Enter Graham Dumpleton. I’ve never met him, but he appears to be the Python community’s unsung web hosting ninja. I highly recommend reading his recent Hosting Python Web Apps slide deck — it cuts through all the clutter. (You can find video of the talk on Youtube, too.)

The bottom line:

• There are approximately a million different Python web frameworks. All of them speak WSGI. Choose one. For today, at least, use WSGI rather than FASTCGI/uWSGI/what not.

• The most common architecture for serving python web apps is Apache + mod_wsgi running in Daemon Mode. Apache should be used to serve static content.

• The second most common architecutre is nginx + gunicorn + supervisor. Nginx should serve static content.

I’ll go further and say that, while it’s fun to explore the vast world of web frameworks, it’s probably not necessary. Start with Django 1.4 and if it really doesn’t work for you, look further afield. Also: Apache is a rock-solid option — gunicorn feels like the flavor du jour to me. Properly configured, Apache runs very nicely even on memory-starved VPS instances.

From past experience, I know this process can get a little torqued. Feedback is taken personally that shouldn’t be. When it comes to this, here’s what I say:

I respect you immensely, otherwise I wouldn’t work with you. But I have no respect for ideas. Not yours, not mine, not anybody’s. Think of me as a samurai that cuts down ideas no matter who holds them dear. The ideas that manage to survive? Those ideas I have respect for.

This notion informs all the product work that I do. It causes an immense amount of pain. But I believe it leads to better products. After all, ideas are worth little except to the extent that they inform and guide our execution. The wrong ideas guide us nowhere.

∞ - Permalink

∞ - Permalink

∞ - Permalink

There is no reason to distribute 24-bit, 192kHz music to listeners. No sound system, and no ear, could ever benefit. There are reasons, in ultra-high-end recording sessions, to use a 24/192 workflow.

∞ - Permalink

Because I sure could use one. ;–)

SSL client certificates are another great example of low-hanging security design fruit.

∞ - Permalink

Enter Gary Bernhardt’s excellent Destroy All Software Screencasts. For $9/month, I get a wealth of deep thinking about the art of software development, delivered in weekly bite-sized chunks.

A good example is DAS’s four-part series on testing untested software. Gary takes a rails app he’s never seen before and focuses on writing tests for a single controller method. In some sense, tests are dual to the code they’re testing. However, when testing in isolation, tests can often reveal structure and dependencies that aren’t readily apparent in the code itself. Gary uses the tests he writes to motivate a refactoring of the original controller; the series ends with both elegant and well-tested code.

∞ - Permalink

∞ - Permalink

There’s a lot of great press today; it’s worth reading both Daring Fireball’s behind-the-scenes take and Macworld’s extensive coverage.

Mountain Lion is an unsurprising but welcome progression from Lion. It brings Apple one step closer to having a truly unified ecosystem across all its devices. We get Messages and Reminders today; will it be surprising when iTunes is broken into Music, Video, and Store apps tomorrow?

There are some important considerations for indie devs. For starters, we’re going to have to revisit our platform support strategies. At the moment, perhaps 30% of my users are still on Snow Leopard. When Mountain Lion ships this summer, my gut feeling is that Snow Leopard users will stay put, while Lion users will probably quickly upgrade. It wouldn’t surprise me to see a 65% Mountain Lion/5% Lion/30% Snow Leopard distribution, although time will tell. For the foreseeable future, I plan to support the latest OS X along with the previous two releases.

Mountain Lion gives developers several reasons to revisit their relationship with the App Store. In addition to being a welcome new security feature, Gatekeeper also signals Apple’s commitment to supporting apps not acquired through the App Store.✝ This is great news for my latest app, Cloak, which fundamentally cannot meet the new app sandbox requirements. On the other hand, Mountain Lion introduces several new APIs, like iCloud Storage, that are only available to App Store apps. I expect this trend to continue. Today these APIs are a carrot; tomorrow they could become a stick. Developers who want to keep their apps on the cutting edge will almost certainly have to buy into the App Store ecosystem. Developers contemplating entirely new apps would do well to make sure they can live in that ecosystem.

✝ Gatekeeper is actually present in OS X 10.7.3, but there is no GUI exposure. In addition, the latest XCode for Lion supports acquiring Developer ID Certificates, a new kind of certificate for apps that aren’t targeting the App Store. To turn on Gatekeeper in Lion, use sudo spctl --enable; the spctl man page has more details. One last piece of the puzzle: Gatekeeper only applies to quarantined files. The easiest way I know to quarantine a binary is to mail it to yourself with Mail.app.

∞ - Permalink

∞ - Permalink

∞ - Permalink

For the most part, MacWorld Expo was family friendly; there were only a few booths where flesh was more present than product. The most egregious of these was run by ZeoBit, the makers of MacKeeper. ✝

MacKeeper has always struck me as seedy. It’s billed as a bundle of essential privacy and security tools; I’m skeptical of its merits. Much of the bundle seems to duplicate standard OS X features: why do you need Internet Security when Safari already has anti-phishing, or Backup when Lion already has Time Machine? ZeoBit would have you believe that, sold separately, their apps are worth over a thousand dollars. Thankfully, you can have it all at the low, low price of $38.95.

ZeoBit engages in scummy marketing tactics, many of which were pioneered by malware authors. They purchase dubious ad space on low-rent web property — the kind of property a naïve surfer might be unlucky enough to visit. They work hard to break pop-up blockers. They try to make their ads look like content or native security warnings. At expos, they apparently use a different kind of pop-up to draw attention.

I had the pleasure of meeting several above-board security and privacy companies at MacWorld. Guys like SecureMac are out there fighting the good fight. With Cloak, we’ve tried to raise the bar on several fronts. We’ve tried to make it easy and elegant to stay safe. Moreover, we’ve tried to be as open and transparent about what we do as possible. But MacKeeper? I don’t think I trust them. Not one bit.

✝ I feel dirty mentioning this product by name; I won’t honor it with a link. If there were a hypertext equivalent of “unasking the question,” I’d unlink the link in a hurry.

Sure, that’s the explanation — not that demand for Windows PCs is drying up. I’m surprised Nvidia couldn’t make up the difference with Tegra 2 chipsets that powering all those best sellers on the “non-iPad tablets” list.

Skepticism is understandable, but I actually suspect that Thailand’s flooding is the explanation. The PC hardware ecosystem is tightly coupled; is it so hard to believe that massive shortages in supply for any key component could lead to decreased demand across the ecosystem? It will probably take several more quarters before anyone can say for sure.

∞ - Permalink

the data we do have doesn’t remotely seem to justify the […] rhetoric that now appears to be obligatory on the Hill.

Sanchez makes several important points. To focus the discussion, Sanchez first notes that even if piracy were a huge economic problem, SOPA and PIPA would do nothing to fix it. He then moves on to the meat of the matter, which is threefold.

First, the MPAA and RIAA have claimed that piracy costs America 750,000 jobs and between $200 and $250 billion per year. This is simply wrong. As Sanchez examined in detail several years ago, these numbers appear to have originated in an ancient Forbes article about physical piracy and have since then cropped up in a number of discussions about internet piracy where they do not apply. The MPAA recently downsized their figures to $58 billion in annual damage; Sanchez investigated those claims and found them wanting, too.

Second, Sanchez targets an assumption that underlies most estimates of damage: namely, that piracy always leads to lost revenue. This is almost certainly false — many pirates will never pay for their ill-gotten gains — but for the sake of argument, Sanchez assumes that it’s true. Yet, revenue in the music and movie industries has actually outpaced the economy as a whole during the recession. In a world without piracy, would these industries truly have done $58 billion better still?

Finally, Sanchez reminds us that the constitution enshrines copyright as a means to promote the useful arts, not to increase corporate revenues. A better way to measure piracy’s impact is to look at whether it has reduced artistic output. At first blush, it seems the answer is no: accounting for the recession, there are more new movies and albums released today than ever before. (That said, more independent studies should be done on this point.)

Sanchez makes many other important and subtle points. I highly recommend reading all of his recent articles on the issue.

∞ - Permalink

∞ - Permalink

∞ - Permalink

It was my impression that PIPA was mostly written by well-funded lobbyists and that there aren’t that many Joe Six-Packs who truly support it. But surely they must be out there!

Amanda’s entire post is distressing and worth reading, but I’d like to address this one point.

They’re not “Joe Six-Packs,” but I do have a number of friends in the music industry. They feed their families with the music they write. I think it’s safe to say that they are all in favor of SOPA and PIPA.

My music friends believe (as I do) that there is a problem with piracy that needs to be solved. Where we appear to differ, however, is in believing that even an imperfect bill is preferable to no bill. Here I simply cannot agree. The SOPA and PIPA aren’t imperfect; they’re dangerous. Further, it’s unclear that any legislation will truly “fix” piracy; certainly the DMCA didn’t. Try as I might to convince them otherwise, I think my friends are fairly stuck in thinking that “something needs to be done.” From the congressional perspective, if you couple the mentality of “something needs to be done” with “lobbyists are lining my pockets,” it’s easy to see why these bills are likely to pass.

∞ - Permalink