software

I've been blogging for a few months now over at the Team Drupal Tumblr. This is one of two tumblrs that Torchbox has set up to serve the internal and external needs of its tech teams.

That means I haven't been blogging much over here. So some of my highlights, if you're interested:

• My talks on all aspects of Drush as "command-line Drupal" at Drupalcamp Oxford
• Another talk about our rebuild of the Love Food Hate Waste website, given at the Oxford Drupal Users Group
• Programmatically executing Drupal Views (may only be relevant to Views 2.x)
• Removing data permanently from a git repository and a related Stack Overflow solution I finally came up with myself
• Bundling the Less CSS module with an install profile

It's probably of greatest interest if you like Drupal; less interesting otherwise. But do wander over and have a look if you get a chance. I might try to duplicate some of the content here, for reference purposes if nothing else; we'll see how that goes.

There's been uncertainty over the future of "social bookmarking" site Delicious since Yahoo! leaked slides showing that it was going to be "sunsetted" by Yahoo! a while ago. Sunsetting is one of those euphemisms like "crossing over the rainbow bridge" that make the underlying activity even more sinister; in Delicious' case it meant being sold to people who alienated the user base with weird T&Cs, and have since made the site considerably less useful: to me at any rate.

At Torchbox we used Delicious a lot for our "show and tell" sessions: people would tag links during the week, and every week or two we'd have a round-up meeting based on the tag. We knew that anything from the past couple of weeks wouldn't have been seen yet, so it was easy to track the bookmarks down via an RSS feed. This was the last big thing we'd use Delicious for regularly; when the site was sold and changed, the sorting algorithm was changed too. Now, if a random stranger re-submits your URL, the bookmark seems to suddenly become brand new again. This basically broke our usage of it, where we required older links to stay older so we knew when our weekly catch-up was done.

The eagle-eyed amongst you (well, amongst the few that actually read this blog on my website and not via a feed) will have spotted that my link top-right to "Delicious" now points to "Pinboard", which is a neat competitor to Delicious that everyone's been telling me about for ages. It's a paid-for service, which - despite its incredibly low cost of $9-something, up from $7 a year or so ago - has ended up being a minor barrier to entry for me.

Sadly, Pinboard doesn't have quite the number of "cool social tools" that Delicious used to sport - being able to suggest links to other people, for example - but then they're gradually becoming less worth using in Delicious these days anyway. Most of the link sharing I do is via my Twitter account, and that lets me decouple the social framework from the bookmarking tool. Which feels wrong, given how nice it was in Delicious; but then look where that's got me.

Pinboard has become the first ever website I've paid for, for the slightly ephemeral service alone. I'm user jpstacey, which gives me the nice, hackable URL of http://pinboard.in/u:jpstacey . Goodbye, Delicious: and, genuinely, thank you; but it's time to move on.

While I was working towards a deadline and Christmas, it became something of a meme to write short articles listing the languages you've used, and making short, positive statements about each. I wondered at the time if I could do it, and if it was worth while bothering.

It turns out that doing so unearths lots of programming history that I actually think rather fondly of, on the whole. Apart from maybe when I had to—but that's hardly in the spirit of the meme. Here's a list, that I can't guarantee is entirely complete, in alphabetical order.

• Applescript a neat way of communicating with a Mac, in a language that's a bit like a subset of natural English; enough to make programming feel like a relationship.
• ASP/VBScript gets dynamic content on the web really easily, closely enough to BASIC for newbies to understand, and with potentially strong security controls
• Bash strongly linear feel to it, with the central idea of a chain or pipe of statements which are powerful enough to do what you want, and smart enough to generally just do it and shut up.
• BASIC my first ever language, so easy that children who can't understand the languages every programmer likes their children to understand, can understand
• C startlingly pure and sharp, making you feel when you're debugging it like your computer's case has suddenly gone transparent and you can see its brains
• ColdFusion enabling rapid, sloppy, easy prototyping, to create a fully-functioning web application in the time it takes you to sneeze some angle brackets
• Erlang like playing with an army of tiny helpful aliens, the ones out of Toy Story, who bat messages to each other without you having to tell them all the time
• Javascript rich, event-driven scripting for the de facto computer-use environment of choice: the hand that rocks the browser rules the world-wide-web
• Java strongly-typed, robustly-built object orientation that you feel you can trust your weight to, and which has become truly platform independent
• LaTeX understands typesetting the way that Javascript understands the browser, moving type and illustrations around in a powerful and intelligent way
• MATLAB rich in maths and programming alike, it's how  I imagine Mathematica would be if it let you goof off more often
• Pascal strong typing and logical program structuring means you know where things are going to go and what they're going to do and stops sprawl
• Perl the mother of all modern scripting languages and a religion rather than a language, when it does something clever it does it with a wry smile
• PHP fast, powerful, web-native, complex, C-based, unfairly-derided, underestimated, just-do-it charmer and helpmate that keeps the web running well
• PostScript the C of typesetting and printing, arcane and brooding, oddly satisfying to hack around in its arcane declarations to get a diagram just right
• Python fun, smart, objects-all-the-way toolkit with beautiful exceptions that can do anything and lets you actually program in ways that are just unfeasible in any other language
• *SQL like Applescript, feels like a good compromise between natural language and a computer's thoughts, and even its derivatives have a purity of purpose
• XMLScript sadly retired early contender for XSL's crown, a cheery, self-modifying, tree-based language for modifying XML documents
• XSLT utterly XML native and (especially when compiled down) blisteringly fast gateway drug into functional programming, that most developers can still comprehend

Edit: now it's your turn!

Developing Drupal in a development--test--production environment has a lot of advantages. Each developer's work is sandboxed, staging is straightforward, and deployment to live the stuff of Capistrano scripts---especially if you unite the entire ecosystem of separate environments with version control.

However, it can lead to confusion over precisely where your browser's currently pointing at: at best, this can be comical; at worst, it can result in either loss of live content or the logjamming of a staged site with content intended for live. Suddenly a staging environment is out of action until that content can be exported to the live site.

Enter devwatermark β-0.1, a D5 module intended to watermark any non-live sites with a little right-hand banner overlay. When first enabled---you can do this on your live site---it inserts no such banner. However, as you add live domains to its configuration, it begins to work out when it's not on a live site and tags your browser window with the "DEVELOPMENT" banner. Like watermarking your printouts with "DRAFT", or maybe like dogearing a page in a book. If your site has to respond to multiple domains---and if the content is the same then you should really serve up 301s instead---then you can add those extra domains to the configuration as required.

Having devwatermark enabled on live means that when you bring a live database down to a staging site to test the next round of updates, the change in domain will make devwatermark automatically show its banner image. You know instantly when you're in a development---and hence content-volatile---environment. That means that you can also watermark staging sites as non-development too: by adding them to devwatermark's configuration you can confirm to the developers that here's a database environment that they can't wipe and start again.

As I mention above, it's currently only available for Drupal 5, and your theme has to respect hook_footer (most do out of the box.) But please feel free to download it and give it a try.

Google are introducing paid-for extensions to Google App Engine quotas, which is great as it lets you build more complex applications if you're willing to pay the rates. At the same time they're reducing the baseline free quotas. That's a shame, but only to be expected in a recession: at least there's still wiggle room there for the casual developer to play with the service.

As far as I can see there's still no SLA in the Terms and Conditions (11.3 seems to be fairly clear on this), which is a thorny issue, not just for our clients. There's also no option I can see to increase your file number quota (as opposed to increasing the quota for total disk space) which means that deploying a Django app of any complexity presumably remains a pain in the arse.

We've recently had to integrate code with a large ASP application, which provided me with certain opinion-forming revelations about how the other half live. Part of this integration required us to write some ASP, an unexpected and un-wished-for surprise in itself. We had to generate livery in our own application---to make webpages from both sites consistent---and expose it to ASP via a HTTP call over the wire. The ASP application could then cache it, to avoid the extra per-page overhead of a HTTP call plus dynamic generation.

I provide below some reasonably solid HTTP fetching and cacheing in ASP/VBScript. I hesitate to add "because almost everything I found on the web was rubbish" because that would show hubris in the face of me having just had to sanitize the code, quite likely introducing typos along the way. These code samples also come with no warranty and no likelihood of me answering awkward questions about them. To invoke the fetcher/cacher, put the following in your currently executed VBScript file:

<% Dim strUrl, strUrlKey, objWinHttp
strUrlKey = "top_menus" %>
<!-- #include file="fetch.inc" -->
. . .
<% strUrlKey = "side_menus" %>
<!-- #include file="fetch.inc" -->
. . .
<% strUrlKey = "footer" %>
<!-- #include file="fetch.inc" -->

Some notes on this below, but here is the actual fetcher/cacher to put in fetch.inc and bring it in with the above:

<%
' @description remote calls to get livery
'
' @param strUrl might need to be Dim-defined in wrapping file
' @param strUrlKey must be Dim-defined and set to a particular
'   livery identifier in wrapping file - also appends it to the URL
'   query string that it gets
' @returns HTML on standard output

strUrl = "http://example.com/?livery=" & strUrlKey

' Cache timeout is 60 minutes
' Application(foo) fails gracefully if key foo does not exist
If DateDiff("n", Application(strUrl & ".LastModified"), Now()) >= 60 Then
  ' If cache expired, get the page
  Set objWinHttp = CreateObject("Msxml2.ServerXMLHTTP")
  ' Turn error handling on
  On Error Resume Next

  ' Timeouts will now be handled
  objWinHttp.open "GET", strUrl, False
  objWinHttp.send

  ' If no error, trust content
  If Err.number = 0 Then
    ' Lock the application scope and insert page and cache date
    Application.Lock()
    Application(strUrlKey) = objWinHttp.responseText
    Application(strUrlKey & ".LastModified") = Now()
    Application.UnLock()
  End If

  ' Turn error handling off
  On Error Goto 0

End If

' Regardless, read from the application
Response.Write(Application(strUrlKey))

' Tear down object
Set objWinHttp = Nothing
%>

The Dim statements before the <!--include--> make it all a real pain in the arse. Some server configurations will arbitrarily interpret and run ASP files without Dims; some won't. And you can only ever Dim a variable once in a particular variable scope, or everything dies horribly; you have to keep track of whether or not a variable has already been declared, pretty much by eye.

Depending on your server, you might also not have access to the particular DLL that provides Msxml2.ServerXMLHTTP. If that's the case, then there are other possible ways of making the HTTP call out there on the web: it's just that the Graceful Exits bouncer isn't letting them through the door.

Now, if you'll excuse me, I need a shower.

I finally began to get on top of Wordpress upgrades a few months ago, with an upgrade to 2.5.1. It worked well, but left me open to what looks like a failed attempt to exploit a cryptographic splicing vulnerability in Wordpress 2.5.x. I'm still checking database tables now.

In the mean time I've finally followed Tom's advice (which I didn't take when he volunteered it at the time) and upgraded Wordpress to a subversion checkout of 2.6+ . It was no more painful than the previous upgrade, and looks like being a much simpler procedure in future owing to subversion's interface for switching versions.

I'm typing this from Google Chrome. Since it was released almost two weeks ago I've wanted to blog about it, but have been mostly hampered by no easy access to Vista or XP. I've temporarily rediscovered my XP partition, though, and as mountains of Windows security updates download in the background I now feel frankly safer in Chrome than in IE7 (or the cranky old FF2.x I'm about to update while I'm here).

Why this might be a plug, although it probably isn't

I've also been waiting to categorically declare a very minor conflict of interest, which I can now do: yesterday a lovely paper copy of the Google Chrome comic arrived in my letterbox. So if you think I'm blogging because of that, you can navigate elsewhere now.

Certainly a product's incompatibility with X/Linux would normally make me avoid it, so perhaps I have being persuaded by the marketing. But a large part of Chrome is marketing, and what makes it most interesting is what it reveals about Google's marketing internals and about whether or not they matter; but more about that later.

How Google Chrome feels and acts

The ever-lucid Jon Hicks has already posted some thoughts, so my delay in writing has saved me time on that score. I don't have a great eye for design, but I feel like Chrome's appearance is interesting if less revolutionary than the promotional material might suggest. Tabs sit in a blue surrounding background, making them look like a half-hearted IE7 reskin. Menus have, as in IE7, been relegated to two weird buttons on the right of the address bar. Full-screen mode is nice, though, as the tabs sit over the top window bar, combining Windows chrome and Chrome chrome---does that make sense?---to increase the window size.

Browsers are browsers and, as with word processors and spreadsheet software, they should really be free and open-source by now, leaving proper software companies with time to develop the next generation of applications. So in a sense most of what Google Chrome does, it does well: unobtrusively and unremarkably, and that's how it should be; but quite hard to comment on. What's most noticeable is the speed: it's faster than any browser I've used on XP, ever. Opening new tabs and windows---although in Chrome there's very little difference under the hood, as they're all processes---is nippy, despite the extra overhead that Google have decided is essential to Chrome's distributed stability. Pulling a tab out of one window; letting it drop as a new window, or dropping it into a different window; maximizing windows and general rendering of content: these are all sharp and impressive. But again, they shouldn't be as obvious as they are, and it merely reflects on other browsers that Chrome feels so fast.

There's a kind of Firebug-like inspector in Chrome, and it's nice enough, although it ought to be extracted as a plugin before long, otherwise my guess is it will end up neglected. And popup blocking---represented in the promotional bumf as the window swallowing the popup, and you the user pulling it out in a reactive way---is just a case of a popup window appearing in the main tab so that only its bar is visible. There's no obvious feeling of resistance as you pull the hidden window up to be visible. Maybe that's the point, but after the reaction of tab dragging and dropping you feel like you're moving popups around using an entirely different UI. Also, as I've just discovered, text search doesn't look in form textareas, which makes proofreading your blogposts difficult.

Generally, though, Chrome has at least run rings around anything that Microsoft can produce in the browser market, and then Google managed to completely open-source the code which, like some old John McCain company, Microsoft can neither do nor understand why it should. It's astonishing to see one huge company outmanoeuvre another like this, and suggests interesting times still ahead

What packaging Chrome has been wrapped in

As regards the marketing, Google has also managed to completely confound the other big player Microsoft is intent on gradually rebranding itself as something in between the silver-and-blueblack chunky mens' toiletries packaging that make it acceptable to possess both moisturisers and Y chromosomes, and transparent, flashy interfaces of the sort that IE6 always fucks up and means web developers have to work around. Google, on the other hand, has essentially presented itself through Chrome as a kind of retro-yet-futuristic 1950s take on a science-fiction OSX, all meals-in-a-tablet and egg-shaped seats.

Much of this has been down to the artistic skills of Scott McCloud. I never know what to think about him. On the one hand he's got this unique, flowing, clean style that's something like a scrubbed Daniel Clowes; on the other, his drawings can sometimes feel washed out, pretentious and affected. On the one hand, he's tried to revolutionize the way that people think about comics, often by exposing what good comics have been doing for years; on the other, very few people have got rich on the micropayment model he espouses, and if it isn't working for musicians it's unlikely to work for graphic novelists.

Where that backlash came from

By portraying itself as different from other industry behemoths---which, to be fair, it is in some ways---Google has left itself in a bind. It still has shareholders, and on one level legally has to conduct itself as a responsible company, however much it wants to be treated like, or possibly with, Ubuntu. Fronting what's essentially a business exercise with a divisive figure like McCloud leaves you ripe to parody, and The Register has tried to step in with Google Chrome comic funnies. They fly in the face of the no-alteration Creative Commons licence that Google/McCloud released the work under, but that's fine because the uniquely American concept of fair use lets them do that if it's satire.

Except they don't work as satire, because they're not funny. And yet at the same time the font they've used makes it look eerily reminiscent of the shockingly explicit Jerk City, which hints at a far better way of parodying the style: the 4chan/yayhooray parodies are in a way more honest and hence funnier: probably because they're more anarchic and less interested in squeezing out another humourless Googlebashing.

No product launch is smooth, and there've been bumps in the otherwise smooth journey that Chrome has made to mass testing (if not mass acceptance). The end-user licence turned out to contain mad MyPlace-like terms of use which was sort of an accident, although it's drawn attention to the fact that they still exist in other Google products. Whoops. The original beta---or, given that everything from Google is a beta, maybe we should just call it an alpha and be done---was susceptible to Safari-like carpetbombing, and The Register criticized the rather flaky bugfix and its rollout procedure.

I love el Reg and its journalistic instincts. It's more than happy to puncture someone's silly bubble, and it displays a dogged tenacity in pursuing the "real" story: although they're basically wrong about climate change, in the way that Private Eye turned out to be wrong about MMR; and their grammar and sub-editing is atrocious for an outlet that considers itself to be conducting serious journalism.

But I think they're being unfair on Google: what other open-source product would launch to such scrutiny? What other product has had seamless security procedure baked into it from its alpha, and why should that matter? Google are big, but they can only cover so many bases: there's so much infrastructure glossed over by McCloud's comic, and maybe a FOSS-like boring list of features and a changeset would have led people to underestimate less the sheer amount of stress testing, and the sheer amount of work that can only now be stress-tested, now there's a user base and the animosity of the press to contend with.

Google did after all still manage a big reveal---only two weeks before London's own Google Developer Day---in their usual manner. But I do wonder about the timing. Was there a danger in letting crowds into Google UK while Chrome was still secret? Did someone want Chrome to be out---prematurely, if need be---for the coup of having people drool over it at a GDD? Was the news about to leak anyway, and did damage limitation dictate the software's release? If that's the case, though... does it matter? Google gets its theatre; the world gets an interesting FOSS project; early adopters get an unstable pre-release: everyone's happy. Ish.

Which hand is on Google's tiller

Pessimistic journalists---and in my honest-to-goodness opinion there's no better sort---always point to Google's lack of revenue from its non-core offerings and suggest that it'd be far better for Google to concentrate on the products that directly earn it money. But they forget that Google's profitless products exist as a perpetual rebranding and repositioning of Google: indirectly, they maintain Google's status as a company that other companies, developers and end users actively want to be associated with, and actively trust. While they'll never entirely remove the patina and dust collecting on their "don't be evil" statement, they can at least act like a company that trusts open source, and whom open-source communities trust in turn.

Google can keep on pushing things like Chrome out, and its launch cycle can be dictated by something other than the developers' whims, because: its main rival has nothing like Chrome, or GMail, or Google Docs; and successful FOSS projects like Django or Ubuntu have hardly suffered from bleeding-edge alphas or crotchety betas, as long as community, or honesty, or image, has been there to prop them up.

Who the hell am I to be telling you this anyway

I quite like Chrome. But I completely accept that receiving personalized communication from the company taints my status as a reliable blogger. So don't take my opinion on Chrome at face value.

I certainly won't: I'm about to reboot into a proper operating system, and I'll lose Chrome as I do so. It's a nice addition to the existing ranks of browsers, but not that nice.

The best guesses for how long we've got to completely change our behaviour and avoid catastrophic climate change vary between a hundred months and around fifteen years. But in the next few months there'll be a number of votes in the European Parliament that could decide the next hundred, which could decide the fate of us all.

To this end, four major environmental NGOs (Greenpeace, Friends of the Earth, the World Wide Fund For Nature and CAN Europe) have put together the following site, to help ordinary people---EU constituents---compel their representative MEPs to pass a package of laws that will tackle climate change and hopefully help to save the planet:

(Disclaimer: we built the site. More on the tech later: go badger your MEP first!)

[Edit: changed timescales on request]

As promised, I'm releasing the Straight Edge theme used on this blog under GPL2.

There's a brief README.txt in the zipped archive linked above, but the theme's main features are:

• XHTML compatible (in core theme files)
• Minimal, semantic markup
• No sidebar
• Excerpts on archive and category pages
• Implicit RSS feeds: the only orange icon is in your browser chrome
• Adaptive top navigation
• Separate pages for archives, categorisation and blogrolls
• Next/previous rel links in header
• Support for special pages e.g. blogroll, tag cloud

The todo list includes:

• Implement my Blogthis! plugin, while trying to keep minimalist
• Unobtrusive hiding of elements, using jQuery
• Improve styling

The theme is in a fairly alpha state. The PHP is fairly straightforward, apart from some neat theme functions, but don't blame me if everything goes bang.