Planet OCLUG

So, at work I’m using Django quite a bit, and I ran into a problem where I need the database transaction to be committed, and then I need to trigger additional server-side code that will act on that data.

Putting all of this into the view function with a manually managed transaction sucks, far too much code. There’s transaction middleware, but by then your view function has returned. What to do?

Simple. I added my own middleware, and I return a new property that I tag into the HttpResponse object. Python is flexible enough to allow this hack.

MIDDLEWARE_CLASSES = (
    'teleworker.lib.middleware.MslEventMiddleware',
    'django.middleware.common.CommonMiddleware',
    'django.contrib.sessions.middleware.SessionMiddleware',
    'django.contrib.auth.middleware.AuthenticationMiddleware',
    'django.middleware.transaction.TransactionMiddleware',

So in my MslEventMiddleware, I look for a new property in the response, and if it’s present, I execute the requested command, which will happen after the TransactionMiddleware has called commit.

    def process_response(self, request, response):
        if hasattr(response, 'mslevent'):
           msl.event(response.mslevent)

Simple enough. Although a real post-processing API in Django would be helpful.

What a strange world where I am writing a blog post on my phone. Kinda slow going, even using this cool Swype app to speed things up. Mind you, I suck at it…

Perhaps a Bluetooth keyboard will be needed.

Anyone else phone-blogging?

So I’m playing in Eclipse going through Android development HOWTOs. Yes, I know. Java. Thankfully there’s a scripting layer for Android, but I want to learn it all before I choose a toolset for a particular problem. Besides, Java ain’t all bad, just mostly.

Anywho, I fired up the HelloWorld tutorial, made my project, and very quickly found that Eclipse’s wonderful generated code that was going to save me all this work of typing Java didn’t compile. I got, “main cannot be resolved or is not a field”. Huh? The main it’s referring to is my main.xml file (can’t have too much XML eh Java?) describing the Android UI layout, under res/layouts/main.xml. Invoked through the ubiguitous Android R object. What do you mean it’s not there, you stupid machine??

So I do what any modern programmer does, after swearing at my screen repeatedly, I look up the error in google, and voila, I’m not alone. This post was particularly helpful. Apparently, it’s an Android SDK issue, which Eclipse invokes to create the project. Yo, Google! Get off your butts and fix it! Seems to me that you have time…

by Russell McOrmond

I'm just a technical guy. I make my living as a systems administrator, software author and Internet consultant. After watching failures of the legislative process in the USA that lead to them passing laws that attacked the rights of technology owners and the interests of software authors, I decided I must get involved in Canada's political process. I participated in the consultation in the summer of 2001, and have been very active since. This includes sitting in on nearly all of the Bill C-32 and Bill C-11 committee meetings in-person, and being a witness in front of a Bill C-32 committee on March 8, 2011. I have been live tweeting and writing articles for each of these meetings. Now that committee work ended on March 13, the next steps will be a third reading in the House of Commons and then on to the Senate for whatever study they decide to do.

Read full article on OpenMedia.ca >>

read more

On the Matt Holmes Show at around 20:00 EST an interview I did with Mr. Holmes will air. We were speaking about the Bill C-11 committee, and some of the fun I've been watching for the past few weeks (and will be in the next few weeks).

I of course spoke about the most controversial thing in the bill (TPMs) and the most controversial thing that some of the more extreme witnesses want added to the bill (ISP liability + secondary liability/"enabler").

We spoke more generally than using the Copyright geek language. We chatted about who gets to decide who drives your car, and about violence in music, movies and video games. Listen to the show to see what that has to do with TPMs and SOPA.

Audio archives of the show are available (Look for March 8 Hour 2). I'm looking for feedback on one of the analogies used.

read more

I don't always agree with Eric S. Raymond, but believe his open letter to Chris Dodd is right on the mark.

In my words: The technology community has drawn lines in the sand. Your right to protect your copyright ends at our computers and our Internet. We will help if you want to create an honest way to make a living that doesn't cross those lines, but if you want to attack what we consider to be fundamental rights we will defend ourselves and those rights from people we consider to be "liars and thieves".

read more

Probably the claim you will read most often in recent weeks from my friendly archvillain Jason J Kee on his twitter feed is that, There is NO COMPARISON b/t #C11 & SOPA. While he is playing with words when he makes this claim, I think it is useful to discuss the narrow way in which he is correct as well as the ways he is trying to distract people from the similarities.

read more

Today many have been raising awareness of USA's SOPA and PIPA. I thought I would back up a bit from those specific initiatives, and discuss just how far apart people are on this type of policy.

read more

We should answer the question of whether a paywall is a copyright issue, before we dive into the question of the importance of this question for the debate around the Paracopyright provisions in Bill C-11.

I am familiar with paywalls from the perspective of both a user and a provider of such services. I will offer two specific examples of paywalls to illustrate the issues.

read more

I'm not a proud Canadian these days. It seems that everywhere I look I see some monopolist trying to wipe out free markets in Canada, and not enough government intervention to protect the market. There are individuals in the current cabinet who appear on the surface to share some ideas, but who are sending mixed messages. I also don't get the impression that there is enough support elsewhere in cabinet, with other parliamentarians and parties, or with the larger bureaucracy who should be working for us.

read more

The deadline for ideas and submissions on Canada’s digital economy strategy has been extended until midnight, Tuesday, July 13

I don't think I will have the time to make a formal submission. I have instead started to post to the ideas forum. If you agree with these ideas, please vote them up. Please also add comments.

• Protect end-to-end design principle in new communications technology.
  
• Regulate usage of technology in the correct laws
  
• Protect Information Technology property rights
  
• Adopt policy similar to 1991 EU directive on computer programs
  
• Improve competition policy, promotion and enforcement
  

read more

I am a big fan of audio blogs. Some people call them Podcasts because Apple iPod users seem to claim responsibility for making them popular. Leo Laporte over at TWIT.tv, a large audio/video blogging network with a long history in broadcasting, tried to convince people to call them Netcasts as they were simply broadcasting over the Internet. While I'm a listener to a few TWIT.tv shows, and a few other non-Canadian shows, I have always been looking for Canadian shows that cover some of the technology and political stories from the uniquely Canadian perspective.

read more

When I was first writing a little web service in Twisted Python that would return JSON encoded data, and I was having some issues with loading it up using Javascript, I used Wireshark to trace the whole thing and was surprised at how the response looked.

There were delimiters around the data, and the response headers included a reference to “Chunked Transfer-Encoding”. I had to look it up to find out what it was, and I had no idea how to turn it off so I posted on the Twisted Python mailing list, and got a prompt reply.

Chunked encoding has nothing to do with the content type. It is used if
you do not set a content-length header.

So, figure out your response’s length (in bytes), and set the
content-length header to that.

Aha! So this in my http.Request handler fixed it.


log.info("sending response")
# Set the content length so that we don't respond with chunked
# encoding.
size = len(content)
log.debug("content length is %d bytes" % size)
self.setHeader('Content-Length', size)
self.write(content)
self.finish()
log.info("done")


Well, not a fix really as there was no bug, but I wanted to rule out the chunked encoding as the source of a problem that I was seeing.

I just discovered surfraw in the results of an apt-cache search (love that command) and I had to laugh at the manpage:

DESCRIPTION
       Surfraw provides a fast unix command line interface to a variety
       of popular WWW search engines and other artifacts
       of power.  It reclaims google, altavista, dejanews, freshmeat,
       research index, slashdot and many others  from  the
       false‐prophet,  pox‐infested  heathen  lands  of html‐forms, placing
       these wonders where they belong, deep in unix
       heartland, as god loving extensions to the shell.

I know, I’m a geek, but to me it’s funny.

I’ve just been learning about Cross-Origin Resource Sharing, to permit javascript downloaded from one domain to make Ajax requests out to another domain. I started learning this because I was writing a Google Maps client to test some back-end code and it wasn’t working for some reason. Thanks to the help of someone on the Prototype mailing list, and a packet trace, the problem was quickly found.

When I loaded my static page off of the disk, the browser assigns it an origin of null. I was then accessing a service running on my desktop, so its origin was localhost. As the origins differ, when I tried to make an Ajax request to it my browser automagickally makes an OPTIONS request to the server, requesting permission.

Let me show an example, captured via tcpdump:

sudo tcpdump -i lo -nn -s0 -w out.pcap tcp port 8000

When I load up this pcap file in wireshark and follow TCP stream, I see:

OPTIONS /route/?start=sta-9998&end=sta-9999&starttime=1274469161 HTTP/1.1
Host: localhost:8000
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.1.4) Gecko/20091206 Gentoo Firefox/3.5.4
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Origin: null
Access-Control-Request-Method: GET
Access-Control-Request-Headers: x-prototype-version,x-requested-with

This is the OPTIONS request to the server, asking if it is permitted for this client to make a cross-origin request to that server. Specifically, it is asking permission to make a GET request from an Origin of “null”. If the server doesn’t respond with the right access-control headers, the browser will not permit the GET request to take place.

I had to modify my server, written in Twisted Python, to respond with:

HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET
Access-Control-Allow-Headers: x-prototype-version,x-requested-with
Content-Length: 0
Access-Control-Max-Age: 2520

So here I’m saying, yes, it is permitted from any origin (hence the *) to make a GET request, and the client can cache this permission for 2520 seconds (42 minutes). This won’t be my response when I deploy, I will tightly control the domains that this service permits, and lower the max-age to more like 10 minutes.

Now, this initial response is not enough, be aware. These headers must be supplied in every response, not just the response to the OPTIONS request. So when the GET finally takes place it looks like:

GET /route/?start=sta-9998&end=sta-9999&starttime=1274469161 HTTP/1.1
Host: localhost:8000
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.1.4) Gecko/20091206 Gentoo Firefox/3.5.4
Accept: application/json
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
X-Requested-With: XMLHttpRequest
X-Prototype-Version: 1.6.1
Origin: null

And the server now responds with:

HTTP/1.1 200 OK
Content-Length: 76
Access-Control-Allow-Headers: x-prototype-version,x-requested-with
Access-Control-Max-Age: 2520
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET
Content-Type: application/json

{
    "reason": "No workers ready, try again soon",
    "status": "defer"
}

This is just an example while the server is loading a rather large data set, and cannot respond yet. Note the Access-Control headers in the response, just like the initial OPTIONS response.

Doing this in Twisted is simple enough. Inside of a http.Request handler, you can set response headers with self.setHeader(header_name, header_value), like so:

            self.setHeader('Access-Control-Allow-Origin', '*')
            self.setHeader('Access-Control-Allow-Methods', 'GET')
            self.setHeader('Access-Control-Allow-Headers',
                           'x-prototype-version,x-requested-with')
            self.setHeader('Access-Control-Max-Age', 2520)
            self.setHeader('Content-type', 'application/json')

My next steps are to tighten this granting of access, probably via configuration file, but I’m sure you get the idea.

In an article for The Mark I suggest that we shouldn't blame Google when music blogs are shut down, since it’s the major record labels that are to blame.

According to a Hearst Seattle Media blog article, Mike Landreville, an advisor in the Intellectual Property Office of Environment Canada sent a letter to German Internet Service Provider (ISP) Serveloft requesting that the sites "enviro-canada.ca" and "ec-gc.ca" be removed. Without any judicial oversight of any alleged infringement claim (not that I can think of any legitimate claim for these spoof/paridy sites), the ISP shut off the range of IP addresses that served those sites as well as 4,500 other Web sites that had nothing to do with the spoof.

Whatever you think of the prank/spoof, this is obviously over-reaching by a Environment Canada bureaucrat and incompetence on the part of an ISP who removes websites due to random requests. This might be another Hoax given the claims originated from the Yes Men, but this would not have been the first time an ISP shut down an IP address range without judicial oversight based on a letter from someone alleging to be a lawyer.

read more

Ok, this is just dumb.

msoulier@kanga:~$ gem list torrent --remote

*** REMOTE GEMS ***

Well that’s wrong, I know there’s a RubyTorrent gem.

msoulier@kanga:~$ gem list tftp --remote

*** REMOTE GEMS ***

tftpplus (0.4)

It finds my tftp library just fine with a substring.

msoulier@kanga:~$ gem list RubyTorrent --remote

*** REMOTE GEMS ***

rubytorrent (0.3)

So why do I have to be so specific?

I shouldn’t need a web interface to find code in a repository people! Learn from apt-cache.

I’ve been involved in some discussions regarding Java recently, and I’ve repeated said that I mostly find it a solution that is still looking for a problem.

Looking back at this post by Paul Graham on “Java’s Cover” I find it interesting how many of his points still ring true, 8 years later.

My favorite quote:

It could be that in Java’s case I’m mistaken. It could be that a language promoted by one big company to undermine another, designed by a committee for a “mainstream” audience, hyped to the skies, and beloved of the DoD, happens nonetheless to be a clean, beautiful, powerful language that I would love programming in. It could be, but it seems very unlikely.

My problem with it is simple, and it’s why I dislike ClearCase, and many other technologies; it makes easy things hard. I’m busy. I’d use it if forced to, and then I’d try desperately to like it. Until then, I have better things to do.

Charlie Angus was in full force yesterday. He took his contribution to the debate on Bill C-27 (often called the anti-SPAM bill, although it still contains anti-malware and other provisions as well), and spoke about it as one part of a larger digital agenda.

The full debate is available via Hansard, but I wanted to highlight a specific section of Mr. Angus' contributions. (Note: Debate resumes after C-50, which may be today or later.)

read more