Jul 10, 2013

Europython 2013

I have been to Europython from Jul 1th to 3th. I felt like a teenager on spring break. Maybe because I was on a trip with two good friends, but mostly because it has been a awesome event.
This has been my first time at Europython. Every body has ever told me that it was a super event. And they were right.

The venue:

Florence: should I say more?
We were staying at a lovely house in a rented room via Airb&b in the very city center. The conference was held in a big Hotel good suited for the task near the amazing river that runs across the city.
Everything was perfect: the videos, the rooms power plugs everywhere. Food was good and there was plenty of it. The wifi was sometimes buggy but I had no real Issues. This is a miracle considering that there where at least ONE THOUSAND devices ( every geek has a laptop/tablet/smartphone combination)

The conference

The level of the talk was really high. some of the talk I appreciate the most ( in no particular order ):


  • "Good enough" is good enough! by Alex Martelli
  • Inside the Hat: Technology @ Walt Disney Animation Studios
  • ElasticSearch: Introduction and lessons learned
  • Open Source as a Business by  D. Cramer author of Sentry
  • Introduction to machine learning using Python tools
  • Crash course for opensource developers (Corso di sopravvivenza per sviluppatori OpenSource)
  • Practical uses for function annotations


Two of this talks deserve specific mentions:

Open source as a Business has been really inspiring other than informative. It gave me a meaningful view of how to apply a humble biz model to an opensource project.
Without all the buzz words from the sturtup scene.

Machine learning using Python tools was as good as a talk on this topic should be. The speaker demonstrated a very good knowledge of ML and share it with the ease that demonstrate a lot of dedication. A lot of info has been passed in just an less than an hour talk.

The people 

I met a lot of amazing developers, and I found a lot of people form the Django community. As you can see I had the chance to have a brief and informal talk with Alex Martelli. A very enjoyable and relaxed conversation with one of the greatest mind in both Google and the python community.

As A side note I have receved a lot of cheers for my past organization of the DjangoDay. Things grew a bit complicated in WebDeBs... but I defnitly try to organize something.. The  people ask for it! :-)

May 27, 2013

About Mozilla Persona

Or why " Mozilla Persona do not solve OpenId Problems"
By chance I'm working on authentication stuff these days. A SCrypt Hasher for django and some Spring Security SSO integrations.
I'm also watching pycon videos and I came across "Beyond Passwords: Secure Authentication with Mozilla Persona" by Dan Callahan.
The presentation is actually very good but to me, an SSO and OpenId enthusiast, clearly reflects missing points of the Persona initiative.




  1. Persona has better UX than OpenId (process is simpler and clearer )
  2. Easy to implement 
But

  1. Using email as credential is a BAD BAD idea: What if I subscribe a service  ( let's say "Mozilla developer center" )  with my professional email and I got suddenly fired by my employer upon unfair conversation at PyCon. I lost control on my profile on that site. OpenId has an elegant solution for that. The meta-tags.
  2. It still lacks of personal data exchange: Dan Callahan says that they are working on that, waiting for developer feedback... and shows how, upon first time usage on a site you have "just to fill your name, surname , gender... super boring. This is why the whole "social signin" came out. The problem here is that "Identity services" never took off.
  3. OpenId is easy to integrate too... if you have a library for your language / framework of choice ( Rails, Django, Flask, Spring have it) 
  4. It is not as distributed as is meant to be: you still need mozilla for js ( why is explained in the video) for the "proxy thing" (mozilla) for email providers that do not support persona. I didn't get how signed credential renewal works ( since it is said that there is an expiration) but with only one persona per site ( different personas are different accounts right?) who does it mitigate third party services outrages ( or shutdowns :-)  )
  5. It is actually a lock in: with your email provider and... mozilla in a way.
  6. No email provider will ever support it: Google, Microsoft, Facebook ( yes now Facebook is  also an email provider) are active in the Identity management business and will not probably favor an initiative from a competitor in the browser market.
  7. [Almost]No browser (except Firefox) will ever support it: see point n.6
The main fact here is that Persona do not solve any of the OpenId problem except better UX ( well... it wasn't a big deal) but still I think my Mom, my average Gym friend etc.. wouldn't understand what Persona is, how it works. They not Facebook and Twitter.. that's the internet for them ( yeah sad thing indeed) and I would not trade this better UX with the actual OpenId  ecosystem. Up to now it is just another sign in button among the others. Anyway good luck Persona!