Ben Atkin’s Weblog

While trying out Google App Engine, I noticed an interesting duality in the use of the Data Store API in the guestbook sample application. To create a record, they create an object and save it, just like one normally would with an ORM library like Active Record. However, when they retrieve the record, instead of saying something like:

greetings = Greeting.find(:all, :order => "date DESC",
  :limit => 10)

…they use a GQL query:

greetings = db.GqlQuery("SELECT * FROM Greeting " +
  "ORDER BY date DESC LIMIT 10")

Maybe I’m reading too much into it, but since this is in the first tutorial, it seems the person who wrote it might think that using a SELECT statement is a straightforward way of doing getting the information. Of course, a beginning programmer might have an easier time shooting herself in the foot with this method, because she could easily add a string from user input into the sql string, opening the door for SQL injection attacks, but for now, I’ll ignore that. I think that, in many cases, crafting a well-performing WHERE statement is easier in SQL than it is using ORM find methods. I think for joins it’s probably more so.

In typical web apps, however, inserts and updates are almost always simple, and those SQL statements aren’t needed. Perhaps by default, the query language could just allow for select statements, and have the user rely on ORM for the insert statements. That way, the beginning developer might be less likely to screw up the whole database by leaving out a search term in the WHERE clause of an UPDATE statement.

Microsoft’s LINQ, or Language Integrated Query, seems to be geared toward searching. In the examples, I almost always see the FROM statement. LINQ also works for XML, and to me it looks like more convenient syntax than using an XML library. LINQ also doesn’t rely on strings for constructing the queries, but instead integrates the query language into the general-purpose language, so it isn’t susceptible to SQL injection attacks.

One issue I haven’t touched on yet is how the results of a SELECT query are returned. If it’s just a row of dictionaries corresponding to fields specified between SELECT and FROM, some benefits of using ORM are lost. However, with Google’s DataStore API, this appears not to be the case. It looks like they’re getting back a Greeting object. I wonder what they get in the case of a join. Something to research later. The most useful thing I can think of would be an array of dictionaries containing each of the joined objects. For example, if Greeting and User where joined, the first result, results[1], would be a dictionary containing a Greeting and User object (results[1][’Greeting’] and results[1][’User’]). Then, one or both of these could easily be read and/or updated, and all of these operations would go through the code in the objects’ class definitions.

In Google’s DataStore API, we still have the security issue, as SQL strings are being created. Perhaps the server could be set to run with warnings for possible SQL injection attacks turned on by default. It might not be bulletproof, but along with only allowing SELECT statements by default, it could keep the data pretty safe.

Perhaps these new development tools are part of a trend toward using SQL for selects where convenient, but almost never for inserts/updates. If so, I think it might make web programming simpler. They could also be used when ORM methods would be equally convenient, and make it easy for the user to convert from a single-table query to a join.

I would like to see someone who knows more about using databases in web applications than I do write about this topic. In the meantime, I’m going to poke around Google App Engine and learn more about how the DataStore API works.

When installing Merb on my laptop, which runs Ubuntu Linux, I ran into a compiler error with hpricot, one of Merb’s dependencies. Before bothering to see what might be causing it, I checked to see if there was a precompiled apt-get package available. There was! I installed it and tried installing Merb again.

It still tried to install hpricot, however, and when I said to skip it, it said it could not install Merb because it was missing hpricot. I could have used force, or “pretty please”, but I wanted to instead tell the packaging system that I have hpricot installed.

I seem to remember a UNIX packaging system having an inject command — which tells the packaging system a program is already installed. I may have got the terminology wrong. I searched for such a command for rubygems but couldn’t find one. I did, however, find another way to convince rubygems that I already had hpricot.

I decided to do some digging in the gems directory. To find the gems directory, I typed:

ben@magicthise:~$ gem environment
RubyGems Environment:
  - VERSION: 0.9.4 (0.9.4)
  - INSTALLATION DIRECTORY: /var/lib/gems/1.8
  - GEM PATH:
     - /var/lib/gems/1.8
  - REMOTE SOURCES:
     - http://gems.rubyforge.org
ben@magicthise:~$ cd /var/lib/gems/1.8/
ben@magicthise:/var/lib/gems/1.8$ ls
bin  cache  doc  gems  source_cache  specifications
ben@magicthise:/var/lib/gems/1.8$ cd specifications/
ben@magicthise:/var/lib/gems/1.8/specifications$ ls
abstract-1.0.0.gemspec          merb-cache-0.9.2.gemspec
actionmailer-2.0.2.gemspec      merb-core-0.9.2.gemspec
...
ben@magicthise:/var/lib/gems/1.8/specifications$

I took a look at the gemspec files and found that they contained the name and version of the library. I copied the smallest of the files to hpricot-0.6.gemspec and used the gemspec documentation to find out which parameters are required. I wound up with the following in /var/lib/gems/1.8/specifications/hpricot-1.6.rb.

Gem::Specification.new do |s|
  s.name = %q{hpricot}
  s.version = "0.6"
end

I tried running:

ben@magicthise:~$ gem install merb --include-dependencies

And it worked!

It might not be everything that’s needed to get it working — but now I at least know how to inject a package.

I’ve become a somewhat avid twitter user over the last several months. It’s helped me to stay in contact with existing friends and to get to know a few people from Refresh Phoenix, a local web design/development club. For those who don’t know what it is, it’s like LiveJournal, except each blog entry is limited to 140 characters, the friends feature works slightly differently, and it has good integration with SMS.

A couple of things I really like about it:

• The 140 character limit. Twitter has a strict 140-character limit on all blog posts (tweets in twitter lingo). I’ve found this to be a very useful constraint. It reduces the amount of reading I have to do to keep tabs on friends. It also reduces the amount of time spent writing. As long as I don’t follow too many people, and don’t follow those that post too much, I can avoid spending too much time on twitter.

  I think it is also helping me to be a better writer and conversationalist. Trying to tell a story in 140 characters can be an interesting exercise. Inevitably, some details need to be dropped. Sometimes the story is not as good because it’s missing some interesting details, but often what’s left out is uninteresting. I had one such moment today.

  Yesterday, I was hanging out with some friends and told them a story. About half of the people found it interesting, but most thought it was long-winded and the half who weren’t interested were bored by it. If I had been thinking like I am when I write a twitter post, it might have been better received.

  I think the 140-character limit is a constraint people ought to embrace. There are a couple of ways to get around it — posting multiple tweets or dropping vowels and using lots of abbreviations and text-messaging-speak. I have a couple of rules of thumb. I try not to make a post that would make absolutely no sense to someone who didn’t read the other post. I also avoid shortening more than two or three words to make my post fit in 140 characters.

• Easy come, easy go. On Twitter, if someone follows you it sends you a friendly notice with the username of the person who follows you. If someone stops following you, it sends you no such notice. So, unless you’re constantly checking the list of people who follow you, you can’t give them a hard time about not following you anymore.

  It might annoy some people, but it’s for the greater good. It encourages people not to break twitter etiquette, or else people might stop following them. It also makes twitter fun to use, because if one user is being annoying, you can quit following them instantly and not face immediate blowback, unless that person is a real jerk.

• Best Wishes. On twitter, the notification e-mails you receive when a person follows you end with the following signature:

  Best,
  Twitter

  A few times, that’s been just the thing to help me to have a better day. The people at twitter are wishing everyone using their service the best. It’s the best closing salutation ever, IMHO. Thanks, folks!

My favorite month here in the valley (March) is here a month early. Hopefully July doesn’t come a month early. And I don’t even want to think about what could take July’s place if it does.

After I talk to someone I meet at a coffee shop or while traveling and help them with a small technical issue like getting photos transferred or getting on a wireless network, I’m sometimes asked for advice on becoming tech savvy. My advice for someone struggling with their PC who I won’t see again and won’t be able to help in the future is to get a mac. I point out that it really is totally different from a PC, and once they get a mac they should be able to figure out how to do a lot of stuff by themselves, instead of asking for help like they do now.

There is one thing, besides not wanting to pay extra money for a mac, that keeps people from empowering themselves by getting a windows-free computer that they can actually learn to use and maintain themselves — either they or someone they know has had hardware problems with a mac.

In my opinion, even if a mac breaks several times, it’s still worth it to get a mac (and an extended warranty) if you can’t figure out windows and need a computer for your career. I’m reminded of this by a comment by an editor on The Consumerist, an extremely popular and successful blog. He says that he’s had issues with three different macs and an iPod, but it’s still worth it to him to have a mac. Of course it is. He built a successful career with macs.