Profile cover photo
Profile photo
Alice Bevan–McGregor
Growing up in a small town is tough when you're this strange.
Growing up in a small town is tough when you're this strange.

Alice's posts

Post has attachment

Post has attachment
Ever wanted to play around with A/B testing in your Django app, but didn't know where to start?  Here's a handy little function (50 lines with breakdown) which intelligently round-robin deploys your render_to_template calls.

Post has attachment
A technical blog post alternatively titled: Monkey Patching Django's ORM for Fun and Profit about pickling ORM model instances.

Post has attachment
Have a technical blog post by myself on adding a dynamic sitemap.xml file to your Django application.

Post has attachment
To the bemasked and befuddled protestor and his friends today who attempted to intimidate me into leaving…

Well, fuck you. My taxes help pay for those streets you're trotting on, the police force helping the innocent bystanders who happen to be driving cars get out of the way (and amazingly while continuing to respond to actual crime going on around the city, kudos), and may go towards the damages the protest creates along the way if the government is so inclined. I have every right to be there, just like you do. In fact, protecting the right to be there is the reason I was there! I'm not there to chant, I'm not there to bang on things, I'm there to record what's going on and spread the message.

Several police even utilized their time helping as a translator since your native friend doesn't speak a word of English and seemed quite upset. Oddly, you and your group of friends were the only ones that night I talked to that were. Even some of the cyclists ahead of the pack and helping come to decisions on direction were happy to have me there and disgusted by your actions.

Of the dozen or so people who approached me because of the radios, all were uniformly positive except you. When I raised the radios during a particularly coherent chant, everyone I looked at directly (with a grin, since how can you not smile with a thousand people banging pots in front of you?) all widened their smiles back. Or sung louder. Often both. Except you, who whispered amongst yourselves (well, shouted quietly given the ambient noise level) and pointed.

There is nothing illegal or particularly risky to you about what I was doing. In fact, the only risk was to myself from you. The radios, a portable CB (Citizens Band) and FRS (Family Radio Service) walkie-talkie are free for any citizen to use and require no license. They were made for people to use. They are also far less capable of being used against you than the hundreds of thousands of hours of video being live streamed, uploaded to YouTube, and kept in individuals' collections. If you don't think the police aren't recording video…

I was using them to broadcast the voice of the people further than it would naturally travel, the same thing CUTV, CBC, and CTV do, just in a way I thought would preserve additional privacy compared to transmitting moving pictures. Since, I hope you are aware, walkie-talkie radios can only transmit audio. (Search for "gait recognition" some time… that mask won't actually help you stay anonymous!)

You get irate about me broadcasting things like the following? "An awesome crowd tonight; I'm glad to see judges, military, and people of all ages out here!" "<chanting of the crowd>" "We seem to be paused at an intersection here, the crowd's deciding by volume meter which direction to go in…" Or even, "Passing Parc la Fontaine on Sherbrooke heading towards downtown…"

Use some of that logical thinking you're supposed to learn in school (there's a whole range of insults I could use related to that) and think for a moment. What could I tell the police, if I was an embedded informant, that they couldn't get through any of the hundreds of video recordings and tens of thousands of photographs taken and uploaded tonight? Why the hell would I need two radios? What, given the above example broadcasts, have I told them that they didn't already know since they were, y'know, everywhere? Despite you not understanding it when I said it, why weren't you accosting the CBC guys; their antennas were bigger than mine! They were carrying VHF radios, radios with much longer range than mine! Why didn't you bother them?

Because you saw an easy isolated target for your insanity. Then, when your target resists by attempts to have a rational conversation with you, admittedly while walking down the street at a brisk pace, they must be the enemy, the enemy uses logic!

If you were worried about me describing you to them, well, you're a 5-foot 8 to 10-ish thin caucasian youth, probably no older than 20, though appearing a few years younger, wearing a black and white patterned kerchief as a mask and speaking French to me despite the fact you knew English quite well. Cool. Not like there weren't thousands of youth, many with masks of various kinds, with the average height in the crowd being roughly 5-foot 8 to 10-ish. And holy crap, most of them were white and spoke French!

Of course you came up to me later in the night, possibly to gloat (but unlike you and your psychic powers in "knowing I'm working with the police") I never really was sure what you were trying to do. Coming up to me and asking why I had put away the radios, my response was simple: because of ass-hats like you who feel intimidation is the only way to get what you want. The first hour and a half you stuck to me like shit to a blanket. Didn't really work, now did it?

I find it terribly ironic that your native, or part-native friend decided to start shit… with four police officers between us. Using the police as protection while calling them names is, well, I guess fairly typical thing to do now that I think about it. Of course, I respect the police enough to seriously consider their suggestions even if I don't legally have to, so I put the radios away and continued marching for another two hours.

I'll be back again with my standard rig, that honkin-big Nikon camera, the FRS, and the earbud mic. I've been covering the last week, and I'll continue to cover these protests despite ignorant fools like you.

(The few psychology classes I've taken might also indicate that you are the child of a single parent or two full-time working parents. Either abusive or largely absent parental figures could partially explain the attitude. Fancy way of saying your mother didn't love you as a child. Go figure.)

Photo collection thus far linked to this post.

Keep it peaceful,

— Alice. 😅

[Tried machine translating into French, but damn Google screwed that up. The translation was terribly bad even with my limited knowledge of the language. If you do read this, translate it to your friends for me? K thx bye.]

#casserolesencours #casseroles #ggi #manifencours #loi78

Post has attachment
The comment thread for a recent Ars Technica article contains a lot of really good discussion. Important ideas are raised, discussion of the technical merits of such a case are examined and individual solutions are given. In several comments (beginning with a tongue-in-cheek technical solution) the discussion spread to the broader implications. Below is a copy of what I wrote and what several other members added to the discussion. I can highly recommend reading the other comments, too.

Reposted because for some ungodly reason I forgot to make this public.

This is why, when I know I'm going to be going through Gestapo Land (US border) I change my password to a substantive random string (54 characters should do) which re-encrypts the decryption keys stored on the HDD and give the random password to a relative. When I arrive at my destination I call them, get them to read me the random string, then change it back.

How can I decrypt something I don't know the password for? (And no, I doubt I'd mention who I left the password with.)

divisionbyzero replied: Do you wear a tinfoil hat, too? Gestapo Land, seriously? Either you are completely ignorant of history or the present... There is no comparison between the US and Nazi Germany but thanks for Godwinning the thread so early.

Make sure it's really tin; aluminum foil does nothing! Also, someone had to Godwin the thread sooner or later. This was the first time I managed to do it before someone else. ;) It's also a reference to a comedy sketch where the comedian described the hilarity of keeping something innocuous in your bum. Like your keys. I think the quote went something like: "US customs at the border is a 50-foot stretch of Gestapo land; they can do anything to you there. They can look in your bum! What if they found something? Something that wasn't illegal?" "Sir, do you always keep these in here?" jingles keys "Oh, officer, that was a great party. My friends, what jokers! Or, even better: yeah, that's where I keep them."

AdamM replied: So since when does this warrant a Nazi analogy? Seeing the ridiculous hyperboles on here is hilarious, and absolutely reeks of someone who hasn't spent more than 10 minutes in a bad part of town, let alone have any grasp on what terrible really is. Please for your sake get some perspective.

First, it was a reference to a comedy sketch as per my previous reply.

Second, sorry if this is somewhat offensive, but have you looked at the state of the USA recently? Over the last 10 years you have: warrantless everything (search, seizure, eavesdropping, wiretapping), the erosion of various amendments and other personal protections (miranda rights, due process, etc.), corporations dictating law (copyright FTL), the ability (as mentioned by someone other than me) to arbitrarily mark an individual as an enemy combatant, several ongoing wars not popular with the masses, legislation being passed in secret, the abundant growth of "christmas tree" legislation, and the continual degradation of economic safeguards. And this is the short list. Many of these involve powers that once granted are extremely difficult to revoke. Wake up and smell the living analogy; if you think you're going to end up more free in the future and not less, as all trends indicate, then you, sir, are the one who needs to wake up and get some perspective.

"They who can give up essential liberty to obtain a little temporary safety, deserve neither liberty nor safety." — Benjamin Franklin

Many of these actions, in the name of fighting the faceless enemy of terrorism, have let the terrorists win. (And also encouraged 1984 analogies: "we've always been at war with Eastasia^H^H^H terrorism.") The reactions of our leaders have changed society negatively; I certainly hope not irrecoverably. They have been the reactions of fear.

Politicians face two problems: the first, and most dominant, is saving face. They want to be re-elected. Second is actually doing something effective to counter a broad threat. If they do nothing, which sometimes actually is the right answer, then people will see them as ineffectual. If you honestly think throwing away water bottles (into a single shared container) or taking off your shoes actually increases your security then you are sadly deluded. But! The politicians did something, right? That makes it all better.

"Only two things have made flying safer [since 9/11]: the reinforcement of cockpit doors, and the fact that passengers know now to resist hijackers." — Bruce Schneier

Back to airport security for a moment. Other countries, where terrorism is a persistent direct threat, such as Israel, have developed countermeasures that actually increase security rather than the current state of security theatre in the US. See: See also: almost everything ever written by Bruce Schneier, the Chuck Norris of the security world.

As a final note: it surprises me how few of my American friends realize why they have the right to bear arms. The founding fathers knew that all governments eventually grow either too corrupt or incompetent enough to no longer represent the goals and ideals of the population they supposedly represent. While the occupy movement was eventually ineffectual they are a sign of things to come.

How's that for tin foil?

Edited to add: but you're right. The holocaust was about the gradual erosion of the rights of specific groups leading to internment and mass genocide: jews, romani, homosexuals, etc. What's going on now is about every citizen of your country. Hardly compares. It is true, however, that those who do not learn from history are doomed to repeat it. Here's a relevant quote:

"There were many ways of not burdening one's conscience, of shunning responsibility, looking away, keeping mum. When the unspeakable truth of the Holocaust then became known at the end of the war, all too many of us claimed that they had not known anything about it or even suspected anything." — Richard von Weizsaecker

Look upon your country and despair, for if no one does until it is too late you will have none to blame but yourselves.

sydlexius replied: In all seriousness, you make several poignant observations, but since your statements are no longer being made in allusion to some comedy skit, it's fair game to criticize how these points illustrate a fair comparison of the modern US govt. to that of National Socialism. Most everything you describe would better fit the fascist models of govt. Many other examples are that of a corrupt or power-seeking government; a trait that's possible under any of the forms of government man has devised thus far (except perhaps for outright despotism...but that's a different discussion).

Indeed, it went from facetious snarky comment to rather long rant. Apologies for the length (tl;dr) or apparent free-flow of ideas. It's 8PM, I haven't slept all week-end, and freedom from tyranny is one of those things I'm impassioned about. Let me give some links as supporting evidence: (something I should have done in the first place) (on erosion of rights) (lots to read on his blog)

The fact that a google search for "warrantless search" offers an auto-complete for "warrantless search and seizure pros cons" is both troubling and indicates to me some difficulty understanding the point of requiring a warrant for these actions.

Edited to add: sure, much of what I mentioned would "fit" better with a totalitarian government, fascist or otherwise. This does not invalidate the fact that these are now powers and actions local and federal law enforcement agencies can (and in some case have) actually utilize(d).

divisionbyzero added, in reply to sydlexius: Then in your opinion what is the sine non qua of national socialism? I am not saying I agree with GothAlice but historically speaking what we now know as national socialism was an accretion of ever more drastic curtailing of individual freedoms. I'm not suggesting there is a slippery-slope but that historical movements that we label in retrospect are never a single monolithic movement but rather the cumulative effect of incremental changes. Our ancestors were not idiots but rather subject to the boiling toad syndrome.

Post has attachment
Developer Diary 1: Release Cycles

At work we've settled into a weekly merge party on Fridays. The majority of the people (developers, managers, integrators, and in-house QA) involved on the project are on-hand to merge their feature branches (git flow rocks socks) into the next branch in preparation for staging a release to upstream QA. Then, if all goes well, we roll out to production.

These merge parties are… hectic. Organized chaos, even. Most of us work around the same cluster of tables in an open floor plan office. One of us starts the ball rolling, merges everything they have, in theory running the test suites, then passes the torch to the next person with branches to merge by either:

• Throwing something at them.
• Peering over our monitors conspiratorially and waggling our eyebrows.
• Shouting "done" and then watching to see who is first to get going.
• Holding up the "what's next?" sign.
• Etc.

It's fun, medium-to-high stress, and gives us a great opportunity to peer over the shoulders of the other team members to see how they operate. (And assist with the inevitable merge conflicts; more on that in another post.)

However, I've begun to realize as I get deeper into Reddit, that most of our behaviours almost perfectly match amusing animated GIFs. Attached is the GIF representing our merge parties. Zach, our integrator, is the last man holding. ;)

— Alice.

[Hope I don't get in trouble for this little slice-of-life, but my sister is right, the amusing stuff needs to be documented.]

[So your PHP site is slow?]

TL/DR version: Don't use PHP, learn database design and HTML/CSS/JS optimization techniques.

There are any number of reasons why, but here are is a collection of a few of the most common issues with PHP sites I see deployed on the hosting infrastructure I maintain. PHP makes it easy to write extremely bad code and fairly hard to write good code. The standard library is a disorganized mess, object orientation is a bolted-on after-thought, inconsistent naming, inconsistent argument orders, more than one "right way" to do something, cryptic or silent errors, erroneous automatic typecasting (e.g. a MD5 hash starting with a number…), etc., etc. After discovering real scripting languages (PHP is just a tempting engine on steroids, FYI) I consider the use of PHP to be your first problem. Theory

Database | Static Resources | Language Issues

1. Database

Your site is probably running MySQL as part of a LAMP stack. Now you have two problems. Also, optimize your damn queries, never SELECT *, and make proper use of indexes!

1.1. InnoDB

Use it. MyISAM, MySQL's default storage engine and only one of many, does not support referential integrity or transactions. Both are vital if you want your data to survive the test of time.

1.2. MySQLi

Use it. The original MySQL functions in PHP do not natively support transactions or prepared statements. The former is vital for handling potential data integrity errors and the latter is vital to help prevent SQL injection attacks.

1.3. Sanitize Input

Do it. The number of times I see unsafe queries (ones not making use of mysql_real_escape_string) is truly disturbing. Don't make it easier for attackers to steal or destroy your data. of a Mom

1.4. Separation of Responsibility

SQL servers are really good at aggregating data, searching, sorting, and efficiently performing updates. When you decide to do things in PHP that can be done in SQL you are shooting yourself in the foot. If you do SQL queries in a tight loop, you're shooting yourself in the foot with buckshot. Not pretty.

1.5. Data Types

Use DATE and DATETIME storage types, not UNIX timestamps. MySQL has extremely rich date-based queries! Storing PHP serialized data suffers from a wide variety of issues, too, such as:

• Inability to use contents in ORDER or WHERE clauses.
• All UPDATEs require a SELECT first.
• Impossible to issue efficient multi-record UPDATE statements.
• Inefficient ASCII-based storage.
• Fragile; the format may change from PHP version to PHP version.

"The only time it is acceptable to store serialized data in an SQL database is if it [the serialized data] is read-only."
If you need nested structures, add additional tables and JOIN them. Use SQL the way it was meant to be used, or use something like MongoDB if you really need rich object storage while wanting to be efficient about it.

2. Static Resources

Now that your database queries are as efficient as they can be and you're making full use of the features of your database of choice, why does your site still take 6 seconds to load? Well, it could be your content.

2.1. Remove Whitespace

One client managed to reduce bandwidth costs 30% simply by running all page content through a output buffer filter that removes whitespace. Incur a minor overhead in terms of RAM (it needs to buffer) and CPU (it runs a regular expression) for rather large gains in speed and bandwidth reduction.

2.2. Enable Compression

You can chain output buffer filters, so slap a GZip compression filter in there. Even after removing whitespace (which compresses rather well) the above case was further reduced and additional 25% for a final reduction of 55%!

Most web servers also allow you serve either dynamically compressed static content (CSS and JS compressed on each request) or statically compressed content (saving the CPU power and allowing higher compression ratios). Nginx does this extremely well.

2.3. Combine and Minify

Combine CSS files into one, then minify. Combine JS files into one, then minify. There are helpers to do this automatically if each page needs different sets of CSS and JS. By reducing the number of HTTP requests you greatly improve client rendering performance. (There are technical details, such as TCP Slow Start, that are behind this issue, but they're mostly irrelevant if you do this.)

Similarly, use sprite images if at all possible to reduce the number of individual images the client needs to download. This can make a surprising difference in performance.

And, as a final "squeeze every ounce" measure, ensure your resources are being served from a single domain. DNS lookups are slow, despite heavy end-to-end caching. You should also be serving as much static content as possible from a CDN or content delivery network. Google (and others) offer hosted JS, CSS, and fonts.

2.4. Benchmark

Firebug, the WebKit inspector, Y!Slow, and others allow you to gain insight into exactly where the client rendering time is going. Identify the bottlenecks and fix them, prioritizing larger gains initially.

3. Language Issues

As summarized in the introduction, PHP isn't a very good programming language. It's generalized enough to be dangerous (hell, you can write desktop GUI apps with it,) but always remember what the PHP acronym represents: PHP Hypertext Processor. PHP, at its core, is a template engine. One that encourages (and nearly demands) mixing of presentation and business logic; something we've known is utterly terrible for at least 20 years. And don't get me started on threading or native unicode support, or even the near complete lack of unit testing, per-release breakage (crypt, anyone?) and bugs that should have been squashed years ago persisting…

3.1. Inconsistencies

There are various issues with (haystack, needle) vs. (needle, haystack) argument rearrangements, even within concrete areas such as string, array, and binary data manipulation. There are also all of the other inconsistencies mentioned in the introduction.

3.2. Insecurities

While register globals has been dead for a while, the legacy remains. The parse_str function takes HTTP encoded GET arguments as a string and populates the global namespace with them. Register globals all over again!

URL handlers are terribly insecure, allowing you to literally include/require code from external sites if you don't correctly sanitize input. I've had clients whose sites have actually had URLs like /index.php?page=about.php. Yes, that client got owned rather rapidly.

Additionally, the mail() function should be universally disabled. The sendmail command kills kittens. Use SMTP the way the Gods intended. Anything that makes it harder to turn your carefully crafted application into a spammer's delight is good, and if it makes your app run faster, too…

3.4. Use an Opcode Cache

By default PHP does some stupid, stupid things. Things that harken back to ye olden days of per-request executed CGI scripts. PHP recompiles the source of your application (and all include/required code) into bytecode on each request. The bytecode, similar to Java or Python bytecode, is then sent to the Zend Engine to execute. Does this sound efficient?

In Java you have compiled JARs. In Python you have sideband .pyc (and .pyo) bytecode files that live with the source. In PHP you have to use something like what I have deployed on my cluster, XCache.

In summary, PHP makes it hard to code well. It makes it hard to code securely. It tries its hardest to make your brain hurt. Being oblivious to these problems will ensure you over-pay for hosting, your sites are slow, and that at some point all of your data will simply vanish or be stolen. Code defensively, inspect the result of your work from the point of view of an attacker, and please, please think about the performance (and security) ramifications of your decisions!

— Alice.

Post has attachment
On "Gentoo Ricers".

New installations: I have server installs of Gentoo built from scratch (stage-zero) in 10 minutes, though I usually stage-3 them. This does not include PHP or database engines. (Mongo does take a really long time, mostly because of boost.)

Compiling for the sake of compiling: Kernel compiles from depclean take 54 seconds—it takes longer to download and extract the source than to compile it! I only compile packages once for an entire cluster. The entire cluster participates in compilation. (distcc & make -j48 for the win.)

Übergeek verbose output: I do not see compilation output unless something goes wrong, which it only ever does if I try to compile PHP in parallel.

Minimal performance gains: My servers cold boot in 7 seconds or less (including all services such as nginx, mysql, etc.) This is mostly due to prelinking of ELF dynamic library linkages.

Reliability: Unlike most Ubuntu servers I've been exposed to, my servers actually come back online after a baselayout upgrade. Oh, and an average 700-day uptime can't be a bad thing. (Why count "nines" when you have zero downtime in nearly two years?)

Behind the curve: An important package we use on one of our projects is 28 stable releases behind on Ubuntu. Two behind on Gentoo unless I unmask the untested later releases. GLSA tests, back-patching, and curated package deployment make my life substantially easier.

All of these 7-year-old Gentoo jokes aren't just old, they're savagely inaccurate.

[Edited to add prelink note. In response to…]

Post has attachment
[The following was my response to Dan Lyons' ridiculous link bait.]

There’s a really important point struggling to get through this fanciful diatribe. “Back in the early 1990s Samsung recognized the importance of industrial design and started hiring hundreds of designers and building design centers around the world…”

Well, there’s your problem! Is it no wonder that Samsung:

a) Has very little consistency of design.
b) Ships more models than you can shake a stick at with utterly pointless (and user-opaque) differences of purpose and function.
c) Consistently seems to be stealing a purity of design from Apple.

There’s no denying several of Samsung’s current and future product line-ups bear striking resemblances to past and present Apple products. Comparing the guts and not the shells of the products is misleading when the products, held in your hand, are obviously (though distantly) related. Glass, steel and aluminum trump plastics in terms of feel, however.

As for technical specifications themselves, well, Apple proves how successful you can be when you stop trying to flaunt completely meaningless statistics in order to confuse users. The fact that a 400MHz original iPhone can scroll smoother than any modern (1-1.5GHz dual core) Andriod phone is just one of those shameful facts. UX matters, not specifications.

Pro-Apple? Anti-Andriod? I like to use things that “just work” and otherwise stay out of my way. I switched from Windows to Linux in the late ’90s, then Linux to Mac because, lo, being your own systems administrator when your job is something else entirely is too much of a pain in the rear end. Android’s not very good at staying out of the way. The UX is jarring. Applications are terribly inconsistent. There is little to no trust of the app market. The fact that anti-virus software is rising on that platform is NOT a good thing. It’s yet another in a line of indicators that something is terribly wrong. (And don’t get me started on the “openness” that working with a single vendor partner during development, then “allowing” the others to catch up and fix bugs, THEN releasing the source to the public implies.)
Wait while more posts are being loaded