Application Development

Organizing a Market for Applications

Sriram Ramkrishna — Fri, 24 Aug 2018 13:08:08 +0000

The "Year of the Desktop" has been a perennial call to arms that's sunken into a joke that's way past its expiration date. We frequently talk about the "Year of the Desktop", but we don't really talk about how we would achieve that goal. What does the "Year of the Desktop" even look like?

What it comes down to is applications—rather, a market for applications. There is no market for applications because of a number of cultural artifacts that began when the Free Software was just getting up on wobbly legs.

Today, what we have is a distribution-centric model. Software is distributed by an OSV (operating system vendor), and users get their software directly from there via whatever packaging mechanism that OSV supports. This model evolved, because in the early-to-mid 1990s, those OSVs existed to compile the kernel and userspace into a cohesive product. Packaging of applications was the next step as a convenience factor to save users from having to compile their own applications, which always was a hit-or-miss endeavor as developers had different development environment from the users. Ultimately, OSVs enjoyed being gatekeepers as part of keeping developers honest and fixing issues that were unique to their operating system. OSVs saw themselves as agents representing users to provide high-quality software, and there was a feeling that developers were not to be trusted, as of course, nobody knows the state of their operating system better than they would.

However, this model represented a number of challenges to both commercial and open-source developers. For commercial developers, the problem became how to maximize their audience as the "Linux" market consisted of a number of major OSVs and an uncountable number of smaller niche distributions. Commercial application developers would have to develop multiple versions of their own application targeted at various major distributions for fear of missing out on a subset of users. Over time, commercial application developers would settle on using Ubuntu or a compressed tar file hosted on their website. Various distributions would pick up these tar balls and re-package them for their users. If you were an open-source developer, you had the side benefit of distributions picking up your work automatically for you and packaging them if you successfully enjoyed a large following. But they faced the same dilemma.

Go to Full Article

Introducing PyInstaller

Reuven M. Lerner — Mon, 18 Jun 2018 11:30:00 +0000

by Reuven M. Lerner

Want to distribute Python programs to your Python-less clients? PyInstaller is the answer.

If you're used to working with a compiled language, the notion that you would need to have a programming language around, not just for development but also for running an application, seems a bit weird. Just because a program was written in C doesn't mean you need a C compiler in order to run it, right?

But of course, interpreted and byte-compiled languages do require the original language, or a version of it, in order to run. True, Java programs are compiled, but they're compiled into bytecodes then executed by the JVM. Similarly, .NET programs cannot run unless the CLR is present.

Even so, many of the students in my Python courses are surprised to discover that if you want to run a Python program, you need to have the Python language installed. If you're running Linux, this isn't a problem. Python has come with every distribution I've used since 1995. Sometimes the Python version isn't as modern as I'd like, but the notion of "this computer can't run Python programs" isn't something I've had to deal with very often.

However, not everyone runs Linux, and not everyone's computer has Python on it. What can you do about that? More specifically, what can you do when your clients don't have Python and aren't interested in installing it? Or what if you just want to write and distribute an application in Python, without bothering your users with additional installation requirements?

In this article, I discuss PyInstaller, a cross-platform tool that lets you take a Python program and distribute it to your users, such that they can treat it as a standalone app. I also discuss what it doesn't do, because many people who think about using PyInstaller don't fully understand what it does and doesn't do.

Running Python Code

Like Java and .NET, Python programs are compiled into bytecodes, high-level commands that don't correspond to the instructions of any actual computer, but that reference something known as a "virtual machine". There are a number of substantial differences between Java and Python though. Python doesn't have an explicit compilation phase; its bytecodes are pretty high level and connected to the Python language itself, and the compiler doesn't do that much in terms of optimization. The correspondence between Python source code and the resulting bytecodes is basically one-to-one; you won't find the bytecode compiler doing fancy things like inlining code or optimizing loops.

Go to Full Article

Developing Console Applications with Bash

Andy Carlson — Mon, 07 May 2018 11:30:00 +0000

by Andy Carlson

Bring the power of the Linux command line into your application development process.

As a novice software developer, the one thing I look for when choosing a programming language is this: is there a library that allows me to interface with the system to accomplish a task? If Python didn't have Flask, I might choose a different language to write a web application. For this same reason, I've begun to develop many, admittedly small, applications with Bash. Although Python, for example, has many modules to import and extend functionality, Bash has thousands of commands that perform a variety of features, including string manipulation, mathematic computation, encryption and database operations. In this article, I take a look at these features and how to use them easily within a Bash application.

Reusable Code Snippets

Bash provides three features that I've found particularly useful when creating reusable functions: aliases, functions and command substitution. An alias is a command-line shortcut for a long command. Here's an example:


alias getloadavg='cat /proc/loadavg'

The alias for this example is getloadavg. Once defined, it can be executed as any other Linux command. In this instance, alias will dump the contents of the /proc/loadavg file. Something to keep in mind is that this is a static command alias. No matter how many times it is executed, it always will dump the contents of the same file. If there is a need to vary the way a command is executed (by passing arguments, for instance), you can create a function. A function in Bash functions the same way as a function in any other language: arguments are evaluated, and commands within the function are executed. Here's an example function:


getfilecontent() {
    if [ -f $1 ]; then
        cat $1
    else
        echo "usage: getfilecontent "
    fi
}

This function declaration defines the function name as getfilecontent. The if/else statement checks whether the file specified as the first function argument ($1) exists. If it does, the contents of the file is outputted. If not, usage text is displayed. Because of the incorporation of the argument, the output of this function will vary based on the argument provided.

The final feature I want to cover is command substitution. This is a mechanism for reassigning output of a command. Because of the versatility of this feature, let's take a look at two examples. This one involves reassigning the output to a variable:

Go to Full Article

Creating an Application-Based Terminal Session

Andy Carlson — Thu, 12 Oct 2017 15:11:28 +0000

by Andy Carlson

One of my first exposures to computers in a work environment was using a Wyse terminal to access a console-based application for data entry. It wasn't until a while later that I learned about terminals in UNIX and how they work. Once I understood it, I wanted to create my own self-contained application that was tied to a telnet or SSH session.

The method I've found to accomplish this involves the use of the trap command and some (seemingly) intimate loops. The example code will be inserted into the .bashrc file of the user to whom you wish to give application access. The example code was used for spam message entry into the sa-learn application for Spam Assassin:


instanceid="$RANDOM"
clean_session() {
    [[ -f /tmp/spam.message-$instanceid ]] && rm /tmp/spam.message-$instanceid
    exit
}


trap clean_session SIGINT

while true; do
    clear
    printf "******** Spam Message Entry Menu ********\n"
    printf "Enter the body of spam message, then press Ctrl-D\n"
    printf "To exit at any time, press Ctrl-C\n\n"
    cat > /tmp/spam.message-$instanceid
    clear
    printf "Processing....\n\n"
    /opt/bin/sa-learn --spam /tmp/spam.message-$instanceid
    printf "\n\n"
    rm /tmp/spam.message-$instanceid
    read -s -n 1 -p "Press any key to continue...."
done
exit

Let's examine the logic and functionality. The first line establishes a unique session ID for application access. If you have multiple users logging on with the same user name this will help keep data straight between sessions. The clean_session function needs to be declared at the beginning of the script for use with the following trap statement. The trap statement will run the clean_session function whenever it detects that the user entered Ctrl-C (interrupt signal or SIGINT).

For the purpose of establishing a the data-entry application, you'll use an infinite while loop. Once data is entered the first time and the end of the loop is reached, the loop just starts over and is ready for more data entry. This is where the clean_session function comes into play. If users want to exit, as per the instructional printouts, they type Ctrl-C. Normally, this would drop them into a shell, but since you want to isolate their usage to this application, you'll invoke the clean_session function, which will clean up their temporary file (if it exists) and log them off. The body of the while loop just accepts input (the cat statement), feeds the data into sa-learn and cleans up the temporary file.

For this example, you will need to modify the sudoers file to allow your user root access to sa-learn; the actual location of sa-learn might vary with your installation.

Go to Full Article

LinkedIn's {py}gradle

James Gray — Mon, 10 Oct 2016 13:00:00 +0000

by James Gray

To facilitate better building of Android apps, the technical team at LinkedIn has developed {py}gradle, a new powerful, flexible and reusable Python packaging system. Now available to the Open Source community, {py}gradle wraps Python code into the Gradle build automation tool so that developers can build Android apps more easily. The tool currently is used for all Android projects at LinkedIn, and the company expects it to be widely used in the Open Source community as well.

With {py}gradle, LinkedIn has bridged a gap between two similar but different technologies: Setuptools and Gradle. LinkedIn says that Python's Setuptools works well for self-contained Python applications with a small set of external dependencies. However, Setuptools can become problematic in certain situations as an organization's Python footprint grows, which led LinkedIn to integrate Gradle and a plugin architecture. For each language or technology stack, one simply needs to apply the build plugin for the underlying language or technology stack. With Gradle, LinkedIn was careful to enhance rather than replace the existing and idiomatic Python package management ecosystem.

Go to Full Article

Synopsys' Coverity

James Gray — Tue, 20 Sep 2016 16:11:11 +0000

by James Gray

The new version 8.5 of Synopsys' Coverity extends the security umbrella of the static analysis tool to mitigate a wider range of security vulnerabilities. Coverity, a core component of Synopsys' Software Integrity Platform, is an automated software testing tool that analyzes source code to detect critical security vulnerabilities and defects early in the software development lifecycle. Coverity 8.5 adds static analysis capabilities for Ruby and node.js web applications, as well as Android mobile applications. In addition, version 8.5 expands security analysis to address a wider range of security vulnerabilities and adds complete support for MISRA C 2012 coding guidelines used in medical device, automotive and other safety-critical industries.

This version of Coverity is ISO 26262-certified, demonstrating Synopsys' efforts to address vehicle security and safety in the midst of emerging industry trends, such as connected cars and autonomous driving. To support its growing customer base and expand its software integrity business in the Asia Pacific region, Synopsys now offers a localized version of Coverity 8.5 in simplified Chinese, including a localized user interface, reporting, IDE plugins and documentation.

Go to Full Article

Contrast Security's Contrast Enterprise

James Gray — Tue, 30 Aug 2016 13:30:00 +0000

by James Gray

The phrase with which Contrast Security describes the one-of-a-kind protection provided by the new Contrast Enterprise is "continuous application security". By this, Contrast Security means that Contrast Enterprise is "The first and only enterprise security software product that fully integrates the ability to find and fix application vulnerabilities during development, and monitor and block application attacks in production, all within one unified environment." Contrast Security points out that these two capabilities heretofore were available only in partially integrated solutions at best or siloed products from partnering vendors at worst.

Meanwhile, Contrast Enterprise uses patented deep security instrumentation to weave vulnerability detection, threat visibility and attack protection directly into applications automatically, without requiring application changes or security experts. While these applications are running, highly accurate context is instantly generated about where applications are vulnerable and under attack. Contrast Security calls its approach "a revolution in application security for traditional development approaches, as well as for Agile and DevOps methodologies".

Go to Full Article

Client-Side Performance

Reuven M. Lerner — Thu, 30 Jun 2016 16:00:00 +0000

by Reuven M. Lerner

In past articles, I've covered different ways to understand, analyze and improve the performance of your web applications. I've shown that between your network connections, server hardware, database design and HTTP server configuration, you can change and improve the performance of your web application—well, sort of. Web applications, when they first started, were dynamic only on the server side. Sure, they output HTML—and later, CSS and JavaScript—but the overwhelming majority of the processing and computation took place on the server.

This model, of course, has changed dramatically in the last decade, to such a degree that you now accurately can claim to be a web developer and work almost exclusively in HTML, CSS and JavaScript, with little or no server-side component. Entire MVC frameworks, such as Ember.js, Angular.js and React.js, assume that you'll be writing your application in JavaScript and provide you with the objects and infrastructure necessary for doing so.

If you're worried about the performance of your web application, you need to concern yourself not only with what happens on the server, but also with what happens in the browser. Some commercial performance-monitoring solutions already take this into account, allowing you to see how long it takes for elements to render, and then to execute, on your users' browsers. However, there is also no shortage of open-source tools available for you to check and improve the ways in which your client-side programs are executing.

This month, I'm concluding this exploration of web application performance with a survey of things to keep in mind, as well as tools that help ensure that you're actually doing what you should be.

Client-Side Considerations

Client-side code is written in JavaScript. The code, whether inline in