 | #

About AES

Russell blogs about choosing encryption algorithms. He comments:

The US government (which incidentally employs some of the best cryptologists in the world) recommends encryption methods for data that is important to US interests (US military and banking operations for starters). Why wouldn't you want to follow those recommendations? Do you think that they are putting back-doors in their own systems?

This is true, but for an additional reason not mentioned. The current block cipher standard is AES. While it was chosen by the US government as a standard, it wasn't develoed by the US government - making the chance of back-doors even less likely. This is not the case for DES - which was an in-house US Government development effort - meaning that it's open to claims of back-door introducing.

There are some questions asked about whether there are inherit weaknesses in AES, but these centre around the "newness" of the mathematics used - the strength of any crypto system is based on solving "hard" mathematical problems, so if someone finds an easy way the "tower of cards" all falls down - and all data is open. But the same could be said for ECC. That's why some people encrypt their encrypted data with a different encryption algorithm - even if one crypto system falls, there's another barrier protecting your data.

So, as a recommendation, you need to ask a few things - how important is the data you are wanting to protect? What timeframe does it need to stay secure? If it needs to be protected forever - like who killed JFK :-) - then you need a really strong crypto system. If it's a personal deep dark secret, probably just your lifetime. If it's your travel planes, only a few weeks. If it's your online banking session - it's only minutes. The other thing is identifying your adversary - if it's the government, then nothing really is secure enough - be assured that if it's in their national interest they will break open the data. If it's some local phisher/cracher - then a much weaker system is all that's needed to protect you as they don't have the mathematicians, nor the computing power, to cause you grief in the timeframe that the data is sensitive.

The easiest solution though is have nothing to hide :-)

Addendum: There's nothing new here - just go read Schneier for more info.

tech/code | 16 Dec 2006 | #

A way to waste lots of time :-)

So, via Richard Jones I discovered Galcon - an awesome high paced galactic action-strategy game. You send swarms of ships from planet to planet to take over the galaxy.

Oh my goodness. This is a very ubercool swarm-style arcade game written in python. Brings back fond memories of that 'ole xlib game with bases and pipelines. I'm not going to say how much time I spent playing this yesterday.

Update: The old xlib game is xbattle. Still being packaged and available on Debian/Ubuntu/wherever.

tech/misc | 13 Dec 2006 | #

Michael's Unofficial Guide to OSDC Day 3

So it's the last day of OSDC (well, 2 days ago :-) and while that's a bit sad, I have to say it's been a fun time. Had breakfast again with Rob, Martin and Erik de Castro Lopo - been good to chat with these guys about a broad range of stuff.

Keynote: Scott Penrose on his web framework called Zaltana looks interesting - the demos were good. If it can truly integrate different web applications under an AJAX-enabled common style, then it would be very nice.

Adam Kennedy on "The Portable Image testing Architecture". The Perl CPAN problem - 23,000,000 LOC, 11,000 modules, 20 perl versions, 100+ known platforms, 150 config params - all modules (unless stated) assumed to work on all combinations!?! Software Combinatorial Explosion - every module needs testing in (20x100x5x4) 40,000 environments. He introduced PITA-XML. He sees a combination of virtualisation and automation as a panacea. Could be applicable to other similar problems.

Erik Castro de Lopo on "Career Development for Developer Geeks". Dang projector failed, which made life difficult for Erik, but he solderied on nonetheless, presenting a good talk which covered a bunch of good ideas and hints to prevent you from losing your life to the day job.

Martin Poole and Rob Collins on "Managing Distributed Version Control". Very many good hints on how to manage a distributed project - the things you should set in stone early to save you from grief later on. Good stuff. I would have liked this to go longer, as there was plenty of stuff that could have been discussed further.

Andrew Bennetts on "Coding in a Distributed Team". One key point is to keep "trunk" building and keeping tests passing using autobots. Passing the test suite is one of two gates for committing to trunk. The second is peer code reviews - done remotely with some useful tool which automagically presents diffs over the web and allows scores to be kept on the usefulness of the patch. Also covered the cool features that a distributed SCM like bzr gives you (like cheap branching allowing 1-1 mapping between branches and bug fixes/branching). Another talk that could have been extended out to an hour to give out more goodness.

Lightening Talks - Richard Jones on Selenium, a web testing recording tool. More people who tried (and failed!) to write code during a talk - this time using a lesser known framework. Someone else succeeded with Ruby of Rails. Some crazy guy modified LISP to take out the parenthesis and used python-indention instead (+1 crazy). Mary Gardiner covered Women in FOSS groups. Paul Fenwick presented an OSDc compiler (which was Jon Oxer's mini-language that he invented and presented the day before) - now available in CPAN as ACME::OSDc :-)

Did the quick dash at afternoon time back to the hotel and then onto the airport to make my flight home, so I unfortunately missed the conference close. But congratulations to the organisers - a good interesting conference! Again I'm blown away by the totally amazing number and quality of OSS developers in Australia!

tech/conf/osdc2006 | 10 Dec 2006 | #

Michael's Unofficial Guide to OSDC Day 2

Notes from the second day of conference paper presentations:

Keynote: Richard Farnsworth - "Open Source Synchrotron" - More physics than software, but judging from the questions from the audience, this talk was very well received.

Pitty, Keith - "J2EE and Open Source Innovation: The Relationship between Open Source and Standards". A number of J2EE frameworks were presented - including "Spring" which is focusing on JavaBeans instead of EJBs. Now popular enough to have it's own conf. Also mention of the GPL'ing of J2ME|SE|EE.

Richard Jones - "Shiny, Pretty Things". Fun talk on a new python library, pyglet, "not-yet-alpha" which eases OpenGL in python. Richard showed off a bunch of games (incl Funnyboat, Neely's Rooftop Garden, Power Core) to demonstrate how cool stuff is easy to hack together in python. Demonstrated Wings3D as an alternative to Blender (aka "anyone can use it"). Richard presents well, and does cool stuff. I'm looking forward to pyglet getting released.

Mark Rees - "Development of Mono Applications with Agile Languages". Good talk on a topic that's been done many times before, but this time by a core contributor to one of the projects :-) Introduced the fork of Iron Python (http://fepy.sf.net) so that the community can contribute back - take the Microsoft releases when they happen and add in patches - not sure if I like the myriad of licenses it uses though. Also talked about Boo - which is something I played with before IronPython got a better license.

Patrick Sunter - "Open Source on the Scientific Bleeding Edge". Preventing fragmentation of a large vertical niche market largely-OSS application. Interesting to see the adoption of more formalised XP (as opposed to just hacking :) Good war-story talk on boostrapping up a development process that is maintainable - and over the past 3 years or so it appears they've grown the project well.

Lightening Talks - besides the pr0n there was some cool stuff - including a call for help on The Python Papers, but the wackiest was Jon Oxer's OSDc mini-langauge (you are one sick puppy, Jon!).

Andy Todd - "Accessing Relational databases with Python". Introductory talk about Python's DB-API. Quite rushed, but a good point made was regarding Python DB-API's lack of support for SQL injection vulnerabilities :-)

Afternoon Keynote: Anthony Baxter - "futurepython". Started with IronPython + fepy.sf.net. IronPython (on win) faster than CPython for pystones, but half the speed for pybench. Shows the problem of optimising for benchmarks :-) IronPython on Mono is like 1/7 the speed - need for some improvement here. Covered cross platformness - esp System.Windows.Forms etc. Then moved onto Python 3.0 - won't be 100% backwards-compat, but Guido suggests this is a "once in a lifetime chance" to fix niggling python problems to achieve world-domination ;)

My vote for Talk of the day is Richard Jones with "Shiny, Pretty Things"

Postscript: No, there are no photos from me. The camera was left at home so that I didn't need to check any luggage on the flight over.

tech/conf/osdc2006 | 08 Dec 2006 | #

The Anti-Bruce Perens campaign

Looks like there is now a following of people who think that Bruce Perens does not speak for them.

tech/linux | 07 Dec 2006 | #

Michael's Unofficial Guide to OSDC Day 1

Notes from the first day of conference paper presentations:

Keynote - Randal Schwartz - "Free software - a look back, a look ahead". Good to hear an industry legend speak. Interesting point shared - release your software and make money on the magazine articles.

Anthony Baxter - "What's New in Python: 2006 edition". Project overview basically, lots of good things here - ctypes should be good for interacting with native code and more importantly (IMHO) getting try...catch...finally is a wonderful addition - one thing that C# brings to the table.

Alan Green/Ben Askins - "Rails/Django Comparison". Building the same webapp in both environments leads to the following conclusion: the Django version took slightly less time to implement and took less code than Rails. But only just - no silver bullet here. Both appear to be useful, with more momentum behind Rails right now e.g. books, jobs etc. The talk was good, but with more time I would have liked more detail - you'd have to know both Django and Rails already to really benefit from this talk - and then you wouldn't need to hear it.

Alex Holkner - "Ctypes. ctypes run!". Very fast talker - did cool stuff via Google's SoC with pygame-ctypes and SDL-ctypes. So ctypes is all about having a very nice way of interfacing to native libraries directly from Python - on Linux, MacOS and Windows. Looks like it makes life easier - in Java it was painful, C# made it easier, and Python is now even easier. Performance is still something that I'd like to know more about.

Richard Jones - "What's Old is New Again". Good presentation, all about remembering what features went into previous Python releases when writing code that needs to work on older installs (remembering that new features appear in each new release of which a new one happens every 18 months). Trivia - import __hello__ :-) Things covered: sub-classing, __slots__, property(), __new__ vs __init__, static & class methods, enumeration, sets, union_update, symmetric_difference, issubset, issuperset, generators, random.sample(population, k), math.radians, math.degrees, bz2. Could've used a longer timeslot to do justice to a good topic.

Adam Kennedy - "Nothing can possibly go wrong". Very entertaining talk about decisions you make now that you regret later. Some discussion of open vs closed problems. If developing for self, choose closed problems. If you have a happy customer with deep pockets, choose an open problem to solve :-) Auto-emailing bug reports covered. Also discussion on ease of install vs functionality/level of bugs in product - easy installation is much more important than you think. Excellent talk that makes you think.

Burgess, Chris - "Web Application Security - Tools, Techniques, Tips and Tricks". Introductory talk on web application security - introduced OWASP which was new to me. Also talked about the security risks of reusing code - may lead to class breaks.

Mark Hammond - "Python in Mozilla". Mozilla is a complete application framework - and is now language agnostic, so Python can now be used (but probably won't be bundled). What for? New applications using the framework and also for writing extensions for Firefox (but right now that means compiling your own version that includes Python). All the heavy lifting of XUL, XPCOM + all of Pythons libraries etc all available in Python on Mozilla. Cool. Looks like there will be a "blessed" Python version that can be installed as a plug-in in the Firefox 3 time-frame. Some questions remain on how you get your non-technical audience to setup their Mozilla-product to support your Python code.

Mary Gardiner - "The Planet Feed Reader: Better Living Through Gravity". Discussion of what what a planet aggregator web site is, moving onto what the planet software is and how it started - as well as some interesting anecdotes on various things. Quite a good talk - would have been better if there was more time to further discuss some of the project's challenges and future direction.

My vote for Talk of the day is Adam Kennedy's "Nothing can possibly go wrong"

Best talk I missed today was probably "Wile Coyote's Toolbox: The Acme Namespace - 20 minutes, 90 modules" by Jose Castro. (I did get to see it at LUV last night though :-)

BOFs - talked Planet with Mary, Russell, and a few others continuing on from Mary's talk - including a quick chat on Venus.

Conference Dinner - At the Gryph Hotel on-site. #include <std-buffet>. Damian Conway's After Dinner Talk was very entertaining - an adaption of The Da Vinci code. He suggested that it was a 100 hours in the making and I can believe it, given the line-noise^WPerl he incorporated ;-P He also suggested that what he presented will eventually make it's way onto the web, so watch out for that - it'll be worth the download!

After dinner caught the last train back to Melbourne city, made plans for breakfast and got back to coding. Afterall, there's plenty of time - there's no need to be at the conference until 9am tomorrow :-)

Note taking thanks to the power of Beagle...

tech/conf/osdc2006 | 07 Dec 2006 | #

OSDC Day -1

The day started with the flight from Adelaide to Melbourne - the first amazing fact was that from the air you can see that everything is so dry. Australia could really do with rain from heaven.

Arrived at Melbourne airport and experienced the ease of taking the SkyBus into the city - a very good system that Adelaide needs. What I wouldn't want to see copied is the long wait SkyBus gives you for the hotel transfer - we had 30 or so people waiting for hotel transfers from their depo, and they were servicing them 4 people at a time, leaving their smaller buses half-empty :-(

So after that I checked into my hotel, and did the wander around the city. Melbourne is a pretty exciting place, although the 33C day didn't make exploring much fun after a flight.

Being an Adelaide boy, I'm not very train-familiar, so I did a trial run out to Caufield - wall-to-wall school girls and grannies - but there were no problmes finding he conference venue. Afterwards it was out to Stewart Smith's place, just a few train stops further down the line. We sat around chatting on MySQL stuff, MythTV, Linux Australia, and hacking in general.

Off to LUV was next, heard a very interesting talk on Perl's ACME namespace (love that ACME::Bleach :-) by Jose Castro and a talk on GPLv3. Interesting to note the momentum building around v3 given the Novell-Microsoft death-spiral.

Then off to dinner at some nice authentic Italian restaurant. Good chats with Robert, Martin, Jon and others.

Ride back to Collins St in the city by Stewart (thnx), and get some well-needed sleep. Conference proper starts tomorrow!

tech/conf/osdc2006 | 06 Dec 2006 | #