PyCon: PyCon India receives fantastic response

For Python language enthusiasts across India, all roads led to the Lecture Hall Complex at the Indian Institute of Science, Bangalore on 26th and 27th Sep. The reason – to attend and be part of the first PyCon India which was held during the week-end.

The event saw tremendous enthusiasm and participation from all over the country. Over 350 delegates and 30+ speakers attended the event. The event generated a lot of interest in the academia, with a large number of college students and fresh graduates attending it. A notable instance is the participation of 75 students from the Rajalakshmi Engg. College in the neighboring city of Chennai, who just hopped on a train to Bangalore en-masse. This is a worthy example of how Python has caught the imagination of young programmers in the sub-continent and that the language is poised for steady growth and adoption in India.

The opening keynote talk by Dr. Prabhu Ramachandran was well attended and appreciated by the crowd. Dr. Ramachandran talked about his experiences with Python and gave a very good impression upon the audience of how Python is an effective tool in quick prototyping and rapid software development from concept to the finish. He gave on to give another talk on the 3D visualizer application Mayavi which is written in Python.

There were over 30 talks in total in addition to several lightning talks towards the end of the closing day. Overall, the event was a very memorable learning and fun experience to all the Pythonistas who took part in it. The event is poised well to take the leadership in promoting Python in India in the coming years.

Frozen Bubble begins the journey to the CPAN

If you want to make a splash in any community (programming or otherwise) one of the great ways to do it is to take something that is considered impossible or too hard and make it possible or trivially easy.In my Open Source life, I’ve managed to do it …

IronPython-URLs: O2: ‘Open Platform for automating application security knowledge and workflows’

Dinis Cruz is a Web Application Security expert and is the chief technology evangelist for the Open Web Application Security Project (OWASP).

Dinis has been blogging about an “open source project designed to improve the productivity and capabilities of security consultants who perform application security engagements“.

This project support Python on the JVM through Jython and Python on .NET through IronPython.

O2: ‘Open Platform for automating application security knowledge and workflows’

In a nutshell, O2 is a bunch of (about 25) open source modules/tools that help with the multiple aspects of performing application security engagement (in most cases by extending the capabilities of a several Commercial and Open Source tools).

There is a large number of O2 modules that are designed to work specifically with the Ounce 6.x product (Ounce Labs Static Analysis engine), and several other O2 modules which are 100% independent and can be used using only freely available or Open Source tools.

One of the most powerful features of O2 is its scripting and customization capabilities. Currently O2 supports scripting in
any .Net language (with an O2 module dedicated for coding and debugging C#),

Java using IKVM

Python & Java with a via Jython and

Python & .NET via IronPython.

Everything in O2 is exposed via powerful object models and schemas (which are designed to make the security consultant much more productive).

The OUNCE O2 project has a page and code samples on using Python / C#.

OSA+O2 questions and Python/C# findings filtering sample

I recieved last week a great set of OSA/O2 questions which are better answered here (see also the code samples at the end which are a good examples of the powerful O2 Finding’s filtering capabilities).

…

Using the O2_Tool_Python to write a Python script:

step 1) Open the O2 ‘Scripts’ module (from the ‘Loaded O2 Module’ menu)
step 2) select a *.py script from the samples on the left hand side
(optional) step 3) save it with a different name (use the properties button to open the save dialog)
step 4) enter the python script below in the source code area (you will need to fix the path to your local webgoat.ozasmt file and O2_Binaries folder)
step 5) select ‘IronPython’ engine
step 6) click on ‘Execute on External Script Engine’ (the big red exclamation mark). This will save and execute the code.

Jack Diederich: My PyCon 2010 Talk

My talk is tentatively titled “Python’s Dusty Corners.”* It will be a brief overview of all the features in python that you don’t need to know about right up until the moment you do. The list includes how comparisons work, descriptors, iterators, context managers, namespaces, else clauses on for/while loops (suggested by Hettinger), and whatever else you can suggest in the comments (please do!). The narrative of the talk is that these are features that you don’t need and/or shouldn’t use in your day-to-day code but that you need to keep in the back of your mind because other people’s code and the stdlib do use them. As Alex Martelli pointed out in his wonderful talk Abstractions as Leverage you can’t successfully function at one level of abstraction if you don’t know what is going on at the next level down. This talk is a whirlwind tour of the next level down.

I’m honored to be an invited speaker this year. This just means the program committee has pre-approved any talk I give instead of going through the normal program committee proposal process. I had some stem-winding conversations with friends about what this means and what purpose it serves. Firstly it is a flattering inducement to get prior popular speakers to speak again, and possibly no more than that. Secondly it gives speakers a chance to do a talk that might not make it through the normal approval process. I knew a person in college** who’s motto was “There is a fine line between being The Man and being That Guy.” Imagine a Venn diagram with barely overlapping circles labeled “Good Ideas” and “Bad Ideas;” Being “The Man” is the thin overlap between the two, and committees are very good at avoiding any idea that is anywhere close to the “Bad ideas” region, let alone one that that is actually in it. Having invited speakers is a way for the committee to include those ideas with minimal risk by inviting people who have a proven track record and hoping they don’t screw up.

That said my talk is pretty safe and certainly would have made it through the normal process. I would love to give a talk I thought was in the dangerous “The Man” zone but I haven’t the foggiest idea of what that talk would be. Err, I have some idea but none long enough to be a proper talk. For lightning talks I’ll be preparing “I love graphs” (I do, and I have the graphs to prove it), “The Physics of Bowling Balls” (waaay more interesting than you would guess), and my always-threatened-never-done talk “PyAsshole: Simulating a partial information, non-trump, drinking card game in Python.”

* As much as I liked the title I proposed on twitter It wouldn’t help the conference (or me, or anyone really) to have a talk titled “Strange Python Shit” on the program.
** He looked suspiciously similar to me, but with hair down to his shoulders and an eyebrow ring (lay off, it was the early 90s).

IronPython-URLs: Configuration with IronPython

Mark Bloodworth is an architect evangelist who has blogged several times about IronPython. He has put up two more blog entries on using IronPython as a configuration engine.

Configuration with IronPython

Configuring applications in code seems like a good idea. Configuring them in code written in a dynamic language seems even better. Let’s look at a simple example with IronPython.

…

What next?
I’ve kept this example as simple as possible to show the principles. The advantages of using Python code (it would be simple to use IronRuby, too) are that it’s simpler to write, testable, more powerful and doesn’t need pre-compiling. And it could do much more than set a couple of properties. In C# 4.0 the dynamic keyword would allow the Configuration class (and classes like it) to be dynamic, so that the properties and methods could be referenced at runtime without having to be declared ahead of time.

Simple Configuration with IronPython and .NET 4

Recently I posted a short article about how to do simple configuration with IronPython. I figured that it would be easier with .NET 4.0 thanks to the dynamic support. And it is. Using Visual Studio 2010, create a new Console Application.

…

The result is (I think) more simple and elegant than the configuration code to which I’ve become accustomed.

Kiwi PyCon: Kiwi PyCon 2009 on Radio NZ

Kiwi PyCon 2009 on Radio NZ

OAuth No Guarantee Against Nefarious Behavior – Brandon Savage

Twitter has implemented the OAuth login system, allowing for users to centrally control what sites have access to their Twitter accounts, without having to share their passwords with the third parties. This improvement means that there is less risk of the full account credentials being used nefariously, since the user has to log into the session and explicitly authorize the behavior.

But this doesn’t mean that individuals are completely safe from nefarious behavior at the hands of third-party application providers.

Take for example Twibbon. Twibbon is a service that allows you to place a badge on your Twitter icon. Many of my followers have used Twibbon to decorate with sports teams, frameworks they prefer, or other icons. I even used it to add a Clemson tiger paw to my icon for a bit. But Twibbon is evil.

But Twibbon does some pretty uncool things. First, as soon as you add the icon they post a tweet “on your behalf” announcing that you use Twibbon and suggesting that your followers should, too. They do not, of course, give the option to opt out of this behavior. That’s strike one.

Strike two was the discovery today that Twibbon also adds themselves to your follower list. That’s right – without asking, they automatically follow themselves with your account. This behavior is not well disclosed, either, nor can you opt out.

But for the third strike, they had to go one step further and do something completely nefarious and rude: they also take the liberty of marking their Twitter updates as updates that should be sent out via SMS. I discovered this trick when I was examining the list of people that I follow. I don’t have any updates sent to me via SMS, except for direct messages, because I don’t like using my text messages when I can just read tweets on my iPhone for free (using Tweetie).

Technically, Twibbon discloses most of this behavior. In little tiny letters, they tell you that they are going to tweet on your behalf and have you follow them. But the do not disclose that they will be signing you up for SMS updates.

Services like Twibbon provide value to Twitter, but they cannot be allowed to simply opt you into their marketing schemes on a whim. Not when they’re given read and write access to your account. OAuth helps keep nefarious behavior in check, but doesn’t prevent it altogether. Twitter needs to do more to ensure that services like Twibbon disclose and allow for the opt-out of these kinds of actions.

Ivan Krstic: Hello Helo

Given the recent bombardment of shitty news, you know what we could all use more of? Puppies. After about 15 years of wanting one with all my heart, this Sunday I adopted Helo, a 10 week old Border Collie/Blue Heeler mutt. Behold!

Kenneth Reitz: FizzBuzz in Python

Jeff Atwood of Coding Horror has developed a sure fire test to filter out good programmers from bad ones. It’s called the FizzBuzz test, and it’s a very simple problem to solve. Enjoy!

If you’d like to learn more about programming, contact me for a one-on-one lesson.

def fizzbuzz():
   for i in range(1,101):
     if not i % 15:
       print "FizzBuzz"
     elif not i % 3:
       print "Fizz"
     elif not i % 5:
       print "Buzz"
     else:
       print i
if __name__ == '__main__':
   fizzbuzz()

CodeWorks ‘09 – Atlanta – Chuck Burgess

keep looking »

Enterprise LAMP