Thursday, October 09, 2014

Domain disaster, identity, history, account balance and horizons

I've added Python tag to this post, because the traffic above is mostly Python related, so it might be interesting to those concerned about preservation on their posts (or about essential properties of well-known trolls in certain communities). Blogging is not an easy process, especially if you're not an English native and it takes about 4 hours on average to rewrite and reword the content until it satisfies you, so preserving this knowledge is somewhat important. Some of the most emotional and big posts are never published at all (like black hate of Python 3 default system encoding or drafts of Spyder plugin architecture) .

So, what happened with the graph above?

With zero income over the past 2+ years I couldn't keep up with my bills and the domain name registration expired after I couldn't make it. It doesn't cost much ~$10 a year, but it is on the bill with DreamHost web hosting plan that costs $120 yearly + minimal VPS instance for $5/month to run Bitbucket mirrors and other services. I got the money from a $500 gift that I wanted to make to my girlfriend after we broke apart. To be honest I never had a girlfrend, but it was a nice try. It was painful, but in the end these $500 helped to save on debts without sacrificing my desire to meet with friends. I must say it is really hard to sustain any kind of relationship (timely replies, calls, switching to the context of another person, sharing interests, job activities) when you have an ADHD mindset, especially in those moments when you "catch the flow" and just escape everything outside until the feeling passes. The escape is possible. Otherwise it would be a direct way nowhere, but it is always stressful and takes its toll on psychosomatic resilience (how much stress a person can handle until it starts to grow on person's in physical form). Other factors may be contributing too, such as wiring scheme in ADHD trained brain - which can be more flexible so that it is able to diverge resources from maintenance of body systems to cognitive abilities. If there is some virus or generic modification in your body (chronic disease is also an option) - it might (probably will) take this chance to capture more territory when under a stress condition. At a time when rewiring process switches off lights in corridors near the dark corners of immune system. But that's is just a theory, an indication how easy it is for me to become distracted, which in turn is the cause why the situation emerged at all.

Looking at the chart of traffic I think that if that traffic was in any way useful at all, I wish it could be directly converted into paying for domain name and hosting. I don't need extra and don't want to "monetize" content by introducing pestering ads and other nasty stuff from the "business end" - just need the power to keep the systems up and operational. It is quite sad knowing that only a year needs to pass after you die to erase traces of your work from the internet, and even don't help when new owner of your domain uploads robots.txt to block resource-sucking spiders. It will be much more comfortable knowing that what you do will persist to help somebody else save some time in future.

The easy answer would be to just blog on * * or facebook if you like, and that's already an option for a newer generation, but you own domain is one of the achievements in the ladder of your technical skills. Or sometimes it is just matters for some reason.

One high tech idea to build a sustainable human-less domain preservation mechanism was to build a closed loop around automated recurring payments with bitcoins. That one needs a lot of time to develop and clean up roadblocks for an automatic chain that transforms useful traffic to Etherium or any other similar Bitcoin 2.0 concept. There are two concerns here. First is that useful needs to be defined more clearly. I am sure for some reason that Google already knows and calculates the metric even for posts without views, likes or +1 buttons. Second concern is that there is so much buzz about Bitcoin 2.0, that it looks like people are already fighting to capture this playfield, and I am not sure that these new technologies are really worthy. Investigation and review needs time and it is hard to tell how much exactly without trying.

Another option to sustain the costs was to use DreamHost referral system that through a referral link allows to get bonus for every newly registered user. is a very old account - it uses a deprecated recurring bonus scheme, that shares 10% of new user's payments instead of one-time bonuses, but so far I had only $5 from 10 people registered over last 5 years or so, and I don't think it is a good route to take unless you want to force people to hate you, because you're obsessed with selling them to DreamHost as referrals. also possesses a nice looking donation URL that looks like but it does not answer the questions "how much does this this blog needs to be alive and why?", "what part of a share should I pay?" and more import "why should I pay for this?". In other words there is no transparency and trust in "modern" economy, because openness and transparency hurts it. And if resources become scarce, the economy starts a killing cycle. It is not from economy - it is from ecosystems.

There are always ideas for new experiments and horizons in this area, such as marrying Gratipay concept with BitHub. These project are less obsessed with "doing money software for the money", but they can not escape the "preferential attachment" of people around it, meaning that people will support projects that support money movement more than projects that need actual support, such as PyPy, Spyder and PySide. It might be not even about project support, but more about people contributing to these projects. I don't think that I have a solution to the problem, because it complex, but I think I'd be happy to try if I had a chance.

I tried to submit a proposal for activities to H2020 program as a last chance to escape the corporate clutches and dedicate some time to experiment, but I could not find a single idea over which to subscribe myself to work over for the next five years. In the end I realized that I am alone and hardly the right the right person to do coordination and communication work even though it might be extremely interesting at some point (and hence extremely difficult to resist).

So, in the conclusion of this letter to make it more useful and worthy of 4 hour time, I'd really like to see more people from hard core Python projects that are somehow supported in Europe (such as PyPy and PySide), and especially people from outside who interested in helping them, to take a look at the Horizon 2020 program. It is a funding scheme for EU companies, but organizations from outside (including US and Russia) are welcome to participate with their own funds if they contribute something unique. I believe it is the only way for independent R&D to continue and it will be a pity to miss this chance to experiment with transparent economy schemes and trust systems to support people in open source and open science projects. And it requires more than just coding skills to handle. In fact, it may require a completely different set of skills, even art or design or cognitive sciences - everything that helps better understanding and communication. Because all problems in the world are the problems of communication.

Friday, August 15, 2014

ANN: sha1 1.0 - command line tool to calculate file hash

Windows doesn't have a native tool to calculate SHA-1, so I've made one that can be easily installed and used from command line on any operating system thanks to Python:
python -m pip install sha1
python -m sha1 <filename>

Saturday, May 31, 2014

Python 3.2 has some deadly infection

Another not really positive low quality post, so if you're not in a mood to hear some rants, just skip it.

I don't consider talks about different programming languages to be blasphemy. Quite otherwise - they are good to let you rethink what you do daily in your own language. In a recent discussion about languages (and after many fruitless attempts to compile Wesnoth with GCC on Windows) I thought that C/C++ must die, because really all major security problems are because of it. Memory problems, reinventing the wheels, wasting time in Makefile's and Autoconf / Visual Studio project files. Everybody is just forced to use it, people feel like they've become an elite by learning it, but in fact they are just wasting time. Well, you can't blame people for that. Everybody entertains in a way he can, and me while writing this post too.

Yes, early hacker's culture is still here, but is it here to hack on real world problems anymore? NumPy, SciPy, PANDAS, BioPython - this is the example of tools that modern hackers use. C is only useful to speed up parts of application and that's it. It is not designed to make app more secure, to save developer's time, to increase productivity, even to be hardware independent, and I believe the main reason for its popularity is that it is just the default for Unix. C for Unix is a Visual Basic for Windows. This doesn't make Visual Basic better - this makes C worse.

What about Python? Well, here are some stats.

These are stats from TIOBE (clickable). They don't measure anything - just show some lines that correlate to each other.

It looks like the peak of Python was on February 2011, and since then there was a significant drop. The next peak you see is February 2013 - month before PyCon in California, followed by a deeper decline. Let's see what happened on February 2011:

  • Python 3.2, documentation released on 20 February 2011.
Right. Everybody knew that Python 3.1 is going to be bad, and everybody expected Python 3.2 to be good, but that didn't happen. You may tell people anything - "don't expect", "it is planned", "it is better" - regardless if people hear you or not, they will still have some expectations, and if these expectations don't match the  experience , you see the "disappointment line" decline. You see the second peak didn't bring any good news either.

I am disappointed too, and if you don't want to read yet another boring complain, just skip this paragraph. I expected Python 3 to be ready for the internet age, with cross-platform behavior preferred over system-dependent one, with clear semantics to work with binary data, with non-confusing error handling and API that gives hints and helps to pave your way on uncharted grounds, such as abstract unicode. Maybe Python 3 is beautiful, but I fail to see how - it is not more modular than Python 2 - I can not switch features of the language on and off to taste experimental stuff of propose my own, I don't see any pictures of improved internal structures or . I didn't expect more things to work by default, but I hoped that explicit interfaces continue to be intuitive. There are many little things that sum up and spoil the fun like trailing whitespaces in JSON output that play significant role in providing backward compatibility for Python. I don't know if that is fixed in Python 3, and I don't have any means to track that. When these little things sum up, you realize that you're just wasting time trying to improve things that people don't want to improve. They don't want to improve the process. They don't realize that the problem is not in the language, but in the way they don't want to hear each other. Technology showed that people want to be heard, that they opinion should be  accounted  , not closed as  won't fix  , or  works for me  . It is not a community process, when you rely on abilities of certain individuals to monitor and respond to all traffic and wishes, especially when they fail to do so.

Community process is when there are tools that people can collaborate about, there is research, a place for sharing opinions and sum up the result, a time to track the progress and do the work, and an open environment to experiment and evolve. Where every opinion counts and adds up to become a signal. Where signals are reacted to not because there are people who feel responsible, but because it is fun and has a positive feedback.

There is a certain paralysis. Many people are stuck in corporate against their will, bound by economy. But I am sure in every company it is possible to dedicate a "SyncFriday" - day dedicated to sync with other developers outside to do things in open source with all necessary stuff prepared. If a company can not afford it - why not just leave it. What's the point in helping corporation that doesn't make the world better from your own point of view too?

And much as with corporations, I don't see why anyone should be interested to help Python 3.x to become better. It takes too much energy and is so hopeless, at least for me. Singing papers, writing long explanatory PEP notes, discussing things with your core boss. There are no stats, no summaries, no analysis and comparisons, root cause research - only a lots of text and opinionated and busy individuals like myself.

Can this be changed? Not with text. More people who can draw, animate, make beautiful graphics work to make hard problems visible. This will help. Work with people expectations - if these are unreal - do not try to change them, explain them. Make the problems visible, give people the freedom to try, do not demand, do not press, just create environment, and do not use text - it is useless. 

Art is the future. And the future is both visually appealing, nice to touch and easy to follow.

Tuesday, April 29, 2014

Writing SCons Plugin: Discovery

UP201410: Add version info and link to Parts concept.

SCons is a build tool written completely in Python, so that you can just put it into your repository, extend for your own purposes and run directly from checkout without installing anything. SCons documentation doesn't use word plugin to refer to extensions. It calls them Tools. If you're not familiar with SCons concepts, check out this wiki page.

Plugin Discovery

SCons tries its best to avoid magical behavior. That's why it ignores paths and options set in system environment and requires that you specify everything explicitly. The same is true for plugins. Example from SCons man page:
env = Environment(tools = ['default', 'foo'], toolpath = ['tooldir'])
This creates build environment, initializes default tools, sets lookup path for plugins to tooldir/ and enables tool named foo, which is located in tooldir/ should have two functions - generate(env) and exists(env).

To test that your tool is found correctly, check env['TOOLS']:
If filename is not there - SCons was unable to find it. If it was a problem with contents of - SCons would fail with exception.

SCons has an automatic tool discovery mechanism - if you don't like to specify toolpath directly - you may place your tool in one of several locations that SCons scans before executing SConstruct. See description of the --site-dir=dir option for details.

Version compatibility and future

Described behavior is true for SCons 2.3.4 and earlier versions. It may be not very intuitive, so things may change in future, especially if we find resources to integrate Parts.

Friday, March 28, 2014

Python C API/ABI compatibility report

UPDATE: There is now an official thread on python-dev.

Upstream Tracker is an open source (GPL) tool that allows to track API/ABI changes between releases of C/C++ libraries. I asked Andrey Ponomarenko, who is the main maintainer of the project, to add Python to the list and here is the result:

Hope you like it.

Monday, February 17, 2014

ANN: xtrace 0.5 - indented function trace in Xdebug format

Xdebug is a PHP tool that allows to trace how PHP code is executed. Today I release a tool called xtrace into public (and more specifically into public domain), which allows to get the same (or at least very identical) output, but for Python.

Few years ago inability to trace function calls in Python came as a showstopper. I decided to write a familiar tool for Python. More than that - I wanted to integrate it into Spyder. But a year ago xtrace itself faced with showstopper. The showstopper was the behavior of execfile function, that I could not get right at that time, because of the docs, of my expectations and poor knowledge of English. Maybe there is a flaw in my cognitive abilities, but I tried to get at this problem several times and failed. Until recently some hackers from ZenSecurity team brought a concept known an pyjail to my attention. The challenge to prove that pyjail concept is impossible allowed me to concentrate on gory details of execfile works and knowing that documentation is totally confusing for my, I found the time to set my own experiments. You can read them at the link I've given above as well as some analysis why documentation that actually includes all the details can be bad and confusing.

The xtrace was basically broken for three years, starting from the version 0.2 - the day I put execfile() call from root to the xtrace module to the main() function. This placement changed the execfile() behavior, and while trying to debug that I also run into confusing dynamic behavior of dictionary returned by locals(). Opened can of worms made those parasites to completely consume my brain, causing much anger and frustration to be spilled around execfile() and locals() concepts over into Python lists. It is kind of relief now that I can name all the problems, analyse them and look back as enlightened. Being jobless I had a plenty of time to investigate, but I really don't want anyone to enter that state of confusing and helplessness that I had a year ago.

Hopefully, my experience with xtrace will clear the confusion for those who will try to use exec type abilities of Python for developing their own tools. Maybe it will result in a better Python API in the future, with better documentation and position-independent behavior.

I am interested to know the feedback that you can leave in xtrace tracker, such as if the output really matches PHP behavior, if it is accepted by PHP tools and how it behaves in different scopes of Python. It is interesting to convert it to Spyder plugin and see the usage in other tools, but I realize that I may not have time for that. The next focus for me is to add an easy API to xtrace to enable people to write they own tracers more easily. Focus on UX and everything else will come.

Sunday, February 02, 2014

ANN: hexdump 2.0 - view/edit your binary with hex tool

Finally some prod that can be named feature-complete for release. It is cross-platform, meaning it should run the same on Windows (tested), Linux, and OS X. It is Python 2 and Python 3 compatible. And it released into public domain, so that you won't have any problems in reusing it for your commercial and non-commercial hacking.

For those who are unaware of what hexdump is, hexdump is a representation of any binary data in human readable form. This form is good for hacking, inspecting and debugging binary data and protocols, but it is also good for editing such data. I am not pasting the output if the tool to encourage you to play with it yourself.

It can be used as command line tool and as a library. The most simple way is to use it as a tool:
# install
$ python -m pip install hexdump

# dump
$ python -m hexdump binary.bin > dump.txt

# restore
$ python -m hexdump --restore dump.txt

P.S. I don't mind including `hexdump` as provisional package in Python standard library if anyone will be able to convince PSF to accept public domain, CC0 or MIT licensed code.