I'm a big fan of the OWASP vulnerabilities. Just learned of another resource.
Read a post recently suggesting that .INI files have a place in and around a dynamic language like Python. The "security" specter was invoked.
This question on StackOverflow showed a profound confusion on fundamentals of OO. The example, however, was kind of funny.
I read about a worthless project that purported to detect SQL Injection Attacks. That's lame because it's easier to just use bind variables; bind variables make your application simpler and faster as well as more secure. A reader notes that bind variables are a topic of debate. Really? How are bind variables debatable?
The requirements describe a kind of "broker" application that makes heavy use of a vendor's web services. Sadly, the requirements also give a lopsided view that leads to heavy refactoring. Lesson learned: don't take the requirements literally.
REST has some advantages over SOAP. Django totally rules. But the Django-REST interface causes me hand-wringing as I learn more about it.
The Pythonic distinction between __repr__ ("If at all possible, this should look like a valid Python expression that could be used to recreate an object with the same value") and __str__ ("the 'informal' string representation of an object... a more convenient or concise representation [than __repr__]") is very, very cool.
People get confused by concurrency. Folks often fetishize some feature or other. This is about the "equal-sized partitions" fetish. Other fetishes include locking and I/O processing.
For PyCon '07 I presented a paper on how delightfully simple it is to use Python to conform dimensions in a data warehouse. The algorithm boils down to the setdefault method of a dictionary. Recently I was asked about using this for "processing gigs of incoming fact data each day".
Here are some software defects so typical, that I've collected a handy short list with acronyms. I've also got a specific technique for remediating those awful Everything In Main programs.
When you address a problem by creating a spreadsheet, you now have two problems. Sigh.
I had a brain-cramping problem with XML, X12 and the need to support a variety of use cases. Coincidentally, Ian Bicking posted something that coincidentally lead directly to a much more elegant solution.
The timing was an amazing piece of serendipity -- or synchronicity -- or luck.
A hot topic -- more thoughts flow in from all sources. Excellent points. Thanks for thinking.
Got a bunch of physical design questions recently. The conversation is made more complex by the way CA ERwin throws around terminology; specifically their misuse of "physical".
The questions were surprising to me. They seemed to reveal a tenuous grasp on what a database really was -- structured, persistent storage. Somehow, peripheral features seemed had grown to dominate the conversations.
Recently, I worked out the performance implications of two implementations of open-ended date ranges. The next topic is the handling of different date resolutions. Bottom Line: Time is Simple, but you can make it complicated.
(Revised to include another DW DateTime technique.)
What's the "best" way to handle open-ended date ranges in SQL? Use NULL for the end-date and horse around with IFNULL or COALESCE functions? Or use a date in the impossibly far future? This is sometimes called the "Domain Specific Null" problem. I thought the answer was obvious until I ran some tests.
I had some configuration files in .INI format and .XML format. Both were a large pain to work with. I rewrote them into a massive Python object creation expression and -- whoops! -- ran into an interesting scalability issue.
[Thanks for the feedback; I've revised and extended this post.]
XML config files have their place -- in standards. .INI files have their place -- in legacy programs. Here are some more Python configuration file techniques that I've used to parse X12N messages. I think there are two design patterns here: Structural Declaration and Bundled Properties.
XML-based configuration files are fine -- when you're struggling with Java. INI files are just creepy because they seem to be Yet Another Syntax. However, Python absolutely rules as a configuration language.
Not News: Formal Methods called into question. Silly: Metaphorical alignment of formal methods with perpetual motion.