django

I was once again on the hunt for an efficient and powerful CMS... clients keep asking for upgrades and there always seems to be something better!

Anyway, I have seen "django" around town a few places (most notably for me, at BitBucket) and decided to give it a read-through. I read the intro and FAQ one day and decided that it was worth looking into. The idea that its creators had ditched PHP for a Python-based framework was intriguing to me (I have done so much in PHP, from simple home-made projects to Joomla themes/plugins, Drupal themes/moduels, and WordPress themes). The other intriguing fact was that django was born out of a fast-paced newsroom environment with the chief features being speed of deployment and ease of administration.

Today, I decided to give it a whirl. I recently loaded up an Ubuntu 10.10 virtual machine (VirtualBox) on my MacBook Pro and configured it with the bridged connection so that I could access a server running on the VM. I installed the WSGI Apache module and then hit the tutorials for both WSGI and django to get a basic app working. It's really amazing how it all works together; the WSGI app seems not to know where to go, but a single line that passes the django app handler to the WSGI script is really tight integration, and we're up and running in about 45 minutes of stumbling hurriedly through docs!

I took a step back to read the design philosophies of the django project, and boy are they ideal! Where other projects that claim MVC (like Drupal) have settled for a hybrid between object-oriented programming and plain old procedural PHP and still others (like Joomla) have gone overboard with the object-oriented features of PHP5, django has taken an ideal approach to what functionality belongs where and really separated the layers. And their automatic administrative interface is simply beautiful. The major drawback is support from hosting providers. Of course, running a VPS/Dedicated Server/Cloud Server, you have complete control over the server config, which is really straight-forward, but hooking into the Apache configuration and enabling the WSGI module is really something that takes some consideration on the part of the web host, consideration not often taken by the cheap ones.

Needless to say, I will be considering django-based solutions as appropriate in the very near future!


Registered Linux User #370740 (http://counter.li.org)

Cyberwarfare

It has been awhile since I posted, but I am by no means out of touch with recent events, especially those surrounding WikiLeaks.

The purpose of WikiLeaks is to enforce the open government policy by stealing or otherwise obtaining through improper channels information that should remain private for reasons of security (bodily harm) or privacy (emotional harm) and releasing that information to the public on the Internet. Service providers have withdrawn their service from this organization, including hardware and network access to host it, and they, in turn, have become the target of electronic assault by WikiLeaks supporters, primarily distributed denial-of-service attacks (DDoS) by a group identified as "Anonymous".

Numerous tech columnists (including Paul Mah at FierceCIO) have commented that small businesses should be aware of the risk they run by neglecting security practices with respect to their computing resources; while giants like Amazon did not suffer interruptions of service due to the attacks, they have enormous capability to identify and respond to the attacks in real-time, whereas small shops with disgruntled customers would have a far worse time identifying, responding, and recovering from such an attack.

I plan to do some traveling this holiday season, by plane and by private automobile, and transportation security is one of those places where the information technology sector's security practices could be applied analogously to great effect. One of the first things an IT security consultant must do is define the perimeter of the system. For transportation security, this can be tricky due to the several modes of transportation available to the public. Then, at the gateways (the ordinary vulnerability), the problem of detecting the unforeseen is both easier and more difficult for transportation officials. For computing, as long as you can trust the integrity of the code running the gatekeeper, spotting an unauthorized or otherwise malicious entry is relatively straight-forward. For transportation, it must be well-defined what is a harmful object or even a harmful disposition in a person crossing into the region, and the depth of the search for these things can easily violate a person's privacy and dignity as a human person (not simply a data packet, which can be searched exhaustively with no moral consequence). It seems that anything could be a weapon, and any number of otherwise innocuous substances could even be transported within the human body across security lines. With the advent of millimeter wave and backscanner search devices at airports, the skin is the new boundary of concealment; a traditional metal detector would detect metallic objects under the skin (this does not address non-metallic explosive materials).

The issues go on and on; it is essentially impossible for an institution like the TSA to engage in a flawless preventative security policy because of the creativity of the human mind that can be applied to any set of substances or objects to derive a tool to accomplish any task. Rather, as in cyber-security, a distributed model would be most important. Intelligent agents authorized by society as a whole to enforce security and intervene in the case of an incident that jeopardizes security or privacy in transportation should be ubiquitous and equipped to respond to a wide variety of circumstances. Likewise, ordinary citizens (who are naturally ubiquitous in this respect) should also be educated and equipped (at least virtually) to respond to situations that jeopardize their security or privacy or that of those around them. In this way, would-be perpetrators would be stopped early on and over time this reality would become a deterrence.

The moral of the story: be vigilant!

Registered Linux User #370740 (http://counter.li.org)

Facebook

Paul Nguyen's Facebook profile

Nerd Test

v1.0:
I am nerdier than 94% of all people. Are you a nerd? Click here to take the Nerd Test, get nerdy images and jokes, and talk on the nerd forum!
v2.0:
NerdTests.com says I'm an Uber Cool High Nerd.  Click here to take the Nerd Test, get nerdy images and jokes, and write on the nerd forum!

Bloggers' Rights

Bloggers' Rights at EFF