1031 Investment Services project

I've been working with my friend Scott Sheehan on his website 1031investmentservices.com. It's a Joomla website which is new for me but luckily I'm not a programmer on this project (php? yeeks!) but I'm always interested in opportunities to try something new. So what is the purpose of this blog entry, on a blog I rarely write to any more? I think the biggest part of this project is going to be developing the inbound links. One down, hundreds more (hopefully) to go.

Two Scoops of Django Review

I've just finished reading Two Scoops of Django: Best Practices for Django 1.5 by Daniel Greenfield and Audrey Roy, currently for sale as an e-book for $12 and easily the least expensive (except free) form of professional investment a Django developer can make.

It's not a "I couldn't put it down!" book; rather you will want to put it down about every four pages so you can implement an idea before moving on to the next topic.

I've had one big Django project under my belt, that was my full time gig for over a year (the now defunct 10LocalCoupons.com). I had a team of developers and, for any of us, it was our first Django project and our first python project -- not for a lack of trying to find experienced djangonauts. I recall finishing the django tutorial and then looking for a resource to learn best practices and not finding much. This book fills that need well.

I'm currently working on a solo project in Django, and am still in the early stages, so I easily revamped my project to include many of the best practices espoused here, the first being project layout. Having a project root for your apps and within that a configuration root for settings, urls and wsgi makes sense to me.

The next idea was a sane settings management that avoids many of the pitfalls we encountered in the past: tests that fail in different environments due to different settings, local settings that don't get tracked in source control, and forcing developers to track changes to local-example.py settings.

Other topics include best practices for class based views, templates, how to structure apps, and plenty more.

So it took a week to get through the book because I kept stopping to put the ideas to work.

Plently of the big ideas espoused I already adhere to: using South for database migrations, pip and virtualenv for environment building, and others. Some of the more subtle ones, like using environment variables for your secret key and using a separate requirements file for each environment don't apply to my early stage project yet but in the future I'll be sure to adopt.

Some of the content in the book should be fleshed out a bit more. For example, the book recommends using logging and gives reasons why, but doesn't show logging settings or an example of how to use it. 

For those interested, here is how I use logging in my local development environment where I want to see all things my code is doing; most of this is bolierplate django settings but I've left them in so you can see how it interacts with my customizations. I'm not suggesting that my method is to be considered a best practice, just something to get you started. The console handler and the catchall logger '' are the key parts.

LOGGING = {
    'version': 1,
    'disable_existing_loggers': False,
    'filters': {
        'require_debug_false': {
            '()': 'django.utils.log.RequireDebugFalse'
        }
    },
    'formatters': {
        'verbose': {
            'format':
                '%(asctime)s %(name)s %(levelname)s %(module)s %(message)s',
            'datefmt': '%Y-%m-%d %H:%M:%S'
        },
        'simple': {
            'format': '%(asctime)s %(name)s %(levelname)s %(message)s',
            'datefmt': '%Y-%m-%d %H:%M:%S'
        },
    },
    'handlers': {
        'null': {
            'level': 'DEBUG',
            'class': 'django.utils.log.NullHandler',
            },
        'mail_admins': {
            'level': 'ERROR',
            'filters': ['require_debug_false'],
            'class': 'django.utils.log.AdminEmailHandler'
            },
        'console': {
            'level': 'DEBUG',
            'class': 'logging.StreamHandler',
            'formatter': 'simple',
            },
        'file': {
            'level': 'DEBUG',
            'class': 'logging.handlers.RotatingFileHandler',
            'filename': '/var/log/my_project/my_project.log',
            'maxBytes': 20000000,
            'backupCount': 5,
            'formatter': 'verbose',
            }
    },
    'loggers': {
        'django': {
            'handlers': ['null'],
            'propagate': False,
            'level': 'INFO',
            },
        'django.request': {
            'handlers': ['mail_admins'],
            'level': 'ERROR',
            'propagate': True,
        },
        'south': {
            'handlers': ['null'],
            'propagate': False,
            'level': 'INFO',
            },
        '':{
            'handlers': ['console', 'file'],
            'level': 'DEBUG',
            'propagate': True,
            'disabled': False
        }
    }
}

And here is a drop-dead simple use of logging:

import logging

LOG = logging.getLogger(__name__)
LOG.setLevel(logging.DEBUG)

def my_function(my_arg):
    my_var = my_arg + 1
    LOG.debug('my_var: %s' % my_var)
    return my_var

Another place that could have done with some easy examples is reStructuredText; I know its the fancy way to document and could clicked a link learn all about it, but this book could give a little bit more to whet my whistle than "study the documentation for reStructuredText and learn at least the basics." How do others use it for django apps?

This is a good book and well-worth the money. It'll make you more productive, and so is easily worth the money. I look forward to reading further revisions.

Two Scoops of Django: Best Practices for Django 1.5

10LocalCoupons.com

I realize I haven't blogged since I un-retired. So here's the story...

We sold RegionalHelpWanted.com in February 2008. After a year and a half off, I founded a new company with my previous partners to see if we could duplicate that success. (Anyone can get lucky once, but if we could do it again, maybe it it was more than luck?) We are using the same exact business model: working with local media partners using unsold inventory to advertise a local website on a revenue share basis. Instead of help wanted ads, or personal ads which is at the root of what Cupid.com was/is, this time around we are targeting coupon advertising. So in Nashville you'll hear ads for 10NashvilleCoupons.com on radio and see them on TV, and in Portland OR the website is 10PortlandCoupons.com, but it is all one website serving local content to you based on how you get there. Hopefully, you'll find your local pizza guy on there soon, or a discount on an oil change nearby.

Not only is the product different, but the software stack is a complete switch. RegionalHelpWanted.com we did in ColdFusion, Cupid.com in .net, both on IIS against SQL Server. All on Windows. 10LocalCoupons.com is done in django, an awesome framework for Python, on Apache behind nginx against postgreSQL, all on Ubuntu. I'm really enjoying the new way things are done. Much of the tediousness of writing control panel type stuff -- record insert, updates, deletes -- for customer service and accounting needs is a gimme with django's admin package, allowing my development team to hit the ground running. The django community has been a great resource to us.

So the software landscape is very different, but the hardware difference between old and new is even more dramatic. In our previous endeavors, we were paying about $1500 a month per web server for managed services. Now, using open source software on Amazon's EC2, we pay less than one tenth of that. It's a running joke every month when I announce our EC2 cost. My guess is about half of that comes from dropping Microsoft licensing fees, the rest is from virtualization efficiencies and dropping the human support.

Not all things are different however. This new project has given us the opportunity to hire back several of the awesome people we've worked with in the past. That has made it easy for me to go back to work.

I'll be blogging more soon about what we are up to, and pointing out things I've learned along the way, but for now know that I am having tons of fun.

Bulk COPY a CSV into PostgreSQL, skipping first row

Looked for a solution to this yesterday and couldn't find it. Asked my Linux guru Jeremy today and he had a easy solution, so this might be helpful to others.

The scenario is you have a big CSV file, and you want to bulk copy it into PostgreSQL, but the first row of the file isn't data, it's got the column names in it. In my case, the text file is 65 Megs so it's not like you can just edit it in a text editor to delete the offending line. (The data happens to be the combined US and Canada zip/postal code database from ZipInfo.com, fyi.)

SQL Server has a bulk insert GUI that lets you specify a start row. Needed that functionality here.

Solution:

Use wc to find out how many rows are in your file:

$ wc ZCUG.TXT
872135 1871133 69105493 ZCUG.TXT

That first number returned, in my case 872135, is the number of rows in the file. Subtract one and and tail that number, outputting to a new file:

tail -872134 ZCUG.TXT > ZCUG-trimmed.txt

Boom! A new file without the row of column names.

owasp-esapi-python configuration

I tried to send this issue to the esapi-python mailing list (after subscribing) but it doesn't look like that is a functioning list. So any help with the following would be greatly appreciated.

Hi!

Thanks for your work on owasp-esapi-python! I am trying to integrate it into a project and will certainly spread the word to help drum up support for this as I make headway.

I've run into an issue during configuration:

When I do this at the python 2.6 interactive shell, it returns a single line of output...

>>> from esapi.core import ESAPI
>>> ESAPI.encryptor().gen_keys()
Creating new keys in /esapi/keyring/

The documentation leads me to believe that it will also output an Encryptor_MasterSalt but, if it's supposed to do that here, it isn't for me. Let me know any info I can provide. This is on Ubuntu 9.10.

Thanks in advance,
- Steve

Dell still doesn't grok Ubuntu

I'm selecting a laptop for my kids. Mostly because they keep pestering my wife for her laptop. I'd love to get them Ubuntu because I'd love to teach them computer programming, and I like Ubuntu as an environment for that. I also like if for kids as it is less succeptible to spyware, viruses, and malware in general. My kids play Wizard 101 online, and according to one user, that works well under Wine.

So I'm configuring a laptop on Dell, going through their twenty page configuration process. On page one I specify Ubuntu. Eight or so pages later, Dell is asking me if I want Norton Internet Security 2009, Computer Associates Internet Security Plus 2009, and QuickBooks Pro 2009. Hello, none of them run on Ubuntu as installed. I'd love it if Intuit offered Linux software, especially Quicken which I use religously. So unless Dell is going to be including Wine configurations for each of these Windows applications they are selling with Ubuntu, they really are doing a disservice to their customer. An uniformed purchaser is going to assume the apps run on the computer they are purchasing, right out of the box. After purchase, do you think Dell is going to let the customer "return" this software?

No ESAPI in Python yet?

I'm considering Python for my next big project. I've been doing ColdFusion for the last 10 years but am liking the karma from open source. So I've been digging into the Python documentation, finished reviewing the Python Standard Library and the Django tutorials.

Next, I wanted to look at some reference implementations in Python as a way of further familiarizing myself with coding best practices. I had stumbled across an implementation of OAuth in Python last week but wasn't ready yet. Specifically, I wanted to look an a reference implementation of ESAPI, the Enterprise Security API from the brilliant folks at OWASP.

Surprisingly, all OWASP offered was the referece implementation in Java, plus some "under construction" pages for .Net and ColdFusion. Elsewhere on the web I found an implementation in pHp, but nothing in Python.

So I know the whole idea of open source depends on the community effort, but I'm not thinking ESAPI can be my first Python app. I'll work on gaining l33t Python skills, but in the mean time it'd be great to see ESAPI in Python. Django community, I nominate you guys!

Web Developers: Don't Reinvent the Non-secured Wheel

I'm thinking about beginning another web project. Before one gets coding the fun part of any web application, though, there is tons of core code that needs to we written: login, user management, session management, user registration, logout etc. But writing secure applications can be tricky, and any attempt to roll your own is likely to have security flaws. Open source can solve both of these problems: the code is already written, letting you get onto the fun stuff; and if it's been vetted by a large developer community already you get the security benefit of past mistakes fixed.

One might think that reference implementations would be readily available for these in all web languages, and that we would all be using them by now.

Kudos to OWASP for developing it themselves, in their Enterprise Security API (ESAPI) Project. It details all the functions that a secure application needs. Much more, though, they also offer reference implementations in Java.

I'd love to see the web development community support this project by developing reference implementations in pHp, ColdFusion, and .net. Implementations in each of the popular frameworks would go a long way toward making the web a safer place, and would make the development of every new web application that much easier.

When does 9 mins = 0 mins? When it's Google Apps SLA

TechCrunch covered this. In a worst-case-scenario nutshell, Google Apps can be down 90% of the time and be considered 100% up, if it is "up" for at least one minute (or to be pedantic, instant) for every nine minutes of "down."

Commentors at TechCrunch surmise that is not a real-world scenario where a web site can be up for one minute then down for nine for a persistent amount of time.

I wish that were true. I recalled working for iWon.com during the original dot com bubble. Version 1.0 of that site was written against Vignette CMS. The cost for that was rumored to be around $1M per processor (that was the talk around the office) but we had piles of money to burn (and give away).

The application was so unstable that, by the time I left, we had about 24 web servers in the cluster, and each was rebooted every 7 minutes. The fine folks at Vignette gave us that "work around" with a straight face. My brother was still with iWon and helped them move to open-source Tcl.

Since then, I've made sure I don't even hold any mutual funds that have Vignette stock.

Songbird to relase your music from iTunes

With the release of Songbird 1.0, I get one step closer to moving from Windows to Ubuntu. If Apple won't make a Linux client, then I'd love to drop iTunes. Ars technica does a nice writeup.

Other items anchoring me to Windows, for now:
- Quicken
- PC Games. Steam really needs to make a Linux client. And of course, the games themselves. I'm playing only Enemy Territory: Quake Wars these days, but am close to moving on to something new. Unless WoW or EverQuest drag me back in.

Ask.com Top 10 Search Terms for 2008

Ask.com announced their top 10 search terms for 2008, and Tech crunch covered it succinctly.

Its not surprising to anyone who has examined user behavior that it is common to use search navigationally. That is, they type in Google the search box of Yahoo and,apparently, Ask.com, to get to google. Ask.com top term "dictionary" should be seen as a navigational search; Ask.com owns dictionary.com.

TechCrunch lauds Ask for being more honest than the other search engines who scrub their lists so much the results are meaningless.

In my opinion, Ask.com and others should cite their methodology. Do they remove terms that are navigational to their competitors? Do they remove porn terms? Its fine and expected that they do, but they should say that.

Raw data is one outcome I hope to see in the future, and why I laud projects like solr that help make open search a reality.

Wikia Search dead?

search.wikia.com was released January 7, 2008 as an open source search engine enhanced by user submitted content. But looking at http://search.wikia.com/wiki/Search_Wikia, the wiki about the project, there has been no news in over a month. And the forums look dead too. This could be a really interesting project, but seems like the open source community hasn't embraced it yet. Maybe we're tired of Jimmy? Maybe he's tainted?

If anyone is interested in working on the concept of open search, I recommend Lucene which is the engine Wikia Search is based on, or solr which is an enhacement of lucene. I've done a solr proof of concept in the past several months, and I love what solr can do. I think I'll be spending time their. Google can't be the final solution to search.

Compete Aquired

Mashable reports Compete Acquired by TNS for $75 Million. Compete offers free public web metrics, like Quantcast. Unlike Alexa, in that it doesn't suck.

I predict that in five years either Compete and Quantcast will be purchased by Google, and the new company will *replace* Nielsen/Net Ratings and comScore. Information wants to be free, and the industry desperately needs a trusted third party to step in so we can all start comparing traffic using the same measuring stick. Mergers and acquisitions rely on this data, and beyond the top 10 sites, Nielsen and comScore methodologies can't see through the data storm.

The survivor will combine data that works by getting anonymized data from a significant portion of ISPs, like HitWise does, and data gathered from javascript that can be copied and pasted onto your website -- does this part sound like Google Analytics to anyone? Google also has the peering relationship with ISPs to get the first part done. And they have the "preventing fraud" chops to get it done right.

Nielsen will not be trusted any more then it currently is (not a lot) and it's Golden Age has past. comScore hasn't shown it can do a better job. Long live {insert successor here}!

Eclipse 3.3.1 in Ubuntu

If your Eclipse install under Ubuntu just took a crap like mine did due to a bad update (shhhrrrr, it got rolled back), you may be looking to upgrade to the latest and greatest version of Eclipse, and don't want to wait until it finally gets added to the official repository.

Many thanks to Ivar Abrahamsen for writing How to install Eclipse in Ubuntu. He posted it to the Ubuntu wiki as Eclipse Web Tools so find an up-to-date version there.