james mckay dot net

I’ve been fiddling with Django a bit in my spare time recently, with a view to possibly using it for some side projects. It’s the Python web application framework, similar in many respects to Ruby on Rails but with a distinctive flavour of its own.

It looks fairly promising. I particularly like its built in administration interface — it’s better than Rails’s scaffolding, giving you an integrated interface to pretty much all the models that are mapped to the database straight out of the box. It also seems more flexible than Rails — there are a few decisions that it leaves up to you, such as which JavaScript framework to use, or how exactly to structure your application.

I first started learning Python about three years ago when I used it to write some maintenance scripts for the Kingdom Faith podcasts, and since then I’ve used it for various random odds and ends (our daily build script is written in Python for instance) but nothing majorly extensive. As far as scripting languages go it has a lot to offer — it is relatively fast, has pretty good Unicode support, and fully supports procedural, object oriented, aspect oriented and functional programming paradigms, though it could do with better support for multi-statement lambdas like in JavaScript, Ruby and C#. I also like the way it forces you to write code that is clean and easy to read and follow, by making indentation syntactically significant and by making package and module names follow filesystem names. It is also fairly well documented, though the index in the .chm help file on Windows is a bit quirky at times.

Another good thing about Python is that it is very much an all-rounder: like .net or Java, you can write web applications, console applications, services, GUI applications, maintenance scripts or whatever else takes your fancy with it. This is in contrast to PHP and Ruby, which tend to be dominated to a much greater extent by web development, though they are capable of being used for other things. Python also has fairly mature support in the .net ecosystem — IronPython is the most mature of the DLR languages, so integrating Django with .net framework code is a real possibility. It also seems to have a much smarter contingent of users on average than either .net, Java or PHP. I think this is because it is only infrequently the first programming language that people learn, and most Python developers already have quite a bit of experience with two or even three other languages.

Comments closed »

Posted at 00:48 on 30 June 2008.
Tagged: django, python

Okay, folks, here’s a little exercise for those of you who think that closures are a pointless, computer-science-y concept of little or no relevance to real-world programming. This is a very practical snippet of code that I had to implement this afternoon, in PHP.

You have to write a function that takes two parameters: a template string containing placeholders such as [[foo]] and [[bar]], and a hashtable containing the values that are to be substituted into the placeholders, and returns a string carrying out the substitution. Your exercise is to write such a function in as few lines as possible.

In JavaScript, you can take advantage of the fact that anonymous functions have access to the arguments passed to the function in which they are declared, to produce a very elegant solution:

function do_template(template, values) {
    return template.replace(/[[(.*?)]]/g,
        function(key) { return values[key.slice(2, -2)]; }
    );
}

In PHP, unfortunately, it is nowhere near as straightforward — while you can create functions on the fly using the create_function method, they don’t have access to the scope in which they were created, so I couldn’t use that particular trick here. The result? Twice as many lines of code to achieve the same result:

function do_template_substitute($part) {
    global $tmp_values;
    return $tmp_values[$part[1]];
}

function do_template($template, $values) {
    global $tmp_values;
    $tmp_values = $values;
    return preg_replace_callback('/[[(.*?)]]/',
        'do_template_substitute', $template);
}

Oh well, I guess PHP is a better language if you think that productivity can be measured in lines of code per day…

Comments closed »

Posted at 18:07 on 25 June 2008.
Tagged: javascript, php

It’s been about thirteen years now since I was last this far north at this time of year. Dad always used to tell us that it never gets properly dark at midsummer in the north of Scotland, but since I’ve spent nearly all my life in England, and we normally only head this way in August, I’d never realised just how not properly dark it doesn’t get, even though it is nine degrees south of the Arctic Circle.

This photograph, taken in Alford, Aberdeenshire just after 1am this morning, should give you some idea though. It was the point in the night when it gets darkest, and as you can see there is still quite a bit of light in the northern sky:

Technical details for the photo-geeks among you: f/2.8, two second exposure, ISO 80 film speed on a Canon PowerShot A720 IS digital camera. This is the same scene taken just over an hour earlier with the same settings:

Comments closed »

Posted at 11:42 on 20 June 2008.
Tagged: photography

I’ve noticed recently that some websites have a very elegant solution to the problem of login recovery. If you forget your password, rather than sending you an e-mail with either your existing password or a new one, they send you a link that you can click on, which takes you straight to a page that logs you in automatically and allows you to choose a new password.

This works particularly well because it fixes the problems of both the “password reset” and “password reminder” approaches. Password reminders are bad because they require you to store the users’ passwords in plain text in the database, but password resets are also bad because they are completely user-unfriendly.

Not long ago we deployed a website for a client that used the ASP.NET membership provider for authentication and generating passwords. Unfortunately, we had to change it, because the ASP.NET membership provider generates seriously ugly passwords that look like “aFi$#3-Il1=+2x{zZ14^” or something, prompting at least one user to send in an e-mail that said this:

I tried starting again from scratch and this time I was assigned a 21-character (!) password – the sort of thing you would expect to use if you were trying to get into Fort Knox … I find your site definitely “user-unfriendly”. What can I do?

This is why some teams settle for password reminders, even though they may be aware of the security risks. It’s also one thing that I dislike about the ASP.NET membership provider.

The login link approach gives you the best of both worlds and offers additional advantages on top of each. It bypasses both the login page and the process of navigating to the page that lets you change your password (which many users find confusing), making it much more user friendly than either. Certainly you won’t be asking your users to faff about copying and pasting “aFi$#3-Il1=+2x{zZ14^” from their e-mail client to the login page. Furthermore, because your password is not reset until you actually change it, your old one will continue to work if you manage to dig it out in the meantime. And from a security point of view, you can still store passwords as a salted hash in the database.

Comments closed (2) »

Posted at 14:00 on 10 June 2008.
Tagged: security

If I can give one single piece of advice to ASP.NET developers anywhere, it will be this:

Learn another web development environment.

I really can not emphasise this strongly enough. From what I’ve observed, developers who only work with ASP.NET seem to have quite a bit of difficulty thinking outside of the Microsoft box. I am frequently confronted with indiscriminate and even inappropriate use of aspects of the .NET framework that don’t scale, such as DataSets, view state, or drag-and-drop programming. There’s nothing wrong with all these per se, but one of the most important things you need to know about how to use them is when not to use them. When all you have is a hammer, everything starts to look like a nail.

The ASP.NET Web Forms model in particular was originally designed to make web development look like Windows development, and ease the transition for VB6 developers from programming for rich Windows clients to the web. The result of this is that it has made the easy aspects of web development almost brain dead, while introducing a horrendously leaky abstraction layer that makes the hard things even harder, with masses of gotchas and pitfalls to trip you up if you venture outside it.

Languages such as PHP, Ruby on Rails or Python don’t have the same leaky abstractions, so developers tend to not only program “closer to the metal” but to think closer to the metal as well. This is why most of the cool sites, with stunning Ajax effects, tend to be written in these languages and target these platforms, while ASP.NET is largely languishing in the enterprisey world of Dilbert-esque cubicle farms.

I recommend you choose your alternative carefully, however. Rails and Python are the best choices. They will teach you patterns, practices, conventions, O/R mapping, MVC, and all round agile and pragmatic programming, and they tend to be taken up by smart and experienced developers who know what they’re doing. I have mixed feelings about Java: while you can learn a lot from it, like .NET it is very enterprisey, and at a time when everyone is getting excited about dynamic languages, Java is heading in completely the opposite direction. And I certainly don’t recommend PHP as a learning exercise: it is a beginners’ language — and a mind-bogglingly badly designed one at that — and while PHP guys are generally pretty enthusiastic and some of them are quite smart, and there are some decent PHP frameworks such as CakePHP and Symfony, the overwhelming majority of the PHP community simply don’t have what it takes to be programmers. Having said that, you need to know it, simply because it’s so pervasive.

You should also learn Linux if you can. It will teach you about modular design and the value of scripting everything that can be scripted. This is right at the heart of why Unix is Unix: a large part of its philosophy involves chaining text-based programs where the output of one can be passed as the input to another, to produce some fairly powerful command-based functionality, and scripting repetitive tasks so that their outcomes can be reliably reproduced. These are philosophies that seem largely lost in the world of Windows, which relies much more heavily on the visual, drag, drop and click approach of dialog boxes and wizards, even though they are every bit as essential if you want to have robust procedures and practices in place.

And whichever platform you take on board, you simply must familiarise yourself thoroughly with CSS, DHTML, JavaScript and Ajax, and at least one JavaScript framework such as Prototype or jQuery.

Personally, I still think that ASP.NET is technically the best platform on which to develop scalable, high performance, reliable web applications. However, in order to make the most of it, you need to have a good feel for what approaches you can import and learn from other platforms. Otherwise you will be stuck with the limitations and leaky abstractions of Web Forms.

Comments closed »

Posted at 14:00 on 6 June 2008.
Tagged: .net

If you’ve ever had anything to do with modern church music, chances are you’ll have come across an organisation called Christian Copyright Licensing International. Their website has the strap line “encouraging the spirit of worship” and the idea is that rather than paying royalties to individual songwriters and their agents, you just pay one licence fee and that lets you sing whatever you like as often as you like in your church for a whole year. It helps with administration and makes it easier for your church to operate in righteousness, so it saves some time and hassle, though maybe not money. It’s a vast improvement over what we had in the early 80s with songbooks like this one that had a dozen or so entries that said “This song has been omitted for copyright reasons.”

However, it only covers church services, so if you are organising evangelistic events, or conventions like Faith Camp, or making your own worship album, or streaming your meetings live over the Internet, or making a mashup for something or other, or even playing tracks from your favourite Christian albums in a coffee shop, you need to go through the rigmarole of getting whatever other additional licences you need. And of course, all this costs more in terms of both money and time, and what might otherwise only take a couple of days can end up taking several weeks or even months while you’re waiting for permission to come through — if it comes through at all.

Now compare this “Christian” approach to copyright with the concepts that developers and geeks have come up with. I am talking, of course, about open source and Creative Commons.

If you’ve never heard of Creative Commons, you may want to take a look at this video, which explains it very simply and clearly:

The idea is for copyright owners to allow greater freedom and flexibility in what is done with their own intellectual property. Take my blog for example. I could put a notice on it saying you’re not allowed to copy it without paying me a fat fee, period, but I have deliberately chosen not to do so. Instead, I’ve released it under a licence that lets you reproduce it wherever you like as long as you aren’t doing so for profit, you acknowledge me as the original author, and if you make a derivative work, you grant others the same rights. You don’t even have to ask me — though it would of course be nice to know. The Creative Commons website allows you to choose a licence tailored to your needs from several different options.

The entire concept could have been lifted straight out of the New Testament, yet Christianity has had little involvement in it. It is a practical outworking of Jesus’ words, “Freely you have received, freely give” — indeed, in recent years, Bram Cohen, who is pretty much a poster child of the whole free content movement, made “Give and ye shall receive” the slogan for Bittorrent. It is a slight rewording of Luke 6:38.

Or what about Paul’s words in 2 Corinthians 2:17? “Unlike so many, we do not peddle the word of God for profit. On the contrary, in Christ we speak before God with sincerity, like men sent from God.”

So where on earth is the Body of Christ in all of this? Why are we dragging our heels when we should be forging ahead?

Worship leaders, church musicians and Christian authors have a lot in common with software developers such as myself. We tend to be very creative individuals, and what we do is often very much a labour of love. We write songs, books, blogs or computer code even if we’re not getting paid for it, and while it is nice to earn something from it, that is only a secondary consideration.

Yet while there are some people producing resources such as books, Bible studies and worship songs who have taken the concept of Creative Commons on board, they are very much on the fringes. Most, if not all, widely used Christian resources — including most modern translations of the Bible and nearly all songs that have a circulation beyond the songwriter’s home church — are only made available under restrictive commercial licences.

Is this encouraging the spirit of worship, or the spirit of mammon?

I would love to see some notable Christian songwriters distributing their compositions under licences similar to Creative Commons. I would love to see major ministries jumping on board, open sourcing their Bible study resources, and actively encouraging others to do the same.

I simply can’t accept the excuses that “it can’t be done” or “it’s impractical” or “worship leaders have to make money somehow.” The whole open source movement blows these claims completely out of the water. Some open source software packages have taken far longer to write than all the time that Graham Kendrick, Martin Smith, Tim Hughes, Matt Redman and the entire Hillsongs crowd have spent on all their songs put together — yet they are still made available for free, despite being mature and stable enough to power business critical servers. If software developers can do it, why can’t the Church?

Comments closed »

Posted at 14:00 on 4 June 2008.
Tagged: faith, open source