Django Project Layout

Posted on December 17, 2010 by MXH

As a sort-of-followup to my brief remarks of last week, today I’m going to say a few words about how I lay out my Django projects, and how I configure the Apache server to present them. There’s nothing too surprising here, but since some of this is a little fiddly, I thought it worth going over.

Continue reading

Posted in Python, Web stuff | Comments Off

Chaff

Posted on December 16, 2010 by MXH

Back on 1 September, Ebert wrote a post bearing the charming title “Put up or shut up”. It amounted to a call for prominent Republicans to make a great production out of denouncing claims to the effect that Obama was a Muslim. This was either an incredibly naive or massively disingenuous post. Today, I’d like to explain why I say that, and why I waited so long to comment on it.

Persuasion

When you’re attempting to persuade, you want to talk about those issues that support your point. When Ebert wrote his piece we were deep into the 2010 midterm election season, and Republicans and Democrats were each attempting to persuade voters to back their side in the election. Any fair reading of Ebert’s political stuff would put him firmly in the “Democrat” column, and mark him as an active participant in the attempt to persuade.

Field of Battle

In early September, the GOP was beating the stuffing out of the Dems in the persuasion contest; whether on taxes, spending, defense, terrorism, or health care, the GOP was happy to talk about the issues because it was winning on them. The only sensible response to this for the Dems was to try to change the subject to something that favored them.

What was a good topic? Well, there weren’t many, but this “Muslim” thing seemed like a good one. If the debate could be made into a question of whether or not Obama was a Muslim … well, the Dems could win that argument.

Bad Advice

This is what makes Ebert’s statement:

We know, because they’ve said so publicly, that George W. Bush, his father and Sen. John McCain do not believe Obama is a Muslim. This is the time — now, not later — for them to repeat that belief in a joint statement. Other prominent Republicans such as Mitt Romney, Newt Gingrich and Ron Paul also certainly do not believe it. They have a responsibility to make that clear by subscribing to the statement. Glenn Beck, Sarah Palin and Rush Limbaugh must join, or let their silence indict them.

so silly. For GOP-types to even bring up the “Muslim” question would have been to play into the hands of Dem strategists, because it would have shifted the playing field to something the Dems could win on. If Ebert didn’t understand this when he wrote the piece (and impugned the integrity of any GOP pol who wouldn’t do the damn fool thing he suggested) then he’s incredibly naive. If he did understand it, he’s a disingenuous creep.

I didn’t bring this up at the time, because, well, I didn’t want to change the subject.

Continue reading

Posted in Jack Handy | Comments Off

Trademark

Posted on December 15, 2010 by MXH

So, Michael Buffer. The “Let’s get ready to rumble” fight announcer guy. I looked him up on Wikipedia the other day, and it turns out that he’s made quite a tidy living from that schtick. Supposedly, his trademark on that phrase has earned him four hundred million dollars.

5 words. Nearly half-a-billion dollars. Marketing’s a hell of a thing, isn’t it?

Also interesting to consider: I’d be surprised if the second-most successful ring announcer (Jimmy Lennon Jr.?) had made even 2% as much as Buffer. Winner-take-all?

Posted in Jack Handy | Comments Off

Six Word Stories: Heterological

Posted on December 14, 2010 by MXH

“There are no absolutes”, he lied.

Thank you Dinosaur Comics.

Posted in Six Word Stories | Comments Off

OAuth and Export Controls

Posted on December 13, 2010 by MXH

Reading over the OAuth protocol (RFC 5849), I noticed something a little odd in section 2.1:

Since the request results in the transmission of plain text credentials in the HTTP response, the server MUST require the use of a transport-layer mechanisms such as TLS or Secure Socket Layer (SSL) (or a secure channel with equivalent protections).

and section 2.3:

Since the request results in the transmission of plain text credentials in the HTTP response, the server MUST require the use of a transport-layer mechanism such as TLS or SSL (or a secure channel with equivalent protections).

Performance

This surprised me, since I’ve always thought of/used OAuth as an “encryption-free” protocol. At it turns out, the OAuth people seem to think of the non-use (or, in fact, minimal use) of SSL as primarily a performance issue:

In 2007 when OAuth 1.0 was being created, SSL was used sparingly for APIs. As CPUs have become faster and more specialized SSL hardware has been deployed, it has become increasingly possible to operate APIs over SSL. Some APIs, like the Google Health Data API or Yahoo!’s Fire Eagle API, operate fully over SSL anyway as developers are interacting with non-public data. Using SSL obviates the primary purpose of the cryptography used in OAuth 1.0a, which was designed for transferring data over insecure channels.

Export

I think they’re missing the boat here. For mobile app developers, SSL-based protocols are a real hassle, not due to technical considerations, but due to legal ones. If you use general-purpose encryption in your app, then that app then becomes subject to bothersome export controls. (This is the case in the U.S., at least; developers in other countries may or may not face similar issues.)

A good-enough protocol like OAuth, which operates in the clear, is very handy for app developers, and it would be a big mistake to wrap it inside SSL. OAuth isn’t really secure outside of SSL, of course (Bad People can always extract a client key from your app, and steal a resource owner’s token credentials when they’re delivered over the wire) but it strikes me as good enough for the vast majority of not-that-important services.

This is probably why lots of services (Twitter!) ignore the strict language of sections 2.1 and 2.3 of the spec.

Posted in iPhone, Projects | Comments Off

Comments Experiment

Posted on December 12, 2010 by MXH

I’m going to experiment with enabling comments. Right now, they’re set up s.t. everything has to be manually approved. I’m not sure what my approval criteria will be — probably something along the lines of “I’d enjoy reading that if it were posted on someone else’s blog.”

Let’s see what happens.

Posted in Projects | Comments Off

Six Word Stories: Backup

Posted on December 11, 2010 by MXH

John’s backup parachute didn’t work either.

Posted in Six Word Stories | Comments Off

OAuth and mod_wsgi

Posted on December 10, 2010 by MXH

Just a quick tip: If you’re building an (e.g., Django) application that:

then you need to ensure that you set the WSGIPassAuthorization configuration directive to On. If you don’t, then Apache will filter the Authorization header, and OAuth parameters will never reach your application.

Posted in Python | Comments Off

Argentine

Posted on December 9, 2010 by MXH

An Argy friend of mine was given to:

  1. Joking about some of the less-charming stereotypes of her countrymen. (“The French of Latin America.” “How does an Argentine commit suicide? He climbs to the top of his ego and jumps off.”)
  2. Opining that I would fit in well in/get along with the people of/be happy in Buenos Aires.

Since the two ideas were usually expressed at some temporal remove from one another, only much later did I realize that the overall message was not necessarily entirely complimentary.

Posted in Jack Handy | Comments Off

Wikileaks

Posted on December 8, 2010 by MXH

Some random thoughts on Wikileaks. Be warned: I’m going to be doing a bit of “people say such-and-such” w/o providing any links, because I’m feeling a bit lazy. I don’t think any of these unsourced mutterings will be much in dispute, however.

The short version:

  • The horse is out of the barn
  • Julian Assange ought not be prosecuted by the U.S.
  • Australia could plausibly see him as a traitor, however
  • And he definitely seems to be an enemy of the U.S.
  • The Swedish “rape” charges look to be entirely bogus
  • Bradley Manning should be prosecuted by the U.S.
  • It’s possible that this is all a U.S. psyop

Continue reading

Posted in Jack Handy | Comments Off