Book Review: Python 3 Web Development Beginner's Guide

I recently received a free review copy (eBook version) of




from Packt Publishing. I was looking forward to this book, because I haven't really done much Python 3 work yet, and I wanted to see how it could make my life as a web developer better. However, the book wasn't what I expected. Instead of covering the basics of web development and how Python 3 applies, it is more of an introduction to the sorts of concerns that come up when you build a web framework on top of CherryPy. The sample code just happens to be in Python 3.

The Good

The two best parts of the book, to me, were the coverage of writing a jQuery plugin, and growing an ORM that uses metaclasses to provide a compact, readable way to define the models.

The Bad

I have a rather long list of things I didn't like about the book, some of which are a function of the title setting misleading expectations, and some of which I think are just problematic in general.

In general, I didn't care for the examples. Some of this is personal preference: I find that many people (myself included) learn better when they must type in the examples instead of opening up the code and reading through a completed solution. While the book sometimes indicated that something had been left as an exercise to the reader, opening up the sample code showed that the exercise actually had not been left to the reader. This mismatch between what the text of the book says will be in the sample code and what is actually in the sample code occurs in multiple places throughout the book, and gives a sense that the book was sloppily edited.

I also felt the examples in general were too complicated. It's fine to build up a complicated example over the course of a book, but instead we got a task list, a wiki, a Customer Relationship Management (CRM) tool, a spreadsheet, and more. That's an awful lot to distract you from the beginner's principles that you would expect in a book with this title.

I also didn't care for many of the shortcuts taken in the book. In most instances, the book did acknowledge that the approach taken was not appropriate in the real world, but then proceeded with little or no justification for why it was done the way it was. The two examples that really leap out in this category are the password hashing scheme and the
failure to use a template engine.

When the book first introduces authentication, it explains that you should never store passwords in plaintext. This is absolutely correct, but the book then goes on to demonstrate a completely insecure password hashing scheme: UNSALTED SHA1. The author only provides a cursory link to explain what you should actually be doing. In this day and age, demonstrating anything less than a bcrypt-based solution is wrong. Read Enough With The Rainbow Tables and How To Safely Store A Password for a far better explanation than I can provide. There's really no excuse for
this: the added complexity of using py-bcrypt instead of writing your own (insecure) SHA1-based solution is trivial at worst; there's a strong case to be made that it would actually be simpler.

The failure to use a template engine (also a weakness acknowledged by the book) really makes the code harder to follow than it should be. Virtually any serious web development effort is going to take advantage of a template engine, and for good reason. This code gives me flashbacks to my days of writing Java servlets before the advent of JSP, and I saw where one other reviewer invoked the specter of PHP. The fact that this style of coding draws such comparisons should give you an idea of just how unpythonic it is. I would be sympathetic to claims of not wanting to add too many external dependencies if the book did not already rely significantly on the magic of jQuery UI.

My last major complaint is simply one of focus: the book spends substantial amounts of time growing an ORM and teaching Python metaclasses (and doing a good job of it), but spends little
more than the bare minimum required on CherryPy (which is at the core of the code), and essentially none on understanding HTTP. In fact, the few times it comes up is usually in relation to GET vs. POST, where the decision is usually made based on inane implementation details such as whether request arguments are logged by default instead of HTTP fundamentals such as idempotency, safety, or cacheability (although caching is mentioned elsewhere, in the context of how to prevent it). Also, the book does mention security, but it does not give it the sort of omnipresent emphasis that is necessary to write good web applications, given the hostile nature of the domain. XSS, CSRF, and SQL injection attacks all deserve much more attention than they were given.

The Summary

The book has some good content mixed in with the stuff I didn't like. Unfortunately, the good content is rarely specific to web development. For example, the chapter that uses metaclasses to clean up the ORM is one of the better resources on metaclasses that I've seen, but metaclasses are clearly not specific to web development. Furthermore, the impression of sloppy editing makes it hard to put as much faith in the content as it probably deserves. Given these flaws, I really don't think I'd recommend this book to a friend who was looking to get started with web development.

Back to flipping out...

Now Reading: Python 3 Web Development Beginner's Guide

Packt Publishing has kindly given me a free review copy of the eBook edition of





I'll be reading it and publishing my review here and on my personal blog.

Book Review: Matplotlib for Python Developers

Matplotlib for Python Developers by Sandro Tosi is the latest in a
series of concise project-specific manuals from Packt. It covers
the matplotlib library for creating charts and graphs.

My review for the impatient reader:

Why I picked it up: I thought it might help with a project at work.

Why I finished it: I wanted to see what features matplotlib had the could be useful, and how to integrate it with web frameworks.

I’d give it to: Anyone wishing to create custom charts and graphs, especially programmatically.

Read more...

Dive Into Python 3

I've posted a review of Mark Pilgrim's Dive Into Python 3 on my blog.

Book Review: Python Essential Reference, Fourth Edition

Disclosure: I received a copy of this book for free from Addison-Wesley as part of the PyATL Book Club.

I have a copy of the first edition of the Python Essential Reference that I picked up at IPC 8 back in 2000. It's largely out of date by now, given that it covered Python 1.5.2. But at the time it was one of the few books I always kept close at hand for easy reference. Over time my reference habits evolved away from paper references in favor of online materials. Today I cleared a little space on my desk for the fourth edition of PER by David Beazley, updated to cover Python 2.6 and 3.0.

Pound for pound:

Just a little space, mind you, because the book is quite compact (717 pages in 6" x 9" x 1", easily portable in a backpack or briefcase). This book, diminutive though it may be, has more information of direct use to Python programmers than many of the War and Peace-sized tomes you'll find elsewhere. If David keeps adding material at this rate, I'm going to need a magnifying glass for the next edition.

The book is organized into three main sections: Language, Library, and Extending and Embedding. There is a comprehensive index and the chapter sequence places related information close together. You will not find yourself flipping back and forth between an early "prose" chapter to a later "reference" section.

Language:

The language section can serve as a reference guide for Python, though I think the first chapter title "Tutorial" is a little optimistic based on the brevity. To be fair, the preface states right up front that the book is not intended to be an introductory text.

This is not a book for learning Python. It is a book for writing Python.

Library:

The coverage of the standard library is where PER really shines. I have a certain amount of interest in documenting the Python standard library myself, so I was especially keen to review the material here. I found it up to date, clearly explained, and detailed. There is not a lot of sample code, but it is not entirely devoid of examples. In most cases, the prose descriptions are sufficient and eliminating code samples let David maintain a readable style without adding filler material.

I thought I had internalized most of this material long ago, but I learned a few things by re-reading it.

As the title implies, this is not an exhaustive reference guide. It covers the essential information that will be useful to the most readers. As a result, some of the modules are covered in less depth than others. However, I tend to agree with where focus is placed. For example, much more space is given to working with sqlite3 and databases in general than some of the more esoteric modules like dis. The ast module doesn't appear at all.

Extending and Embedding:

The Extending and Embedding section is one area where plenty of example code is provided. Three techniques for creating extension modules are covered: hand coding, ctypes, and SWIG (no surprise, since SWIG is popular and was written by the author). Examples and commentary are provided for all three approaches.

Going the other direction, embedding an interpreter in another application, is also explained. All of the functions from the Python library useful to someone trying to make their application scriptable are listed and described, with some basic examples showing how to communicate between the interpreter and your main application.

Recommendation:

Due to the reference style, this should not be your first Python book. It should absolutely be your second.

Book Review:

Adiascar Cisneros has posted a review of Implementing Automated Software Testing: How to Save Time and Lower Costs While Raising Quality written by Elfriede Dustin, Thom Garrett, and Bernie Gauf and published by Addison-Wesley.

Book Review: IronPython in Action

I've posted my review of IronPython in Action from Manning.

Book Review: Hello, World!

I've finished my review of Hello, World! Computer Programming for Kids and Other Beginners from Manning and posted in on my blog.

Book Review: Python Web Development with Django

Disclaimer: I received a review copy of this book through the PyATL Book Club.

The stated goal of the book is "to help you get things done" (using Django for web development). As a relative beginner with 3 years of Python and coming on 1 year of using Django for web development, I figured that I would either be the perfect audience for the book or already too advanced to get much out of it (it's been a pretty obsessive year).

The book starts out with a nice introduction to Python. I thought that this was a great place to start because the Django documentation intentionally assumes knowledge of Python and the free online django book dives straight into the merits of web frameworks and the history of Django. So, already the book is setting itself apart a bit from the free online resources.

I remember feeling a sense of clarity while reading the introduction, a good compromise between trying to be comprehensive and terse at the same time. The intro does a good job of presenting what you really do need to know about Python and some common pitfalls. Interesting that nothing is said of the string.format() method which is somewhat unfortunate as the official python docs say:

This method of string formatting is the new standard in Python 3.0, and should be preferred to the % formatting described in String Formatting Operations in new code.

But, alas, I (not to mention the official Django docs and probably 99% of Django devels) have always used % formatting and will probably continue to do so for the near future. I will be interested to see how Django and Python move forward. Actually, checkout the Django source itself:

skylar@ABC255:~/svn/django-trunk$ grep -r % * |grep \' |grep -v svn|grep -cv dateformat
4596
skylar@ABC255:~/svn/django-trunk$ grep -r % * |grep \" |grep -v svn|grep -cv dateformat
12818
skylar@ABC255:~/svn/django-trunk$ grep -r '\.format(' * |grep \' |grep -v svn|grep -cv dateformat
0
skylar@ABC255:~/svn/django-trunk$ grep -r '\.format(' * |grep \" |grep -v svn|grep -cv dateformat
0

Well, perhaps the authors are right in not mentioning the string.format method after all.

A small correction that I can't pass on mentioning here (being a math nerd): the book states that list.sort() sorts numeric values from smallest to largest. If I may present a list that I believe is ordered from smallest to largest: [1,2,3, -100000, -9999999999]. I spoke to Wesley Chun and he said that he would probably change to "the most-left on the number line to the most-right on the number line." I think that is about as good as it can be phrased without opening an analytical can of worms that could erupt and engulf us all! Coming back to earth after my self-satisfied, math-degree-induced intoxication, I learned a little about generators, the finally clause, raise and other aspects of the Python language that I have mostly danced around. Almost everything presented in the chapter I already knew; but, perhaps rather than struggling for years to understand these concepts I could have just read these ~50 pages? I did get a nice sense of clarity and a feeling that I was consolidating what I already knew into a more cohesive force.

Chapters 2 and 3 are fair enough, "Django for the Impatient: Building a Blog" and "Starting Out". Nothing really stood out as exceptional. I could imagine that I have just worked my way through the documentation's tutorial and these two sections really helping to expand my horizons and to clarify a few things.

The next section "Django in Depth" gives an enjoyable read of the M, the V, and the T in Django (change the letters if you feel the need). At only ~60 pages I don't know if the authors were intending this to be Django's K&R . But, it seemed to be just about right for my particular skill level. I definitely came in with a lot of the information presented; a few of the sections definitely pushed into areas I hadn't bothered considering too deeply like abstract base classes, multi-table inheritance, extra() and fixtures (in the Models section). I enjoyed the authors' treatment of the request and response objects in Django and felt my understanding enhanced. I have been making things work but not necessarily seeing the forest for the trees. I'm not sure how the sections on forms and templates differ from the official documentation; although, it is nice to have a document that is intentionally ordered and requires no electricity.

"Django Applications by Example" had some fun examples with some real-feeling problems to overcome. We get a custom field, use the flatpages app, use generic views and custom views judiciously, implement a search request-handler, deal with users and the admin app's current insistence on mutual trust where users have the same permissions.

I like that the authors went ahead and made use of "AJAX" with jquery in their liveblog example app. I'm biased because I use jquery. But, this is something that you will never see in the official docs or djangobook: A JAVASCRIPT SNIPPET! It definitely got my juices flowing about how I can make my own JSON API views. Usually I have just rendered an HTML snippet with my view and the asynchronously inserted it into the DOM (actually preferable in a lot of situations) but it's nice to see how a JSON api would work. The pastebin example also had syntax highlighting with javascript which was nice. I even learned about the "pre" tag. And there is a little introduction to cron with the Django ORM.

The "Advanced Django Programming" chapter is kind of a hodge-podge of things that will probably be encountered eventually if you work with Django enough. Django's power by virtue of Python's power is shown with examples using the csv and pycha modules. External python modules might have been it's own chapter but these topics are presented alongside customizing the admin, custom managers for your models and extending/replacing the templating system. Then, in "Advanced Django Deployment" we talk about cron, caching, testing and other miscellany. These ~50 pages seem a bit like the authors were getting tired and so rather than properly organizing they kind of just tacked on some extra things that they felt were neglected or not properly treated in other chapters (reminescent of tacking on some css rules at the end to get your website out the door when you know it would be more proper to factor it in to various external files). Here I can cut them a break because I am feeling like cutting this review short and it is barely a page ;)

Overall, I don't know if this book will "help me get things done". Actually, I rather think that the online book and the django documentation are first choices in a pinch and trying to really "get things done". However, the book gave me prospective on quite a few things that are either lacking from the documentation or are just presented in a different order. I like the way that this book is logically ordered.

Most importantly the book allowed me to get out in nature and hang out with my girlfriend (sans computer) while still sharpening my Python/Django tools. Plus, your mind can get a little scrambled with 10 tabs of documentation up in your browser alongside 5 blog postings that you are reading simultaneously. Sometimes it's definitely nice to have a single source with a linear organization.

Book Review: Expert Python Programming

I've posted my review of Expert Python Programming to Readernaut.

Book review: The Economics of Iterative Development

I've finished my review of "The Economics of Iterative Development" from Addison-Wesley/Pearson and posted it on my blog.

January Meeting

Via Brandon Rhodes:

This month's Python Atlanta meeting is this Thursday, January 8th:

And, I have exciting news - the chairman of the Python Software Foundation himself, Steve Holden, will be our main speaker! He will kick off our new year by giving us his own State of the Union address: in "The State of the Python Community", he will talk about the Python community, its strengths, and its weaknesses. He will not only answer your questions about how to stay connected to the wider Python community, but will be asking *you* questions about how the community can be more accessible and serve you better!

Our other talk should also be great: ifPeople founder Christopher Johnson will answer the question "Why People Choose Plone" by talking about how his customers benefit from Plone, Python's flagship CMS (content management system). He will discuss how it integrates with other web-enabled services like Salesforce, and what it is like to install and theme a Plone site for the first time.

If you are very interested in Plone, note that the Atlanta Plone group meets at the ifPeople offices this Wednesday at 5:30pm for beer, slide presentations, and talk about their favorite CMS!

Feel free to either meet up with us early at the Howell Mill Figo Pasta at 6pm (email Brandon if you're coming so that he can get a head count), or just show up at the main meeting at 7:30pm at the GTRI Food Processing Technology Building for the presentations. Here are the meeting details, where you can RSVP and get directions.

See you on Thursday!

15th Nov 2008 - Google App Engine Hackathon: Atlanta

Please join us on 15th Nov 2008 for a Google App Engine Hack-a-thon in Atlanta.

Learn about Google App Engine

The events will include training on the major features of Google App Engine, including data modeling, the App Engine APIs, some aspects of Django, and how to mashup App Engine with other web services. Google Engineers and Product Managers will be on hand to help and to answer questions throughout the day.

Build With Us, or Build Your Own

Throughout the day, we will be building a complete App Engine application, and sharing the code with you so you can code along with us. If, on the other hand, you already have a great idea for what to build, bring that idea with you to the hackathon. Even better, bring along anything you can prepare ahead of time (sketches, designs, web page mock ups, etc.) and use the time and information provided to develop your idea into a working application, then share it with the world.

At the end of the day, we'll invite you to share your App Engine applications with the group.

What Do I Need?

We will provide facilities, power, food, refreshments and experts to help you learn to use Google App Engine and write your application. Just bring your laptops, ideas and enthusiasm to complete the mix.

When and Where?

The Atlanta hack-a-thon will take place Saturday 15th Nov 2008 from 10AM-6PM. It will be held at Google Atlanta in Millennium at Midtown, 10 10th Street NE, Suite 600, Atlanta, GA 30309

Space is limited so Sign Up now: http://sites.google.com/site/gaehackathonatlanta/registration

May PyAtl Meeting

Hi,

The May meeting was a lot of fun. I gave a talk on a silly Google App Engine application I wrote. You can test it out, and grab the source code here: http://greedycoin.appspot.com/. Rick Thomas gave a much more in depth look at Google App Engine, and explained a lot about the architecture, and the Datastore API. Doug Hellmann gave a special announcement about Python Magazine: http://pymag.phparch.com/, you can get three months free. Finally Brandon Rhodes gave yet another last minute lightening talk, on the topic of lexical closures.

For June we will be covering Functional Programming in Python as our theme. So far Toby Ho will do the introduction and reduce, I will cover itertools and generators, Rick Thomas, and Brandon are giving presentations which are TBD. Hopefully we can have another comprehensive blowout of the topic with many short presentations. Please volunteer for a topic and make sure we cover every last detail of functional programming. I sense Rick Copeland and Jeremy Jones need to give a presentation, so hopefully they volunteer as well :) For reference on topics to select for the meeting please reference this article: http://www.amk.ca/python/writing/functional. One immediate topic we are missing that comes to mind is this: http://oakwinter.com/code/functional/

You can RSVP to the June 12th meeting here: http://python.meetup.com/46/calendar/7904879/

In order to get better planning for pre-PyAtl dinners, I have created another meetup page just for the 6PM-7PM dinner. You can RSVP for that for June here: http://python.meetup.com/46/calendar/7916001/

It appears there is interest in meeting once a month on a Saturday morning to work with Google App Engine projects and collaborate with people. This will be an ongoing event. There is a cross country Pylons sprint that will end up being the first Google App Engine Monthly meeting, as we are combining the two events. You can book it here: http://python.meetup.com/46/calendar/7915999/, and the group to discuss atlanta google app engine coding is here: http://groups.google.com/group/pyatl-google-app-engine Note this is going to be at White Wolf headquarters, and I will have the location as soon as I get it.

Feb Meeting Summary

For those that missed the meeting on Wednesday, it was awesome! We are trying out a new location thanks to Sim Harbert, at the GTRI Food Processing Technology Building. One of the advantages of this new building, is that security does not take 30-45 minutes to get through. Rick Copeland , an "old school" PyAtl founder, gave an incredible presentation on BloxAlchemy, Drew Smathers and Carey Hull gave a very cool prezo on Axiom, and finally Brandon Rhodes gave an impromptu presentation on KSS. Finally, Michael Langford, recorded things on his "direct to the web" camera, and will be posting it to PyAtl, via Google Video at some point. Thanks Michael!

March Meeting

Concurrency with special guest Richard Tew: White Wolf is rapidly becoming the PyAtl sugar daddy. Richard Tew, the Stackless maintainer, will be giving a presentation on...you guessed it, Stackless. Remember, we will be meeting on March 20th, due to a conflict with PyCon, and once again at Georgia Tech. Please see the meetup page for full details: http://python.meetup.com/46/calendar/7327638/

Please note we have room for a couple of 10 minute lightening talks related to concurrency, and that we will be having our monthly roundtable discussion on PyCon 2008 aftermath. There will be a pre-PyAtl dinner as usual, at 6PM, at a yet to be determined place. We discuss dinner before PyAtl here: http://groups.google.com/group/pyatl-dinner

Random Announcements

PyCon 08: I believe there will be another large PyAtl group attending this year. It might be cool if all met for lunch or dinner one night, plus if we had some kind of T-Shirt we printed at Cafe Press. I drew up a very basic logo some time ago: http://files.meetup.com/127119/PyAtl_Logo_bbg.png, but I am sure we could come up with a better one. Make sure you stop by for Brandon's talk on Grok and my talk on Command Line Tools... although keep the eggs and tomato throwing to a minimum. Remember we also want to see if we can get PyCon 2010 to be in Atlanta, so lets see what we need to do. I believe there is sort of a bid process.

PyAtl.org: Note, PyAtl.org is alive and kicking and 100% self serve, so have at it. Basically if you give a presentation, you can post your material, and bio of yourself, just contact me for access after you sign yourself up for an account. If you think we need a new section or content added to PyAtl, by golly add it yourself. I sure as heck don't want to do it. As hard as it is to believe, I try to have some sort of life outside of PyAtl.

Jobs Board: I know some people have discussed putting a company section of PyAtl.org up, where people could highlight their Python related company. Also, some brave soul could volunteer to help organize a jobs board. I constantly get asked by employers how to access PyAtl people, and I keep telling them, eventually we are going to have a jobs board.

Special Interest Groups: Quite a few people have expressed interest in joining special interest programming groups. The idea would be that a leader, or leaders, of a technology would meet every other month on a Saturday morning for 3-4 hours and program etc. So far we have interest in a Twisted Group led by Drew Smathers and Cary Hull, I know I would attend. There is also an interest in a Grok group led by Brandon Rhodes, I know I would attend this too. Maybe someone can start a special interest page on the PyAtl site, and also create a special interest google group mailing list so people can meet and discuss things.

Summer Sprint: We are still planning on having a PeachWSGI/PyAtl sprint at the end of May or early June on a three day weekend. Our only road block is finding a location for enough people to code together with internet access. If your company would like to sponsor this event, please contact me. I would anticipate it should be a turn out of approximately 30-50 developers.


See you in March!

Feb 13th Python ORM's

Theme: Python ORM's

Primary Presentation
BloxAlchemy: Rick Copeland
proprietary project called BloxAlchemy. Basically, it's a SQLAlchemy-like layer on top of a proprietary logical (Prolog-like) database. So where SA is Objects->SQL Generation->Database, BA is more like Objects->SQL Generation->Logic Generation->Database. Rick will include a brief intro to what a logical DB is, what it's good/bad for, and why BA solves a "hard" problem.

Axiom: 10 min Lightening talk by Cary Hull and/or Drew Smathers: http://divmod.org/tra...
Storm: 10 min Lightening talk by Noah Gift: https://storm.canonic...

If you want to help give a presentation please email me.

Noah

Book Review: The Definitive Guide to Django

I've posted a review of the new Django book on my blog, and the Book Club review list.

Repoze Talk

WWW PyAtl Is Alive and it speaks Plone 3.0

It turns out a little help from Atlanta-Plone and a holiday break allowed me to get Plone 3.0 finished. Finally, we have a 100% complete working website. We need a few beta testers. The initial configuration is very secure, so accounts will need to be added by an administrator until we sorts things out.

You can check it out here: www.pyatl.org

#pyatl IRC channel

I've set up a #pyatl channel on irc.freenode.net. If you're an IRC user, come hang out.