1734: The day’s over!
1647: Python vs. Ruby, Gary Bernhardt. Ruby fails to live up to the Zen of Python. (E.g., Calling functions with or without parens, gah! Rails has junk drawer of monkey patches.) Good aspects: Ruby core types have composability; Ruby has “the full Lisp chainsaw.” RSpec. “Ruby is ugly, Python is beautiful. But…” Compared syntactic expressiveness and semantic flexibility. Wants to see blocks added to Python.
1603: Python & GIS, Dane Springmeyer. Unofficial Python GIS SIG. Gentle guide to GIS. Where am I? Python and OO GIS. GeoDjango, GeoAlchemy / Shapely, GeoHASH for AppEngine, and Mapnik. TileMill is a tile rendering engine using Amazon’s cloud.
1513: Justin Cappos, a platform for developing and deploying networked applications. Clouds are great for scalable computation, no hardware purchases, minimizing IT overhead, and providing fault tolerance. But cloud providers need to make money somehow, sometimes including advertisements; there’s loss of privacy; censorship; and vendor API lock-in. Cloud computing erodes software freedom. P2P is an alternative, but problems with heterogeneity, short use patterns, fault tolerance, and distributed state management. His solution (Seattle) uses a safe virtual machine environment, and is run like a potluck. It executes a Python subset, which is implemented in Python.
1441: Justin Samuel talking about securing software update systems. All existing software update systems are insecure to man-in-the-middle, mirror, replay, compromised key, etc. attacks. Current EasyInstall/PyPI security: Package file hashes aren’t a security measure; developers can sign packages, but there’s no trust root, key revocation, etc.; almost nobody checks signatures. He and Justin Cappos are working on an automatic, scalable, and mirror-able general solution: Trust PyPI to tell the user which developers own a package, and what the keys are; Developer signs a metadata file that specifies the packages they provide, with package names, hashes, and sizes; PyPI signs the metadata; Clients download the metadata and packages, and checks the signatures and hashes. If his system proves out, “it will be much more secure than any existing software distribution system.”
1411: Back a little late from lunch. Another set of lightning talks.
1116: Jon Jacky, model-based testing, PyModel. Solves problem of testing behavior (ongoing activities with history dependence and nondeterminism), many variations, or so many test cases are needed that it is not feasible to hand-code them. Examples: communication protocols, web applications, user interfaces, control systems. PyModel represents behavior with traces, which are sequences of actions with arguments. Deterministic models are represented with Finite State Machines (FSMs). Infinite systems are represented with model programs, which contain state variables, action functions, and enabling conditions. Jon’s one smart dude.
1029: Gary Bernhardt talking about BitBacker, a failed start-up. Never went commercial. One user had > 100GB of backups and > 4K snapshots. One developer, 17 KLOC including tests, three years of development. Talk focused on testing. Lessons: Should have written more unit tests, because they are much faster than integration tests. (Eh?) Unit tests will better localize failures. Recommended reading is “Integration Tests are a Scam,” by J. B. Rainsberger. Did not like PyObjC – among other problems, object names got way too verbose. Advocated graphically tracking test performance. Advocated releasing early. Advocated not using SQLite, due to ACID bugs.
0950: Talk by Dan Helfman on a NOAA project for the visualization of large datasets, called Maproom. Used PyOpenGL. Cons: “Nearly half of OpenGL is deprecated.” Presentation covered hardware acceleration, NumPy, caching, optimization, profiling, Cython, etc.
0916: We’re getting off to a late start.
0852: Every attendee has a unique username & password on SCCC’s wireless net. I’ve never seen this level of security in a conference. Lisa said that with SCCC being in an urban core, they’re constantly on guard against unauthorized people trying to use their networks.