Security Resources [Update]


I'm a big fan of the OWASP vulnerabilities.  Just learned of another resource.


Posted at 08:52 PM     Read More  
Author: Steven Lott
Technorati Tags:
Technorati Cosmos: Technorati Cosmos
Technorati Watchlist: Technorati Watchlist
Add this entry to:        

Configuration Files -- Again


Read a post recently suggesting that .INI files have a place in and around a dynamic language like Python.  The "security" specter was invoked. 


Posted at 09:29 PM     Read More  
Author: Steven Lott
Technorati Tags:
Technorati Cosmos: Technorati Cosmos
Technorati Watchlist: Technorati Watchlist
Add this entry to:        

Schrodinger's cat lives! Or doesn't!


This question on StackOverflow showed a profound confusion on fundamentals of OO.  The example, however, was kind of funny.


Posted at 06:27 PM     Read More  
Author: Steven Lott
Technorati Tags:
Technorati Cosmos: Technorati Cosmos
Technorati Watchlist: Technorati Watchlist
Add this entry to:        

Bind Variables and Prepared Statements -- Good, Bad or Indifferent?


I read about a worthless project that purported to detect SQL Injection Attacks.  That's lame because it's easier to just use bind variables; bind variables make your application simpler and faster as well as more secure.  A reader notes that bind variables are a topic of debate.  Really?  How are bind variables debatable?


Posted at 09:29 PM     Read More  
Author: Steven Lott
Technorati Tags:
Technorati Cosmos: Technorati Cosmos
Technorati Watchlist: Technorati Watchlist
Add this entry to:        

What's Central Here?


The requirements describe a kind of "broker" application that makes heavy use of a vendor's web services.  Sadly, the requirements also give a lopsided view that leads to heavy refactoring.  Lesson learned: don't take the requirements literally.


Posted at 11:25 AM     Read More  
Author: Steven Lott
Technorati Tags:
Technorati Cosmos: Technorati Cosmos
Technorati Watchlist: Technorati Watchlist
Add this entry to:        

Wrestling with REST


REST has some advantages over SOAP.  Django totally rules.  But the Django-REST interface causes me hand-wringing as I learn more about it.


Posted at 06:18 AM     Read More  
Author: Steven Lott
Technorati Tags:
Technorati Cosmos: Technorati Cosmos
Technorati Watchlist: Technorati Watchlist
Add this entry to:        

In Praise of Serialization via __repr__ (Revised)


The Pythonic distinction between __repr__ ("If at all possible, this should look like a valid Python expression that could be used to recreate an object with the same value") and __str__ ("the 'informal' string representation of an object... a more convenient or concise representation [than __repr__]") is very, very cool.


Posted at 05:50 AM     Read More  
Author: Steven Lott
Technorati Tags:
Technorati Cosmos: Technorati Cosmos
Technorati Watchlist: Technorati Watchlist
Add this entry to:        

Parallelism Fetishes. #1: Equal-Sized Partitions


People get confused by concurrency.  Folks often fetishize some feature or other.  This is about the "equal-sized partitions" fetish.  Other fetishes include locking and I/O processing.


Posted at 08:10 AM     Read More  
Author: Steven Lott
Technorati Tags:
Technorati Cosmos: Technorati Cosmos
Technorati Watchlist: Technorati Watchlist
Add this entry to:        

Python and the Star Schema


For PyCon '07 I presented a paper on how delightfully simple it is to use Python to conform dimensions in a data warehouse.  The algorithm boils down to the setdefault method of a dictionary.  Recently I was asked about using this for "processing gigs of incoming fact data each day".


Posted at 06:37 AM     Read More  
Author: Steven Lott
Technorati Tags:
Technorati Cosmos: Technorati Cosmos
Technorati Watchlist: Technorati Watchlist
Add this entry to:        

Standard Software Defects - Java Edition


Here are some software defects so typical, that I've collected a handy short list with acronyms.  I've also got a specific technique for remediating those awful Everything In Main programs.


Posted at 08:58 AM     Read More  
Author: Steven Lott
Technorati Tags:
Technorati Cosmos: Technorati Cosmos
Technorati Watchlist: Technorati Watchlist
Add this entry to:        

Tackling the Spreadsheet Problem


When you address a problem by creating a spreadsheet, you now have two problems.  Sigh.


Posted at 08:50 AM     Read More  
Author: Steven Lott
Technorati Tags:
Technorati Cosmos: Technorati Cosmos
Technorati Watchlist: Technorati Watchlist
Add this entry to:        

Synchronicity and Document Object Models.


I had a brain-cramping problem with XML, X12 and the need to support a variety of use cases.  Coincidentally, Ian Bicking posted something that coincidentally lead directly to a much more elegant solution.

The timing was an amazing piece of serendipity -- or synchronicity -- or luck. 


Posted at 11:32 AM     Read More  
Author: Steven Lott
Technorati Tags:
Technorati Cosmos: Technorati Cosmos
Technorati Watchlist: Technorati Watchlist
Add this entry to:        

Python as Configuration Language -- More Good Ideas


A hot topic -- more thoughts flow in from all sources.  Excellent points.  Thanks for thinking.


Posted at 05:27 PM     Read More  
Author: Steven Lott
Technorati Tags:
Technorati Cosmos: Technorati Cosmos
Technorati Watchlist: Technorati Watchlist
Add this entry to:        

Physical Database Design Questions -- Some Inner Mysteries


Got a bunch of physical design questions recently.  The conversation is made more complex by the way CA ERwin throws around terminology; specifically their misuse of "physical".

The questions were surprising to me.  They seemed to reveal a tenuous grasp on what a database really was -- structured, persistent storage.  Somehow, peripheral features seemed had grown to dominate the conversations.


Posted at 02:35 PM     Read More  
Author: Steven Lott
Technorati Tags:
Technorati Cosmos: Technorati Cosmos
Technorati Watchlist: Technorati Watchlist
Add this entry to:        

Quantum Time: Dates, Times, DateTimes and Timestamps (3rd ed.)


Recently, I worked out the performance implications of two implementations of open-ended date ranges.  The next topic is the handling of different date resolutions.  Bottom Line: Time is Simple, but you can make it complicated.

(Revised to include another DW DateTime technique.)


Posted at 07:57 AM     Read More  
Author: Steven Lott
Technorati Tags:
Technorati Cosmos: Technorati Cosmos
Technorati Watchlist: Technorati Watchlist
Add this entry to:        

Open-Ended Date Ranges -- The "From Here to Eternity" Problem


What's the "best" way to handle open-ended date ranges in SQL?  Use NULL for the end-date and horse around with IFNULL or COALESCE functions?  Or use a date in the impossibly far future?  This is sometimes called the "Domain Specific Null" problem.  I thought the answer was obvious until I ran some tests.


Posted at 10:01 PM     Read More  
Author: Steven Lott
Technorati Tags:
Technorati Cosmos: Technorati Cosmos
Technorati Watchlist: Technorati Watchlist
Add this entry to:        

Configuration File Scalability -- Who Knew? (Revised)


I had some configuration files in .INI format and .XML format.  Both were a large pain to work with.  I rewrote them into a massive Python object creation expression and -- whoops! -- ran into an interesting scalability issue.

[Thanks for the feedback; I've revised and extended this post.]


Posted at 06:12 PM     Read More  
Author: Steven Lott
Technorati Tags:
Technorati Cosmos: Technorati Cosmos
Technorati Watchlist: Technorati Watchlist
Add this entry to:        

Two Python Config-File Design Patterns


XML config files have their place -- in standards.  .INI files have their place -- in legacy programs.  Here are some more Python configuration file techniques that I've used to parse X12N messages.  I think there are two design patterns here: Structural Declaration and Bundled Properties.


Posted at 08:23 AM     Read More  
Author: Steven Lott
Technorati Tags:
Technorati Cosmos: Technorati Cosmos
Technorati Watchlist: Technorati Watchlist
Add this entry to:        

Python as Config Language -- Forget XML and INI files


XML-based configuration files are fine -- when you're struggling with Java.  INI files are just creepy because they seem to be Yet Another Syntax.  However, Python absolutely rules as a configuration language.


Posted at 08:54 PM     Read More  
Author: Steven Lott
Technorati Tags:
Technorati Cosmos: Technorati Cosmos
Technorati Watchlist: Technorati Watchlist
Add this entry to:        

Is This Software World's Equivalent of The Perpetual Motion Machine?


Not News: Formal Methods called into question.  Silly: Metaphorical alignment of formal methods with perpetual motion.


Posted at 06:01 AM     Read More  
Author: Steven Lott
Technorati Tags:
Technorati Cosmos: Technorati Cosmos
Technorati Watchlist: Technorati Watchlist
Add this entry to: