Slashdot Mirror
Guido van Rossum Leaves Zope.com
VladDrac writes "Guido van Rossum, the author of the Python programming language, announced at OSCON last night that he's leaving zope.com, to work for a new startup called 'Elemental Security', founded by Dan Farmer (known from several security tools such as Satan). Guido leaving Zope.com will also probably mean that he will be no longer involved in Zope3 development, but hopefully he'll have more time to spend on Python development." Guido says that he's excited about his new employer, but that nothing substantial will change about Python as a result of the move. "It's just that I'll be working from the West coast." Python is "already quite secure," he says, and will be the basis of an upcoming security product ("just getting started") from Elemental.
You can read his goodbye posting to the zope3 list here
"an (sic) security product"
Please fix
What other projects are being done in Python?
that someone was leaving zombo.com ?
I was sad
I'm not a big fan of Python, but I'm glad he's moving to a security group. The guy is close to being a genius, so let's hope they get some good stuff out.
http://mail.zope.org/pipermail/zope3-dev/2003-July /007598.html
Guido van Rossum guido@python.org
Wed, 09 Jul 2003 10:24:54 -0400
Dear Zope 3 developers,
Last night at OSCON I announced that I am moving to California. I
have accepted a new job at Elemental Security, a security software
startup in San Mateo. You may have heard of one of the founders, Dan
Farmer, who is the (co-)author of several well-known free security
checking programs: Satan, Titan and The Coroner's Toolkit.
Elemental is a brand new company, and I can't say much yet about the
product, except that it will be aimed at enterprise security and use
Python. I'm very excited about working with Dan on its design and
implementation.
I'm also excited about moving to California, which has long been a
dream of mine. I'm looking forward to getting together with the many
local Python users and developers once I'm settled; right now, my life
and that if my family is total chaos because we're trying to find a
home and move into it by August 1st.
I will still have time for Python (it's in my contract) and I will
continue to lead Python's development. The other PythonLabs folks:
Fred Drake, Jeremy Hylton, Barry Warsaw and Tim Peters, are staying at
Zope, by the way.
But unfortunately, this move pretty much ends my involvement in Zope
3. I've signed a contributors agreement, but with the new job and my
Python work I don't expect to have much time for Zope. So this is
also a goodbye, of sorts. I've enjoyed working with many of you, Zope
3 developers, and I expect we'll run into each other at some future
Python event.
In the mean time, I'm here at OSCON with a busy schedule and limited
access to my email, and the following weeks I will be in transition,
so please be kind if I don't reply immediate when you write me.
--Guido van Rossum (home page: http://www.python.org/~guido/)
PS. guido@zope.com no longer works. Please use guido@python.org!
Excuse me, but that's ruby's job!! :)
That sound you are hearing is a thousand hackers and script kiddies going "Oh yeah?" in unison.
It hurts when I pee.
..known from several security tools such as Satan ..."I'll be working from the West coast".
Please, stay where you are, sir. We have enough problems out here already.
Here is his personal website:
http://www.python.org/~guido/
You never know, you know.
We have the Yopy 3700 and now someone's leaving Zope.com. Has Disney been put in charge of naming things lately? Try the new Dopey 2003(C)!
When you lose something irreplaceable, you don't mourn for the thing you lost, you mourn for yourself. - Harpo Marx
Hopefully the job change will allow him to concentrate a bit more on python, its a great language that we in the lab are using to replace all our old apps that were written in VB and java.
One thing I would like to see would be python to become even more object oriented which would give it greater flexibility and would mean that the code would not be so long (our Vb code is about 2-3x shorter than the python code). Perhaps they could do this by borrowing a few tips from perl, which although slower has code that looks much neater.
All that glitters has a high refractive index.
"Python has been an important part of Google since the beginning, and remains so as the system grows and evolves. Today dozens of Google engineers use Python, and we're looking for more people with skills in this language." said Peter Norvig, director of search quality at Google, Inc
...I was rather confused for a moment how a story on zombo.com would make /. front page.
Do not read this sig.
Which unfortunately has nothing to do with the ideas behind Python.
It tends to be much more than "strongly-typed effective scripting language" and if there was some big corporation promoting it as development platform(not even providing support, the guys from the team are doing really good job) , you can bet that Java would had one more serious competitor to worry about...
1. No sig. 2. ???? 3. Profit!!!
With python there is no question his importance, 'with out Guido there is no python'.. ( thankfully that wont change, that would be a tremendous loss to the community )
What his is level of involvement with zope? Does this spell a slow painful death or just a minor speed bump.. ( I admit I don't follow *new* zope development so I'm just curious )
---- Booth was a patriot ----
David Finkelstein has announced he is leaving McDonald's to work at Subway.
Great! I've been hoarding oxygen and have become increasingly concerned that my neighbors may try to liberate it. Damn free radicals.
"You...you...you(obviously having a hard time finding the word)........... moron!!!"
*going out with a smash for the door and a finger for the person*
1. No sig. 2. ???? 3. Profit!!!
Er.... I know python pretty well. Perhaps I should send my resume? :D
"Times have not become more violent. They have just become more televised."
-Marilyn Manson
PS. guido@zope.com no longer works. Please use guido@python.org!
If he was leaving on good terms with Zope corp (ex digicool), then why the sudden switch in email adr? I know, big corps cut you off the second they can when you leave, but not even forwarding his mail smells fishy - like there was some kind of falling out or disagreement behind the scenes.
Yes, I'm a paranoid freak, but there is more potential evidence in his goodbye - he never thanks Zope corp for his time there and thier support. In fact, except for saying that the rest of the PythonLabs people are staying, he never mentions Zope corp (though he does mention Zope the project many times). This could just be due to limited time and his forward-looking nature, but it just reads oddly to me...
man is machine
... is yet another guy named "Guido" wanting everyone to admire his "Python".
SoCal is the land of double entendre and uber-image, Mr. Van Rossum. We don't care about your substance, we want to know about your style. So the question the really needs to be answered now is,
Python: Is It Sexy Enough? Join us on E! when we ask your favorite celebs just what scripting language they use for their daily information processing! We know Pamela Anderson loves Perl, and Carmen Daily is crazy about Java, but what happens when these two sexy stars get their hands on Python? Watch at 11 and find out!
Chr0m0Dr0m!C
I tried satan for my network security. Cost me my soul, but it's damn good. One kid tried to hack around our proxy to play games at work, and he got engulfed in flame and dragged down to the 3rd layer of hell for the rest of the day! Sure, I have to use a massive water cooling system to keep the firewall (and I mean a wall of fire that I run the ethernet cable through) from melting the other servers, but when the dark lord is watching your back, you don't even have to think twice about security.
I've tried and I even have friends already working there to use as references. My impression has been that for any kind of fun job there you need a PhD or at least a Masters. Oh well.. we can always dream.
;)
A more interesting project would be to make a search engine that functions as well as Google on a much more modest budget. That's an ongoing game of mine. I figure if I ever succeed maybe they'll hire me finally.
At what price learning? At what cost wisdom? The price is a man's peace of mind, and the cost is his life.
I'd like to point out a thread that I found a little while back on Python-Dev about Guido's decision to remove the rexec module (similar to the Java sandbox):
posting 1
and Guido's reply:
posting 2
A little bit further down that thread we find this:
posting 3
Since this last one is particularly telling, I will quote the relevant text for our impatient readers:
I think Guido's rationale for removing all these features will be widely misunderstood. Me channeling him: it is not that he believes that the architectures developed were inherently incapable of providing security. Instead, he feels that no "expert" for these matters has reviewed these architecture for flaws, and that the continuing maintenance of these things isn't going to happen.
If this understanding is correct, then any new approaches will likely suffer from the same fate. Unless somebody steps forward and says: "I am a security expert, and I guarantee that this and that feature is secure (in some documented sense)", then I think he will dislike any changes that mean to provide security.
So this not a matter of engineering but of authority. Somebody must take the blame, and Guido doesn't want to be that someone.
Disclaimer: I love python. However, I am working on a project that depends on rexec, and when I discovered that it was being removed, I was a little annoyed - especially at the reasoning behind the decision.
--WH--
Looking at Guido's Home Page I noticed that his picture shows a clean, healthy looking guy with all his hair.
I hereby cast my vote for Guido VanRossum for Least Ugly Open-Source Project Leader.
Zope is a very cool web application system, and while I don't know of Guido's specific contributions I have to assume that they were great. Still, I'm confidant that Zope will carry on.
For those not familiar with Zope, it is a web application server written entirely in Python. It features an object database that, for example, lets you create an image object, and then call it from other code to automatically build your image tag based on the dimensions and title of the image stored in the object.
It's open source, developed both by the Zope community and the Zope corporation. There are at least two kick ass, open source content management systems built on top of Zope Corp's content management framework that I know of: Plone and Silva. There are a ton of add-on products that are downloadable too.
Zope does have a pretty steep learning curve, if you don't do stuff with "real" web applications (stuff that needs access control lists, user management, templating, etc) it might not be right for you, but it's great for bigger applications. Edd Dumbill talks in a recent blog entry about why Zope is worth learning and DevShed (which runs on Zope) has a good overview.
Guido and Dan Farmer are both smart guys and I'm sure that we can expect good things.
Why can't I moderate something "Wrong" or at least "Grossly Misinformed"?
I hope it's not another stupid mistake like joining BeOpen.com at the height of the dot-com frenzy. No one knows Elemental's business model, but I would expect it is less fanciful than BeOpen's idea to sell advertisements to open source developers. I would bet the other PythonLabs team are not joining because they don't want to get stung again.
Then again, it could also be seen as a statement about Zope's (the company, not the technology) viability, or, alternatively, about the resurgent health of the startup world.
Whatever the case, best of luck Mr. Rossum.
About your sig: how does bash.cx relate to bash.org?
Overrated / Underrated : Moderation
The French and Dutch were the biggest slave traders. Of course, the Africans themselves did the dirty work of rounding up competing tribes and selling them to the slave traders.
The module advertised to do one thing, "restricted environment" but then failed to deliver. Guido had an obligation to mark it broken and/or remove it.
As for fairly secure, python does not have a sandbox... but I hardly think that the lack of a sandbox makes python insecure.
Granted, badly written Python can be hard to read, no doubt about it. However, I will assert that it's simply not possible to obfuscate Python to the same extent as C or Perl. It just isn't possible.
;+)
Go ahead and show me some nested lambda + encoding of eval'ed source + pickle or some other monstrosity if you like, but it will have to be indented properly to even execute.
Please mod this post only if you think others should/n't read this. I have enough ego^H^H^Hkarma. Thanks!
I was watching The Learning Channel yesterday. They were showing all the anti-UFO movies, you know the ones with the euro-accent fat guy who discredits UFO's while having sex with a mare in-front of Area51; and then they cut to a close-up of that bug-eyed Nuclear Physicist with the American Lisp in his voice. Cut to the commercial... Some new fucking show called "Gay eye for the strait guy." One question, will you watch it? It has the fucking ass-fag hammered homosexual guys in Mob-style clothing, thinking they are all sexy because they're the gays out of a normal job requiring perspiration, and they run around saying heterosexuals can't clothe themselves correctly. Is that fucking great, or what? That's just what I want...a homosexual cumming over to my end of town, and telling me that I should be wearing a $200.00 coat and tie as I clean and package lobsters to be sent to restaurants.
Beam me up!
emmental is a swiss cheese known for it's big holes.
Python script: Don't mess with the sexy
Dear Guido:
Welcome to California.
Your share of this year's $38 billion deficit is estimated to be approx. $5000.
Thank you.
-- I have monkeys in my pants.
I guess you don't like pseudocode very much then...
Personally, I couldn't be bothered writing out brackets when scribbling stuff by hand. Yes, it takes a little bit of getting used to, but after using psudocode a little while (for me it was in school) you get used to indenting your code blocks.
They'll think I've lost control again and leave it all to evolution. -- Supreme Being, Time Bandits
COAS
Caldera, a prominent Linux distribution and development company, is developing the Caldera Open Administration System (COAS), to provide a comprehensive and coherent framework for implementation of Linux system administration mechanisms. Among other things, COAS is designed to provide a plug-in framework for administrative-task modules which are written in Python or C++ (or both).
Damn you SCO! Defiler of technology! Damn you to hell!
(For those who don't understand, Caldera is a product of SCO. SCO is the recent bastardizer of Linux. EOF)
That's just what I want...a homosexual cumming over to my end of town, and telling me that I should be wearing a $200.00 coat and tie as I clean and package lobsters to be sent to restaurants.
If you're a fish packer, then you shouldn't be reading Slashdot. It's WAYYYYYY above your head. Style is EVERYTHING if you want to get laid. I'm willing to bet your stinking carcass doesn't get any action gay or straight. Well i say talk to the hand cause the face ain't listenin' sistah!
Zope is very close to Russian 'zhopa' which means 'ass'. Just so you know.
Agh, look I love Python but the Global Interpreter Lock's got to go. Threading is severely crippled as long as it's still there... I mean, failing that can't we at least have independent interpreters?
Please? I've looked around for efforts to sort this out but the last of them seems to have died around 1997...
That's his girl, friend. :-)
Yup.
As an active Pythonic, and a most interested observer over the last two and a half years, it seesm to me that Guido leaving Zope should not raise any fears whatsoever about the future of Zope. I will explain below. Secondly, Guido's joining the new company is a positive for Python, which I will also explain. When Guido joined Zope a while back, I was very happy because it was good for Python, as it gave Guido a safe and comfortable corporate home and presumably a good living, while still allowing him to devote a lot of time to Python. I viewed it as a great goodwill move by Zope because they would be helping to support the future development of Python at their own expense. While Guido no doubt contributed a lot to Zope's efforts, Zope was a breakthrough and great product long before Guido joined Zope, Zope development team is extensive and capable, and Guido was till devoting a lot of time anyway to Python. Therefore Guido leaving is not a bad thing for Zope. Guido joining Elemental Security is great for Python, because that company will base an important new product on Python, and because it still gives Guido a secure corporate position and salary, and because he may be allowed even more time to develop Python at the expense of a good corporate citizen. This is a win-win situation. I say thanks to Zope, to Elemental Security, and to Guido and team. Ursus Maximus aka Ron Stephens
Any bets on when the startup will go belly up and he's back doing full time Zope and Python work?
I found 56 C files in my (fairly recent) zope source tree, doing things like BTrees, XML, caching, and searching/splitting.
Still, zope is awsome. It has a sigmoidal learning curve: Easy at first, than hard and frustrating, then the light dawns and you see how it all should work.
There is so much built into Zope: you don't realize how good it is until you need those bits, like the permissioning system.
We run our bug tracking on zope. Rock stable, runs forever, and easy to extend.
-- ac at work
I believe the word "secure" meant "well established, healthy".
But hey, you got an opportunity to strut, and show some linkage!
.sigs are for post^Hers.
Seriously, Don't take anything I say seriously.
Happened long ago. Spend a week or three with it and you will agree.
We've all heard these "more readable" comments-
But readability isn't the issue here- once you have your own style, your code becomes readily readable.
It's more that with Perl there are many many different ways to do the same thing. Python does not suffer form this.
So while absolute "readability" can't really be argued too much- the issue comes in to play when you have to look at *somebody else's* Perl code, and they do something differently than you do it yourself.
I browse at +5 Flamebait- moderation for all or moderation for none.
Couple this with 9/11, anthrax, the Beltway sniper, and a few uncharacteristic deadly tornados, and this place has turned into an incredibly uptight and unhappy place.
Not that California is quite what it was, either, but for a season there, DC was the "Silicon Swamp," and it was intoxicating.
I was experimenting with Zope last year and again during the first half of this year. It's definitely a cool product, but what threw me for now at least was that the documentation is abysmal, at least online.
From what I've been able to tell, there are several editions of the Zope book -- the only up-to-date version of which (currently 2.6) is still work in progress. The rest of the documentation is a mish-mash of user-written howto's, some of which are excellent, some of which are dupes of others, many of which are out of date, and others of which are just badly written. Searching the database of these is hard, and it's very difficult to distinguish well written old ones that are still relevant from newer ones that aren't very useful.
My main problem with it though is that although it focuses hugely on the differences between zope development and regular web development without seriously dealing with implementation examples of common tasks. On and off it took me about a month to figure out how to make a simple form-based login system (similar to slashdot's) and tie it into Zope's user folder system. Co-incidentally The only zope-based website I could find that actually did this was zope.org itself.
I really like Zope and I've shown off how it works to people many times over. But I'll only seriously consider using it more once the documentation is more coherent. At the moment I think that's one of the main places where itfalls over.
don't read just one popular program and assume that its a good representation of how to do things in the language.
http://www.opensource.org/docs/definition_plain.ph p
Gentoo's paackage manager Portage is written in Python.
Indentation without brackets makes block nesting much more readable and obvious, than brackets without indentation.
Perl code is fundamentally unreadable, and readable Perl code is the extremely rare exception to the rule. Perl does nothing to encourage people to write good code -- just the opposite. But Python supports and encourages clean maintainable readable code.
Most vociferous Perl advocates are sadly monolinguistic (they aren't proficient with any other languages), or else they would realize how horrible Perl is in comparison, and how much time and effort they're needlessly wasting. Monolinguestic Perl programmers are usually quite polylinguaphobic (afraid of learning new languages like Python), because Perl was so hard to learn, and they assume out of ignorance that all languages are just as compex, messy and hard to learn and maintain as Perl.
Like the Senator from South Carolina argued against bilingual education: If English was good enough for Jesus, then it's good enough for the students of our state.
-Don
Take a look and feel free: http://www.PieMenu.com
Dude, that's Guido's son. He's married to an adult female American-type person.
Python is the ultimate Californian programming language. You can write piles of Python code when you're stoned out of your mind, then totally forget all about it, and then come back months later and easily pick up where you left off, still stoned out of your mind.
And the best part is, you're still twice as productive as any other state in the union. ta dum!
Ada's a much better programming language for destroying Microsoft than Java, because Ada has built-in support for cutting off heads all the time without even thinking about it, instead of silly promises about "write once run anywhere" and those totally homosexual inner classes!
-Don
Take a look and feel free: http://www.PieMenu.com
Unless the security product allows untrusted users to enter and execute Python code, then there's no contradiction in using Python to develop a secure application. Security isn't something that springs from the programming language itself -- it depends on what you do with the language. Security is largely a social issue, which is why it was a good call to remove the "rexec" module for the reasons Guido stated.
The idea of adding "data tainting" to Python or any other language is a misguided attempt to force the programming language to guarentee a kind of security that you can only get by designing, implementing and debugging your program properly. No programming language can protect against lazyness or stupidity, and it's misguided to try to provide a false sense of security at the linguistic level.
-Don
Take a look and feel free: http://www.PieMenu.com
Zope's DTML is a pain in the ass, and the xml page templates are lame and bizarre. What I would really love, would be an elegent xml based and fully functional web templating and programming language like Water, implemented in open source Python, embedded in an interactive dynamic object publishing content management web server framework like Zope (but simpler).
If you're interested in language design, definitely read the white papers like the Water Rationale on the Water web site. They're to the point, brilliantly written, and hit the nail on the head.
-Don
[Interesting excerpts from http://www.waterlang.org/doc/water_rationale.htm]:
Water Rationale
Fry, May 2002
Overview
Water is a language for the web that embodies the three primary functionalities needed for general purpose information manipulation into one unified language:
- Code: Water is a general purpose object oriented programming language that is, at its core, more flexible than Javascript, Visual Basic and Java.
- Data: Water permits the description of persistent structured data on the web via an XML syntax yet having the capability of computing values that may contain self-referencial interconnections.
- Markup: Since Water is a superset of HTML, it inherits all of HTML's capabilities.
The syntax of Water is a superset of HTML, or, more properly, a superset of XML. HTML has proven to be an easily understandable markup language since it has been learned by millions of people in the several years that the web has existed. XML is a standard for putting structured data on the web. Water extends the syntax of XML to make a language less cumbersome to write code in. Water provides a way to define functions and call them in addition to defining and instantiating objects. The object system is a multiple-inheritance, prototype-based object system with annotations. This will be described below, but for now it's sufficient to say that it is more powerful yet simpler than the class-instance object systems currently in vogue in languages such as Java and C++.
[...]
We Need Another Language Like A Hole in the Head
Right now the plethora of languages on the web causes more than headaches. New ones seem to be born monthly. Having to learn two or more to get a task done is more than twice as hard as one language because the interface between the languages is always additional hair which is, more often than not, poorly documented.
Why do we have HTML, XML, Java, Javascript, C++, Visual Basic, VRML, XSLT, PHP, etc? Because none of them are flexible enough to give programmers the functionality they need in building a modern Web application. Looking within the scope of what each of the above intends to cover, we often find serious flaws. But when we try to move outside of that scope, say doing markup in Java, we have a full-fledged disaster on our hands.
We do not need a new language for implementing some specialized functionality. Sooner or later that specialized functionality will need general purpose utilities like condi
Take a look and feel free: http://www.PieMenu.com
Very interesting, thanks!
I had a feeling that such an effort - making XML a complete general purpose language - must be out there (as opposed to the myriad of things like SAML which are actually complete but specialized).
I would have started with Scheme - not obvious why Self was chosen but it looks alright. Does it have macros though?!
Uh, unfortunately I'm obliged to retract my endorsement - it's not XML at all!
In fact, Water is pretty eccentric all over.
I'm afraid it's back to Scheme and SXML for me...
Water uses an extended XML syntax called "Concise XML", that's compatible but more general and concise than XML. Here's the description of Concise XML from the Water web site. They discuss some interesting observations and the rationale behind Concise XML in the "The Trouble with XML article. And here is a chapter of the Water book describing ConciseXML.
What is ConciseXML?
ConciseXML(TM) is a language-independent markup syntax compatible with XML 1.0, but designed to handle every type of data including non-hierarchial data, program logic, document markup, and binary data. ConciseXML is both concise and precise, eliminating two major limitations of XML and extending the use of XML.
Features of ConciseXML
Conciseness
Many people avoid XML in many circumstances because of its verbosity. ConciseXML is as concise at representing logic as the "semi-colon" syntax of C/C++/Java/C#. ConciseXML can also be as concise as the Comma Separated Value (CSV) syntax for data.
Precision
ConciseXML has no ambiguity of meaning. There is only one way to represent parts/fields of an object. This stands in contrast to XML where there can be many syntactic forms for the identical meaning or semantics.
XML Compatibility
Is ConciseXML compatible with XML?
ConciseXML maintains both forward-compatibility as well as backward-compatibility with XML. Any XML document is also a valid ConciseXML document. Any ConciseXML document can be represented in XML without any loss of information. For each ConciseXML extension to XML, there is a corresponding form in XML. A ConciseXML expression or document can mix and match ConciseXML and XML syntax at all levels.
ConciseXML Extends XML
ConciseXML makes XML more flexible by eliminating many of the constraints of XML. Here are some examples.
Attribute values can be any expression
Example: <input size=3/> or <person birth=<date 2002 10 2/>/>
XML requires that all attributes values are quoted. That effectively requires that all values are of type string. Elements are often used to work around this limitation, but that presents another set of problems. Attribute keys can be non-strings
Example: <thing 0="foo" 1="bar"/>
XML does not let an attribute key start with a digit. That effectively prevents integers from being attribute keys. ConciseXML makes it possible to easily represent array-like fields with integer keys.
Tagname of an element can be any expression
Example: <foo.bar/>
XML Namespaces are a step in this direction, but ConciseXML makes it possible to have any expression as the tagname of an element.
Attribute keys are optional
Example: <date 2002 month=10 day=28/>
In the CSV (Comma Separated Value) syntax and in all major programming languages, field or argument values are given by position, not by keyword.
Closing tagname is optional
Not only does this remove unnecessary clutter, but when ConciseXML is used as the syntax for dynamic languages, the tagname may not be known until runtime, and therefore the closing tagname must be optional.
[...]
Take a look and feel free: http://www.PieMenu.com
Mitch Kapor's OSAF (Open Source Applicationsu ff"
Foundation) is using Python for "Chandler", their
"lotus-agenda-plus-outlook-plus-tons-of-st
megaprogram.
Alex