libjpeg and Python Imaging (PIL) on Snow Leopard
Sometimes OSX could learn a trick from Linux; a great example is package management.
Mac ports isn’t bad but it’s not a patch on archlinux’s AUR for simplicity, and Ubuntu is onto a really good thing with APT.
Installing Python Imaging (PIL) with Jpeg support on Snow Leopard isn’t obvious. For anyone struggling with it, here’s a solution:
1. Download the source from http://libjpeg.sourceforge.net/
2. Extract, configure, make:
tar zxvf jpegsrc.v6b.tar.gz
cd jpeg-6b
cp /usr/share/libtool/config/config.sub .
cp /usr/share/libtool/config/config.guess .
./configure --enable-shared --enable-static
make
3. You may need to create the following directories:
sudo mkdir -p /usr/local/include
sudo mkdir -p /usr/local/lib
sudo mkdir -p /usr/local/man/man1
4. Now you can install it as usual.
sudo make install
5. If you want to freetype support, do that now.
6. Finally, you can install PIL. Be sure to activate any vitualenv now if you don’t want to install PIL into the system site-packages.
pip install http://effbot.org/downloads/Imaging-1.1.6.tar.gz
At least the native Python 2.6 on Snow Leopard works great, and this wasn’t nearly as painfull as installing PIL on Cygwin!
Weekend Reading: Sunday 30th August
“As with other recent waves of innovation (Web 2.0 and cloud computing, for example) there is no single definition of what the term “real-time Web” means. As a result, it is used as a catch-all phrase for a number of developments underway. At this point, we can identify that the real-time Web…”
by Ken Fromm @frommww.
How to price Enterprise Social Computing offerings
I didn’t realise what a complicated topic this is until this week when an investor completely junked our pricing model with one simple graph. So this weekend I’ve been researching the subject. There are some highly counterintuitive ideas under discussion, which suggests the possibility that there might be a good opportunity to price using an alternative model to the traditional: per user with volume discount.
LShift: Thoughts on real time full text search
This is an interesting discussion on approaches for full text searching on massive data sets such as real time web applications; Twitter is the example.
A list of distributed key value stores
It’s a little more than just a list; here is a fairly good high level overview of current DHT offerings compared form the authors context.
Update: Here is a more up to date comparison prepared by Tony Negrin (Yahoo) after the recent noSQL 09 conference. It includes some indication of maturity and momentum.
Great Links 26th August 2009
Some great reading in the RSS reader this morning; I’ve referenced a couple here for my benefit and yours:
Firstly an article from Chris Dixon. Chris was a co-founder of Site Advisor and has since become one of the most successful early stage tech company private investors:
SIX STRATEGIES FOR OVERCOMING “CHICKEN AND EGG” PROBLEMS
Products with so-called networks effects get more valuable when more people use them. Famous examples are telephones and social networks. “Complementary network effects” refer to situations where a product gets more valuable as more people use the product’s complement(s).Read the rest at cdixon.org
Secondly, we’ve had a couple of people provide feedback this week about our website. When we launched it only about a month ago, it was a huge step forward for us. However things are moving very quickly at the moment and already we are finding that we need to give it a little more love.
THERE IS MORE TO OPTIMIZATION THAN SEO
Which is why I really like this article by Aaron Wall about designing your web site with the users next steps in mind.
CONNECTING AUSSIE BUSINESSES ONLINE
Saving the best for last, our first piece of press! Check it out: This article in Anthill about our Social Networking Software has already generated a lot of interest. We owe a big thanks to Dave Birchill for putting that together for us!
Rich
A Good Business Relieves Pain
My girlfriend has a slightly longer commute than I do.
We catch ferry to the city, but then she has to go on to Surry Hills which is too far to walk. Using public transport it’s an extra train or bus trip, about 20-30 minutes.
Recently she’s found an alternative.
Weekly, the lease of a private, secure car parking space close to her office costs less than two days of parking in the local public car park. Now she drives to work fairly regularly and we have been quite surprised by the costs involved.
Astonishingly, if you add up the total cost of driving each day (petrol, tolls, parking and maintenance) it’s slightly cheaper than public transport. If we both go by car we’re ahead by over a hundred dollars a week.
So, not only is it cheaper, but it’s faster and a heck of a lot more convenient.
It’s well understood that the best businesses relieve customer pain; Sydney’s public transport is definitely a source of pain!
Now, I don’t want to advocate driving over public transport, because environmentally that’s a disaster. But surely that’s what our city leaders are doing?
If one person in a car with a private car space can do better, faster and cheaper than the state government, then surely this is a killer business opportunity?
Simple API Key Generation in Python
Summary
I’m creating a REST API for my current Django project, and I want a good psuedo-random way to generate alpha numeric API keys. Outlined is a simple method which I believe makes pretty good psuedo-random keys.
Discussion
Like Session keys, API keys should be sufficiently unpredictable to be psuedo-random. To be unpredictable, no user variables (or timestamps) are encoded into the key.
Specifically, the key starts life as a 256bit number generated by the Mersenne Twister Pseudo Random Number Generator (PRNG).
>> str(random.getrandbits(256))
>>90035287577760653301955374895950037116738729760252440482985364146171806313429
Mersenne Twister itself is not considered cryptographically secure (it has been demonstrated that observing a sufficient number of iterates allows one to predict all future iterates).
To mitigate this problem, the 256bit number is cryptographically hashed using SHA-256.
>> hashlib.sha224( str(random.getrandbits(256)) ).hexdigest()
>> 654c6da8f3b0fd8fe819669daf07996738d21a53c02c731b0aee6373
The result is then Base64 encoded – which results in a string containing only lower and upper case alphabetical characters, and numbers – and also two special characters (usually ‘/’ and ‘+’).
A character-pair (eg: ‘aF’ or ‘zZ’) is then selected randomly (pseudo-randomly) from a pool of character-pairs; these are substituted (salted) for the non-alphanumeric characters left by the Base64 encoding.
The resulting string is a 38 character alphanumeric that is sufficiently large and unpredictable for an API key.
>> base64.b64encode(hashlib.sha256( str(random.getrandbits(256)) ).digest(), random.choice(['rA','aZ','gQ','hH','hG','aR','DD'])).rstrip('==')
>> mwkMqTWFnK0LzJHyfkeBGoS2hr2KG7WhHqSGX0SbDJ4
Conclusion
Without too much complication or any hardware source of randomness, this seems like a reasonable method for API key generation.