Thursday, December 31, 2009

Help keep the Internet free by saving MySQL (Monty Says)


A big part of the Internet is built on LAMP (Linux, Apache, MySQL and PHP/Perl/Python). Now Oracle is trying to buy Sun, which owns MySQL.
It's not in the Internet users interest that one key piece of the net would be owned by an entity that has more to gain by severely limiting and in the long run even killing it as an open source product than by keeping it alive. If Oracle were allowed to acquire MySQL, we would be looking at less competition among databases, which will mean higher license and support prices. In the end it's always the consumers and the small businesses that have to pay the bills, in this case to
Oracle.

If this is the only blog post you read in 2010, then I highly encourage you to read the entire self-interview style blog post by clicking the "via" click above. "Monty" is the guy that started MySQL over 27 years ago.

I personally believe that Oracle can have Sun by should not have MySQL. The one critical part of the LAMP stack is at risk. Without MySQL, we only have Postgres which is great but does not have the same "business" community around it yet. So I encourage you to sign the Save MySQL petition at http://www.helpmysql.org which will be forwarded to the European Commission which must approved the Oracle / Sun deal. Considering the amount of time and money spent by Oracle to get this deal approved the future of MySQL is definitely at risk. Oracle could have quickly gotten the deal done if they had divested MySQL AB immediately, but they willingly have lost an estimated $1 billion in order to get MySQL.

Even if you don't use MySQL, you'll end up giving more money to Microsoft for their DB or pay Oracle for theirs then I highly suggest you sign the petition. The future of free internet is at stake!

Wednesday, December 30, 2009

Creating a VirtualBox Virtual Machine Using CrunchBang Linux

This tutorial assumes that you already have VirtualBox installed and that you have a CrunchBang Linux ISO downloaded.  You may choose a 32-bit or 64-bit version of CrunchBang depending if your target system supports a 64-bit system.

In VirtualBox:

1. Click on "New..."

2. VM Name and OS Type
  a) Enter a name for your new virtual machine
  b) Select an operating system.  In this case, select "Linux" and for the version select "Other Linux"
  c) Click "Next"

3. Memory
  a) Choose the amount of memory. The default is 256MB of memory.  Depending on the what you are going to do with the virtual machine you may need more memory.
  b) Click "Next"

4. Virtual Hard Disk
  a) You'll need to create a new hard disk for this virtual image.  Don't worry! You're not going to delete the contents of your current hard drive but create a virtual disk for your new virtual machine to use.
  b) Click "Next" and the New Virtual Disk Wizard will appear.

4a. Virtual Hard Disk Wizard
  a) Click "Next" on the welcome screen.
  b) I prefer a "dynamically expanding storage" type of hard disk so it doesn't eat up all the allocated space right away (i.e. the size of the "virtual" hard disk grows as you put things on it in your virtual machine).
  c) Click "Next"
  d) Select a location to put the virtual hard disk file.  Yes, the virtual disk is just a file on your host hard drive. I used the default 8GB size.  You may want to make it bigger depending on what you are going to do with the virtual machine.
  e) Click "Next"

5. Summary
  a).  Now you ready to create the virtual machine so click "Finish" to continue.

6. Start your new virtual machine.

Inside the Virtual Machine:

1. Since this is the first time you're starting your new virtual machine.  You'll need to mount the CrunchBang ISO as the CD-ROM so you can install the OS in your new virtual machine.  Select the "live" option when the machine boots into the ISO start menu.

N.B.  Once VirtualBox takes focus of your keyboard and mouse inside of your virtual machine you might be wondering how you can defocus the keyboard and mouse so you can use programs in your host OS.  The default option to deactivate focus is to simply press the right CTRL key on your keyboard.  The deactivate shortcut key in noted in on the bottom right on the virtual machine window.

2. Right click on the desktop or press super+space (super key is the "Windows" key) to get the CrunchBang menu.  Select "Install CrunchBang".  Follow the options for timezone, language, etc.  You'll be prompted on the hard drive to install CrunchBang.  When you setup the administrator user name and password make note of what you selected as you'll need this information later.  Also, the default option (and only option) to install CrunchBang should be virtual drive you created.  After it has finished installing, be sure to reboot.

3. Press super+u to do a system update.  We'll want to be sure that the OS is up to date.  You'll be prompted for the administrator user password that you created when you installed CrunchBang.  Follow the prompts on the screen.

4.  At this point, you'll only have maximum screen resolutions of 800x600 in CrunchBang.  In order to increase this, we'll need to install the VirtualBox Guest Additions.  We'll need to install the GNU C Compiler first in order to accomplish this.
  a) Go to the CrunchBang menu (super+space) -> System -> Package Manager.  You'll be prompted for the password of the administration user and since this is the first time that the Package Manager has been run, it will take a few moments to build an index of packages.
  b) Type "gcc" (without the quotes) into the Quick Search box.  Find "The GNU C Compiler" in the list and click on the checkbox on that line.  Select "Mark for Installation".  Click "Apply" at the top of the Package Manager and follow the prompts to install the package.
  c) Quit the Package Manager.

5. Now, at the top of the virtual machine goto Devices -> Install Guest Additions...  Unless you've downloaded the Guest Additions ISO follow the prompts to have VirtualBox download the ISO for you.  At the end, mount that ISO to the virtual machine's CD-ROM.  VirtualBox should ask if you want to mount the ISO to the CD-ROM for you.

6. Back in CrunchBang, press super+f to bring up the file manager.  We need root privileges to install the Guest Additions so goto the Tools menu -> Open Current Folder as Root.  You'll be prompted again for the root password.  Then navigate to the CD-ROM/DVD-ROM Drive (you should see it listed on the left side.  Run the "VBoxLinuxAdditions-x86.run" package.  After it finishes compiling and installing the Guest Additions then reboot the virtual machine (super+space -> Exit - Reboot).

7.  Once you've rebooted, you'll probably have higher screen resolutions automatically.  However, if you want to change them just use GrandR or LXrandR (super+space -> System -> Display Settings) to change the screen resolution.

Congratulations! You have a new CrunchBang virtual machine!

Tuesday, December 29, 2009

Monday, December 28, 2009

EOL of MySQL Query Browser, MySQL Administrator, MySQL Migration Toolkit (MySQL Workbench Team Blog)


With the beta releases of MySQL Workbench 5.2 well under way, we recently announced the EOL (http://www.mysql.com/support/eol-notice.html) of the MySQL GUI Tools Bundle.



Wow, this is news to me and it looks like they have a DEB for Ubuntu. It's about time MySQL pays attention to Linux on their GUI tools. Maybe this will replace my the old DBDesigner tool (which was "bought" my MySQL to make room for the Workbench about 3 years ago). I'll blog when I get a chance to try out the Workbench. Hopefully I can say goodbye to the older MySQL tools soon!

Sunday, December 27, 2009

Tuesday, December 22, 2009

Capacity Building with Open Source - Is it a reality? (Open Tech Exchange Podcast)


Governments in many countries have to realize that fostering open source adoption is not just a means to an end, to increase ICT [information and communication technologies] use, but it is the conduit to allowing citizens the opportunity to 'adapt and thrive' in our digital world.

I'd add in corporations in the quote above as well. I've seen all to much the lack of understanding of "computing" in industry and the fear of open source as bad. I am not saying that proprietary software "must die" but over time open source tends to make certain software products a commodity. The interesting thing is there is no hard line in the sand where commodity starts and proprietary ends. It usually ends up as a unique blend sort of like blending coffee. Open source is a key element in helping third-world countries with computer literacy. If you can't afford the software, why bother buying the hardware? I definitely see the world changing for the better one Linux desktop at a time.

Monday, December 21, 2009

Mouse Settings ~ CrunchBang Linux Wiki




Users of CrunchBang 9.04.xx (Jaunty) can use lxinput.



  • First add the U-lite Neko PPA to your sources.list


  • Open a terminal and run this command to add the PGP key and update your sources.list file:




sudo apt-key adv --recv-keys --keyserver keyserver.ubuntu.com 4E7CF744 && sudo apt-get update




  • Install lxinput:






sudo apt-get install lxinput



  • Then just run lxinput and change your mouse settings.



I thought I would post this because I'll forget how to add this the next time I install CrunchBang Linux. Personally, I think CrunchBang is the most awesome distro for netbooks available so far.

Friday, December 18, 2009

URL Session Tokens Easily Compromised (12 Robots - Jason Dean Blog)


I have said on several occasions that catering to users who insist on disabling cookies is a bad idea. I have blogged a couple times on the reasons.

So why am I suddenly bringing this topic up again? Well I recently read (I cannot recall where, it was probably on the OWASP site) about a way that session tokens in URLs can be easily compromised. I am a little embarrassed that I never realized that this vulnerability existed before. It is pretty simple.




The vulnerability in this case is the web browser's behavior of sending a CGI variable called REFERER or HTTP_REFERER onto the page that the request was directed from. So if I click on a link on index.cfm that takes me to test.cfm then in the CGI scope of test.cfm will be a variable called HTTP_REFERER.




This is a great post explaining some of the mechanics of fishing and how session tokens in the URL can be very dangerous. I still don't understand the problem of cookies these days. If you use session tokens or are considering it, this excellent post by Jason Dean is worth the read.

Thursday, December 17, 2009

Complying with the GPL: How to Avoid Being Named in the Next GPL Lawsuit (OpenLogic Blogs)


Once you determine that you have GPL or LGPL code in your software, make sure you understand and follow all of the appropriate requirements.  Some of those requirements may not be readily apparent, but they can include:



  • Including source code with your product OR including an offer to get source code with your product

  • Providing the exact "corresponding source" that goes with the binaries for each product and model

  • Providing instructions on how to create binaries from the source — including scripts, information on the tools needed, and details on how to replace the standard code in your product with the modified code

  • Providing the source code in electronic AND physical media

  • Maintaining the source code for a period of time after the latest distribution of your product



Wait! Before you say GPL is restrictive (which in my opinion it's more about philosophy than restrictions), remember that *you* should know where all your third-party source code is coming from -- whether it's GPL or not. The one bullet I'd suggest adding to the list is asking the open source projects you use to keep an up-to-date list of other open source projects/code they use with their respective licenses in with their source. A lot of problems could be mitigated by coming up with an XML format that would allow the sharing of this information which could be bundled with a tool (such as an ANT task) to combine them when building sources for distribution. At Mach-II, we do keep a list of other open source projects that are bundled with the project and their licenses.

There will not be a beta for Flash Professional CS5 (Adobe Flash Platform Blog)


Disagree with this strongly. Public betas mean better quality final releases. You know that. We all know that Flash has had some quite buggy releases in the past, and that you rarely put out more than one bugfix release. Put off the profits for a few months and give your customers a chance to help you make a successful product.


I'll preface this with the fact that I'm not a Flash developer at all, but this is disturbing news to me especially since the announcement of a public beta was one of the "big" announcements at Adobe MAX 2009.  However, I totally agree with the comment that was left on the blog post.


This is saddening news for a lot of people and the blog post cites the reason as "we want to make sure that we can provide the earliest possible delivery of the final software to the large number of designers and developers." I can only fathom "earliest possible delivery" means we need sales of this product now. Adobe is a for-profit company so they do need to make sales, however the decision to not have a public beta will probably hurt the quality of the product in the long term. This is an interesting dichotomy -- Flash CS5 will have no public beta whereas Adobe ColdFusion Builder went into Beta 3 on the same day. I hope the CF team continues with their public betas which is the right step in my opinion.


Personally, I believe the sooner you can deliver alpha/beta code to customers the better the product will be. This has always proved true for Mach-II (the open source project I'm involved in). The team can shake out a lot of bugs themselves, but it's always our users that find the interesting (and sometimes frustrating) edge cases. More brains are always better than fewer.


In all reality, I hope the Flash Platform Team at Adobe does well without the beta. Only the final release will tell if people will spend big money for the product. Remember, nobody likes paying for bugs!


Wednesday, December 16, 2009

Alex Payne on Criticism, Cheerleading, and Negativity




Criticism, Cheerleading, and Negativity


There is the perception, particularly in American culture, that criticism and negativity go hand-in-hand. We understand well the idea of being in favor or something, or against something, but we don’t particularly understand how criticism fits into this dichotomy. As someone with a penchant for criticism, I’ve often found myself misjudged as “being negative” when mere complaint is furthest from my intention. I’m here to explain myself and people like me.


Criticism Is Not Negativity


The reason a person is critical of a thing is because he is passionate about that thing. In order to have a critical opinion, you have to love something enough to understand it, and then love it so much more that you want it to be better. Passion breeds critical thinking. It’s why criticism as an academic practice comes out of deep research and obsession, and why criticism as a cultural product comes from subject matter experts, often self-taught.


Negativity, in contrast, is not the product of passion. There is a certain obvious duality to loving and hating a thing, but the kind of casual negativity that people read into criticism is really a product of apathy. You can’t truly a care about a thing only to casually dismiss it with a negative remark.


“That sucks” is negativity. “That sucks, here’s why, and here’s how to fix it” is criticism, and it comes from a place of love. That’s the difference.


Nobody Wants To Cook For A Chef


Friends who are professional chefs (or even accomplished amateurs) describe a social phenomenon. When someone who is not an accomplished cook is throwing a dinner party, the chefs are only reluctantly invited. It’s assumed that a professional chef must have such high critical standards for food that they couldn’t possibly enjoy anything less than a four-star gourmet meal. In actuality, most chefs I know enjoy a simple meal just as much as flights of culinary fancy.


As my own taste in spirits and beer have matured, I’ve experienced a variation on the above. I’ll show up at a party only to have the host apologize to me for their beverage selection. Though I’ve come to be an amateur critic of good drink, this certainly doesn’t mean that I can no longer enjoy a mass-market lager or a bottom-shelf bourbon. If anything, my experience has led me to a greater appreciation of the variation between styles.


A critic can certainly reduce her criticism to “good” or “bad”, but there’s far more context and nuance at work. Someone with an informed, critical opinion is, in my experience, far less likely to be negative than someone not as informed. If anything, critical thinking adds dimension to an appreciation of the world around you.


Everyone Wants A Cheerleader


Everyone says they’re comfortable with criticism and with critics, because not being able to handle criticism is a sign of immaturity. What people really want, though, are cheerleaders. Nowhere in life is this more true than in business.


A healthy business needs passionate employees to succeed. Critics are the most passionate people you can find, but we’re conditioned to assume that critics are negative curmudgeons with nothing more than slings and arrows to contribute. So rather than seeking out critics, employers seek out cheerleaders.


Cheerleaders are, on the face of it, lovely people to have around an office. They’re just super excited to be there, even if they haven’t had the time or inclination to really think about why. They abhor any suggestion of negativity, and pave over it with empty can-dos. A cheerleader might be a good worker or he might not be. It doesn’t really matter, because the guy is just so damn nice.


This might suggest a correlation between niceness and the capacity for critical thinking. I’m not proposing that. I’ve worked with “critical” people who actually didn’t have much to contribute (that is, they were really just negative), and I’ve worked with unfailingly nice people who also are quick to chime in with well-considered suggestions and improvements.


What I am suggesting is a correlation between critical thinking and passion. There are a million variations on “you don’t really know x until you hate it”. More apt, I think, would be: “you don’t really love x until you’re critical of it”.


Cheerleaders aren’t in love with your business. They care about your business, but from an emotional distance. If you treat them wrong, they’ll disappear and find a newer, happier company to cheerlead at. Critics, conversely, won’t just weather the storm with you, they’ll show up on Monday with a plan for a better umbrella. Who do you want to work with?


Conclusion


There’s a certain irony in criticizing the nature of criticism itself, but I’ve come accept that this is how I think. Part of me wishes I was a natural cheerleader; the selective ignorance, I imagine, is bliss.


Personally, I’m inclined to get involved exclusively with things that I’m truly passionate about, and that often means levying criticism and facing the subsequent conflicts.


For all the nights of sleep I’ve lost to the critical wheels in my head turning, I wouldn’t trade them for a moment’s rest. It’s not the easiest way to approach the world, but the cycle of passion, criticism, vulnerability, conflict, and resolution is perpetually educational.





This is one of the most poignant and true blog posts I've read in 2009 because it speaks to me personally. I know there are people that I've interacted with that think I'm "negative" or being "difficult". This always sadden me because if I'm passionate about something it's a special thing -- it means I truly care about the topic or issue at hand.


Thursday, December 10, 2009

Dear Amazon MP3 - Start Offering OGG Vorbis Formats


Why are Music Downloads only available in MP3 format?

MP3 is the most widely compatible music file format and is supported by most media player applications, hand-held music devices, and some CD and DVD players. Our MP3 format also provides you with the freedom to transfer music you buy at the Amazon MP3 store to any device you'd like or copy it to a CD without restrictions of any kind.




This is an open letter to Amazon.

Please start offering music in the OGG Vorbis format. The specification is in the Public Domain and the libraries are free from licensing / patent issues. Amazon, you're ahead of everybody else by offering the Amazon Downloader for Linux. You've already cast off DRM; now have a chance to "innovate" by adding OGG to your offerings instead of just offering the license plagued MP3 format. Plus, the OGG codec out performs MP3 in quality and most recent non-iPod devices now support it such as Android, SanDisk, Samsung and iRiver (and iPod if you use Rockbox software). Make a stand and be different than Apple!

Wednesday, December 9, 2009

CentOS / Linux: Change Timezone

I'm posting this for future reference and in the hopes that it might help somebody.  This works for CentOS5 (works on 3 and 4 as well).  I assume it works on RHEL as well since CentOS is just the open source version of that.


1. Go to the time zone directory


#cd /usr/share/zoneinfo


2. Find the timezone you want (in my case I prefer to run everything in UTC)
3. Copy the timezone you want to the localtime zone for the server.  In this case, we're going to switch the server to use UTC:


#cp UTC /etc/localtime


4. Type "y" to overwrite the current timezone.
5. The imezone should be changed automatically. Check the time by running:


#date


The "#" is the character for the command line prompt. Do not type this into your terminal.

Tuesday, December 1, 2009

Getting a repeatable numerical representation of a string

I've working on some test code that would allows us to serve assets from fake asset hosts (ex. assets0.example.com) in which a virtual domain is used to point that host to a real server. This would allow us to increase the total number of requests a browser can make at a single time (most browsers are limited to 2 HTTP requests per host - a subdomain is considered a single host).  However, the problem is that we do not want to randomly change the assets host in which a file served from one request to the next.  For example, serving "/img/peter1.jpg" from asset0.example.com and then asset3.example.com the next time as this would cause the browser to re-download the image again just because the host changed.  This would be pointless and actually be more harmful to us in the end probably.

The question is how to compute which asset host to serve the file from without having to provide a whole ton of configuration.  The simple question is to convert the each character in the path to the desired asset to an ASCII numerical representation, add each character to a total number and then perform a modulus on the result.  Here is some example code (in this example we are assuming that there will be 4 assets hosts from asset0.example.com to asset3.example.com):


<cfset test = ArrayNew(1) />
<cfset test[1] = "/img/peter1.jpg" />
<cfset test[2] = "/img/peter2.jpg" />
<cfset test[3] = "/img/peter3.jpg" />
<cfset test[4] = "/img/peter4.jpg" />
<cfset test[5] = "/img/peter5.jpg" />
<cfset test[6] = "/img/matt1.jpg" />
<cfset test[7] = "/img/matt2.jpg" />
<cfset test[8] = "/img/matt3.jpg" />
<cfset test[9] = "/img/matt4.jpg" />
<cfset test[10] = "/img/matt5.jpg" />

<cffunction name="totalAsc" access="public" returntype="numeric" output="false">
<cfargument name="str" type="string" required="true">

<cfset var result = 0 />
<cfset var arr = arguments.str.toCharArray() />

<cfloop from="1" to="#ArrayLen(arr)#" index="i">
<cfset result = result + Asc(arr[i]) />
</cfloop>

<cfreturn result />
</cffunction>

<cfoutput>

<cfloop from="1" to="#arraylen(test)#" index="i">
<cfset value = test[i] />
<p>FILENAME: #test[i]# = TOTAL ASC VALUE: #totalAsc(value)# | MOD: #totalAsc(value) MOD 4#</p>
</cfloop>

</cfoutput>

Running this code results in this output:





FILENAME: /img/peter1.jpg = TOTAL ASC VALUE: 1371 | MOD: 3

FILENAME: /img/peter2.jpg = TOTAL ASC VALUE: 1372 | MOD: 0

FILENAME: /img/peter3.jpg = TOTAL ASC VALUE: 1373 | MOD: 1

FILENAME: /img/peter4.jpg = TOTAL ASC VALUE: 1374 | MOD: 2

FILENAME: /img/peter5.jpg = TOTAL ASC VALUE: 1375 | MOD: 3

FILENAME: /img/matt1.jpg = TOTAL ASC VALUE: 1265 | MOD: 1

FILENAME: /img/matt2.jpg = TOTAL ASC VALUE: 1266 | MOD: 2

FILENAME: /img/matt3.jpg = TOTAL ASC VALUE: 1267 | MOD: 3

FILENAME: /img/matt4.jpg = TOTAL ASC VALUE: 1268 | MOD: 0

FILENAME: /img/matt5.jpg = TOTAL ASC VALUE: 1269 | MOD: 1




As you can see, the modulus will always be the same for each asset path (unless the case of the asset path differs) and we can use the result of the modulus to always serve "/img/peter1.jpg" from asset3.example.com. No more randomness!  Pretty cool math trick, huh?

Sunday, November 29, 2009

Mach-II 1.8 Release Candidate Available


Team Mach-II (which is now six people strong!) is pleased to announce the immediate availability of Mach-II 1.8 RC1. Download Mach-II 1.8 RC1 now.



Mach-II 1.8 introduces numerous new features and also sets the stage for us to move forward to 1.9 code named "Integrity" and the big 2.0 release code named "Velocity".



New features and enhancements include:




In addition to these "marquee" features, Mach-II 1.8 includes a ton of smaller improvements that will make building Mach-II applications even faster and easier than before, so make sure and check out the "What's New in Mach-II 1.8" page on the wiki for all the details.



And there's the usual round of bug fixes and performance improvements of course. You can see the details in the CHANGELOG, but we do want to point out some highlights:


We can't thank our community enough for all the fantastic feedback and assistance they offer on the development of Mach-II. From questions on aspects of the framework that aren't as clear as they should be, to bug reports, to feature requests, to testing on real-world Mach-II applications, this is all vital to the continued progress and success of Mach-II. We couldn't do what we do without the active participation of our vibrant, smart community.



I'm so excited because we're starting a whole new development cycle for Mach-II. Mach-II Simplicity (1.8) has been development for an entire year now and having a new features is going to be a lot of fun. We're moving to a milestone type releases so look for new features soon in Mach-II 1.9 code named "Integrity".

Wednesday, November 25, 2009

A bit of levity - Muppets: Bohemian Rhapsody

Because everybody needs a bit of levity in their day.  Without a good laugh, it is easy to make every little thing seem like life or death.  Enjoy a brand new Muppets!

[youtube http://www.youtube.com/watch?v=tgbNymZ7vqY?wmode=transparent]

P.s. I didn't expect the chickens or the penguins.

Tuesday, November 24, 2009

Slow Custom Domain on GAE

I recently deployed an application to Google App Engine (GAE). Accessing the application via the appspot.com subdomain was fast however the custom domain consistently was slower (sometimes 5 seconds versus 200ms). I believe the issue is that custom domain was set up on the same day and that the DNS has not propagated through the internet completely. This leads to some crazy routing to Google's network.

I'll wait a while longer because I ask the Google App Engine group (not much else other than this explanation is mentioned in the searches I've done). I'm going to reboot my local wireless/wired routers.

SES URLs on OpenBD GAE

I've been working on a brochure style site for a friend this week.  The budget is nothing and I'm doing this as a favor for my friend so it's my time. Instead of doing the same old, I decided that I should try something new and learn since I'm donating my time.  I hope to be posting more about using Google App Engine (GAE) as free hosting for CFML applications.  GAE is cloud computing and it does turn the usual concept of building applications on its head.  Since GAE's daily http request limit for the free account is 1.3M requests, I don't foresee any issues with overing over our quotas.


The application I'm building is using Mach-II Simplicity (1.8) and is running on Open BlueDragon (GAE Edition).  My friend wanted to use SES URLs so I investigated to see if the SES URL filter that is usually bundled with Open BlueDragon was commented out in the web.xml file.  It was not even present in the file (whereas in the normal OpenBD edition it is commented out) so I was a little nervious this wasn't going to be possible.  Instead of wasting time researching, I used GAE's nifty one click (ok, it's two clicks and your Google account password) deployment option to just try by testing it.  Here is the snippet I added in my web.xml right at the top after the <web-app ...> node:





<filter>
    <filter-name>SearchEngineFriendlyURLFilter</filter-name>
    <display-name>SearchEngineFriendlyURLFilter</display-name>
    <description>SearchEngineFriendlyURLFilter</description>
    <filter-class>com.newatlanta.filters.SearchEngineFriendlyURLFilter</filter-class>
    <init-param>
        <param-name>extensions</param-name>
        <param-value>cfm,cfml</param-value>
    </init-param>
</filter>
<filter-mapping>
    <filter-name>SearchEngineFriendlyURLFilter</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>



Bam! I deployed it to the cloud and it worked.  SES URLs on OpenBD GAE is a go!  Thought I would share it with the world.

Wednesday, November 18, 2009

How to Apply the Apache 2.0 License to Your Project

Every once is a while I get asked the questions about open source licenses.  Here is a simple tutorial on how to apply the Apache 2.0 License to your project.

1. First you'll need a copy of the Apache 2.0 License for your project. Grab a copy by downloading in text form from the Apache Software Foundation.
2. Now, you need to modify a notice statement so you can add them to your files. We'll get to where you put the notice statement in step 3 so just hold your horses for a moment. Here is boilerplate notice which you will modify for your project:

   Copyright [yyyy] [name of copyright owner]

Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
   limitations under the License.


Some things you must do:

a) Replace all [bracketed] items in the above notice statement. There are only two of these items so should not be hard for you to do.
b) Do not leave the brackets in the notice. For example, "[yyyy]" would be replaced with "2009" (or what ever year you release in). Again, do not leave the brackets in the notice statement.

3. Apply the your notice statement to each and every file in which the Apache License applies. The most common mistake when applying the license that people think that supplying the license text is enough to make your the project licensed under the Apache License.  Again, you must place a copy of the notice statement (probably at the top) in the appropriate "comment syntax" for the file format.

4. Secondly, you need two files in the root or top directory of your distribution.  It's best to not deeply nest them in a some directory deep in your project.  Leave them in the root or top directory. One file should be named LICENSE (no file extension) in which you will place the text from the license you just downloaded in step 1. The other file that is required is a file named NOTICE in which you place a copy of your notice statement you modified above and a listing of the names of licensed libraries used in your project (be sure to list the names of the developers of those projects as well -- show your appreciation).

5. If use other code in your project that is licensed under a different license, I must make sure those libraries are compatible with the Apache 2.0 License.  For example, GPL version 2.0 is not compatible with the Apache 2.0 license. Also, you must leave any original copyright and patent notices in the code you redistribute.  It is important that you preserve this notifications and you must explicitly sate if you made changes to that file.

Presto! You're done!  The depending on the size of the project, adding the notice statement to each file will take you the most time.  I'd recommend against using a SVN keyword or other placeholder to dynamically insert the notice statement at build time because your notice would not be present when browsing code through a source code repository (such as SVN or CVS).

Internet Explorer 9 Wish List



According to Neowin's Tom Warren and Cnet News's Ina Fried, Microsoft will have something -- maybe just a little something, but something -- to say about its plans for Internet Explorer 9 at its Professional Developers' Conference in Los Angeles today. The company often briefs tech reporters in advance about major announcements, but it hasn't told me a darn thing about IE9. So I'm just as curious as anyone else to know what the upgrade is going to involve.


And for the next few hours, at least, I'm free to ponder the features that would get me excited about a new browser from Microsoft . . .




It's not like I'm terribly excited for IE9 to come out, because in corporate environments we have to support IE6, IE7, IE8 and IE9. I hope IE6 dies a quick death. However, the author of the post above does cite some items that would make -- at least for me -- IE9 less of bother as technologist (although it gives me no excitement in the end).


However I found one statement from a comment by user "obviocapitao" to be interesting:



The problem for Microsoft is that the world changed, and didn't wait for them.



I can't help but think there is a little bit of truth in that applied to the CFML world due to the introduction of the open source CFML engines. When the world changes, so do all of the rules which means the status quo no longer applies.


I'm all for heads down, get it done and live in your own world. However, every once in a while it's important to look up, break the surface of the water and grab a breath to reorient yourself. Software development of projects used by many and not just yourself is a tricky business of balance. I just think how the world looks to Microsoft and how the world looks to me are completely different.


Sunday, November 15, 2009

CFML Documentation core to Open BlueDragon


The journey has started. Let me present the official resource for CFML documentation for Open BlueDragon:



OpenBD CFML Documentation



Key features:



  • JavaDoc like interface

  • Produced from the raw Java code; no external XML/wiki/sites to keep in sync

  • Hot links to any particular function (CreateDateTime)

  • See other functions/tags that fall in that category

  • Quickly discover which parameters/attributes are optional

  • Real look-ahead search

  • See all functions/tags with their parameters/attributes

  • Hot links to the OpenBD WIKI

  • User contributed comments (Moderated)



We haven't finished annotating all the functions/methods yet, but even without that, you will find this an incredibly useful resource. I have even rediscovered functions I had completely forgotton existed!



In addition, the CFML app we developed for this, is already being bundled in the nightly build in the web-app folder. So you can even run your own internal documentation, complete with your own private notes.



We are annotating functions and tags as and when we get time, and already 80% of all the functions have been completed. For me, this is 10 years too late, for that I apologise. But we are here now. Never again will the documentation not match the implementation.




This is great -- not that it's just available via the web, but it comes bundled with the engine so it is available locally. Sometimes it's hard to get documentation on something if you're not currently tethered to the internet at the moment.

I've always thought it was strange that documentation in the CFML engine world is an "after" process. This approach is prone to error either from exemption (forgotten notes) or too much time elapsed. Unless you're a code maverick and dig around the CFML engine source code, documentation is the only way for people to understand new features and actually use them. Only after they are used do people find ways to improve them.

I hope to blog more in the future about open source, licensing and the world of CFML open source which I believe is currently in a positive flux. So check back often or subscribe to my RSS feed.

Saturday, November 14, 2009

FuseNG and therefore Fusebox by default are dead...


A few months back I tweeted that anyone can build a framework in CF; what we need is more good software out there. Given the choice between maintaining a framework and listening to the nagging whining community or developing an open source application and listening to nagging and whining community I'll take the application. My heart is just not in FuseNG, or any other framework, and I can't hold onto the framework to make people happy or ensure it has a support person. That's just not what I want to do.

For those that thought it would never get off the ground congratulation you were right! To those that had new hope for the future of Fusebox, sorry FuseNG will not be it for you. You see over the past year my career has change drastically. I do not officially work on ColdFusion at work any longer and I never find myself in the situation where I am using Fusebox. I can not continue to develop a framework I don't use, it will stagnate. I hope someone else in Kroger will step up and take on Fusebox or revive the FuseNG fork, but that is up to the other individuals that originally looked to me for leadership of FuseNG. As much as I am sure some of you would like to leave feedback or comments I'd rather not open the potential for flames so comments are off. If you really must share your opinion feel free to email me.




FuseNG is dead and Adam was the one that said it. I totally get where Adam is coming from. If your heart is not in it then it is not something to not pursue. Our lives are short. Best of luck to you, Adam, with your new management career.

I truly believe that FuseNG was the only hope for Fusebox as I do not see much involvement from the current maintainers of Fusebox. Maybe somebody will swoop in and save FuseNG, but that would require a long term framework vision and big time commitment. Only time would tell...

I totally agree with Adam that the CFML world is missing really powerful, enterprise level, commodity applications that extremely mature and polished. I think the downfall as a community as a whole is we think about building new tools, but not full-blown open source applications. Sadly, other development languages like PHP are littered with big name applications that make it into the headlines. They have a huge head start on us (we're talking many years) in the terms of maturity and polish.

One thing we are not missing in the CFML world is a selection of frameworks. So jump on in; the water is warm! Just one word of advice, do not use this as an excuse to build yet another framework in CFML. You're just re-inventing the wheel with different paint or materials. Your time would be better spent (yours and everyone else that benefits from your time) by becoming involved with an open source framework / application by adding to the spit and polish of that chosen project. Think about the CFML community as a whole instead of scratching that "I think I can do it better in my own way" kind of itch.

Please no flames... (and yes, I think I can now be crowned the "X is dead..." king for those who have been around for long enough).

Thursday, November 12, 2009

We should start worrying about Y2K38 now


The Linux kernel always stores and calculates time as the number of
seconds since midnight of the 1st of January 1970 UTC regardless of
whether your hardware clock is stored as UTC or not. Conversions to
your local time are done at run-time. One neat thing about this is
that if someone is using your computer from a different timezone, they
can set the TZ environment variable and all dates and times will
appear correct for their timezone.



If the number of seconds since the 1st of January 1970 UTC is
stored as an signed 32-bit integer (as it is on your Linux/Intel
system), your clock will stop working sometime on the year 2038.
Linux has no inherent Y2K problem, but it does have a year 2038
problem. Hopefully we'll all be running Linux on 64-bit systems by
then. 64-bit integers will keep our clocks running quite well until
aproximately the year 292271-million.


Remember Y2K almost 10 years ago? It didn't make too big of a splash because of the media hype - at least me - encouraged companies to make sure things just worked. I like to think of that as the "odd man out" syndrome since no company wanted to consistently be cited as the example of the "big Y2K failure."

Well, we have another computer time death march coming up in 28 years in 2038. I really do hope that we're all running 64-bit operating systems by then, but considering big business it still running 1970s mainframes... I really do wonder. So let's start today by encouraging or in my case demanding 64-bit support of software and operating systems.

Wednesday, November 11, 2009

Prototype JS - Sleep Function

Every once in a while, you need to simulate network latency in an
application when you are doing AJAX. It's a hard thing to test unless
you actually are talking to a remote server. Yes, you could do it with
a proxy server and it's something I've done, but it's cumbersome at
best.

Here's a simple sleep() function written in prototype:


sleep: function(milliseconds) {
var start = new Date().getTime();

for (var i = 0; i < 1e7; i++) {
if ((new Date().getTime() - start) > milliseconds) {
break;
}
}
}

Basically, we are exploiting the ability to get the current system time
in milliseconds and comparing the current time in the loop against the
time in milliseconds when we started to get a difference. This function
is not appropriate if you want an action to occur is X number of
milliseconds because this function delays execution of code due to the
loop. Use a setInterval() or setTimeout() function that is part of
Javascript to "schedule" when a method should be executed.

Tuesday, November 10, 2009

Prototype JS - Tab to next text element on enter

I'm no Prototype JS wizard but I thought I'd post this little tidbit on my blog since it stumped me for a while.


I needed to "tab" to the end field in a form when a person pressed enter in a text field. The problem was that I didn't want to manually set this up on each page and I didn't know the id of the form since it varied.  This is what I came up with:





$(document.forms[0]).getInputs('text').each(function(input) {
    input.observe('keypress', function(e) {
            if (e.keyCode==13) {
                var inputs = $(document.forms[0]).getInputs('text');
                var idx = inputs.indexOf(this);
               
                if (idx == inputs.length - 1) {
                    inputs[0].select()
                } else {
                    inputs[idx + 1].focus(); // handles submit buttons
                    inputs[idx + 1].select();
                }
                return false;             
            }
        }
    );
});



Essentially this is what is going on:



  1. Get all the "text" type form elements in the first form. We're using the DOM with some prototype goodness by using the $() selector.

  2. For each text input, interate over it with the each() function. On each iteration, the text element is called "input".

  3. Attach an "keypress" observer to each input and a callback function to call when a keypress ocurrs.

  4. Now in the main callback, we're looking for an "enter" (which is key code 13).

  5. We get all the form elements again and stash them into the variable named "inputs".

  6. We need to figure out the next text element in the array, so we find the index of the text element in which this event was observed using indexOf(...).

  7. Some magic goes on here so that if we're the at the last element, we loop back to the first form element.


Voila! There it is and I hope this helps somebody figure out what is going on.  Feel free to rip this code apart and tell me how to make it leaner and meaner.

Open BlueDragon - Array Functions Added



We've just added a bunch of new array functions, some bringing compatibility with other engines and others suggested by Peter through discussions on the issue tracker.


  - ArrayFirst()
  - ArrayLast()
  - ArrayFind()
  - ArrayFindNoCase()
  - ArrayContains()
  - ArrayContainsNoCase()
  - ArrayGet()


and recall the OpenBD function that was always there


  - ArrayTrim()


All to be found in the nightly build.




This is where the miracles of open source shows. What Alan did not mention is that the ticket I mentioned some of these items on was only from a day ago. Now Open BlueDragon has an array function group that matches the available function group for structs. These little things are what makes a language a joy to work with. I like to call this the spit and polish functionality. Most open source CFML projects never get to this stage so kudos to the Open BlueDragon team for listening and more importantly being proactive on user suggestions.


Monday, November 9, 2009

How to publish code samples to Posterous?



I've just popped an early version of it live for you to try out. All you have to do is surround your code block with the following tags:



[code] 
your code here
[/code]



Additionally, if you want to get fancy, you can specify a language with the following syntax:

 [code lang='java']
public static boolean isAwesome = true;
[/code]




The available list of languages is: 'cpp', 'c', 'c++', 'c#', 'c-sharp', 'csharp', 'css', 'delphi', 'pascal', 'java', 'js', 'jscript', 'javascript', 'php', 'py', 'python', 'ruby', 'rails', 'ror', 'sql', 'vb', 'vb.net', 'xml', 'xhtml', 'xslt', 'html', 'xhtml'


Current known issues: HTML formatting might be a little spotty at the moment. Will be fixing asap. I also see some intermittent errors where the code isn't getting properly recognized.


Please report any bugs to me at garry@posterous.com. Thanks for all the support and ideas. Please do keep the feature ideas coming -- the best way to reach us is to email help@posterous.com, but voting up to the top of Hacker News works too. ;-)



-----




It took a Google search to find out, but man that is slick. Let's see if CFML works:



<cfset pleaseWork = "I work!" />


Using ANT to replace tokens

Just thought I would post this little snippet from an ANT build file.  I wanted to literally copy code into a file during the build instead of using a <cfinclude> in my code. This eeked out a 2-3% faster performance.  Basically the <loadfile> loads the contains of the file into a property and then I use the <replace> task to look for a token and replace it with the value from the property.  Hope this helps somebody else.





<echo message="Converting custom tag library includes to inline."/>
<loadfile srcfile="${dest}/MachII/customtags/baseTagBuilder.cfm" property="include.baseTagBuilder" />
<replace dir="${dest}/MachII/customtags/"
    includes="**/*.cfm"
    value="${include.baseTagBuilder}">
    <replacetoken><![CDATA[<cfinclude template="/MachII/customtags/baseTagBuilder.cfm" />]]></replacetoken>
</replace>
<loadfile srcfile="${dest}/MachII/customtags/form/helper/formTagBuilder.cfm" property="include.formTagBuilder" />
<replace dir="${dest}/MachII/customtags/"
    includes="**/*.cfm"
    value="${include.formTagBuilder}">
    <replacetoken><![CDATA[<cfinclude template="/MachII/customtags/form/helper/formTagBuilder.cfm" />]]></replacetoken>
</replace>
<loadfile srcfile="${dest}/MachII/customtags/view/helper/viewTagBuilder.cfm" property="include.viewTagBuilder" />
<replace dir="${dest}/MachII/customtags/"
    includes="**/*.cfm"
    value="${include.viewTagBuilder}">
    <replacetoken><![CDATA[<cfinclude template="/MachII/customtags/view/helper/viewTagBuilder.cfm" />]]></replacetoken>
</replace>


Protecting your CFML apps with CFTHROTTLE


You may have heard about the recent high profile attacks on celebrity accounts on Twitter, where by a young (enterprising?) chap simply pointed a brute force password dictionary attack to their login process. Twitter had no throttling process here to stop this from happening.



How can you protect your own CFML applications from such an easy attack?



BlueDragon introduced the CFTHROTTLE tag a number of years ago and naturally is available now in the core distribution of OpenBD. CFTHROTTLE was designed to stop repeated requests coming from a single source consuming too many resources. Developed for Blog-City.com and modelled on the (at the time) well known Apache mod_throttle module.




Huh? How did I miss this (from last January)? I definitely going to check this out for an application I have on Open BlueDragon. I'll probably do this as a Mach-II filter as we've had some problems in the past with *bad* bots hitting the login page with bad credentials.

Sunday, November 8, 2009

Watch YouTube Videos Without Flash in HTML5 — The NeoSmart Files


Running on Mac or Linux and tired of Adobe Flash eating up all your CPU cycles while you're watching YouTube? Buggy plugins that crash your browser and freeze your PC? Proprietary formats that get in the way? Want to embrace HTML5 and the future? Well, now you can... one YouTube video at a time.


We've written an HTML 5 Video Viewer for YouTube, and you can use it to browse YouTube in true 21st Century HTML5 quality. And it's super-simple to use.


Flash has been the bane of online websurfers ever since the 90s, especially on platforms where Adobe doesn't bother to go the extra mile to ensure that their proprietary, binary implementations are stable and efficient. On Linux and Mac OS X, the flash implementation takes up over half the available CPU and at high-resolutions stuttering occurs. HTML5 poses the answer providing a way for browsers to use the native implementations to render videos directly in the browser without resorting to ActiveX and 3rd-party browser plugins... it just has yet to be embraced.




All I have to say is it's about time. Flash on my Linux based netbook is slow because Adobe has not spent the time optimizing there player and the GNU Gnash player is not really really for prime time since it is really only compatibility to Flash 7.

Saturday, November 7, 2009

Interoperability Happens - The Vietnam of Computer Science


Two years ago, at Microsoft's TechEd in San Diego, I was involved in a conversation at an after-conference event with Harry Pierson and Clemens Vasters, and as is typical when the three of us get together, architectural topics were at the forefront of our discussions. An crowd gathered around us, and it turned into an impromptu birds-of-a-feather session. The subject of object/relational mapping technologies came up, and it was there and then that I first coined the phrase, "Object/relational mapping is the Vietnam of Computer Science". In the intervening time, I've received numerous requests to flesh out the discussion behind that statement, and given Microsoft's recent announcement regarding "entity support" in ADO.NET 3.0 and the acceptance of the Java Persistence API as a replacement for both EJB Entity Beans and JDO, it seemed time to do exactly that.

This is one of the best articles on the ORM in which the whole thing is compared to the Vietnam War. Above is the just short teaser. Grab a cup of coffee and enjoy the read. And for those that get through the whole thing, I guess I fall into category #3 - "Manual Mapping." Remember, in war -- there is nothing glamorous about it.

SourceForge Acquires Ohloh


Today SourceForge has acquired Ohloh. We at Ohloh are pretty awed and excited at the opportunity (and challenges) ahead. I plan on blogging more deeply over the next few weeks but I wanted to give you some background on why this makes sense.



Most developers know that SourceForge is primarily a 'forge' (duh!) - providing open source developers free tools and services to help them succeed. However, for many less-tech savvy people, SourceForge is actually thought of as an open source directory. As a result, SourceForge has found itself in the middle of a lot of software-related activity, from downloading to source code management (and almost everything in between).




Ok, it didn't happen today, but I'm a bit ashamed I missed this announcement from May 2009. I like ohloah (please at CFML code to your reader system BTW) and we use at Mach-II. I'm sure this is a good thing for the guys at ohloh and SourceForge.

Friday, November 6, 2009

Why Open Source Misses the Point of Free Software


When we call software “free,” we mean that it respects
the users' essential freedoms:
the freedom to run it, to study and change it, and to redistribute
copies with or without changes. This is a matter of freedom, not
price, so think of “free speech,” not “free
beer.”



These freedoms are vitally important. They are essential, not just
for the individual users' sake, but for society as a whole because they promote social
solidarity—that is, sharing and cooperation. They become even
more important as our culture and life activities are increasingly digitized.
In a world of digital sounds, images, and words, free
software becomes increasingly essential for freedom in general.




A somewhat older article (2007) by Richard Stallman, but very relevant today. There is a big difference between open source and free software. Open source is a development methodology while free software is a social movement and "ethical imperative." I like that Stallman indicates that open source is a philosophy on "how to make software 'better' - in a practical sense only."

Thursday, November 5, 2009

How To Apply GPL v3.0 and Optionally the Classpath Exception License to Your Project

Recently, an open-source project (Mach-II Framework for CFML) I am involved with decided to change the license we use from Apache 2.0 to GPL v3.0 with Classpath Exception.  The team had many discussions on what we should change, but the the main reasons for changing to the GPLv3 License with Classpath Exception is because it allowed us to:



  • Ensure that changes made to Mach-II are contributed back to the project. We hope this will help foster and grow the community around the Mach-II project, which will benefit all Mach-II users.

  • Allow us to leverage additional existing open source libraries when needed. The GPL license and its variants are the most predominant licenses used in open source projects. With an Apache 2.0 License, Mach-II is not able to take advantage of any existing GPL code. With the GPL License, Mach-II will be able to leverage open source code released under practically any license.

  • Reduce the potential for forks and derivative projects. The development of Mach-II has required more than nine man years and nearly $700,000 of effort (based on COCOMO) to date. We want to protect that investment for the benefit of the project and our users.


Mach-II itself is not a standalone application.  It allows you to build applications on top of it and so there was a problem with switching to straight GPL because the license would stop people / companies from selling or distributing a proprietary product built on top of Mach-II.  This was a deal breaker for us and that is why we decided to use the Classpath Exception modifier available. The GPL v3.0 License is itself a copyleft license, but due to the Classpath Exception included in the new Mach-II license, all of our users are free to use unmodified versions of Mach-II in any project, whether it be open source or closed source, free or commercial.

After much internal discussion and a public call for comments, we decided all was well to proceed and apply the license to the new version of the project that will be releasing soon.  However how to do it?  I must admit that the Apache 2.0 license instructions are a bit easier to understand due to the use of bullet points instead of prose as the GPL uses.  Also, there is very little information on how the Classpath Exception modifier should be applied to the code. I had to look at the GNU Classpath project source code to see how they did it.

Things You'll Need



How to Apply GPL

1. You should bundle a copy of the GPL v3.0 your source code and executables if your application is also distributed as an executable. You should put an unmodified copy of the GPL in a file named COPYING in the root of your project.  This file should be all capitals and easy to find.  Do not nest in sub-directories.

2. Apply the notice to all source files.  This is important as bits of your project may float around the internet or an user may look at a source file but not look at the root of your project for a license.  The notice should be placed at the top of all your source text files (you may have to enclose it in some sort of comments depending on the language being used).  As in our case with Mach-II, we replaced the Apache 2.0 notice information in our source files with the GPL.  You may or may not have to do this depending on whether or not your project has been licensed under another license before.  As an aside, it would be impossible to apply this to binary files (such as images) since those files are not human readable.

The notice should contain the name of the project, copyright and copyright year(s).  Below is a template that you would need to change.  Just look for the < > placeholders:




<one line to give the program's name and a brief idea of what it does.>Copyright (C) <year(s)> <name of author or company>This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see <http://www.gnu.org/licenses/>.




3a. Now if you are using a Classpath Exception, you need to put that exception with the notice declaration.  For example, it would look something like this (notice the additional special exception information at the bottom of the notice):




<one line to give the program's name and a brief idea of what it does.> Copyright (C) <year(s)> <name of author or company> This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see <http://www.gnu.org/licenses/>. Linking this library statically or dynamically with other modules is making a combined work based on this library. Thus, the terms and conditions of the GNU General Public License cover the whole combination. As a special exception, the copyright holders of this library give you permission to link this library with independent modules to produce an executable, regardless of the license terms of these independent modules, and to copy and distribute the resulting executable under terms of your choice, provided that you also meet, for each linked independent module, the terms and conditions of the license of that module. An independent module is a module which is not derived from or based on this library. If you modify this library, you may extend this exception to your version of the library, but you are not obligated to do so. If you do not wish to do so, delete this exception statement from your version.




3b. If you are using the Classpath Exception, you also need to put the exception in a file at the root of your project in a file called LICENSE. This file name should be all capitals with no file name extension.  In this file, you need to put in the exception with some other information (replace the < > placeholders where applicable):




The software in this package is distributed under the GNU General Public License (with a special exception described below).




A copy of GNU General Public License (GPL) is included in this distribution, in the file COPYING.  If you do not have the source code, it is available at:     <http://www.example.com>   Linking this library statically or dynamically with other modules is making a combined work based on this library.  Thus, the terms and conditions of the GNU General Public License cover the whole combination.As a special exception, the copyright holders of this library give you permission to link this library with independent modules to produce an executable, regardless of the license terms of these independent modules, and to copy and distribute the resulting executable under terms of your choice, provided that you also meet, for each linked independent module, the terms and conditions of the license of that module.  An independent module is a module which is not derived from or based on this library.  If you modify this library, you may extend this exception to your version of the library, but you are not obligated to do so.  If you do not wish to do so, delete this exception statement from your version.<name of project> also contains other (example) code distributed under other terms.  External libraries included with <name of project> may also be distributed under different licensing terms. The location and the exact terms of this other code is mentioned below if applicable.<list of other bundled code and location in distribution package here>




If you bundle other software with your code, such as build tool jars for ANT like we do, you will need to list those projects with their license name and the location within your project distribution.

4. This is purely optional, but you might consider writing FAQs in plain English about what rights an user has in the terms of GPL.  We did this because only few of us (myself not included) are geek enough to really understand the minutia of a license.  For an example, see the Mach-II License FAQs as an example.

5. Let everybody know by blogging, tweeting and talking to people that you decided to move to GPL.  You may want to reiterate their rights and why you decided to change which is a good reason to produce FAQs on the subject.

Personally, I find that the GPL is a more moral license than Apache because it protects the rights of everybody that contributes to a project.  Apache allows proprietary derivatives to be made and therefore somebody else may end up making a profit off the efforts of open source developers.  The classpath exception was important to us to because the GPL protected all the great people that contribute to Mach-II and allowed Mach-II to be distributed with close-sourced applications, but disallowed proprietary forks of the project. Plus, we can now leverage all the cool GPL code available.

6. Voila! You are done and it really is that easy.  Now, go off an woot in the glory of the GPL. It's time to celebrate, but before you do -- there are a few things you should:

Be aware of...



  • In our case, our project was released as Apache 2.0 (and 1.0 even farther back) and we just switched to GPL v3.0 with Classpath Exception.  Be aware at the GPL cannot be backdated to previous version and that previous licenses will still apply to legacy releases of your project.  The license you released under for a particular version cannot be revoked.

  • Do not just change to GPL or GPL with Classpath Exception just because Team Mach-II liked it and because we felt that open source licenses have evolved to a point where we felt it was beneficial for us to switch.  Weigh all the options carefully and involve your open source community especially if you are switching licenses after having at least one release.

  • I feel it is best to choose a common / standard license such as Apache, GPL, LGPL, etc. instead of writing your own license.  There are two reasons why this is good to choose a "commodity open source license": 1) Most companies have an approved list of licenses and therefore it may be easier for a company to use your project if they do not have to deal with the legal department. If you make it hard to start using your project, somebody might just choose a different product because it is easier. 2) A lot of the commodity licenses have had some legal attention paid to them - either in the courts or out of court deals.  Choosing a standard license gives you some prior case law in case you need to enforce your rights as a project on a license violator.


I hope this "how to" has been beneficial to you. Feel free to comment below with questions or comments.

Monday, November 2, 2009

Ubuntu 9.10 Upgrade - The Best Upgrade Experience

Last night, I upgraded my main development machine from Ubuntu 9.04 to 9.10.  Wow!  What a great experience and I'm not being facetious here.  Anybody who's ever done an upgrade on any operating system knows that upgrades tend to be a bit nail biting. I recall my first service pack 1 upgrade for Windows XP system.  Ouch!

So upgrading my Ubuntu installation was simply as easy as click upgrade and entering my system privilege password.  It took about an hour, but admittedly about 45 minutes of it downloading about 1500 packages over my slow internet connection.  The other option was to get a torrent file and that would have taken about 15 minutes to install, but I was being lazy and didn't want to fire up BitTorrent.  When it finished and it prompted me to restart my machine.  Voila! I was done -- Gossip Girl episode uninterrupted.

I was surprised by the faster boot time and barely got to see the new start up screen.  A bunch of security related changes were made including changes to how applications like CUPS are jailed via AppArmour.  However, the most interesting bundled change is the ability to encrypt your home directory:

During installation, Ubuntu 9.10 now offers the option of setting up an encrypted home directory. The technology required for this – eCryptfs, a stackable, encrypted file system that is placed on top of the home directory – has been part of Ubuntu for some time. However, the users of the distribution's desktop version previously had to set it up themselves on the command line; now, a simple mouse click during installation is all that is required
(via h-online.com)

Since I upgraded, I didn't get the option to turn on eCryptfs so I'm going to be looking to turn that on soon.  If my laptop was ever stolen, I'd like to have the peace of mind that my electronic bills and personal documents are not so easily accessed.

I haven't had the time to check out UbuntuOne which looks really cool akin to DropBox.  Looks like my LaunchPad account will be used for more than just filing tickets on Gwibber:

Ubuntu One is a new Canonical service for all Ubuntu users: It offers 2GB of free internet storage which can be used for tasks like synchronising data across multiple Ubuntu installations, making files available to other users, or simply backing up information. To take advantage of Ubuntu One, users need a Launchpad account – those who don't have one already can set up an account when first accessing Ubuntu One (under Applications/Internet in the start menu).
(via h-online.com)

So far I'm having a great Karmic Koala experience.  Now, have you thought about trying Ubuntu?  Try out a LiveCD version first to get a feel before replacing your jailed proprietary operating system with sweet satisfaction of freedom.

Not Surprised - Apple Blocks OSX on Intel Atom

In the current developer build of 10.6.2, Apple appears to have changed around a lot of CPU related information. One of the effects of this is Apple killing off Intel’s Atom chip.
(via Wired.com)

Not at all surprised that Apple is again moving to exclude people from using OSX on non-Apple approved hardware.  Looks like the franken-macintosh netbook hackers have lost on this round.

I am an open-source zealot admittedly.  I just don't get why any informed user would buy into Apple although it did take me years to get off Windows.  Unless you go open with great options like Ubuntu or CentOS, you're just buying into the next Microsoft.

Monday, October 26, 2009

Baking Bread -- A Development Process


So is the "build it bigger faster" theory a sound long term design plan for open source software? Do more and more options to accomplish essentially the same task make a better piece of sofware?  The answer to both questions in my opinion is a resounding no.  The "faster is better" theory does not work either unless you have great software architecture in place.  Implementing new features without pause or forethought is dangerous at best and a possibily a harzard to your health if things go hopelessly wrong.  This type of development is an easy to get into because it is any easy way to please users quickly and some people have dubbed this "cowboy coding".  However, it leads to poor architectural choice down the road and literally can paint you into a corner.  While it is not a hard or fast rule, projects that frequently publish "upgrade guides" when new versions are released indicate the use of the  "build it bigger faster" theory.  Upgrade guides are usually written to help users "fix" their code because the sofware project  made poor architectural choices that require revisions later on in order to make up for shortcomings.



(via http://www.mach-ii.com/index.cfm/go/blog:showEntry/entryId/8C7B1B44-D975-986B...)


I originally wrote this for the Mach-II blog, but I thought I should repost a link to this on my new Posterous.  I've been thinking about how long something should "bake" before it should be allowed to into the world.  There is a lot of open source software out there just doesn't get the refinements to it that make working with it a pleasure.  Instead of thinking of this like something you can stick into the oven for a few more minutes, I like to think of good software development like the process of baking a good loaf of bread.  Here are few items / processes for baking a nice loaf of bread and the corresponding software development part:

Premium Ingredients
Well, if you're going to bake a killer loaf of organic pumpernickel bread -- you should start with the best ingredients right?  Situations in software development where you need to turn lead into gold will never turn out.  The old phrase of garbage in equals garbage out applies here.  Let's start with nice stoned milled organic grains and filtered water for our bread.  In the terms of software development, the analogous part would be thorough research, a good strategy and an architecture plan (meaning you understand the needs of what needs to be accomplished).  Just because you have the perfect recipe and all the right ingredients doesn't mean it's going to turn out.  This leads us to...

The "Right" Tools
I don't know if you noticed, but I didn't lump in developer knowledge or skills in the last point.  You cannot just buy experience and knowledge as they must be accrued over time.  Just like in bread making, you might have access to a wood-fired, stone bottomed oven, however there is an art to using that as a tool.  If you aren't careful, you might just bake blackened mounds of burnt crap.  If you are just getting started with bread making, a loaf pan and a modern gas-fired oven might be easier for you to managed and give you better results.  With time, you'll learn the tricks of using that $40k brick oven, but just realize things take time.  And time is can be your best tool because...

Practice Makes Perfect
If you've ever seen me speak at a conference, you've probably heard me say "software development is an iterative process."  Talk about a boring phrase, albeit accurate.  A more sexy phrase is "practice makes perfect."  Let's pretend it's the very first time you're baking a loaf of organic caraway rye bread.  Doesn't matter if you have the best ingredients, the perfect recipe and the right equipment, you'll first time won't be that artisan quality you're looking for.  I think a lot of the time the phrase of "well, it's works...right?" is used as a justification for not refining the end product.  There is an art to refining what you are doing and don't think you'll get it right at the first pass.  Actually, I'll be the first to admit that many years ago I had a complex about "doing it right the first time."  This was bad because I hemmed and hawed over the small minutia -- thinking that if I did not get it right the first time -- the whole pot would go sour.  Now my philosophy is "do it your best the first time" and have the humility to realize and correct your mistakes in order to make a more perfect result.  Sometimes this means you have to correct small defects in your code or add in new features.  Other times you'll  have to start a fresh because your implementation is like somebody that just peed in the pool -- the yellow cloud underwater is an indicator that you shouldn't hang around.

Putting It All Together
So how do you make the best bread?  Talk to your fellow bread bakers!  Nothing exists in a vacuum and it's important to have a sounding board for your ideas.  Sometimes this is easy because you work on a team of great people and sometimes you have to go it alone because you're the only person on the product.  I tend to work on small teams and so my sounding board has to be me sometimes.  No, I don't have multiple personalities, but I do talk out loud to myself quit a bit.  Most of the research out there indicates that vocalizing your thoughts uses different parts of the brain than just thinking about them.   So I'm just utilizing all the parts of my brain.  I bet everybody has experienced a time where you just can't figure something out and you head over to the next cube or fire up your chat client and after the first 30 seconds of discussing something -- voila -- you'd go "d'uh" and figured out your problem before even explaining the whole thing.  I recommend that talk to yourself first before wasting an other developer's time and possibly interrupting their zone.  There is an art of knowing when to ask for help and when self-reliance is needed.

In closing, I hope to refine my bread baking concept over time.  Right now I think it's at soda crackers level.  Maybe I'll attempt a better version again soon.

Sunday, October 25, 2009

Decided To Try Posterous

I realize that I haven't blogged for a long while and I think it's because there is barrier to entry for me. I haven't upgraded my blog software for a long time and it's just laborious for me to blog. Plus, my blog looks ugly and it's clunky. We'll see where this goes. It could be boom or bust.