August 31, 2007

Yet Another Longhorn Delay

Why don't Microsoft just stop announcing product plans? Their releases inevitably turn out to be later than anticipated, and the resulting back-pedaling just makes them look like bad planners.

As you might have read, the Microsoft Server Division Blog has detailed another delay - it now looks like Windows Server 2008 will actually be released in 2008 (assuming they manage to avoid another 9 months of slippage).

It's interesting that the explanation for the delay tries to mask the fact that Microsoft are apparently not yet satisfied with product quality. If the quality of some earlier products is anything to go by then it doesn't bode well for Server 2008. Still, nobody said running the largest software company in the world would be easy.

Python 3.0 First Alpha Build Available

Guido has just announced the availability of a public alpha of Python 3.0.

Please remember there are several things this does not mean:

  • Python 2.x is not obsolete. The series will continue through 2.6 (which will include backports of many Python 3 features) and probably 2.7. In fact the only guarantee is that there will be no releases after 2.9.x, as Guido has stated his dislike of the ambiguities inherent in a 2.10 release number.
  • Python 3 is not ready for production work. The alpha series is expected to last a considerable length of time, and even when Python 3 comes into production (in around a year from now if Guido's original schedule is maintained) 2.6 will be the major platform.
  • There should be no need to develop parallel source trees for your Python code. The 2.6 translator will have a "Python 3 warnings" mode, and if you ensure that this doesn't produce warnings you will be able to convert your code to Python 3 automatically using a conversion tool.
For a summary of other things you might like to know about Python 3 see Guido's blog.

August 22, 2007

Half-open Interval

Score two if you also noticed that there was no footnote for the asterisk in the preceding post.

August 21, 2007

Google's Spam Priorities?

So, this bunch of annoying little [expletive deleted]s have recently started spamming one of the newsgroups I haunt with messages about things like "Best Car Air Conditioners". For email my spam filters take care of a lot of this crap, but on newsgroups I pretty much have to take what my NNTP server delivers [and there's a market opportunity right there: millions of Thunderbird users are currently casting around for the next non-Microsoft solution to their problems, and if someone chooses to build a newsreader that integrates Spambayes or some similarly competent technology they could probably make a modest income). Score one if you noticed that I just wrote a half-open interval.*

Being a civic-minded netizen I decide that my only recourse is to make sure that at least these nasty little buggers will have to register new Gmail accounts (not that they will worry about that, as they probably register thirty-five new accounts a day, but anyway ...), so I decide to report them to the appropriate abuse address (even though I realize as I do so that I will either be ignored, or I will be one of several thousand irritated readers who are just as pissed as me).

So. CTRL/U gets me the message headers, and lo! I see
Hooray! There's a large, responsible, "do no evil" company who is prepared to stand up and stop these little [expletive deleted]s in their tracks. Great. So I send a message (being careful to include all the headers) to the appropriate address and return to work basking in the warm comfortable glow of having done my duty and helped, as best I can, to put an end to the abhorrence of spam (really, sometimes I look at the human race and what I see depresses me: there really are people out there to whom money is so important that they will fund the exploitation of thousands, nay millions, of vulnerable always-on under-protected basement-dwelling computer systems to send out millions of messages a day about how someone is just waiting to transfer several million dollars into their bank account in return for a modest fee for their assistance. Give me a [expletive deleted] [expletive deleted] break).

Having taken the time to compose and send a message to the above-mentioned address, pointing out how the offenders are spamming a programming language group with inappropriate messages, I go about my business feeling virtuous. Only to see, when I next return to the computer, the following email:
This message was created automatically by mail delivery software.

A message that you sent could not be delivered to one or more of
its recipients. The following addresses failed:

SMTP error from remote server after RCPT command:
550 5.1.1 No such user v66si6536119pyh

--- The header of the original message is following. ---

Received: from [] (helo=[])
by (node=mrus1) with ESMTP (Nemesis),
id 0MKpCa-1INdGx0Vee-0007V8; Tue, 21 Aug 2007 19:36:44 -0400
Message-ID: <>

[... etc., etc., ...]
It can't be easy running a large company. If it was easy then I guess I could do it too. So much for help with abuse. I guess we have to turn to the federal government for assistance now. Oh, sorry, that's no good. The federal government stopped taking an interest in the spam problem when it was pointed out that over 50% of the world's spam originated in the USA (though this is now an out-of-date statistic).

I guess it's up to us vigilantes, then. Whar's mah gun?

August 17, 2007

Close Enough?

I have long admired the formula often known as Euler's identity. It was probably known before Euler's time, but it is associated inextricably with his name because it is a special case of a more general formula, with π as the value of the bound variable. The identity asserts that

To me this is a thing of beauty and a joy forever, but I have long since given up trying to explain to other people why or how I perceive beauty in mathematics. Anyway I thought I would see how close my trusty laptop could get to emulating this mystic identity (it's amazing what I get up to when procrastinating), and naturally chose Python (though I believe the results would be just as disappointing in any other language). Here's what I got:

>>> math.e**(math.pi*-1j)

Definitely not quite the same mystical properties there, even though numerically quite close. No wonder I never liked applied mathematics!

August 13, 2007

SCO's Fate Is Sealed

A preliminary ruling in SCO's battle against users of the Linux operating system has decreed that the rights SCO was licensing actually belonged to Novell. There is along way still to go before all issues are resolved, but it's my belief that this judgment sounds SCO's death-knell. It is now a company with no prospects and precious few products, and a completely discredited CEO.

If SCO survives long enough to see all legal questions resolved I will be surprised. Novell can now choose to force SCO to waive its claims against IBM and Sequent, and the war chest that SCO had hoped to use to fund legal actions is likely to be needed to pay Novell fees that SCO have received for licenses it had no legal power to levy.

I wonder what Darl McBride's next job will be?

August 3, 2007

Electronic Voting? Just Say "No"

Because Ka-Ping Yee was involved, and because I have a professional interest in information security, I have been keeping my eye on the California Secretary of State's investigation into electronic voting machines. I'm afraid the initial results are not at all promising for the future of American democracy. Here's the most telling quote from the source code review of the Sequoia system:
Of particular concern is that virtually every software mechanism related to counting votes is exposed, directly or indirectly, to compromise through tampering with equipment that is deployed in the field. In many cases, tampering sufficient to cause compromise requires only brief physical access and may leave behind little or no evidence.
This is hardly a surprise to those who have studied computer intrusion techniques, but clearly wasn't taken into account by the system's designers. The list of vulnerabilities makes me wonder whether the people who designed the system actually had any security training at all. Yet I just know, before I look for it, that the inevitable response of the vendors involved will be to try to minimize the impact of the security issues, just like Microsoft used to (they know better now).

As far as the voting public is concerned all of this might just as well not have happened, since they are neither educated nor encouraged to value their participation in democracy. As a result I fully expect that electronic voting systems of dubious security and with no paper audit trail will be even more widely deployed in the next election, with the result that victory will go to the least scrupulous, and no challeneg will be mounted by an apathetic populace.

The depressing thing is that the majority of voters (hey, aren't they supposed to decide who gets elected?) would rather leave the dirty business of politics to someone else. It's easier to keep their heads buried in the sand than engage with the endemic corruption of the democratic process. Perhaps you really do get the government you deserve.

Because I live in the USA I can't really claim to be disinterested, but for the record I am at present merely a disenfranchised immigrant. So I am asking all the citizens I know to take an interest in these issues and force the politicos and bureaucrats to implement a more rigorous and respectful approach to secure voting. There would be a real value to open source voting machines.

August 1, 2007

A Great Resource Ruined

I recently visited the SourceForge web site, as I am taking another look at the mingw toolchain. What a disaster the site has become. It seems like it is now organized with the principal intention of maximizing the number of page views, and hence the revenue that can be gained from advertising. All thoughts of user convenience appear to have been banished.

Back when SourceForge was the major repository for open source work it was easy to find a project and download it. The interface wasn't particularly glitzy but it was usable, and you could get where you needed to be with relatively few clicks. Now even a relatively simple download forces you through a chain of links.

I take Inkscape as an example, because I was interested in obtaining an up-to-date copy. The project home page has a friendly-looking link on it that says "Download Inkscape." The first glitch is that although there's a green graphic to make the link look like a button, the graphic isn't part of the link so you have to click on the text! Clicking doesn't download anything, however, it merely takes you to the download page. This page contains a list of files, each of which has a friendly green button (that again isn't really a button) labeled "Download".

You've guessed it - clicking on the text link doesn't download anything, it takes you to yet another download page. Then, finally, you get to download your file by clicking on its name. I don't think the people who designed this site read Jakob Nielsen's work much.

What's even worse is what they have done to the mailing lists. I was having trouble with Msys apparently not actioning the /etc/fstab file so I searched for msys ignores fstab using Google. The first hit was on SourceForge, but the page I obtained by following the link was not only completely useless, it also bore absolutely no relationship to the cached copy page that Google provided, and appeared to be badly broken. There's probably a reason for it, but I was no longer prepared to give the site the benefit of any doubt.

I am so glad that the Python development team took the decision a long time ago to migrate away from SourceForge's repository (they wanted to use Subversion, and SourceForge were taking way too long to offer it as an option). I hope that the final migration of the issue tracker will soon mean that Python development is no longer dependent on what appears to have become a sadly broken system, though I understand there may be issues with content migration.

I suspect that SourceForge's justification for the changes was that they needed to generate revenues to pay for the continued operation of the site. Just the same I will be very surprised if they haven't completely lost their dominant position in five years. Given the right resources it would be so easy to do a better job. Someone is going to see this as a business opportunity and eat SourceForge's lunch before too long. This is a great pity considering the service that the site provided to so many open source projects through the end of the twentieth century.