Saturday, June 26, 2010

Learning to Love Python from a C/C++ background

Originally at:

I'm a guy from a C/C++ background who did linux kernel development, and picked up python along the way and used it to do desktop tools. I used python (without knowing any of it) to write a disassembler for a project I was doing in 2003 on a non-x86 processor. It took me 5 days to learn the language enough to do so and to write the entire tool, at which point I "got it".

First off, Java isn't a toy language. You've characterized it improperly. Java is a bureaucratic language. You have to cross your t's dot your i's, fill out your requests in triplicate at the FactoryFactoryFactory to get the objectOfYourDesire. Why is this so?

This comes back to how C++ works on projects, especially large projects and midsize projects with a couple mediocre programmers thrown in (because, in commercial software development, you rarely get control of your team). C++ does not work well for large team development unless 1> You have very capable people 2> and you can fire everyone who steps outside the "defined okay subset" of C++ you use on the project. The language is too big, certain parts make it too uncertain, etc, for people to just willy nilly use all the language features. So Java, is basically Sun's "redoing" of C++ where they took its wild west nature, and made a BureauDisney version where you can't do a dozen things that happens in C++ all the time when good programmers go off the reservation or bad programmers enter the equation at all.

C++ has uses, but it's the sulfuric acid of programming languages: you have to have good personnel control and fire those who screw around outside the boundaries of the right style. A programming group with one guy programming like C with classes and another guy programming like it's Ocaml without garbage collection, and you're in for a mighty piece of hell.

So that's where Java came from. That's why it is what it is, and I hope I've highlighted a non-business issue with C++ that comes up from it's overabundance of "understanding breaking powers" which don't mess well with total programmer freedom.

Now lets look at what python was, and what it is now: Python was originally designed as a substitute for the pascal/BASIC line of programming languages (specifically a language called ABC). It was designed to be very very clear. It still is very very clear. It is still quite terse compared with C++/Java/C, but it's wordier than perl and ruby, but very much clearer for even non-python programmers to decipher much of the time.

Over time, it grew into an Application development and webserver development language. Why?

It has a very easy way to interface to C code. This is important, because C does great module level integration, but once you get at the system level, you start to get issues with namespaces, tracing bugs, etc. So python became an alternative for tying C code together.

It writes very quickly. While you may not understand how to write it quickly yet, usually python/ruby/perl will be quite a bit more productive on a feature basis than Java/C#, and tons more productive than an equivalent C/C++ project. This has to do with the fact it takes very few lines of these languages to "do a job".

For you currently, you're possibly less productive in python right now than you are in C++; I've honestly found this doesn't hold true more than 40-80 hours into learning python development while doing a real project for almost anyone who can handle commercial C++ software development. The C++ people do python faster than they do C++ and it has many fewer issues in the end than C++ they would have wrote. We use weave.inline or something else to speed up the inner loops with some native C, if even required for that application, and all is good, it works just as fast for the user or application, and was completed much faster with much less obtuse bugs.

If you spend those 40-80 hours on the language, you too will likely be a faster developer in python than C++ for many features.

Some tips: You are not doing C, you are not doing C++, you are not doing Java. Don't pretend you have to do the bueracracy that those languages require. If you write a python program with absolutely no functions, it will run just fine. So if all you need to do is process a small amount of text or open a little server, you can do this in a flat file with just a series of lines of code striaght out of main() in a C program. However with the size and completeness of the python standard library, you'll rarely have to write the rest of the functions.

Secondly, it's important to learn idomatic python today. If you write things like "it's supposed to be" in python today, you get speed on par with C/Java (or only 3-5x slower), and it's really freaky to see an interpreted language do that.

Thirdly, it's important to learn and use the standard language rather than writing code. Python module of the week blog is a great resource to do this: Much of python's power comes from a stupidly complete standard library that does much of what you need to do so allows you to write 20 line programs.

Lastly, learn easy ways to fall back on C/C++ in python. This way when you use python for an application it turns out it's too slow for, you can still add a bit of C/C++ to get the speed you need. You can embed C++ inline and have it compiled on the fly with weave, so I suggest you learn that. for getting it for examples of use for examples of how fast this runs vs other things.

Thursday, March 13, 2008

Quick License Manager is Very, Very Broken

I'm evaluating inexpensive license managers for a customer of mine who would like to commercially distribute his software. I was evaluating what appeared to be a very easy to use product, Quick License Manager 4.0, when I came across a glaring security hole in their key authentication scheme:

They use symmetric "encryption" to determine if a key is valid.

That means you have to put the "password" to your whole serial number scheme into the software to check to see if a given serial number is valid. All information required to generate a new key is encoded into every executable of the program, including all the evaluation versions. You just open up a program that uses QLM with a text editor, find the call to the DefineProduct method of the COM object, and magically, you have all you need to plug back into their products.xml file to generate an infinite number of new codes. Even if you encrypt the data which you eventually pass to DefineProduct, any number of debuggers can easily snatch the parameters to the COM object call.

What does this mean for you? Say you make a program that catalogs your customer's pet fish collection. You sell it for $40. A reasonably intelligent guy named Mel downloads your free trial. He opens up the exe in a text editor, and looks through and sees the calls to QLM. Mel can now download a copy of QLM himself (they have a 15 day free trial....), and then not only can generate an unlocked license for himself, he can also generate as many license codes as he'd like. He can effectively sell copies of your product himself, at whatever price (free if he wants, just cheaper than you is also possible).

Quick License Manager is a strong avoid. If you have it, it is a strong replace now, and remove all download copies that are locked by it. Make sure whatever you replace it with uses asymmetric encryption.


Friday, February 01, 2008

Transferring your business email to its own account.

You were a good business owner and got yourself a domain when you started this wild ride known as running a business.

You've setup gmail to send emails out on behalf of your name at your domain a long time ago to present a professional image to the world. It works pretty well. Then one day you find a client can't send you emails.

Perhaps one that wants to pay you a lot of money, but wonders why you can't even get your email server straight. Or perhaps you sent one too many emails from your account or too many friends are emailing you @mycompanyemail. Whatever the issue is, you've decided to switch to the excellent Google Apps for My Domain and segregate your personal and business dealings a little.

First, sign up for GAFYD. Prove to them you own your domain if you didn't buy it from them.

I'm crossposting this on Pitch to the Gods and Rowdy Bytes. Pitch to the Gods is my blog about starting and running a business, in all its coolness and its surprising and frankly humbling difficulties. Rowdy Bytes is my recently renewed blog about technical things that I haven't seen elsewhere, or at least not prominently as I think they should be.

Now your next step, the switch over of the MX records, while arcane, is not a big deal. Almost equally importantly, you have to add a SPF record so mailservers don't start marking your mail as spam (which they may have already been doing if you didn't have a SPF record already). And no, I don't really know what either of those are, but I know they are important.

Next, you have to do something that should seem like it is simple. It isn't. That is, getting your email out of one gmail account into another.

At first blush you may say "Gmail has POP3! That surely will work". And you're right. It will. For exactly 200 messages. And it doesn't let you just get a folder's worth, oh no, you have to pull them ALL down. If you click edit settings then hit save settings, it will pull a second 200 down.

So with the 30756 messages I have in my gmail account, that would take a little bit of time. Then I have to filter it down to the ~1000 Rowdy Labs specific emails that I'm not interested in cleaning out at this juncture.

Turns out you have to get to your britches by way of your elbow here. The elbow being Windows Vista Mail and the elbow being my Rowdy Labs LLC Google Apps for Your Domain account.

This should work with any email client, but I'm giving you the steps for this particular client. First off: Create a new account. Use an imap server. Give it the login name you use with your personal gmail account. Hit save. Then, go rename it to "Personal Email". Then right click, go to properties, then set the thing to use secure authentication.

Do the same thing for the destination server, except call it "Work Email", and use the name@domain login you've already setup via Google Apps for Your Domain. Refresh the folders on both accounts.

Now this is very important. Turn off Junk mail filtering. Turn off phishing detection (Tools->Junk Email Options). These will try to filter mail you've already determined isn't junk when you are just copying stuff over. This is at worst annoying, at best, a good way to lose things that are really really important to your business (it caught a password email and a receipt payment for incorporation when I didn't follow this advice. Bad mail filter! Bad!)

Now go into each "Personal Email" folder (yes, your beautiful tags are called folders when viewed via IMAP), and copy the contents to a corresponding folder on the "Work" server. I made a new folder for each client and each lead source, then copied into each of them from a couple more monolithic tags in my personal email.

Depending on your messages, this will take awhile. It took 45 minutes to copy over my 1000 messages I cared about (and about 20 minutes to go through the remainder of the email I didn't delete before the move, but needed to transfer over).

Now go into your work email and setup some filters and liberally use the option that grabs the emails that are already there. You now have split your email. Work life balance will surely follow :o)


Tuesday, June 14, 2005

Microsoft, Bluetooth and Kensington, Oh My!

I bought a Kensington USB Bluetooth Adapter a while back.

Microsoft redid their bluetooth stack under WinXP SP2 to be less permissive. Kensington did not redo their adapter and its driver.

This means they have about a 2-3% chance of working together.

After calling Kensington a couple times, I elected to stop being underwhelmed by their support reps. I set out to enable the Microsoft drivers for Bluetooth all by myself.

It ended up working beautifully. If you want to do the same, here is how:

How to make the Kensington Bluetooth Dongle work with WinXP Service Pack 2 (SP2):

Don't install the kensington drivers. If you have already, go back and uninstall them (Widcom Bluetooth Software in "Add/Remove Programs").

Plug in your Kensington USB Bluetooth Dongle. Do not install the drivers off the CD when prompted.

Go into Device Manager and look under ‘Other Devices’. On the unknown device, RightClick->Properties->Details. Select "Hardware IDs" in the Dropdown.

You will see something like ’USB\VID_047d&Pid_105d’. Copy this down (or PrintScreen/mspaint it). This is your dongle's PnPID (Plug and Play Indentifier).

From the run window, open your bluetooth INF file: "notepad %windir%\inf\bth.inf". On line 170, under "Microsoft Wireless Transceiver for Bluetooth 2.0" add your USB adapter's PnPID like so:

Kensington USB Bluetooth Adapter= BthUsb,USB\VID_047d&Pid_105d

Save the file. RightClick->Uninstall the “Unknown Device” from device manager. Un-plug and re-plug the Bluetooth adapter. When prompted, let Windows search for a device driver, and it should pick up the adapter, and install the correct drivers for it. It will probably install several windows Bluetooth devices at this point.

In short: Buy it if you need bluetooth. It is cheap(~$35) because it is horribly rated. It is only horribly rated because people can't figure out how to install it. It works no worse then the $80 ones once you take 2 minutes to install it like above