The Software Practitioner’s Digest: January 2012

This late issue of The Software Practitioner’s Digest, the first in 2012, highlights resources published in January in Better Software, Dr. Dobb’s, IEEE Software and Software Engineering Radio.

This digest has been the most difficult to compile so far, given how hesitant I was with regards to the inclusion of some research articles and essays which — although very revealing or thought-provoking — did not have much (or any) actionable material for practitioners. I decided not to include them in this issue, but I’d like to know whether my modest readership would enjoy finding articles that are simply interesting in future issues (rest assured that these would be backed by some evidence!). Please let me know what you think!

Continue reading

“WSGI from Start to Finish” materials available

I’ve just uploaded the materials for my tutorial at EuroPython 2010, “WSGI from Start to Finish”. You can also get the slides and the WSGI cheat-sheet individually. I’ve updated the slides so that they make sense even without me speaking; so now they have references to the code examples.

The tutorial was recorded and should be published on the EuroPython Web site after the event.

This was the first time I give such a long talk. Three hours talking about WSGI! But it was really fun. And the room was absolutely full, which I couldn’t believe.

Web Site Security With repoze.who and repoze.what

This article first appeared in the May 2009 issue of Python Magazine and has been slightly updated. The contents of the article are only applicable to repoze.who 1.0 and repoze.what 1.0, not repoze.who 2 and repoze.what 1.1 which are under development as of this writing.

Have you ever created a Web application? If so, it’s very likely that you have at one time or another faced “the security problem”; whether to create and maintain a homegrown security sub-system, or to learn to use framework-specific security mechanisms (which may not be as flexible as you wish).

Securing Web applications shouldn’t be a problem. This article explores a highly extensible alternative which you can learn once and use in arbitrary applications, regardless of the Web framework used (if any!).
Continue reading

“WSGI from Start to Finish” at EuroPython 2010

If you’re a Web Application Developer using Python, you may be very interested in the tutorial I am presenting at EuroPython 2010: “WSGI from Start to Finish: How to use the power of WSGI to solve problems your framework cannot solve”.

Your favorite Web framework is not able to meet all your needs, all the time; some problems cannot even be solved at the framework level. In such situations, the Python Web Server Gateway Interface may save you a lot of time and trouble, giving you the opportunity to implement an elegant solution or integrate existing framework-independent third party solutions.

And chances are, a better WSGI-based alternative exists for something your framework is apparently good at. WSGI is a very powerful technology, and the kind of things you can do with it may surprise you.

It doesn’t matter if you know little about WSGI or nothing at all, because when I say “from start to finish” I really mean it. In this half-day tutorial, I’ll try to cover both simple and complex real-world situations solved with WSGI. The tutorial is relevant for Django/Pylons/TurboGears/etc users, and for those who don’t use a Web framework at all!

Getting back on track

Yes, I’m alive.

Since the second half of last summer I’ve been inactive in the Free Software arena. No commits, no emails from me in the last few months which may indicate that the projects are dead. So I wanted to write to let you know that I have no plans to stop maintaining any of my projects. I will start to catch up with all the things I’ve missed in the projects I normally contribute to and the projects I develop alone.

The reason why you’d heard nothing from me is that I left Spain to move to Oxford, in order to work at the cool company behind 2degreesnetwork.com. The removal was the most time-consuming and stressful thing I’d ever done, but after one month working here, I’m happy to say that it was worth it. The atmosphere is just like I thought Web 2.0 companies were, and I am surrounded by nice and talented people. I can’t be happier.

Well, back to the projects, I had to wait a lot to get access to the Internet at home, but I got it a couple of weeks ago and have been catching up (slowly) with the pending stuff. I still have a huge stack of unanswered emails, for example.

For the last couple of weeks I was working fulltime on repoze.what 1.1 and repoze.what-django. I hope to finish the documentation and get the first alpha releases out very soon; the code itself is pretty much ready and, as usual, fully tested. I didn’t have plans to do a repoze.what 1.1 release anytime soon, but while developing repoze.what-django I found myself implementing something which would be useful outside Django (i.e., ACLs) and thus I decided to move it to repoze.what.

After that, I want to improve the auth documentation in TurboGears 2. repoze.what-pylons is the crucial part of the repoze.what integration in TG2 and it’s fully documented, but duplicating part of those docs won’t do any harm and adding some tips and tricks would be nice. I started doing that some months ago but never committed it; I have to finish it this time.

Then I’d like to make repoze.what-pylons take advantage of the new features in repoze.what 1.1, like repoze.what-django already does.

That’s it for the foreseeable future. Next year I really want to get serious with Booleano and PyACL.

Koren’s SVD++ Python Implementation

I recently had to implement a recommender system for the Netflix Prize. Out of the best known models, I chose Yehuda Koren’s SVD++ model as published on the paper entitled “Factorization Meets the Neighborhood: a Multifaceted Collaborative Filtering Model” (the version that doesn’t take into account temporal effects; I’d have implemented the complete model, but couldn’t due to time constraints).

I named this Python-based project “wooflix” and you can download it from code.gustavonarea.net. It ships with a command-line interface and basic documentation, including the design document.

It’s the first project, as far as I know, that uses Booleano. With it, you can get random movie recommendations and filter them, like this:

# Get 5 movie recommendations for user #7, at least those published after 2001
wooflix recommendations 7 --max="5" --filter="movie:year > 2001"

Keep in mind that I won’t offer support for it; I’m publishing because I thought it might be useful for some people, but I have no intentions to work on it in the future.

Announcing Booleano

I am proud to announce the first alpha release of Booleano, a Python-based interpreter of boolean expressions:

Booleano is an interpreter of boolean expressions, a library to define and run filters available as text (e.g., in a natural language) or in Python code.

In order to handle text-based filters, Booleano ships with a fully-featured parser whose grammar is adaptive: Its properties can be overridden using simple configuration directives.

On the other hand, the library exposes a pythonic API for filters written in pure Python. These filters are particularly useful to build reusable conditions from objects provided by a third party library.

It’s been designed to address the following use cases:

  1. Convert text-based conditions: When you need to turn a condition available as plain text into something else (i.e., another filter).
  2. Evaluate text-based conditions: When you have a condition available as plain text and need to iterate over items in order to filter out those for which the evaluation of the condition is not successful.
  3. Evaluate Python-based conditions: When you have a condition represented by a Python object (nothing to be parsed) and need to iterate over items in order to filter out those for which the evaluation of the condition is not successful.

It is a project I found necessary while working on repoze.what 2, which I’ve been developing for the last few months in my spare time. This release is absolutely usable, but lacks documentation because I needed this release out for a (small) project I need to work on ASAP (it will depend on Booleano). The next release will ship with a nice documentation, I promise.

Enable LDAP authentication in your WSGI applications!

repoze.who.plugins.ldap is an straightforward yet powerful solution to enable LDAP authentication in your WSGI application. It enables you to have LDAP authentication working in your new or existing applications, in few minutes and with few lines of code!

It’s a plugin for the repoze.who framework, featuring not only an LDAP authenticator, but also related utilities. It’s a fully documented project which also ships with a working demo application, so it’d be hard for you to get stuck.

I wrote this plugin in order to enable LDAP authentication in Animador. And in fact, it’s the first application that uses the plugin.

The latest version is 1.0, and you’re highly encouraged to play with it and give feedback!

Visit its website for more information!

Joining the development of TurboGears

I’ve had the great pleasure of being invited by the TurboGears team to become an official committer for the great TurboGears framework.

This is because I’ve been contributing patches for TurboGears 2 and other packages used by Animador (a TurboGears 2 application), since I started its development, in order to fix bugs and/or add new features that I want in Animador. So now I can apply my changes by myself! 😉

And stay tunned, because very soon it’s going to be very easy to add OpenId support to any WSGI application by means of a plugin for the framework-independent repoze.who package!