Like David, I’ll also be talking about something other than what’s been listed on the LugRadio LIVE schedule.

I plan to show off a new feature of Workstation 6.5 Beta called VM Streaming. Basically, you click on a link like http://www.beatniksoftware.com/vmware/BeOS/beos.html and a locally running VM starts up, downloading on demand in real-time over HTTP. No muss, no fuss, no decompressing a zip file or insane download times.

See you at 2:30.

If there is large crowd demand, I can also show off Gimmie running as an AWN applet, or Pyro speeding along on the latest Firefox 3.0 beta… but I’ve only got 30 minutes!

If this is true, it’s pretty amazing.

That long-running joke about the Semantic Web just got a lot funnier, because it might actually happen. Wow, imagine the Web as a huge indexed taxonomy, and an API to query it intelligently. Certainly enough for me to switch search engines, if you can believe it.

Jacob Appelbaum, my close friend and former roommate, along with a team of crack security specialists has published an amazing piece of research (see also the NYT article). It shows that a physical vulnerability in computer memory chips means that RAM content can be captured at any time.

Operating systems and programs have a lot of important stuff floating around in memory. Things like encryption keys to private data and protected files. Even intermediate encryption state that’s kept in memory can drastically simplify brute-force decryption attacks.

This means that stealing a laptop that is suspended or running can be exploited to gain access to encrypted files and protected networks, for instance. In fact, just having a moment of physical access to insert a thumb drive and press the power button is enough.

As a free software and data advocate, this is most frightening because it allows hardware and software vendors to leverage the fear and high risk involved to make a short-sighted push towards stronger DRM.

Funny, but I suddenly feel better about years of poor laptop suspend support in Linux!

Really interested to see what happens here.

I’ve just committed basic support for concurrent AJAX requests in Er.js. From the Er.js homepage:

Concurrent AJAX with Er.Ajax

XmlHttpRequest, AJAX and JSON integrate nicely with the process and message-passing model, allowing processes to avoid asynchronous JavaScript and callbacks.

Instead, using message-passing and concurrency, Er.js makes network access transparent, without blocking other processes or interactivity:

result = yield Er.Ajax.get("http://beatniksf.com/erjs/index.html");
alert("Fetched Content: " + result.Text);

Under the covers, this is accomplished using a concurrently spawned process (started via Er.Ajax.spawn), which handles XmlHttpRequest internals. The spawned process uses Er.send to tell our process about download progress and completion.

Er.Ajax.get and others (post, json, etc) are implemented by yielding execution until the final message from the spawned process is received, and then returning it to the caller:

function myGet(url) {
   var pid = Er.Ajax.spawn(Er.pid(), url);
   yield Er.receive({ From: pid, Success: _, _:_ },
                    function(msg) { return msg; });
}

Pretty cool stuff, and not bad for a Christmas day hack.

If you’re running on Firefox (the only browser with JavaScript 1.7 support currently), see this in action on the test page.

Hopefully soon I’ll have a bit of time (or help!) to round out the library: Erlang-style RPCs over JSON, concurrent DOM Eventing, and real native threading using Google Gears.

UPDATE: My hosting provider has been very flaky due to a lot of inbound trafic from reddit.com. Please use the mirror in the mean time, until things stabilize a bit. Everything has recovered now. You can also check out the new Er.js homepage.

I’ve just posted up a fun hack that I’ve been playing with the last few days… it’s called Erjs; short for Erlang-in-JavaScript.

Erjs piggybacks on Neil Mix’s Thread.js which fakes threading in JavaScript 1.7 using coroutines and nested generator continuations. My idea was to replicate Erlang’s concurrent lockless process model and message-passing in JavaScript.

Running a JavaScript function in the background is easy with Erjs:

Er.spawn(myBackgroundFunction);

Er.spawn starts a new Erjs process running myBackgroundFunction, and returns its process id.

Because processes are really coroutines, you have to call yield before any function which might block. Calling yield will create a continuation trampoline that can be rerun by Erjs when it’s time for the process to continue executing. For example:

function myBackgroundFunction() {
   // Wait for 4 seconds
   yield Er.sleep(4000);
   // Do other things...
}

In Erlang and Erjs, each process has a built-in message queue that other processes use to send it messages. Posting to the message queue never blocks the caller, and the destination process for the message can read them off the queue whenever it wants. Messages are just regular associative arrays, similar to hashtables, which are easy to create in JavaScript. For example:

Er.send(myPid, { Hello: new Date(), From: Er.pid() });

Here, myPid is assumed to be the process id from some former call to Er.spawn. This call sends a message with the keys “Hello” and “From”. Hello is a Date object with the current date, and From is the process id of the current process, which can always be fetched with Er.pid(). Passing the current pid means the myPid process can send us messages in return, since we’ve told it who we are.

When myBackgroundFunction wants to read off its message queue, it calls the Er.receive function, telling it the kind of message it’s interested in, and a function to call when such a message is received. Interest in a message is expressed using a message pattern which, just like the messages themselves, is a simple hash table.

yield Er.receive({ Hello: Date, From: _ },     // pattern
                 function(msg) {               // handler
                    log("Hello=" + msg.Hello);
                    log("From=" + msg.From);
                 });

This matches any message in the current process’s queue which has a Hello key with a Date object as the value, and with a From key with any value. Explicit value matching for number and string literals and object references is also possible. The “_” for the From key means that any value is accepted. There are a few other matching rules as well that make this a very powerful but simple message dispatching mechanism.

If a message matches the pattern, it is passed to the handler function specified in the following argument to Er.receive. The handler can look up the key values it needs in order to act on the message. It can also send messages to other processes, spawn new processes, receive queued messages or perform other work.

Because the Er.receive call doesn’t return until a message matching one of patterns is received and handled, we put a yield in front of the call to avoid blocking.

When a process finishes or exits, it automatically sends a message to any processes which link to it. Linking is done by passing a pid to Er.link. The sent message is of the form:

{ Signal: Er.Exit, From: exiting_pid, Reason: reason }

The Reason value comes either from the exiting process calling Er.exit(reason), or just throwing the reason as an exception. If the linking process does not handle this message, it will exit itself, sending exit messages to its own linked processes. This allows for simple process chaining and failure handling.

Processes can also register to receive messages sent to a given name string, using Er.register(name). Registered names can be passed as the first argument to Er.send. Multiple processes can register for the same name, and they will all receive a message sent to that name, allowing for simple multi-casting.

To see Erjs in action, check out the example page, and view source. Er.js itself can be found here.

A couple weeks about I sent a mail to the zero-traffic Hack2Hack Google Group admin…

From: Alex Graveley
To: hack2hack-owner@googlegroups.com

Hi,

I want to start a programming advice discussion group, for mostly free software hackers, but open anyone really. I really like the name “hack2hack”, and I notice that you’re not really using this list for anything. Would you perhaps consider making me a group maintainer so I can start subscribing people and getting the discussion flowing?

If you want to check out some of my hacks, see http://beatniksoftware.com.

Thanks!
-Alex

A few days ago, I received a response…

From: haider ali hza
To: Alex Graveley

Hi Alex
I allow you to subscribe people in my group “hack2hack”, but only in one condition. firstly you will have to give me pay for this only 250$ US Dollar.

WTF??!

I wake up this morning and read some of the bloggy rants about Miguel’s latest endeavor. Which, btw, helps MS crush it’s competitors using open source as leverage.

Simon Phipps from Sun is complaining that the terms of Silverlight on non-Linux is — *gasp* — a completely standard proprietary EULA!

Which of course Sun would never consider since they’re a totally open and friendly company forever and ever having open-sourced Java like what, 2 months ago? And only after more than enough pressure from .NET.

Poking at the Sun dude’s blog, I notice something about Aptana. The wicked-sweet Web2.0 IDE built on Eclipse. (See UPDATE below.)

Simon notes that Aptana changed their license… they revoked redistribution! All redistribution.

Welcome to Open-but-you’re-screwed City. Renamed recently from Ambiguously Shady Softwareville, after a massive population influx.

What’s worse, Aptana has a forum thread where some innocent asks “Err, does this mean it’s not free software anymore?” and a marketteer responds with a nice smoke/mirror routine about the source being totally free (as in cost, not freedom). Nothing about the newly minted lack of redist rights.

In case you forgot, redistribution is the definition of Free Software. This is why Stallman coined it and campaigned for it and put his money where his mouth is (i.e. Emacs).

So I mention this to the Mozilla developers. Because I figure they’d like to know. It turns out they would like to know, because they actually care about software freedom! Yay Mozilla hackers, much love. (Paragraph highly edited, see UPDATE below.)

Somewhere along that discussion someone mentions the newest Steve Yegge blog post that’s sort of related to open sourceiness.

I hate to love Steve. He’s just another Google Kool-Aid wank. But a ballsy one with common sense. Also, his style has me writing in this phrenetic geek milieu, so the man can influence, certainly.

Anyway Yegge vid-links to his OSCON talk. That’s O’Reilly’s big Open Source Convention.

Audio on my laptop doesn’t work because I run Linux, and I’m lazy, so l just watch him flap his gums silently for a few minutes, transfixed. Then I’m bored and I start poking around at the other recorded talks.

After a few clicks I realize: “Hey! ALMOST NONE OF THESE PEOPLE WRITE OR HAVE WRITTEN FREE OR OPEN SOFTWARE.” Superman’s alter ego, Simon Peyton-Jones excluded. And ladyada, mosdef.

Great technologists all, but at The Open Source Convention? True, most have released existing codebases once the act of open sourcing became competitively valuable.

But isn’t there something of a bigger point to free software? How many years ago did it become a pundits-only affair? Was it ever not? Perplex.

Pundit means someone who talks a lot but doesn’t do much, in case you forgot.

Of course, I’m just sad that I didn’t get invited back to FooCamp this year, and that I didn’t get asked to go to or speak at OSCON.

So to review, I wake this beautiful San Francisco morning to find that open source today means:

1. License finger pointing from corporate-initiative-backed genetically-engineered high horses.
2. Proprietary manipulation (MS) of open source developers’ mindshare and quiescence.
3. Funded tacit acceptance of said manipulation (Novell).
4. Ballyhooed community conferences where the hacker:noise ratio is some cruel joke.
5. I am not as popular as I want to be.

Luckily, VMWare is now a big-name publicly traded company. One with a vested and developer-driven interest in helping to improve open source while simultaneously assuring our share holders’ interests and continued crushing of our competition.

And we don’t employ any pundits to convince you otherwise. Or that the previous paragraph is written by some weirdo crank who is just trying to poo-poo all our obviously pure goodwill flower-smelling since-the-beginning-of-time open source contributions.

Funnily, thanks to the IPO, I bet some of us will get invited to all the cool-kid conferences next year to talk about VMware’s implications on open source.

But not to talk about the free software a bunch of us write every night out of interest in technology, a desire to tinker, and yes, love.

Is that because our tinkerings have an implicit lack of revenue/book sale generation power for some open-source-friendly-while-it-makes-competitive-sense corporate entity? How unfortunate.

Oh, btw. Last week I forked some dude’s awesome GPL codebase for my own nefarious code-editor improvement purposes. MUAHAHAHA.

Get it here, if you have the guts to actually compile software anymore. More on this later if it turns into something good.

UPDATE: ActiveState has nothing to do with Aptana. ActiveState’s awesome hackers work on the OpenKomodo IDE, which is MPL/GPL/LGPL. There is also no connection with Mozilla and Aptana. This is a pretty lame bobble on my part. Forgive me.

Thought-provoking post from Stefano (as usual) as to the merits of decentralized source control systems like Git. The most interesting bits to me are the possible community health risks of not using such a system.

When we started Pyro, my first task was to set up the version control system. I spent around 30 minutes searching and fiddling, trying to figure out how to store a simple Git repository on my hosted web server. Something that I would consider to be the main usecase for such a system.

Eventually I gave up, opting for Bzr, which was a joy to set up. My first commit message succinctly expressed the annoyance I was feeling at the time: “Fuck Git.”

But in the end, we made the pragmatic decision to switch to Subversion. Why? Because people kept complaining that they didn’t have Bzr installed, and were too lazy to figure it out just so they could try out our random project.

Unfortunately, this kind of laziness has become pervasive in the Free Software world, as compared to say 10 years ago. Back then it was all but expected that you’d have to fix the build to get something working. But it was fine, because you would fix it and send a quick patch. Believe it or not, this actually felt pretty awesome. You were helping to keep the train on the tracks, and that meant getting your hands messy.

Today I worry that people are unwilling to try out new things. At least until their Linux distribution makes installing them a single command-line away. Getting people to build from source is now akin to pulling teeth.

Even more worrisome, there seems to be a strong correlation between developer seniority and the unwillingness to tinker with new things. Ideally, getting the people who have the most to offer interested in a fledgling project would be easier, and senior people would be seeking out new projects to toy with, eager to get involved (even in just an advisory role).

I’m wondering if a decentralized source system could help make this better, and bring us back to the bad old days. Maybe breaking from the “Give me a packaged Deb/RPM release, then we’ll talk” mentality and back to scary, unreliable bleeding-edge source code would be a good thing.