Guido van Rossum Leaves Zope.com

VladDrac writes "Guido van Rossum, the author of the Python programming language, announced at OSCON last night that he's leaving zope.com, to work for a new startup called 'Elemental Security', founded by Dan Farmer (known from several security tools such as Satan). Guido leaving Zope.com will also probably mean that he will be no longer involved in Zope3 development, but hopefully he'll have more time to spend on Python development." Guido says that he's excited about his new employer, but that nothing substantial will change about Python as a result of the move. "It's just that I'll be working from the West coast." Python is "already quite secure," he says, and will be the basis of an upcoming security product ("just getting started") from Elemental.

His goodbye posting

You can read his goodbye posting to the zope3 list here [zope.org]

Good times.

No doubt he'll have much more time to dedicate to his programming. Python sounds pretty interesting, and I dug through the BitTorrent source a bit to learn more about it, but it also seems pretty complex for what the end result is (as opposed to, say, Perl.) With a bit of work towards a more logical parse tree/DTD, I could see Python easily surpassing Perl as a strongly-typed effective scripting language.

What other projects are being done in Python?

Prominently on python.org

"Python has been an important part of Google since the beginning, and remains so as the system grows and evolves. Today dozens of Google engineers use Python, and we're looking for more people with skills in this language." said Peter Norvig, director of search quality at Google, Inc

Re:Good times.

The obvious reference to Python Web Site [python.org] will give more information. Python often competes in the same space as perl. But, Python is probably more object oriented than perl. The difference being that python is OO from the ground up as opposed to perl where it was added late. Most of Redhat's installation tools and scripts are written in python. A 3d game a few years ago 'Blade of Darkness' was done with mostly python.

Re:Good times.

A 3d game a few years ago 'Blade of Darkness' was done with mostly python.

There are a few more games that use Python... you might have heard of them:

• Ultima Online 2 [asbahr.com]
  
• Freedom Force [pyzine.com]
  
• Humongous's "Backyard Sports" series [onlamp.com]
  
• Disney's ToonTown [toontowncentral.com]
  

Re:Good times.

Off the top of my head:
Twisted - a web/chat/anything-you-can-name server
Zope - Web Application/CMS type system
bittorrent - you know about that one
Red Hat uses Python in a lot of their scripts (I believe)
NumPy - used for scientific applications (replacing/augmenting Matlab, fortran, etc)
Karamba - KDE desktop eyecandy, written in C++ and scripted with python
and some really bad stuff I've written for my own amusement. :-)

Off course there's more, but I did say off the top of my head and I don't want to cheat. It's really a nice clean language, that really lends itself to prototyping but still can make great apps.

Re:Good times.

Python is actually simpler than Perl -- it's designed to be so. HOWEVER, Perl is also designed to do many specific things very simply, so when you need to do one of those specific things it's the fastest way to get it done -- assuming, of course, that you already knew Perl could do it :-).

I'm a Python fan, but I doubt Python will ever surpass Perl -- especially not by adding a "more logical parse tree", since it already has a very simple, consistent, and logical parse tree whereas Perl has more of a parse forest. Python and Perl are just too different; they compete in many areas, but their real strengths are far enough apart to keep them both viable in each other's presence.

For info on what projects are being done in Python, see the lists at www.python.org (Success Stories [pythonology.org], Python Users [python.org], and Python Projects [python.org])).

Remarkable language, Python. Lovely plumage!

-Billy

Re:Good times.

What other projects are being done in Python?

Other guys are mentioning many projects, but I want to emphsize on three project, IMHO the most important to illustrate the power of Python:

• Zope [zope.org] - IMHO the best ever written application server, thanks to laziness and OOP of Python;
• Plone [plone.org] - this portal is the best software written for Zope's CMF; Zope would stay popular only among hackers if there would be no Plone;
• Portage [gentoo.org] - the best ever written package management system; I doubt ebuilds and eclasses would be that flexible and power without Python;

Re:Good times.

Guido seems to disagree. [artima.com]

GvR: In a strongly typed language, when you change to a different data structure, you will likely have to change the argument and return types of many methods that just pass these things on. You may also have to change the number of arguments, because suddenly you pass the information as two or three parts instead of one. In Python, if you change the type of something, most likely pieces of code that only pass that something around and don't use it directly don't have to change at all.

Now you might be splitting hairs and saying that "static" means known at compile time and "strong" means type errors are always detected, but in common parlance "strong typing" includes static typing. For the pedants, there's Sebesta:

...we define a programming language to be strongly typed if type errors are always detected. This requires that the types of all operands can be determined, either at compile time or at run time.

This criterion is met by very few real-world languages. Most imperative and object-oriented languages include type coercion [python.org] which contradicts this property. It is interesting to note that future Python development is moving towards still stronger typing -- and, dare I say it -- functional-style constructs.

Of course, the pragmatic thing to do is to understand strong/weak typing not as binary, but as a continuum. In this case, Haskell is more strongly typed than Ada is more strongly typed than Python is more strongly typed than C++ is more strongly typed than C is more strongly typed than FORTRAN. It looks like Python 3.0 will be moving up the chain, however.

Re:Good times.

It is a misconception that Python is not strongly typed. It is strongly typed, it is not *statically* typed.

Python is a stronly typed, dynamically typed, extremely late bound language.

Double check your facts before calling someone else a dumbass.

The difference between a dynamically typed language and a statically typed language is this:
// Java
int myvar = 1;

# Python
myvar = 1

The difference is that the Java compiler assigns a datatype to the location of myvar, but python assigns a datatype to the value held in myvar.

It's a subtle difference, and many python newbies think it's not strongly typed, however that is a mistake.

Re:Good times.

Fortunately, Python supports open and close braces to mark beginning and end of blocks. Just prefix them with a hash and use proper indentation. For instance:

def the_count(): #{

for i in range(0,10): #{

print "%d, %d, Ah, Ah, Ah!" % (i,i)

#}

#}

Tadaa! Curly braces. The code is now readable.

PS. Sorry for the odd indentation, I haven't posted code under slashdot for a while...

Who else thought

that someone was leaving zombo.com ?

I was sad

Security...

I'm not a big fan of Python, but I'm glad he's moving to a security group. The guy is close to being a genius, so let's hope they get some good stuff out.

Guido's goodbye message

http://mail.zope.org/pipermail/zope3-dev/2003-July /007598.html [zope.org]

Guido van Rossum guido@python.org
Wed, 09 Jul 2003 10:24:54 -0400

Dear Zope 3 developers,

Last night at OSCON I announced that I am moving to California. I
have accepted a new job at Elemental Security, a security software
startup in San Mateo. You may have heard of one of the founders, Dan
Farmer, who is the (co-)author of several well-known free security
checking programs: Satan, Titan and The Coroner's Toolkit.

Elemental is a brand new company, and I can't say much yet about the
product, except that it will be aimed at enterprise security and use
Python. I'm very excited about working with Dan on its design and
implementation.

I'm also excited about moving to California, which has long been a
dream of mine. I'm looking forward to getting together with the many
local Python users and developers once I'm settled; right now, my life
and that if my family is total chaos because we're trying to find a
home and move into it by August 1st.

I will still have time for Python (it's in my contract) and I will
continue to lead Python's development. The other PythonLabs folks:
Fred Drake, Jeremy Hylton, Barry Warsaw and Tim Peters, are staying at
Zope, by the way.

But unfortunately, this move pretty much ends my involvement in Zope
3. I've signed a contributors agreement, but with the new job and my
Python work I don't expect to have much time for Zope. So this is
also a goodbye, of sorts. I've enjoyed working with many of you, Zope
3 developers, and I expect we'll run into each other at some future
Python event.

In the mean time, I'm here at OSCON with a busy schedule and limited
access to my email, and the following weeks I will be in transition,
so please be kind if I don't reply immediate when you write me.

--Guido van Rossum (home page: http://www.python.org/~guido/)

PS. guido@zope.com no longer works. Please use guido@python.org!

"Python is 'already quite secure,'"

That sound you are hearing is a thousand hackers and script kiddies going "Oh yeah?" in unison.

Re:"Python is 'already quite secure,'"

I think he was referring to its existence, not any inherent invulnerability. As in, it's firmly entrenched and will continue to be developed.

Re:"Python is 'already quite secure,'"

Hell, I'm a Python coder, and I'm already going "oh yeah"

IMHO, it won't be secure until they bring back Bastion and Rexec and get them right this time. Actually, all I want is to be able to remove all the builtins that access the system directly (so Python can't crash your computer, delete files, or otherwise access the filesystem) - but while the language and API documentation is pretty good, the compiler variables are wholly unkown.

Stay!

..known from several security tools such as Satan ..."I'll be working from the West coast".

Please, stay where you are, sir. We have enough problems out here already.

His Website

Here is his personal website:

http://www.python.org/~guido/

Who names this stuff?

We have the Yopy 3700 [slashdot.org] and now someone's leaving Zope.com. Has Disney been put in charge of naming things lately? Try the new Dopey 2003(C)!

How instrumental was he to zope?

With python there is no question his importance, 'with out Guido there is no python'.. ( thankfully that wont change, that would be a tremendous loss to the community )

What his is level of involvement with zope? Does this spell a slow painful death or just a minor speed bump.. ( I admit I don't follow *new* zope development so I'm just curious )

and in other news

David Finkelstein has announced he is leaving McDonald's to work at Subway.

Elemental Security

Great! I've been hoarding oxygen and have become increasingly concerned that my neighbors may try to liberate it. Damn free radicals.

What we don't need in California ...

... is yet another guy named "Guido" wanting everyone to admire his "Python".

SoCal is the land of double entendre and uber-image, Mr. Van Rossum. We don't care about your substance, we want to know about your style. So the question the really needs to be answered now is,

Python: Is It Sexy Enough? Join us on E! when we ask your favorite celebs just what scripting language they use for their daily information processing! We know Pamela Anderson loves Perl, and Carmen Daily is crazy about Java, but what happens when these two sexy stars get their hands on Python? Watch at 11 and find out!

My Network security...

known from several security tools such as Satan

I tried satan for my network security. Cost me my soul, but it's damn good. One kid tried to hack around our proxy to play games at work, and he got engulfed in flame and dragged down to the 3rd layer of hell for the rest of the day! Sure, I have to use a massive water cooling system to keep the firewall (and I mean a wall of fire that I run the ethernet cable through) from melting the other servers, but when the dark lord is watching your back, you don't even have to think twice about security.

Quite secure, eh? Not according to Guido.

Python is "already quite secure," he says, and will be the basis of an upcoming security product ("just getting started") from Elemental.

I'd like to point out a thread that I found a little while back on Python-Dev about Guido's decision to remove the rexec module (similar to the Java sandbox):

posting 1 [python.org]

and Guido's reply:

posting 2 [python.org]

A little bit further down that thread we find this:

posting 3 [python.org]

Since this last one is particularly telling, I will quote the relevant text for our impatient readers:

I think Guido's rationale for removing all these features will be widely misunderstood. Me channeling him: it is not that he believes that the architectures developed were inherently incapable of providing security. Instead, he feels that no "expert" for these matters has reviewed these architecture for flaws, and that the continuing maintenance of these things isn't going to happen.

If this understanding is correct, then any new approaches will likely suffer from the same fate. Unless somebody steps forward and says: "I am a security expert, and I guarantee that this and that feature is secure (in some documented sense)", then I think he will dislike any changes that mean to provide security.

So this not a matter of engineering but of authority. Somebody must take the blame, and Guido doesn't want to be that someone.

Disclaimer: I love python. However, I am working on a project that depends on rexec, and when I discovered that it was being removed, I was a little annoyed - especially at the reasoning behind the decision.

Least ugly?

Looking at Guido's Home Page [python.org] I noticed that his picture shows a clean, healthy looking guy with all his hair.
I hereby cast my vote for Guido VanRossum for Least Ugly Open-Source Project Leader.

A shame

Zope is a very cool web application system, and while I don't know of Guido's specific contributions I have to assume that they were great. Still, I'm confidant that Zope will carry on.

For those not familiar with Zope, it is a web application server written entirely in Python. It features an object database that, for example, lets you create an image object, and then call it from other code to automatically build your image tag based on the dimensions and title of the image stored in the object.

It's open source, developed both by the Zope community [zope.org] and the Zope corporation [zope.com]. There are at least two kick ass, open source content management systems built on top of Zope Corp's content management framework [zope.org] that I know of: Plone [plone.org] and Silva [infrae.nl]. There are a ton of add-on products [zope.org] that are downloadable too.

Zope does have a pretty steep learning curve, if you don't do stuff with "real" web applications (stuff that needs access control lists, user management, templating, etc) it might not be right for you, but it's great for bigger applications. Edd Dumbill talks in a recent blog entry about why Zope is worth learning [usefulinc.com] and DevShed (which runs on Zope) has a good overview [devshed.com].

Guido and Dan Farmer are both smart guys and I'm sure that we can expect good things.

The Zope Learning Curve

I was experimenting with Zope last year and again during the first half of this year. It's definitely a cool product, but what threw me for now at least was that the documentation is abysmal, at least online.

From what I've been able to tell, there are several editions of the Zope book -- the only up-to-date version [zope.org] of which (currently 2.6) is still work in progress. The rest of the documentation [zope.org] is a mish-mash of user-written howto's, some of which are excellent, some of which are dupes of others, many of which are out of date, and others of which are just badly written. Searching the database of these is hard, and it's very difficult to distinguish well written old ones that are still relevant from newer ones that aren't very useful.

My main problem with it though is that although it focuses hugely on the differences between zope development and regular web development without seriously dealing with implementation examples of common tasks. On and off it took me about a month to figure out how to make a simple form-based login system (similar to slashdot's) and tie it into Zope's user folder system. Co-incidentally The only zope-based website I could find that actually did this was zope.org itself.

I really like Zope and I've shown off how it works to people many times over. But I'll only seriously consider using it more once the documentation is more coherent. At the moment I think that's one of the main places where itfalls over.

Emmental security?

emmental [astradyne.co.uk] is a swiss cheese known for it's big holes.

Zope is very close to Russian 'zhopa' which means

Zope is very close to Russian 'zhopa' which means 'ass'. Just so you know.

Break the GIL!

Agh, look I love Python but the Global Interpreter Lock's got to go. Threading is severely crippled as long as it's still there... I mean, failing that can't we at least have independent interpreters?

Please? I've looked around for efforts to sort this out but the last of them seems to have died around 1997...

This a win-win situation for Zope and Python

As an active Pythonic, and a most interested observer over the last two and a half years, it seesm to me that Guido leaving Zope should not raise any fears whatsoever about the future of Zope. I will explain below. Secondly, Guido's joining the new company is a positive for Python, which I will also explain. When Guido joined Zope a while back, I was very happy because it was good for Python, as it gave Guido a safe and comfortable corporate home and presumably a good living, while still allowing him to devote a lot of time to Python. I viewed it as a great goodwill move by Zope because they would be helping to support the future development of Python at their own expense. While Guido no doubt contributed a lot to Zope's efforts, Zope was a breakthrough and great product long before Guido joined Zope, Zope development team is extensive and capable, and Guido was till devoting a lot of time anyway to Python. Therefore Guido leaving is not a bad thing for Zope. Guido joining Elemental Security is great for Python, because that company will base an important new product on Python, and because it still gives Guido a secure corporate position and salary, and because he may be allowed even more time to develop Python at the expense of a good corporate citizen. This is a win-win situation. I say thanks to Zope, to Elemental Security, and to Guido and team. Ursus Maximus aka Ron Stephens

Odds?

Any bets on when the startup will go belly up and he's back doing full time Zope and Python work?

DC loses Another

This is slightly OT, but as a DC-area resident, losing a person of this stature is just another sign that NoVA's glory days are drawing to a close. For the past two years it's been nothing but that old standby defense (with its new handle, "homeland security") doing the hiring (if you have the clearances), with Internet, eCommerce, and telcos doing their well-publicized death dance.

Couple this with 9/11, anthrax, the Beltway sniper, and a few uncharacteristic deadly tornados, and this place has turned into an incredibly uptight and unhappy place.

Not that California is quite what it was, either, but for a season there, DC was the "Silicon Swamp," and it was intoxicating.

Re:possible improvements to python?

"Perhaps they could do this by borrowing a few tips from perl, which although slower has code that looks much neater."

Perl code looks much neater than Python?
Are u nuts?

One of the strong points of Python language is its clean and intuitive syntax. Perl is a very powerful language, but its strong point is *NOT* neat syntax.

Re:possible improvements to python?

That's funny. I switched from Perl to Python several years ago and one of the things that I like best about Python is the documentation. Perl's Camel book made a pretty fair reference, but I didn't really like busting out a hard-copy book every time I wanted to look something up. The electronic Perl documentation was pretty nice, but it wasn't quite as comprehensive as the Camel book, and the POD format simply can't compete with Python's documentation. The PDF and HTML formats are nice, but I really like the fact that the Python documentation is available in info format for easy reading in Emacs (complete with a comprehensive index). The indexes in Python's electronic documentation really make a heck of a difference once you start using them. Perl's pile o' man pages simply can't touch Python in this regard (IMHO).

Perl's TIMTOWTDI style means that every time you edit someone else's Perl code you will encounter four or five new Perlisms that you have never seen and that require the Camel book for deciphering. When I was hacking Perl, that meant carring around the Camel book in my laptop bag "just in case." With Python that's no longer a problem.

My guess is that you have gotten use to the structure of Perl's documentation. You know where to find Perl information, and are simply frustrated by the fact that Python requires that you start from scratch with a new set of documentation.

On the other hand, it is possible that we simply have different documentation requirements. What precisely is the problem? "They suck," is not particularly descriptive.

Re:possible improvements to python?

Could you clarify what you mean? Python is already fully object-oriented (although it doesn't _force_ you to write object-oriented code, but then neither does VB).

And are you joking about Perl? Perl is widely known for having MUCH messier-looking code than Python, but running slightly faster on certain tasks.

-Billy

Re:possible improvements to python?

Python _is_ more object oriented then VB. VB6 is object based, since there is no inheritence. (and python supports single and multiple inheritance) Perl neater then Python? I love both languages but Python programs are amazingly more readable then Perl programs. Perl slower then Python? not in my experience. They are really close in performance. see, http://www.bagley.org/~doug/shootout/ And have you done OO in Perl? compared to Python it's a pain. VB code 2-3x shorter then the Python version? I've had the exact opposite experience and usually the Python version is 5-10x shorter then the VB version.

Re:possible improvements to python?

My Gh0d you can troll! You are subtle like Fu Manchu, erudite like Christopher Hitchens and a real smart feller, besides.

Always nice to have your brain leave skidmarks

Re:Guido, a geek with a girlfriend...

That's his girl, friend. :-)

Re:troller alert

Yeah, Even I made her list. She was my first Freak. Good times....