Book Review: Python 3 Web Development Beginner's Guide

I recently received a free review copy (eBook version) of




from Packt Publishing. I was looking forward to this book, because I haven't really done much Python 3 work yet, and I wanted to see how it could make my life as a web developer better. However, the book wasn't what I expected. Instead of covering the basics of web development and how Python 3 applies, it is more of an introduction to the sorts of concerns that come up when you build a web framework on top of CherryPy. The sample code just happens to be in Python 3.

The Good

The two best parts of the book, to me, were the coverage of writing a jQuery plugin, and growing an ORM that uses metaclasses to provide a compact, readable way to define the models.

The Bad

I have a rather long list of things I didn't like about the book, some of which are a function of the title setting misleading expectations, and some of which I think are just problematic in general.

In general, I didn't care for the examples. Some of this is personal preference: I find that many people (myself included) learn better when they must type in the examples instead of opening up the code and reading through a completed solution. While the book sometimes indicated that something had been left as an exercise to the reader, opening up the sample code showed that the exercise actually had not been left to the reader. This mismatch between what the text of the book says will be in the sample code and what is actually in the sample code occurs in multiple places throughout the book, and gives a sense that the book was sloppily edited.

I also felt the examples in general were too complicated. It's fine to build up a complicated example over the course of a book, but instead we got a task list, a wiki, a Customer Relationship Management (CRM) tool, a spreadsheet, and more. That's an awful lot to distract you from the beginner's principles that you would expect in a book with this title.

I also didn't care for many of the shortcuts taken in the book. In most instances, the book did acknowledge that the approach taken was not appropriate in the real world, but then proceeded with little or no justification for why it was done the way it was. The two examples that really leap out in this category are the password hashing scheme and the
failure to use a template engine.

When the book first introduces authentication, it explains that you should never store passwords in plaintext. This is absolutely correct, but the book then goes on to demonstrate a completely insecure password hashing scheme: UNSALTED SHA1. The author only provides a cursory link to explain what you should actually be doing. In this day and age, demonstrating anything less than a bcrypt-based solution is wrong. Read Enough With The Rainbow Tables and How To Safely Store A Password for a far better explanation than I can provide. There's really no excuse for
this: the added complexity of using py-bcrypt instead of writing your own (insecure) SHA1-based solution is trivial at worst; there's a strong case to be made that it would actually be simpler.

The failure to use a template engine (also a weakness acknowledged by the book) really makes the code harder to follow than it should be. Virtually any serious web development effort is going to take advantage of a template engine, and for good reason. This code gives me flashbacks to my days of writing Java servlets before the advent of JSP, and I saw where one other reviewer invoked the specter of PHP. The fact that this style of coding draws such comparisons should give you an idea of just how unpythonic it is. I would be sympathetic to claims of not wanting to add too many external dependencies if the book did not already rely significantly on the magic of jQuery UI.

My last major complaint is simply one of focus: the book spends substantial amounts of time growing an ORM and teaching Python metaclasses (and doing a good job of it), but spends little
more than the bare minimum required on CherryPy (which is at the core of the code), and essentially none on understanding HTTP. In fact, the few times it comes up is usually in relation to GET vs. POST, where the decision is usually made based on inane implementation details such as whether request arguments are logged by default instead of HTTP fundamentals such as idempotency, safety, or cacheability (although caching is mentioned elsewhere, in the context of how to prevent it). Also, the book does mention security, but it does not give it the sort of omnipresent emphasis that is necessary to write good web applications, given the hostile nature of the domain. XSS, CSRF, and SQL injection attacks all deserve much more attention than they were given.

The Summary

The book has some good content mixed in with the stuff I didn't like. Unfortunately, the good content is rarely specific to web development. For example, the chapter that uses metaclasses to clean up the ORM is one of the better resources on metaclasses that I've seen, but metaclasses are clearly not specific to web development. Furthermore, the impression of sloppy editing makes it hard to put as much faith in the content as it probably deserves. Given these flaws, I really don't think I'd recommend this book to a friend who was looking to get started with web development.

Back to flipping out...

Now Reading: Python 3 Web Development Beginner's Guide

Packt Publishing has kindly given me a free review copy of the eBook edition of





I'll be reading it and publishing my review here and on my personal blog.

Book Review: Matplotlib for Python Developers

Matplotlib for Python Developers by Sandro Tosi is the latest in a
series of concise project-specific manuals from Packt. It covers
the matplotlib library for creating charts and graphs.

My review for the impatient reader:

Why I picked it up: I thought it might help with a project at work.

Why I finished it: I wanted to see what features matplotlib had the could be useful, and how to integrate it with web frameworks.

I’d give it to: Anyone wishing to create custom charts and graphs, especially programmatically.

Read more...

Dive Into Python 3

I've posted a review of Mark Pilgrim's Dive Into Python 3 on my blog.

Book Review: Python Essential Reference, Fourth Edition

Disclosure: I received a copy of this book for free from Addison-Wesley as part of the PyATL Book Club.

I have a copy of the first edition of the Python Essential Reference that I picked up at IPC 8 back in 2000. It's largely out of date by now, given that it covered Python 1.5.2. But at the time it was one of the few books I always kept close at hand for easy reference. Over time my reference habits evolved away from paper references in favor of online materials. Today I cleared a little space on my desk for the fourth edition of PER by David Beazley, updated to cover Python 2.6 and 3.0.

Pound for pound:

Just a little space, mind you, because the book is quite compact (717 pages in 6" x 9" x 1", easily portable in a backpack or briefcase). This book, diminutive though it may be, has more information of direct use to Python programmers than many of the War and Peace-sized tomes you'll find elsewhere. If David keeps adding material at this rate, I'm going to need a magnifying glass for the next edition.

The book is organized into three main sections: Language, Library, and Extending and Embedding. There is a comprehensive index and the chapter sequence places related information close together. You will not find yourself flipping back and forth between an early "prose" chapter to a later "reference" section.

Language:

The language section can serve as a reference guide for Python, though I think the first chapter title "Tutorial" is a little optimistic based on the brevity. To be fair, the preface states right up front that the book is not intended to be an introductory text.

This is not a book for learning Python. It is a book for writing Python.

Library:

The coverage of the standard library is where PER really shines. I have a certain amount of interest in documenting the Python standard library myself, so I was especially keen to review the material here. I found it up to date, clearly explained, and detailed. There is not a lot of sample code, but it is not entirely devoid of examples. In most cases, the prose descriptions are sufficient and eliminating code samples let David maintain a readable style without adding filler material.

I thought I had internalized most of this material long ago, but I learned a few things by re-reading it.

As the title implies, this is not an exhaustive reference guide. It covers the essential information that will be useful to the most readers. As a result, some of the modules are covered in less depth than others. However, I tend to agree with where focus is placed. For example, much more space is given to working with sqlite3 and databases in general than some of the more esoteric modules like dis. The ast module doesn't appear at all.

Extending and Embedding:

The Extending and Embedding section is one area where plenty of example code is provided. Three techniques for creating extension modules are covered: hand coding, ctypes, and SWIG (no surprise, since SWIG is popular and was written by the author). Examples and commentary are provided for all three approaches.

Going the other direction, embedding an interpreter in another application, is also explained. All of the functions from the Python library useful to someone trying to make their application scriptable are listed and described, with some basic examples showing how to communicate between the interpreter and your main application.

Recommendation:

Due to the reference style, this should not be your first Python book. It should absolutely be your second.

Book Review:

Adiascar Cisneros has posted a review of Implementing Automated Software Testing: How to Save Time and Lower Costs While Raising Quality written by Elfriede Dustin, Thom Garrett, and Bernie Gauf and published by Addison-Wesley.

Book Review: IronPython in Action

I've posted my review of IronPython in Action from Manning.