A view from the hill

Gestern hat Constanze Kurz, Sprecherin des Chaos Computer Clubs (CCC), einen Vortrag in Freiburg über den Staatstrojaner gehalten, vermutlich basierend auf ihrem Vortrag auf dem 28c3 (Videos hier). Es war ein sehr schöner Vortrag, wie ich finde, der die rechtlichen und politischen Probleme sehr gut auf den Punkt brachte. Die Diskussion technischer Details fiel -- wegen des Veranstaltungskontextes von Juristen und Humanistische Union --- leider weitestgehend aus. Insgesamt muss ich sagen, dass ich von dem sehr ruhigen und auch humorigem Vortragsstil ebenfalls beeindruckt war.

Die Hauptkritik richtete sich gegen die Politiker, die zum einen die vom BVerfG gesetzten Rahmenbedingungen immer noch nicht in Gesetze gegossen haben und zum anderen auch nicht die Kontrolle durchführen, die man von Ihnen erwarten darf. Eine wichtige Fragestellung betraf dann auch genau den Kontrollaspekt: Wer darf den Quelltext einsehen? Wer kontrolliert den Einsatz? Leider hatte Constanze Kurz auf diese Fragen keine konkreten Vorschläge, sondern auch nur zynische Seitenhiebe auf das Gründen des nächsten "Kompetenz-Kompetenz-Kompetenz"-Zentrums und Hinweise auf die Problematik des Richter-Vorbehalts. Ein für mich interessanter Aspekt, den ich bislang nicht weiter beachtet hatte, war die Diskussion der Ausleitung der abgezogenen Daten über einen Server in den USA, wobei die Kommunikation auch noch schlecht gesichert war. Zudem fand ja vermutlich auch eine Abgreifung von Daten über den verwanzten Laptop statt als dieser vom Überwachten im Ausland benutzt wurde, so dass hier ja auch Ermittlung durch deutsche Behörden im Ausland, vermutlich ohne Einholung entsprechender Genehmigungen der Drittländer, erfolgt sein dürfte. Man kann sicher davon ausgehen, dass hier Datenschutz-Regelungen (Gesetze!) gebrochen wurden. Mir stellt sich die Frage, in wie weit man gegen diesen Bruch eigentlich juristisch vorgehen könnte. Überhaupt ging das Thema der juristischen Konsequenzen der Sachlage leider etwas unter.

In der anschließenden Frage und Antwort-Runde gab es dann noch einige Möglichkeiten zum gepflegten Fremdschämen, was bei dem Thema aber wohl zu erwarten war. Ich habe ja eh den Eindruck, dass es bei der Thematik "wer darf welche persönlichen Daten sehen? Darf der Staat heimlich auf private Daten zugreifen?" hauptsächlich zwei Gruppen gibt: Die Gruppe der "wir werden alle störben/Deutschland war/ist/wird ein Überwachungsstaat"-Verschwörungstheoretiker und die der "ich habe nichts zu verbergen/die staatlichen Behörden durchsuchen eh nur Kriminelle"-Problem-Verneiner. Wenn man versucht, eine möglichst sachliche Diskussion zu führen, wird man von Vertretern beider Gruppen gerne jeweils der anderen zugerechnet, was die Diskussion schwierig macht. Von der zweiten Gruppe war jedenfalls naturgemäß keiner anwesend oder zumindest hat sich keiner geäußert.

Interessant war eine Anmerkung aus dem Publikum, die sich aus einer vorgehenden Diskussion über mögliche eigene Schutzmaßnahmen (Verschlüsselung, alternative Betriebssysteme, etc.) ergab: Ein anwesender "Nicht-Hacker" stellte fest, dass er weder Kenntnisse noch Zeit dazu hätte, aber insbesondere gar kein Interesse daran haben könne, einen private Schutzwall oder eine Schutzburg zu errichten. Den Punkt nahm Constanze Kurz auf und stellte nochmal klar, dass es natürlich weiterhin eine politische Forderung sein müsse, (sinngemäß) heimliche Eingriffe in die Privatsphäre zu vermeiden (die genaue Formulierung habe ich mir leider nicht gemerkt, sorry). Das finde ich einen sehr wichtigen Punkt, der in Nerd-Diskussionen über technische Abwehrmaßnahmen immer wieder gerne vergessen wird. Summa summarum ein netter und bei mir noch sicher nachwirkender Abend.

So, let's continue summing up the major records I got over the last months.

The Horrors, "Skying" is not the continuation of their previous album which I liked a lot. There are some similarities in style, of course, but it doesn't have the same focus and there are not so many convincing titles. (6/10)

I also got the new record from Äl Jawala, "The ride" for review, which, while mainly instrumental Balkan-Beat style has a wild variety of other influences, also didn't quite fit in. I like the record, but it's hard for me to keep going all through it. But they made me search for similar records from other artists. (6/10)

Then I recently reviewed Deep cut, "Disorientation" for plattentests.de which is a nice shoe-gaze style band, with some guitar pop thrown in for good measure. Think Lush or Sing-Sing, if that means anything to you. (7/10)

Wild Flag, "Wild Flag" is an ex-sleaze riot girls afterthought, more guitar power-pop oriented, but also a lot less interesting. (5/10)

Very interesting is "In the pit of the stomach" by We were promised jetpacks: its alternative crusade between noise and more quiet tones reminds me a little bit of Broken Social Scene, although the references to bands like the Twilight Sad are also appropriate. (8/10)

Another addition is "Belong" from The Pains of being pure at heart which sounds to me like a more pop-oriented variation of "We were promised jetpacks". A nice and light record, recommended. (7/10)

Similar in style is the self-titled album from Yuck, which has some voice-coder stuff, which I typically don't like at all, and also some low-key songs but is overall a pretty nice album. (7/10)

And then we have the christmas special "Anthology" by my long time favourites The Throwing Muses. I reviewed the two CD set, which is a nice and non-obvious collection of their material from 25 years. If you like complex accoustic and electric guitar songs (from Independent style to alternative rock) with great female singers (Kristin Hersh/Tanya Donelly) this is for you. (8/10)

Just by chance I found out that Carlo van Putten has two new records out: White Rose Transmission, his former collaboration with Adrian Borland released "Spiders in the mind web". Adrian is clearly missing but it's still a nice record. (6/10)

The other one is with his new band Dead Guitars who released "Stranger". Actually, I find it hard not to mix up the two records, because they are stylistically quite similar, although difficult to classify. Certainly an alternative sound, but alternative what? Guitar-pop? Wave? (6/10)

Records from the crypt:
Another missing piece filled in, I finally have a best of collection by The Rolling Stones, "Rolled Gold". It contains two CDs full of hits. Unfortunately, it focusesses pretty much on the older stuff, the newer songs from the end of the last century and the newer songs are missing. (6/10)

Tarek Ziades repeated his Python new year meme in which he summarizes his accomplishments in the Python world this year and his considerations for the new year. As I stopped working as a Python developer some time ago, I will hence drop the Python restriction although I will keep the restriction on only looking at developer questions.

1. What’s the coolest developer application, framework or library you have discovered in 2011?

Mostly stuff I already new about but hadn't specifically the chance to use previously, so actually there was probably nothing which I would call 'cool'. For one, I started using git this year. For other projects, I took the next step and started hosting my Mercurial repositories at bitbucket. For another, I used nose for unit testing my Python stuff.

2. What new programming technique did you learn in 2011?

Probably the most interesting stuff I learned this year was from me finally reading AMOP (the Art of the Meta-Object Protocol), thereby learning a lot about the meta object protocol in Common Lisp and how it's related to CLOS. However, I didn't really put it to use much, although in hindsight I recognized that I've used stuff from it previously without understanding the complete picture. There was also a lot of 'enterprise technology' I looked into this year but nothing could be directly be labeled a 'programming technique'. Otherwise I think I mainly stuck to the techniques I'm used to.

3. What’s the name of the open source project you contributed the most in 2011? What did you do?

My contributions to the free software world continue to be at a very low level (typically, I don't contribute anything of value besides small hints on the net, complaints and the occasional bug report), which I keep seeing as a personal weak spot. This year at least I managed to implement something for CL-SQL. I also wrote two small utilities, mainly to scratch my own itch, which I still need to clean up a more before I could publicly present them.

4. What was the development blog or website you read the most in 2011?

That's certainly proggit, followed by InfoQ. I also follow Planet Lisp and Planet Python quite closely. I started again to listen to the podcasts by Heise developer and the software engineering radio, but I have to admit I'm too easily distracted to really keep going.

5. What are the three top things you want to learn in 2012?

I would like to continue to learn Clojure, finally writing some useful code in it. In particular, I would like to mess around with parallel computations, although there is a huge chance I'll apply it for small silly tools or web programming first. I would also like to work on some semantic web stuff, probably with RDFa. And maybe I'll take a look at programming with some of the more or less free tablet stuff, either WebOS or Maemo/Qt. I'll probably also continue to look into Java programming and common architectures on that platform, which is an enormous universe.

6. What are the top software, app or lib you wish someone would write in 2012?

I would like to see the semantic web getting a little bit more traction, mainly by easy integration of stuff like RDFa into content management systems. And, like probably every year since 1999, I wish somebody would finally write an (open source) application/set of clients to finally solve the synchronisation problems between different computers/phones/tablets. Note: I've given up on the wish that somebody writes an enterprise acceptable open source replacement for Lotus Notes or Outlook (and I'm talking only about calender and mail, sigh).

I let too much time pass in between writing these overviews. Which of course results in even more stuff to write about, which makes me delay it even further. As this post would get rather long in the mean time, I'm going to split it into this winter edition into a part one and a second part, which I will probably post next week. Okay, 'nough said, here we go:

Arcade Fire, "The suburbs" is a Grammy award winning record of the canadian band. It's also the first by Arcade Fire which doesn't drown in pathetics, although it's still not too light hearted -- which implies that this is really a nice one. (7/10)

Amplifier, "The octopus" is a heavy beast of a record. It's easy to imagine the arms of the octopus playing a multitude of guitars. But it's an alternative rock drama which I don't have the patience for over two discs. (6/10)

Mogwai, "Hardcore will never die, but you will" is another rather heavy and constructed sounding record, quite like Amplifier, although it has some more lighter moments. It's also only a single disc. (6/10)

I reviewed Lotus Feed, "A different place" for plattentests.de, which is a rather classical gothic/wave record. It's a good one but too close to more famous bands to really stand out. (6/10)

I have the impression that Radiohead with each new record try to come up with even stranger song structures. "King of the limbs" is the latest and greatest step on that mission. (6/10)

I admit it, I have a weak spot for the low-fi two-piece sound of The Kills. On the other hand, I think they get better with each new record. "Blood pressures" has a pretty broad range of song structures, while still mostly sticking to their typical two people setup. (7/10)

I was lurred by the praising review on plattentests.de into buying the punk rock opera "David comes to life" by Fucked up. The music is fine, but I have a hard time standing the singer. (5/10)

A jazz record by Nicole Jo, "Go on" and a very nice one, too, came to me from plattentests.de but didn't fit into the thematic range. Which doesn't make it a bad record, not at all, I like it very much. (7/10)


Records from the crypt:
Billy Talent, "Billy Talent III" was a cheap buy, but a very nice one. If you like Green Day-style punk rock without the pop part, you'll also like this one. (7/10)

In a recent meeting, a colleague of mine mentioned that we wanted to use agile development this time with that new project and that I would provide some insight as an 'agile development expert' (not that this would be a term I would use). This in turn brought me some curious looks and a pretty general question during the discussion: what is the benefit of an agile development model from a business perspective anyway?

If I remember correctly, my answer went in the direction that with an agile approach you can change your mind about what you really need/want to implement throughout the project, if you learn something 'new' about what is really required. The second important aspect is that you get quicker feedback which allows for more influence in case things don't turn out right. After the meeting I started pondering the question a little, as I had the impression that my answer wasn't that convincing, so what you find below is a more detailed written elaboration of it.

Basically, what "you can change your mind throughout the project" boils down to is that agile development gives you more options to make use of opportunities coming up along the way/throughout the time you need to implement the project. The most important idea here is that you don't make decisions too early, because that limits your options. For an example, let's assume that one feature we specify is that we want to have a 'Facebook like'-button on the order page. Now, if we're following the waterfall style 'implementation follows after specification has been completed' development model, you would specify that and design the page with the button and at some time in the future, you hopefully get your Facebook button. But maybe during the hypothetical nine months from now in which development happens, what if Germany's privacy laws enforce new severe restrictions on the use of such buttons and, btw., Google+ is now the new hip site you have to support? You have to go through a (with larger features typically quite costly) change process, redo the specification, etc. This essentially makes the cost you had in writing the specification as well as for the design etc. a double problem: you didn't get out any ROI, obviously, but additionally time has passed while writing specs, doing design etc. in which you didn't really work on any results for the customer (lost opportunity: gather new clients with at least some new features).

So, you would have been better off with having the idea that at some point throughout the project you want 'social media integration for marketing reasons' and delaying what to do exactly until you're really there (from a priority point of view) where this is a feature that you want implemented -- i.e. you do the specification when your planning that feature to get implemented in the next development phase (which is typically two to four weeks with an agile development team). The idea is to take small, well defined steps that can be taken fast and starting out with the most important/valuable ones first, rather than to spend a lot of time on some 'complete specification' which withers fast throughout the projects implementation time.

The problematic point here is obviously, that it's pretty difficult to say when exactly is the right point in time to make a decision. In general, there is no 'right point' -- also often called the last responsible moment after which some opportunity is lost (I think the phrase was coined by Mary and Tom Poppendieck, see the excerpt from 'Lean software development') -- but multiple points in time, depending on many aspects. Influencing aspects are things like business opportunities (e.g. a new feature nobody else has at that time) or reducing risks (projects risks) (cf. Alistair Coburn reconsidering the least responsible moment). The best answer I currently have seen when to make a decision is that it should be taken when you have 'enough knowledge', i.e. when you have carefully considered your options and evaluated them (cf. real options). Even thinking about options alone is typically a highly valuable undertaking in itself, because all to often people just assume that the 'obvious way' is the best one.

So, the general answer is probably along the way of: for the business side, agile development has the benefit that it provides more flexibility and more influence throughout the project phase while at the same time (possibly) generating real value/revenue more early. There is, of course, more to it that also has appeal from a business perspective, but that's probably the main point. Feel free to add different opionions.

Was mich an der medialen Berichtserstattung zum sog. Staatstrojaner ein bisschen stört, ist die Tatsache, dass zum einen sehr stark auf die Fragen der technischen Mängel (der CCC als TÜV der staatlichen IT-Sicherheitstools) und auf der anderen Seite auf die Frage der Urheberschaft ("kommt aus Bayern") abgestellt wird.

Der wesentliche Aspekt gerät dabei ins Hintertreffen: Wie kann es eigentlich sein, dass offenbar mehrere Bundesländer klare Vorgaben vom Bundesverfassungsgericht ignorieren und kein medialer Aufschrei mit Rücktrittsforderungen quer durch alle politischen Ebenen erfolgt? Immerhin ist das Urteil mit den Einschränkungen zur Einsetzbarkeit von sog. Online-Durchsuchungen aus 2008 und die eingesetzte Software offenbar von (frühestens) 2009. Es ist unfassbar, dass eine solche Software nach diesem Urteil überhaupt noch beschafft werden konnte.

Man kann natürlich von mangelndem Wissen und Schlamperei ausgehen, wie es die Süddeutsche Zeitung tut. Man kann aber noch kürzer davon ausgehen, dass es einfach in der Praxis gar keine Rolle spielt, was das Gericht vorgibt. Mindestens vier Bundesländer? Da kann man wohl nicht mehr davon ausgehen, das da nur einer "versagt" hat, sondern das ist ein großflächiges Desaster. Der Skandal, der ja auch schon längst interessante Seitenaspekte hat (Zusammensetzung Aufsichtrsrat Digitask, Digitask im Zwielicht) muss so viele Leute, Handelnde und Verantwortliche involvieren, dass es schlicht unmöglich ist, dass nicht einer größeren Gruppe klar war, inwieweit diese Software sich weit außerhalb des gegebenen Rahmens befindet. Wer jetzt noch glaubt, das war alles nur ein Fehler von wenigen, der glaubt auch an die Heinzelmännchen, die dem Weihnachtsmann beim Geschenke packen helfen. Dazu kommt dann als Oberkrönung an der ganzen Geschichte natürlich die Latte an Lügen, die dann noch in die Welt gesetzt wird.

Selbst wenn da keiner die Möglichkeiten genutzt hat, muss man sich einfach klar machen, dass hier genau der Effekt von "The code is the law" (L. Lessig) eingetreten ist: Wer den Code entsprechend bedient, hat die Möglichkeiten, sich über irgendwelche Rechtsprechungen hinwegzusetzen und ist -- mangels Kontrollmöglichkeiten -- kaum gefährdet, sich dabei der Gefahr der Entdeckung und Verfolgung auszusetzen. Aller Beteuerung der Politiker zum Trotz: Wir würden es nicht erfahren, wenn es anders gewesen wäre.

Immerhin, die großen politischen Leitmedien wie die FAZ (Schirrmacher argumentiert mit Lessig) oder Süddeutsche (Prantl: "Trojaner fressen Grundrechte auf") weisen durchaus deutlich auf den eigentlichen Skandal hin. Aber die normalen Medien, das übliche Fernsehen, Radio und auch die regionalen Tagesblätter diskutieren das Thema praktisch gar nicht. Machen wir uns nichts vor: D.h., der normale Bürger bekommt von dem eigentlichen Skandal nichts mit, sondern wird schlicht in die Irre geführt: technische Mängel einer Software, die gezielt gegen Verbrecher eingesetzt wird? Was soll daran schlimm sein? Und genau da sind wir dann gleich bei der nächsten Verschwörungstheorie. Warum wird eigentlich nicht genauer der Skandal thematisiert? Die Fakten dahinter sind lang und breit dokumentiert (s. bspw. die Artikelsammlung Bundestrojaner von Kristian Köhntopp Update: und seine Überlegungen zum Trojaner nach dem Trojaner). In dem Sinne: Tragt das Wissen in die Welt.

After a period of nearly two years in which XEmacs beta stayed at version 21.5.29, XEmacs 21.5.30 and even XEmacs 21.5.31 (beta) have been released. The most noteworthy change (and the reason I'm blogging this at all) is that XEmacs is now licensed under the GPL v3 and is hence back in a position in which it can incorporate (port) over code from Gnu Emacs. This in turn means that the increasing gap between XEmacs and Gnu Emacs, which has been widening in last years, may get a little narrower if people put some effort into porting stuff over. Hopefully, we'll also see a release of a stable XEmacs 21.6 some time this decade (21.4.12, the first version of 21.4 which was promoted to 'stable' was released in 2003, so it's arguably due in two years ...)

So, ELS 2011 is over which was the first conference I attended that was solely aimed at Lisp programmers. Overall I am quite happy with it although not all talks have been of the same quality. In particular I wasn't too excited about all three key notes, although all had interesting topics. The first one by Craig Zilles about best effort code optimization was about things intelligent compilers could do. Very interesting stuff for sure and I learned a lot about low-level soft- and hardware architectures but there was no apparent direct relation to Lisp. A similar problem troubled the talk about Scala: perhaps it was due to my late arrival (I got on the right subway but in the wrong direction, not for the first time) but the part I attended left me wondering why Scala is relevant on a Lisp conference. Marc Battayani's invited talk about his use of Common Lisp for programming FPGAs was nice, but first of all it was difficult to follow (not due to the content) and not many details were given about how the specialized Lisp embedded DSLs get converted to the FPGA specific code and what problems he had to overcome.

Now for some of the interesting regular talks: on Thursday, the report about porting SBCL to the supercomputing Blue Gene/P was nice and raised an interesting question: what can/needs to be re-discovered from old Lisp dialects for parallel programming for Lisps when more and more parallel cpus are becoming available to programmers. An issue that came up in both the talk about the futures implementation for ACL2 and in Nicolas Neuss' initial digression about his experiences in parallelizing Femlisp was that garbage collection can get in the way of effective parallelization, up to the point where much of the expected speedup is lost. The motivation of the talk about actors framework named Jobim for Clojure nicely fitted in with an immediate question that came to my mind when I saw how Clojure connects to Java: What do you do so that Java's semantics don't leak into your application code? They seem to have found a nice way to abstract away the underlying Java libraries in their framework. In the last session of the first day, the lightning talk session, two things were interesting: Ralf Möller talked about using user-defined method combinations as a more powerful approach than design patterns, showing how one might implement html specific print-object methods, and Didier Verna talked about user-extensible format directives which he wants to turn in as a CLRFI. Having done a lot of work in computational linguistics, the talk about S-NLTK, the Scheme toolkit for natural language processing, was nice to see. Damir Cavar did a good job promoting the toolkit which has a similar aim like the Python NLTK, although I would have liked to learn more about the API and implementation issues. Finally, Alec Berryman by ITA gave a last minute presentation about things ITA learned about optimizing stuff for SBCL and about issues arising when adopting the old code to multi-threaded programming. Interestingly they didn't report about gc issues but that may be related to their extensive use of object caches of pre-allocated objects.

The final panel discussion with James Knight, Christophe Rodes, James Anderson and Martin Simmons went back and forth about concurrency, distribution and efficiency vs. performance. The discussion took up several points from the talks, including gc and hardware issues. I took away from the discussion that unsurprisingly a lot of open questions need to be solved of which people are aware while at the same time there doesn't seem to be much momentum, which, given that the community isn't that big, isn't surprising either after all.

Summing up I liked it a lot. For one, it was very nice to see people you only know via the net (while I haven't been active in the community in the last years, I was surprised to see people recognize my name). For another, I also think that the organizers made a good decision to select a main theme for the conference and an important one, too. It really set the main theme for the conference and the discussions, and hence nicely reached its goal. Generally speaking, the conference was nicely organized so thanks for a pleasant time in Hamburg.

This has been a rather unpleasant month (don't ask, I won't tell) but right now I'll look forward toward its end because of two reasons: for one, I'll be in Hamburg for the European Lisp Symposium for the next two days; the program for the ELS has also been published in between. I'm really looking forward to an interesting set of talks. For another, some patches to CL-SQL which add support for autoincrement behaviour for Postgresql, are probably going to be released soon. To clarify, "autoincrement" is a column constraint in MySQL (among others) that automatically increments the value of the column when a new row is inserted when no value for the autoincrement column is given (cf. MySQL docs on AUTOINCREMENT), a behaviour that Postgresql supports with the serial constraint (cf. this wikibook on converting between MySQL and Postgres). Actually, that has been my first substantial amount of Common Lisp programming in the last two years, which has been triggered by an upgrade of my Debian system. This upgrade implied that an old application of mine would now use CL-SQL version 5.0 which in turn broke the app: I had simply specified a db-type of "serial" previously, but the new CL-SQL code wouldn't recognize that it had to fetch the automatically generated value from the DB when inserting a new record. More details on the patches can be found on the CL-SQL mailing list.

The developement of this addition was also the first time I had a real-world setup developing with git. In my own projects I use mercurial, so I was eager to learn a little bit more about the differences. It's funny that a recent opinonated article "Why I like mercurial better than git" more or less talks only about the one point that I found confusing: branch handling. For more background information, I suggest reading this article "A guide to branching in mercurial". Basically, in my current projects where I use mercurial, I'm using the "branching with clones" approach Steve is describing there. When working on the patches for CL-SQL, I was working on the existing autoincrement branch but when I was through I wanted to port my patches to the master branch. When using mercurial with the described approach, selecting (pulling or pushing) my patches and only my patches to the master branch is dead easy: you just issue a pull/push command restricted to the "right" changesets. Doing this is even supported by Subversion these days via svn cherry picking. Looking at the docs for git pull, fetch and merge, I wasn't able to figure out what the corresponding "right" incantation for git might look like, if there is one at all. As I didn't want to hose my "working copy" (sorry for the SVN term again), I resorted to git format-patch, git am resp., which worked fine. Please note that I'm not suggesting that it's not possible with another approach, quite to the contrary I would be happy to learn about it. One thing that I found rather useful is git's stash command which let's you safely abandon your current work to fall back to the last commited version, in order to be able to work on something that popped up in between (typically a minor unrelated problem you encounter while working on a larger piece of changes). I understand that mercurials patch queues enable a similar functionality, but I haven't used them sofar. Another thing that I found very useful is git's very easy way to correct (or in git terminology "amend") a commit by just issuing "git commit -a". I also like the idea of the "index" or more exactly that you have to explictly "add" which changes you want to commit. A similar behaviour is possible with SVN "changelist" command, but the mere existance of a changelist is not automatically honoured by SVN's commit.

Hamburg, I'll see you soon -- for the 2011 edition of the European Lisp Symposium. I haven't done much Lisp programming in the last two years, but as I can combine visiting a good friend with a nice conference, I just couldn't resist. I'm really looking forward to meet several people I've had contact with over the net in reality. (And don't forget about that unresolved tension.

So, 2010 is already over (just like the yearly poll on plattentests.de) and I haven't shared my latest additions to my CD collection.

The last review I did last year was about Kim Wilde, "Come out and play". Kim Wilde is one of the artists I really enjoyed in the eighties, but I can't really say the same thing about her latest album. (4/10)

I also got The Superbees, "Top of the rocks" for review but as it's just a mini-album it didn't get published (nor written). If you like punk rock with a rolling "R" like the New Bomb Turks this is a very nice little record. (7/10)

Till Brönner, the German (jazz) trumpet player has published "At the end of the day", an album consisting of covers of well-known pop songs like "Space Oddity" (D.Bowie) and "Human" (Killers). Till should really stick to playing his trumpet. (4/10)

Les Savy Fav is one of my favourite bands with their music somewhere between post-hardcore, noise and danceable indie sounds. "Root for ruin" sees them a little lighter, less aggressive but still powerful. (7/10)

Interpol surely had a lot of influence over the last ten years, bringing back some of favourite music from the 80s to the indie scene. Their last album "Interpol", however, continues what they have been doing like forever now and I'm getting more and more bored with every new record. (6/10)

I have to admit, that they have been a rather new discovery for me: Belle and Sebastian play their lovely indie folk tunes on "Write about love", but only now I've been able to appreciate the beauty in their songs. (8/10)

Deerhunter, "Halcyon digest" is a record that resonates firmly within the plattentests.de universe but for me the mix between esoteric music style and indie rock needed some getting used to. There are some really strong songs on it, but also some more obscure stuff as well. (7/10)

Iliketrains is another band well received by the crowd over at plattentests.de and "He who saw the deep" sounded interesting with it's music somewhere between Interpol and The Whitest Boy Alive. However, I can't really stand the singer. (5/10)

I am not too much into trip hop, but Massive Attack, "Heligoland" was a cheap buy and I do like some of their older stuff. Their new record contains a lot of complex songs and it takes quite a while getting into them. No hit though. (6/10)

The last record from 2010 that's worth noting is of German indie rock band Tocotronic, "Schall & Wahn". It's actually my first Tocotronic record, although I otherwise have a lot of similar stuff (e.g. Blumfeld). A nice record with heavy lyrics. (7/10)

This new year has brought me three new records so far.

First one is Gang of Four, "Content", their comeback after 16 years which I reviewed for plattentests.de. A very strong record that clearly shows why bands like Bloc Party or Franz Ferdinand have good reason to still name them as one of their main influence. Post-punk indie music with a funk note and strong political texts. (8/10)

Years ago I have been listening to quite a little bit of dark wave and some times I still like such music. Esben and the Witches, "Violet cries" have been getting hyped somewhat in the indie media and rightfully so. Pretty dark and haunting sounds, with the occasional heavy guitar. (7/10)

And then there is the latest album "Tao of the dead" by ...And You Will Know Us By the Trail of Dead. I must admit that I still haven't managed to get a key to it. It's a very homogenic record, but nearly consistently Kraut Rock-style with very few noise core attacks being left. Given that "Madonna" is still my favourite album of them, it is probably no surprise that I find this record to be their weakest one so far. The evolution had been apparent but so far I could always find some interesting stuff to take from the records in between, but I haven't been able to it this time. (6/10)

Now for the Records from the crypt section:

Sophie Hunger first album released under her own name, "Monday's ghost", isn't that old, but still. It's pretty similar to last years "1983" and contains some very beautiful tracks like "Shape" or "Drainpipes" which are difficult to classify (most likely under Jazz). (7/10)

Melody Gardot with "Worrisome heart" is Jazz, sometimes with a pop tune. Very nice record from another Jazz artist getting quite some hype last year. (7/10)

Athlete's "Beyond the neighborhood" is a record somewhere between radio music and indie rock. Just the same I can't really say how much I like it. (6/10)

Then we have Mando Diao and their 2009 album "Give me fire". Besides the hit single "Dance with somebody" (which seems to be much slower and mellow in the album edit) there are several rather boring but also some more interesting songs. (6/10)

And now to classics:

The debut of the Stray Cats, "Stray Cats". This record basically defined what Rockabilly is. One might say, well Rock'n'Roll is known a bit longer, but Setzers guitar and the mixin of Ska elements still makes the record sound fresh. (9/10)

And finally the one defining German punk band, Slime with "Alle gegen alle". Of course, some texts look rather silly today and the music is, well, simple, but still this record kicks some serious butt. (8/10)

Heute nur ein kurzer Verweis: Wenn ihr denkt, es gilt das freie Netz zu beschützen, solltet ihr noch mal genauer hinschauen. So zensiert ist das Internet schon heute. Interessant ist vor allem auch die grobe Kategorisierung, was und warum zensiert wird (via Fefe).

Today, I solved a really troubesome problem for me: I couldn't access my GPG secret key. Which means that whenever I needed my secret key, for example when I wanted to sign some text and I typed in my key, I just received a "bad passphrase" error message. Not using GPG on a regular basis, I wasn't at all sure that I had used the right passphrase. However, today I recognized that I had another secret key for special usage, for which I had specifically written down the passphrase -- and which didn't work as well.

This finally convinced me that there was something else wrong beside a faulty memory of the passphrase. And indeed, when I tried signing a mail in Gnus/PGG, typing in the exact same passphrase as I had on the command line, everything was fine and the message got signed. But then what was the difference to using gpg from the command line? I was suspecting that some non-ASCII characters I have in my passphrase might not reach GPG as intended, so I started looking at the locale settings. Some more experiments confirmed it: nowadays, my xterm (which is an lxterm really) is highly probably using a different key setting as it used to, after a re-installation of my desktop some time ago. I'm not too sure what it used to be, probably ISO-8859-1 (aka Latin-1) or ISO-8859-15 (aka Latin-9) or "C", but it's now using de_DE.UTF-8. Simply setting LANG to C inside a running xterm didn't work out as I hoped, probably because of the way the locale settings (probably LC_CTYPE) are used by xterm to set up keyboard handling. But when I start up a different xterm with LANG set to C in advance, i.e. do a "LANG=C xterm &", gpg happily accepts my passphrase. Problem solved.

Moral of the story: charsets and input formats are a constant source of joy unless everything is unicode.

Loren Segal writes a blog discussing the question whether users of dynamically typed languages are just too lazy to type? The argument goes roughly like this: The dynamic is not in "passing wildly arbitrary ever-changing types to methods" and we're just (okay, not only just, but mainly) doing dynamic code generation and are too lazy to add type information. Regarding a particular, but not too relevant code example, Loren says:

It’s easy to see that this code is executed immediately at load time. Although it’s possible for someone to generate a method at run-time (by run-time I mean much later after the initial .rb file was require‘d), it’s a fairly rare occurrence. What we’re really doing here is just avoiding to extra LoC involved in typing out those def’s each time. What we’re doing here really is just runtime code generation.

Yes, Loren, it's just runtime code generation, but calling it 'just' is somewhat misssing the point. I mean, if runtime code generation is not dynamic, what is? Loren goes on to say that programs in dynamic languages with these runtime modification behaviours often stop modifying their behaviour after a certain amount of "load time". I agree, this is also what I would expect. But the entire point is that once again, "dynamic" means that it is not necessary that you have to (statically) pre-determine at some fixed time (compile time or initial process launch time) which stable behaviour it should be. Of course, after a certain amount of load time, it's likely that the behaviour of your program (or better said of the running process) becomes stable and all functionality needed is loaded. But a different process of the same program may use a different set of possible behaviour. Plus: you might be able to add new functionality to a running programm. Additionally, you don't necessarily have to provide all possible behaviours at start-up time, runtime code generation (or runtime code loading) allows you to add new behaviour later on. In some cases (Ruby and Lisp come to mind) it is even possible to alter existing behaviour. Now, if "typical" dynamic programs really don't do that routinely (as suggested by the studies Loren is citing) this says more about how often we (really don't) need such dynamic behaviour but it sure is dynamic.

However, I must admit that I'm a little surprised by the cited results of the studies. I've seen systems that have the ability to change their behaviour at runtime one time too often. First, there are programs that embed some extension mechanism (be it embedded scripting languages, plugin mechanisms or other) that are specifically crafted for users to tinker with the running system, which clearly is all runtime code generation. Second, a particular interesting aspect of web programming is that many templating engines have some kind of import/include statement that are typically used to build complex templates out of smaller ones. In combination with other features of template languages, specifically conditions, loops and even macros (cf. stupid template languages, not so stupid template languages) this feature can be and is used to alter behaviour at runtime. So, obviously there is a need for dynamic behaviour, and people find ways to scratch their itch. Note that neither of my two examples require dynamic languages, so it's not a rebuttal of the studies or Lorens claims. However, thinking about it, I would expect that a lot of programs written in your todays typical dynamic language are 'scripts', which might be the reason why most people treat the idea of 'dynamic language' as synonym to 'scripting language' (it isn't -- Common Lisp, for instance, is surely a dynamic language, but hardly a scripting language). That such scripts don't require much dynamic change in runtime behaviour isn't too surprising, after all.

Now ultimately I wouldn't really disagree with the impression that quite often one "value" of dynamic languages lies in reduced typing and that on the contrary some type related problems would be found more quickly in static typed languages. I would even go so far and say that wrt.

I’d really love to see some research on case studies of how often arbitrary structural typing (that cannot be refactored into polymorphic relationships) is really used in dynamically typed languages. If anyone knows of any research/papers in this field, I’d love to hear about it.

it's highly likely that it's extremely rare to find "arbitrary structural typing", if such a thing exists at all (ironically I would guess that using 'void *' as a type specifier in C functions is where one comes closest to "arbitrary"). To me the very idea looks suspiciously like a strawmen for an argument that if there were "no arbitrary structural typing", we could/should go for static typing anyway, as we could "reduce" the solutions we implement with dynamic typed languages to solutions in statically typed languages (an argument coming close to the 'turing complete' hammer). This looks like a distinction between 'we can't use type information at all' and 'we need to use type information at each and every place' and I don't believe that the world is only black or white.

The point I want to make is this: Let's assume it may be very much the case that in all places where dynamic typing is used you can find a static typed solution, too. Then the benefit is of course not that "you're doing something that's not possible in statically typed languages" (which might still be true under the interpretation that the statically typed solution probably looks rather different). But there might be plenty of room for benefit in that coming up with a solution in the dynamic language might reduce cost (e.g. less development time, greater flexibility for extension later on). The arguments by proponents of static languages that the cost reduction lies in other aspects (e.g. earlier detection of errors) are surely worth a comparison. If studies for this question of associated costs beyond anecdotical tales exist, I would be interesting in seeing them.

Update: Uncle Bob raises another important point that with introducing static type information we'll get closer coupling:

But in the end, we like dynamic language not because we are too lazy to "Type". We like dynamic languages because we are tired of untangling couplings.

Kristian Köhntopp ist seit gestern offline und er ist lt. dieser Heise-Meldung wohl nicht der einzige. Hintergrund ist der neue Jugendmedienschutz-Staatsvertrag, kurz JMSTV, der kurz gesagt fordert, dass potentiell jugendgefärdende Inhalte auch im Web kennzeichnungspflichtig und mit Zugangsschutz versehen werden. Was von dem aktuellen Vertragsentwurf zu halten ist, fasst ein Jurist in einer Analyse des JMSTV so zusammen:

Liebe Politik, bitte verzichtet auf solche Gesetze Stoppt den Unsinn und denkt lange nach, bevor Ihr wirklich an das "Machen" von Gesetzen geht. Gesetze wollen handwerklich und dogmatisch sauber geschrieben sein, das braucht Zeit, Ruhe und Verstand.

(via Fefe).

Die Situation ist gerade alles andere als durchsichtig: Einerseits ist der Vertrag immer noch nicht in Kraft, daher auch ein konkreter Starttermin trotz kolportiertem Datum 1.1.2011 nicht sicher, die Verfügbarkeit einer Software/API zur Abfrage einer vorhandenen Kennzeichnung existiert nicht und es ist unklar, ob sich aus der Neufassung des Vertrags überhaupt eine Auswirkung in der realen Welt, vulgo: Abmahnwelle auch an private Content-Ersteller ergibt. Auf der anderen Seite ist das Worst-Case-Szenario bedrohlich genug, dass es schon sehr plausibel ist, den Betrieb einer Webseite einzustellen (s. auch eine weitere Disputation auf pottblog.de der Auswirkung auf Blogs).

Was aber, so die Verschwörungstheorie, ja genau das ist, was "man" beabsichtigt: Unabhängiger, nicht durch "große" Medien zur Verfügung gestellter freier und kostenloser Content (was eine kostenpflichtige Einschätzung durch Dritte ausschließt) wird behindert bis ausgeschaltet. Auch wenn ich kein Freund von solchen Theorien bin, kann man sich des Eindrucks nur schwerlich erwehren, dass es kein Zufall ist, dass der Staat gerade extrem stark versucht, massiv in das "gefährliche Netz" einzugreifen: Wikileaks wird von Politikern und Medien kriminalisiert, soziale Netzwerke unter den Generalverdacht des Datenmissbrauchs gestellt, und generell wird jeder (männliche) Nutzer einer Kommunikationsplattform als potentiell gefährlich ("Tatort Internet" und/oder Terrorismus) und somit einer Vorratsdatenspeicherungs würdig eingestuft. Freie Kommunikation durch Kontrollzwänge erschweren, Daten über freie Kommunikation auf Verdacht sammeln -- das Bild ist fatal und für eine stabile, freiheitlich-rechtstaatliche demokratie Grundordnung mehr als unwürdig.

Ich werde mir auch sehr genau Gedanken machen müssen, ob dieses Blog am Leben bleiben kann. Auch wenn ich sicher bin, dass meine Inhalte nicht jugendgefährdend sind, bleibt ein Abmahn-Restrisiko. Eine generelle Einschätzung als "ab 18" geht auch nicht, da ein Zugangsschutz weder existent noch sinnvoll wäre. Viel mehr Alternativen als Abschalten, Auswandern oder anonym das Problem zu umgehen gibt es nicht (s. auch die Strategieüberlegung vom Schockwellenreiter) -- alles keine attraktiven Varianten.

Update 2010-12-16:Der Landtag in NRW hat den Vertrag explizit abgelehnt (via netzpolitik.org). So weit, so gut. Aber was für eine widerliche Farce ist das, wenn die Ablehnung nur wg. politischer Spielchen zustande kommt. Man kann beim Pottblog-Interview mit dem CDU-Politiker mehr dazu lesen.