bor.borygmus

When I put the reference implementation onto the website, I needed to put a software license on it. I looked up all the licenses that are available, and there were a lot of them. I decided the one I liked the best was the MIT license, which was a notice that you would put on your source, and it would say: “you’re allowed to use this for any purpose you want, just leave the notice in the source, and don’t sue me.” I love that license, it’s really good.

But this was late in 2002, we’d just started the War On Terror, and we were going after the evil-doers with the President, and the Vice-President, and I felt like I need to do my part.

So I added one more line to my license, which was: “The Software should be used for Good, not Evil.” I thought I’d done my job. About once a year I’ll get a letter from a crank who says: “I should have a right to use it for evil!”

“I’m not going to use it until you change your license!” Or they’ll write to me and say: “How do I know if it’s evil or not? I don’t think it’s evil, but someone else might think it’s evil, so I’m not going to use it.” Great, it’s working. My license works, I’m stopping the evil doers!

Audience member: If you ask for a separate license, can you use it for evil?

Douglas: That’s an interesting point. Also about once a year, I get a letter from a lawyer, every year a different lawyer, at a company—I don’t want to embarrass the company by saying their name, so I’ll just say their initials—IBM saying that they want to use something I wrote. Because I put this on everything I write, now. They want to use something that I wrote in something that they wrote, and they were pretty sure they weren’t going to use it for evil, but they couldn’t say for sure about their customers. So could I give them a special license for that?

Of course. So I wrote back—this happened literally two weeks ago—“I give permission for IBM, its customers, partners, and minions, to use JSLint for evil.”

And the attorney wrote back and said: “Thanks very much, Douglas!”

“The JSON Saga” (video transcript) by Douglas Crockford, JavaScript whisperer.

Let’s say, one day, you become insane and want to authorize your application to access a user’s data on Twitter. WITH OAUTH!

Twist!

A brief recap: OAuth authenticates an application. It ensures that a sequence of HTTP requests belong to exactly one person, which is hugely important if you’re providing a service API like Twitter is. Here we’ll present the OAuth with signed callback URLs, which is how Twitter provides OAuth for desktop applications—applications that might not have web browsers but nevertheless need to get the Special OAuth Pat on the Back and let the user allow it to access his data. And to do so, you do this:

You’ll grab a request token. With it, you’ll ask the user to log into Twitter and get a special PIN. This PIN is pasted into your application. You then trade your request token for an access token, with which you can perform unspeakable evil.

A first attempt at precisely this:

Letting other people fill the metallic, judgmental silence.

• I am a former virus writer. Ask me anything.
• Antiobjects, and Pac-Man.
• A short explanation of Gödel’s theorem by Raymond Smullyan.
• You know your software is hard to install when… something comes up with a business model for it.
• Avery Pennarun’s weblog is basically software programming gold.
• Ditto for Robert Nystrom, who’s making an ML-like language called Magpie.
• sigfpe: What if you were only allowed one monad?
• Remember Synergy, the project by Chris Schoeneman that would make join the keyboards and mice for two computers? It got forked (for good reasons) into Synergy+ by Sorin Sbarnea and Nick Bolton!
• Alexander Limi would like to make your internet faster with resource packages.

Let’s talk about SQLAlchemy, __init__(), and __repr__()!

It’s another post about Python. And SQLAlchemy. There’s got to be a way to monetize this.

Let’s say we have this, because we are young powerful virile men and women capable of great sexy things.

user_table = Table(
    'user', meta.metadata,
    Column('id', Integer, primary_key=True),
    Column('name', Unicode(100), unique=True),
    Column('strength', Integer))

class User(object): pass

mapper(User, user_table)

If you are lost, maps are on the table in the corner to your left. No, not the sparkly table, that’s Django’s. The solid wooden table. Yes, that one.

Now we journey out into the world, using our new User class.

>>> User(name=u'Gosh McMuffin', strength=10)
[snip]
TypeError: __init__() got an unexpected keyword argument 'name'

Ah. SQLAlchemy is not Magic School Bus ORM. You never defined an __init__() on User. Neither did our mapper() call. And this makes sense: We don’t want a function that monkeypatches an entire class. It gives into The Temptation of Globals; any monkeypatching we do is only available in that thread and we just shot down the chances of anybody reusing our code without growing a few more gray hairs. It’s rude. And, worst of all, it’s un-Pythonic. What to do, what to do.

Hello, hello. Witty banter here mingled with contrition about not posting. Laughs. Tears. Segue.

• I am a video codec engineer. Ask me anything.
• I wrote a PHP compiler. Ask me anything.
• What is the worst bug you have ever solved?
• Joe Damato walks us through the Matasano C++ security challenge.
• Thomas Ptacek on keyed-hash message authentication code (HMAC).
• Jonathan Corbet summarizes Google’s how-we-use-Linux presentation at the 2009 Kernel Summit.
• Mark Dominus finds a gray code at the pediatrician’s.
• The animator of the first under-construction GIF.
• Ryan Tomayko likes Unicorn because it’s Unix.

Don’t give me that look. I’ve been busy.

GNU Emacs 23 has been out for a while now (Windows, atomized.org’s OS X builds from Emacs’ source control). It’s the little features that count, as you know.

• Tramp now works on Windows.

• The mode-line-buffer-id face seems to no longer dynamically inherit from the standard mode-line face: For example, if your mode line’s active background is green and inactive is gray, then on Emacs 22 the buffer-id (the place where your buffer name is written) would change backgrounds along with the mode line as you shunted back and forth. In Emacs 23, I had to choose one background for mode-line-buffer-id, finding no other way of replicating 22’s behavior.

• Not a feature, but: If you open the electric buffer list (M-x electric-buffer-list) you’ll see the column headers “CRM” in a curious serif typeface. The letters correspond to Current, R-something, and Modified, marking out which buffers are what at a glance, but that little corner is the only place in Emacs I know of where a different typeface as been used.

• customize-face seems to be unable to override color-theme, no matter where you put customize-face in your initialization script. I shrugged, opened up customize-face, and saved all my colors from deep-blue and my own tweaks into a file. Tentative goodbye, color-theme library.

• New window decoration icon on Windows! The window decoration icon is what I call the cute little 16x16 thing sitting at the top left of all Explorer windows.

• A little graphics bug: the refreshing stutters if you hold down Ctrl-N or Ctrl-P and scroll line by line. This is forcing me to navigate by search (As It Should Be Done), so let’s pull out an overall plus from this.

• python-mode highlights built-ins!

Hooray!

Update There is now a fancy website by David Caldwell written in SVG for Mac OS X builds. (via Hacker News, where a fantastic thread about building Emacs on OS X is taking place)

If you’ve been reading along on the Atom feed, hello! And thank you! And also if you’ve been noticing paragraphs that seem out of place in certain grumbles, that’s probably because they are. I’ve been marking paragraphs as asides in classes with a corresponding fancy, three-line CSS, along the lines of what Sphinx does. So if certain paragraphs seem disjointed, suck it up! And sorry. HTML 5’s <aside> can’t get here fast enough.

It’s time now to write about two of my favorite pieces of software ever written: Georg Brandl’s Sphinx and Pylons’ Pylons. Normally, these get along like a house on concrete, which is to say very well. A Pylons web application is a well-behaved, standard Python package that pays all the taxes: a setup.py, no module magic like pre-modern Django, and imports as expected. However, if you have ever used the highly useful Sphinx autodoc extension and have pointed it at a module in your Pylons app, you may have run into a traceback that looks like this:

[snip]
File "[snip]/autodoc.py", line 1019, in can_document_member
  return (isdescriptor(member) and not
File "[snip]/autodoc.py", line 203, in isdescriptor
  if hasattr(getattr(x, item, None), '__call__'):
File "[snip]/paste/registry.py", line 137, in __getattr__
  return getattr(self._current_obj(), attr)
File "[snip]/paste/registry.py", line 194, in _current_obj
  'thread' % self.____name__)
TypeError: No object (name: url) has been registered for this thread

Two questions should emerge immediately: What is paste.registry? And why is it throwing a traceback?