Monday, November 17, 2014

C/C++ Must Die

It is a four hour forward only text. I am not in the mood to clean. reread, refactor, split or fix any mistakes right now, and I am not saying sorry for that, because it is how it is written with this limited keyboard interface that I practiced over my lifetime. I am sorry only if you won't be able to read or understand that, because it would mean I made it all worse. I am already at the point that I want to filter it straight to the subject, reread and fix all typos, obscure moments, digressions and words, but I've already out of time and it might happen that there won't be any time for that later.


My system background is [assembly] --> [pascal] --> [c] --> [php] --> [python], so C is not my favorite language, I am in any way attached to it and don't exhibit a feeling of nostalgia and deep sadness when thinking about what changed in the past 40 years that passed since its invention. What I really regret is that there is no a place like Bell Labs anymore that could prevent bloody enterprise from formatting people to the bloody business mindset. Formatting so badly that you even need a ton of startups to just produce ideas (not mentioning getting them right).

So, in the past 40 years, a new language appeared called Python. I don't think that Guido knew the words "usability", "user experience" or CJM when inventing it - it was just natural and human like, just because it was not engineered, but made through feeling of a human, who likes Monty Python and doesn't follow accepted rituals of human organisms in suits. I understand his desire to keep CWI copyright in place - it is a living reminder about another environment that made this thing possible. Unlike these bloody corporations that keep pressure on what you need to do and when to deliver. There is not much creativity and freedom right now. Those tiny groups of people who gather through the internet try to change the things. But the poor expressive power of non-native English language, time gap and invisible mood and attitude changes make it almost impossible to provide a stable communication channel that will not limit itself only to a narrow band of appreciation, joy and positive emoji. All negative emotions, drama, critics and depressions exists there for a reason - to express the importance of details and adapt them.

Accepted rituals of human organisms in suits. It is hard to be human. So hard that the rational part of us will never accept the idea that I, me, myself are limited. Humans had somehow devised the ethics, culture and rituals to deal with that. Implemented complex system of oppressing behavior and enforcing rules to make everyone the same and keep balance. Capitalist economy made it possible to compete, to make a gameplay to measure and estimate your value compared to someone else instead of just killing him, because his will to live just dampens yours. Money had been chosen as a universal way to solve conflicts and it worked for a few generations. Until a new generation appeared that didn't not care about conflicts and didn't see why would anyone should conflict if everything you need is money. We are still limited humans who fail to see the balance and yet we are trying to prove that we are the best, we need to be respected etc, etc. Whatever our rituals are, they are a shroud on on our eyes. The shroud that doesn't allow us to see how human really work, that our perception is not discrete and the expressive power of art is something we should explore as a discipline of human interfaces.

C/C++ is one such interface. It is a written language that no civilization from the outer world will be able to decipher. I didn't research this idea to far, so I leave it to you. It is a formal interface with brackets, asterisks and letter combinations that convey some ideas and concepts. It brings the former poor language of assembly to a whole new level. The level of more toys to play with and *exchange*. Every language invented after it was adding or removing these toys for humans to play with, but they still have hard time to combine all programming languages into the garden of toys as a whole. The garden that you can explore with the rest of your senses (further that arithmetic and text processor units in your head) to see how things work, tear them apart, which toys go well together and which just don't belong. There should be right toy for the game. It is in our mindset. We use the toy that we've used to, learned the first and like opiate, it instills us with the knowledge that this is the best tool in the world, in your world, because everything else if perhaps just worse. The nostalgic feeling brings us emotions, knowledge and experience keeps us in a comfort zone. Egoism. We want to world to be the same. But while we were playing with our toys, it changed.

Many toys appeared and vanished. Patterns made some of us high. UML - the art erased out of drawing - made slave drivers happy. These were adopted ways to transmit the knowledge, format the culture, and narrow the communication down to the limited capabilities of any human put into the bloody cage of enterprise machine. Bloody doesn't mean we can escape it. It is just bloody. I see it as squashing the humans into the cubes of comfort zones and I am afraid of it. There is no progress outside the cells of enterprise organisms and these organisms are still mostly parasites hooked on resources that they are extracting from ecosystem and killing the planet by their exhaust. If you think that Google is good - take a look to the streets - if there is any litter around - how do you think - could people from this Enterprise remove this litter with their bare hands? I think they could. It is easy and even fun. But will they?

C/C++ is not a litter. It is a tool and a toy. The world had grown a lot, but the tool and the toy stayed the same. In these 40 years we've learned that we can only have juggle 7 things in our head at a time. We have only 60 hertz in out heads compared to 3Ghz of modern CPU. 7 things is the most that can survive through the neural network while signal passes from one domain (limited 3D area) through the whole volume of absolutely parallel processing unit. The amount of thing that we need to keep in mind is bytes, chars and pointers, even for string processing. And as a humans we operate with strings. Even bytes in our heads look like hexadecimal and we are still constantly ignoring this. We are continuing to invent rational logical abstractions - new toys - instead of switching off the conscious part of our brain and concentrate on the part that scans things. In the past 42 years we've upgraded our interface from reading to scanning and nobody noticed that. The older people still insist on reading books, going through lengthy letters in mailing lists, and lots of articles. But we've invented movies, animation, visual arts, demoscene. The last one appeared and vanished - it was a sudden ray of warm and bright light - an excitement that was impossible to rationalize and explain, and that gave a birth to a whole generation of game designers out there.

C/C++ is not a game. It is a legacy, a hack, a combination of mysterious symbols that make impossible things possible. This combination has expressive power and concepts that will survive a whole new generations from now on. You will still need an instrument to manipulate memory on low level. An instrument to control hardware with high level concepts. But it is not C/C++ that needs to be used for that, because it doesn't make it optional. C/C++ doesn't help you scan programs faster, read operations behind combinations of asterisks, symbols and brackets to fill the 7 slots in your head with something that makes sense. It doesn't instill me with a sense of confidence, because the code once already written may leak in different places.

Back in a days we were playing with reversing the software. You choose the entrypoint and then try to figure out what software does. Most of the time you had to work with assembly, follow the jumps and procedures, you were writing tools to help you deal with the complexity and automate the journey. The process didn't change since. What changed is that you don't need to think about memory allocations anymore, algorithms can tackle strings more efficiently than humans, so this slot is freed too. You can concentrate on your DNA handling logic, on algorithm, on final result that you need to achieve and this result will make sense for ordinary humans,  not for people with computer science camp behind. Python made this possible by providing this interface for humans when hardware allowed that. Python adapted itself to humans who now scan things instead of reading them. You don't need a whole usability discipline to note a small nifty things to make improvements like these, but when you have this whole new usability and ux buzzworld emerged, it is somehow wrong not to take an advantage of that. It is quite natural and right from the point of standard human specie, but wrong from the point of augmented human that needs tools to be evolved to allow more freedom. Evolution in Python led to the Zen of it. It is not a speccy, not a book, not a long text in a foreign language. It is an artpiece - a thing that could only be born among people who value the artpiece of Monty Python, and appreciate irrational culture of humans and play that. Without the art squeaky PyPI will be remove and the new warehouse will be built, welcome sign will be replaced with patent paranoia, you will have to sign a paper and undergo passport scan to pass through. People attempt to save things that are important to them if they can see them. You can't see the irrational, you can't explain it, especially things that came naturally. Humans are limited in understanding things, in expressing things, complex associations and irrational thoughts that came out of their emotions, knowledge, fears and beliefs. They are limited in their ability to share this information with others, they don't have time to pass info anymore, can't communicate so fast and this is where the progress stops. Humans are limited, they can not deal with the complexity, and they naturally developed arts to deal with that. Arts communicate on different levels of perception and education, they are waiting for you to get there to feel them or came down on you rapidly right away. It is a way to look for answers, to explore, express and communicate them. It is about at least some kind of freedom in dealing with paralysis of complexity. But this is about C/C++ and I need to finish this.

C/C++ is insecurity, but at the same time it brings trust and freedom. At least it was many years ago. It is the last piece of freedom that makes hacking of the systems possible. It was fun and you don't want to kill the fun once you're there. It is not hackers, it is humans, sometimes among them, who kill the fun. Paranoia, fear, social engineering techniques that make talented hackers kill themselves. It is not fun anymore to hack things in this world of fight of limited species over limited resource. Perhaps the backdoor needs to close. I feel deep sadness and sorrow by thinking about that, but who cares anyway. There is a huge demand for a better readable human interfaces for controlling new technologies and devices that will be born to augment humans and while we are messing with bytes and pointers leaning of some memory scattered over the table, we skip the cosmos of possibilities and things that shine in depths behind our necks. There is a place for better coupling between human intention to care or not care about low level details, better interface between the though to operate on some level and the tools that make the thoughts real. It is important to keep it human oriented, because the picture that one human drawn should be intuitive and clean for other human to comprehend. If that second human is familiar with concepts, it should not undergo the long training in decyphering glyphs just to get into details. We've already seen that this is possible. Just need to experiment with this a little bit more to pave our way in the way art does it. Art is the ultimate hack of all times after the science.

And for us, for new generation of coders, C/C++ must die to let evolution continue.

Thursday, October 09, 2014

Domain disaster, identity, history, account balance and horizons


I've added Python tag to this post, because the traffic above is mostly Python related, so it might be interesting to those concerned about preservation on their posts (or about essential properties of well-known trolls in certain communities). Blogging is not an easy process, especially if you're not an English native and it takes about 4 hours on average to rewrite and reword the content until it satisfies you, so preserving this knowledge is somewhat important. Some of the most emotional and big posts are never published at all (like black hate of Python 3 default system encoding or drafts of Spyder plugin architecture) .

So, what happened with the graph above?

With zero income over the past 2+ years I couldn't keep up with my bills and the domain name registration expired after I couldn't make it. It doesn't cost much ~$10 a year, but it is on the bill with DreamHost web hosting plan that costs $120 yearly + minimal VPS instance for $5/month to run Bitbucket mirrors and other services. I got the money from a $500 gift that I wanted to make to my girlfriend after we broke apart. To be honest I never had a girlfrend, but it was a nice try. It was painful, but in the end these $500 helped to save on debts without sacrificing my desire to meet with friends. I must say it is really hard to sustain any kind of relationship (timely replies, calls, switching to the context of another person, sharing interests, job activities) when you have an ADHD mindset, especially in those moments when you "catch the flow" and just escape everything outside until the feeling passes. The escape is possible. Otherwise it would be a direct way nowhere, but it is always stressful and takes its toll on psychosomatic resilience (how much stress a person can handle until it starts to grow on person's in physical form). Other factors may be contributing too, such as wiring scheme in ADHD trained brain - which can be more flexible so that it is able to diverge resources from maintenance of body systems to cognitive abilities. If there is some virus or generic modification in your body (chronic disease is also an option) - it might (probably will) take this chance to capture more territory when under a stress condition. At a time when rewiring process switches off lights in corridors near the dark corners of immune system. But that's is just a theory, an indication how easy it is for me to become distracted, which in turn is the cause why the situation emerged at all.

Looking at the chart of traffic I think that if that traffic was in any way useful at all, I wish it could be directly converted into paying for domain name and hosting. I don't need extra and don't want to "monetize" content by introducing pestering ads and other nasty stuff from the "business end" - just need the power to keep the systems up and operational. It is quite sad knowing that only a year needs to pass after you die to erase traces of your work from the internet, and even web.archive.org don't help when new owner of your domain uploads robots.txt to block resource-sucking spiders. It will be much more comfortable knowing that what you do will persist to help somebody else save some time in future.

The easy answer would be to just blog on *.blogger.com *.wordpress.com or facebook if you like, and that's already an option for a newer generation, but you own domain is one of the achievements in the ladder of your technical skills. Or sometimes it is just matters for some reason.

One high tech idea to build a sustainable human-less domain preservation mechanism was to build a closed loop around automated recurring payments with bitcoins. That one needs a lot of time to develop and clean up roadblocks for an automatic chain that transforms useful traffic to Etherium or any other similar Bitcoin 2.0 concept. There are two concerns here. First is that useful needs to be defined more clearly. I am sure for some reason that Google already knows and calculates the metric even for posts without views, likes or +1 buttons. Second concern is that there is so much buzz about Bitcoin 2.0, that it looks like people are already fighting to capture this playfield, and I am not sure that these new technologies are really worthy. Investigation and review needs time and it is hard to tell how much exactly without trying.

Another option to sustain the costs was to use DreamHost referral system that through a referral link allows to get bonus for every newly registered user. rainforce.org is a very old account - it uses a deprecated recurring bonus scheme, that shares 10% of new user's payments instead of one-time bonuses, but so far I had only $5 from 10 people registered over last 5 years or so, and I don't think it is a good route to take unless you want to force people to hate you, because you're obsessed with selling them to DreamHost as referrals. rainforce.org also possesses a nice looking donation URL that looks like http://www.dreamhost.com/donate.cgi?id=3333 but it does not answer the questions "how much does this this blog needs to be alive and why?", "what part of a share should I pay?" and more import "why should I pay for this?". In other words there is no transparency and trust in "modern" economy, because openness and transparency hurts it. And if resources become scarce, the economy starts a killing cycle. It is not from economy - it is from ecosystems.

There are always ideas for new experiments and horizons in this area, such as marrying Gratipay concept with BitHub. These project are less obsessed with "doing money software for the money", but they can not escape the "preferential attachment" of people around it, meaning that people will support projects that support money movement more than projects that need actual support, such as PyPy, Spyder and PySide. It might be not even about project support, but more about people contributing to these projects. I don't think that I have a solution to the problem, because it complex, but I think I'd be happy to try if I had a chance.

I tried to submit a proposal for rainforce.org activities to H2020 program as a last chance to escape the corporate clutches and dedicate some time to experiment, but I could not find a single idea over which to subscribe myself to work over for the next five years. In the end I realized that I am alone and hardly the right the right person to do coordination and communication work even though it might be extremely interesting at some point (and hence extremely difficult to resist).

So, in the conclusion of this letter to make it more useful and worthy of 4 hour time, I'd really like to see more people from hard core Python projects that are somehow supported in Europe (such as PyPy and PySide), and especially people from outside who interested in helping them, to take a look at the Horizon 2020 program. It is a funding scheme for EU companies, but organizations from outside (including US and Russia) are welcome to participate with their own funds if they contribute something unique. I believe it is the only way for independent R&D to continue and it will be a pity to miss this chance to experiment with transparent economy schemes and trust systems to support people in open source and open science projects. And it requires more than just coding skills to handle. In fact, it may require a completely different set of skills, even art or design or cognitive sciences - everything that helps better understanding and communication. Because all problems in the world are the problems of communication.

Friday, August 15, 2014

ANN: sha1 1.0 - command line tool to calculate file hash

Windows doesn't have a native tool to calculate SHA-1, so I've made one that can be easily installed and used from command line on any operating system thanks to Python:
python -m pip install sha1
python -m sha1 <filename>

Saturday, May 31, 2014

Python 3.2 has some deadly infection

Another not really positive low quality post, so if you're not in a mood to hear some rants, just skip it.


I don't consider talks about different programming languages to be blasphemy. Quite otherwise - they are good to let you rethink what you do daily in your own language. In a recent discussion about languages (and after many fruitless attempts to compile Wesnoth with GCC on Windows) I thought that C/C++ must die, because really all major security problems are because of it. Memory problems, reinventing the wheels, wasting time in Makefile's and Autoconf / Visual Studio project files. Everybody is just forced to use it, people feel like they've become an elite by learning it, but in fact they are just wasting time. Well, you can't blame people for that. Everybody entertains in a way he can, and me while writing this post too.

Yes, early hacker's culture is still here, but is it here to hack on real world problems anymore? NumPy, SciPy, PANDAS, BioPython - this is the example of tools that modern hackers use. C is only useful to speed up parts of application and that's it. It is not designed to make app more secure, to save developer's time, to increase productivity, even to be hardware independent, and I believe the main reason for its popularity is that it is just the default for Unix. C for Unix is a Visual Basic for Windows. This doesn't make Visual Basic better - this makes C worse.

What about Python? Well, here are some stats.

These are stats from TIOBE (clickable). They don't measure anything - just show some lines that correlate to each other.

It looks like the peak of Python was on February 2011, and since then there was a significant drop. The next peak you see is February 2013 - month before PyCon in California, followed by a deeper decline. Let's see what happened on February 2011:

  • Python 3.2, documentation released on 20 February 2011.
Right. Everybody knew that Python 3.1 is going to be bad, and everybody expected Python 3.2 to be good, but that didn't happen. You may tell people anything - "don't expect", "it is planned", "it is better" - regardless if people hear you or not, they will still have some expectations, and if these expectations don't match the  experience , you see the "disappointment line" decline. You see the second peak didn't bring any good news either.

I am disappointed too, and if you don't want to read yet another boring complain, just skip this paragraph. I expected Python 3 to be ready for the internet age, with cross-platform behavior preferred over system-dependent one, with clear semantics to work with binary data, with non-confusing error handling and API that gives hints and helps to pave your way on uncharted grounds, such as abstract unicode. Maybe Python 3 is beautiful, but I fail to see how - it is not more modular than Python 2 - I can not switch features of the language on and off to taste experimental stuff of propose my own, I don't see any pictures of improved internal structures or . I didn't expect more things to work by default, but I hoped that explicit interfaces continue to be intuitive. There are many little things that sum up and spoil the fun like trailing whitespaces in JSON output that play significant role in providing backward compatibility for Python. I don't know if that is fixed in Python 3, and I don't have any means to track that. When these little things sum up, you realize that you're just wasting time trying to improve things that people don't want to improve. They don't want to improve the process. They don't realize that the problem is not in the language, but in the way they don't want to hear each other. Technology showed that people want to be heard, that they opinion should be  accounted  , not closed as  won't fix  , or  works for me  . It is not a community process, when you rely on abilities of certain individuals to monitor and respond to all traffic and wishes, especially when they fail to do so.

Community process is when there are tools that people can collaborate about, there is research, a place for sharing opinions and sum up the result, a time to track the progress and do the work, and an open environment to experiment and evolve. Where every opinion counts and adds up to become a signal. Where signals are reacted to not because there are people who feel responsible, but because it is fun and has a positive feedback.

There is a certain paralysis. Many people are stuck in corporate against their will, bound by economy. But I am sure in every company it is possible to dedicate a "SyncFriday" - day dedicated to sync with other developers outside to do things in open source with all necessary stuff prepared. If a company can not afford it - why not just leave it. What's the point in helping corporation that doesn't make the world better from your own point of view too?

And much as with corporations, I don't see why anyone should be interested to help Python 3.x to become better. It takes too much energy and is so hopeless, at least for me. Singing papers, writing long explanatory PEP notes, discussing things with your core boss. There are no stats, no summaries, no analysis and comparisons, root cause research - only a lots of text and opinionated and busy individuals like myself.

Can this be changed? Not with text. More people who can draw, animate, make beautiful graphics work to make hard problems visible. This will help. Work with people expectations - if these are unreal - do not try to change them, explain them. Make the problems visible, give people the freedom to try, do not demand, do not press, just create environment, and do not use text - it is useless. 

Art is the future. And the future is both visually appealing, nice to touch and easy to follow.

Tuesday, April 29, 2014

Writing SCons Plugin: Discovery

UP201410: Add version info and link to Parts concept.

SCons is a build tool written completely in Python, so that you can just put it into your repository, extend for your own purposes and run directly from checkout without installing anything. SCons documentation doesn't use word plugin to refer to extensions. It calls them Tools. If you're not familiar with SCons concepts, check out this wiki page.

Plugin Discovery


SCons tries its best to avoid magical behavior. That's why it ignores paths and options set in system environment and requires that you specify everything explicitly. The same is true for plugins. Example from SCons man page:
env = Environment(tools = ['default', 'foo'], toolpath = ['tooldir'])
This creates build environment, initializes default tools, sets lookup path for plugins to tooldir/ and enables tool named foo, which is located in tooldir/foo.py. foo.py should have two functions - generate(env) and exists(env).

To test that your tool is found correctly, check env['TOOLS']:
print(env['TOOLS'])
If filename is not there - SCons was unable to find it. If it was a problem with contents of foo.py - SCons would fail with exception.

SCons has an automatic tool discovery mechanism - if you don't like to specify toolpath directly - you may place your tool in one of several locations that SCons scans before executing SConstruct. See description of the --site-dir=dir option for details.

Version compatibility and future


Described behavior is true for SCons 2.3.4 and earlier versions. It may be not very intuitive, so things may change in future, especially if we find resources to integrate Parts.

Friday, March 28, 2014

Python C API/ABI compatibility report

UPDATE: There is now an official thread on python-dev.

Upstream Tracker is an open source (GPL) tool that allows to track API/ABI changes between releases of C/C++ libraries. I asked Andrey Ponomarenko, who is the main maintainer of the project, to add Python to the list and here is the result:

http://upstream-tracker.org/versions/python.html

Hope you like it.

Monday, February 17, 2014

ANN: xtrace 0.5 - indented function trace in Xdebug format

Xdebug is a PHP tool that allows to trace how PHP code is executed. Today I release a tool called xtrace into public (and more specifically into public domain), which allows to get the same (or at least very identical) output, but for Python.

Few years ago inability to trace function calls in Python came as a showstopper. I decided to write a familiar tool for Python. More than that - I wanted to integrate it into Spyder. But a year ago xtrace itself faced with showstopper. The showstopper was the behavior of execfile function, that I could not get right at that time, because of the docs, of my expectations and poor knowledge of English. Maybe there is a flaw in my cognitive abilities, but I tried to get at this problem several times and failed. Until recently some hackers from ZenSecurity team brought a concept known an pyjail to my attention. The challenge to prove that pyjail concept is impossible allowed me to concentrate on gory details of execfile works and knowing that documentation is totally confusing for my, I found the time to set my own experiments. You can read them at the link I've given above as well as some analysis why documentation that actually includes all the details can be bad and confusing.

The xtrace was basically broken for three years, starting from the version 0.2 - the day I put execfile() call from root to the xtrace module to the main() function. This placement changed the execfile() behavior, and while trying to debug that I also run into confusing dynamic behavior of dictionary returned by locals(). Opened can of worms made those parasites to completely consume my brain, causing much anger and frustration to be spilled around execfile() and locals() concepts over into Python lists. It is kind of relief now that I can name all the problems, analyse them and look back as enlightened. Being jobless I had a plenty of time to investigate, but I really don't want anyone to enter that state of confusing and helplessness that I had a year ago.

Hopefully, my experience with xtrace will clear the confusion for those who will try to use exec type abilities of Python for developing their own tools. Maybe it will result in a better Python API in the future, with better documentation and position-independent behavior.

I am interested to know the feedback that you can leave in xtrace tracker, such as if the output really matches PHP behavior, if it is accepted by PHP tools and how it behaves in different scopes of Python. It is interesting to convert it to Spyder plugin and see the usage in other tools, but I realize that I may not have time for that. The next focus for me is to add an easy API to xtrace to enable people to write they own tracers more easily. Focus on UX and everything else will come.