RubyGeek

I’ve have been pondering in the past 6 months - How do I get better at programing? What is the best way? do I need more books? At my current company, we whole heartedly engage in peer reviews, nothing gets checked in the repository without at least one person going over it. In that process, i’ve learned more about coding then I could from 10 books. I used to be a book fiend. I had about 10 books on every subject. Did I learn? yeah, some! But I think I’ve learned more from doing and practice. Practice, practice, practice! When the Chicago Ruby User Group offered this book in exchange for a review, I jumped at the chance.

“Refactoring in Ruby” written by William C. Wake and Kevin Rutherford.
Published by Addison-Wesley

“Refactoring in Ruby” is more like a “workbook” then a “how to write awesome code” book. If you download the code from github http://github.com/kevinrutherford/rrwb-code you have tests already written for the exercises.

The book is arranged in three parts, The Art of Refactoring, Code Smells, and Programs to Refactor.

There are explanations of “code smells” which are one characteristic of code that could be improved. Some of them are long parameter lists, unnecessarily complex, global variable, feature envy sections, etc. One thing I find interesting is the “How did it get this way?” section. It gives some insight into the thought process and reasoning behind the smell. I think this is good, as programmers our ego may be rather miffed to hear “This code stinks” but with some reasoning, it makes the pain less and I think firms up in our minds when this happens again, to do it this other way. I always want to know why when someone says I could do such and such thing better.

In addition to the code smell examples there are three programs to refactor in the end of the book. In a conversational tone, it walks through and gives some hints on what needs refactoring. Its almost as if you had a pair programming buddy working with you and identifying in small chunks what can be improved. This is definitely something I want to work through more carefully.

What I find odd, is that not all the code smells have code examples. The inspiration for the book I think is the Martin Fowler book “Refactoring Improving the design of Existing Code” which has examples for every code smell. Maybe Ruby smells less than Java? Or those fixes are really trivial? I don’t know. Overall, this is a great book and is certainly worth the price and investment and you will be a better programmer because of it!

There are explanations of “code smells” which are one characteristic of code that could be improved. Some of them are long parameter lists, unnecessarily complex, global variable, feature envy sections, etc. One thing I find interesting is the “How did it get this way?” section. It gives some insight into the thought process and reasoning behind the smell. I think this is good, as programmers our ego may be rather miffed to hear “This code stinks” but with some reasoning, it makes the pain less and I think firms up in our minds when this happens again, to do it this other way. I always want to know why when someone says I could do such and such thing better.

In addition to the code smell examples there are three programs to refactor in the end of the book. In a conversational tone, it walks through and gives some hints on what needs refactoring. Its almost as if you had a pair programming buddy working with you and identifying in small chunks what can be improved. This is definitely something I want to work through more carefully.

What I find odd, is that not all the code smells have code examples. The inspiration for the book I think is the Martin Fowler book “Refactoring Improving the design of Existing Code” which has examples for every code smell. Maybe Ruby smells less than Java? Or those fixes are really trivial? I don’t know. Overall, this is a great book and is certainly worth the price and investment and you will be a better programmer because of it!

I got a copy of Computer Programming for Kids and other Beginners for review, I was interested because I have always thought that someday I would like to write a programming book for kids — I would have given my right arm to have this book as a kid! Here are some things I have always considered and how this book taught them:

How to get “out of the dos window” ?
Whenever my husband sees me typing at the console, he calls it the “dos window!” and he thinks we could move past that! I explain that you can’t point and click your way through life. But, visual is the way people think of UI’s now and it makes the program seem “real” if it has a popup box rather than a prompt on the console. Right off the bat, this book starts out introducing EasyGUI. one example of usage is

user_response = easygui.msgbox(”Hello there!”)

Nice huh? easy and straight forward. I think a new programmer seeing progress like this is pretty cool and probably very encouraging!

Looping
Whenever I have tried to teach looping, i have started out with arrays and indexes. Starting from 0 to “count” has always been confusing. This book uses ranges to loop. Starts at one and keeps it simple. Great idea!

Game
There is a chapter on PyGame and has a simple ski game. Reading through the code in the book gives you an idea of what a game is like and it annotates the sections of code to help you follow. Putting this in the middle of the starting section is cool, it keeps the reader from being all about syntax and seeing real code help them keep the end goal in mind.

More Syntax
The book continues with functions, objects, modules … but then another game chapter. This goes through some simple examples of graphics. Its pretty good I think, i think its easy for beginners to look sight of what they are making…syntax really isn’t all that fun. But i think this book is going to keep someone interested.

More on GUI
PyCard is another GUI library to help. I haven’t heard of this, but it looks pretty cool. Looks pretty easy to use.

String Formatting and File IO
This is something that is always at the beginning of a book. How interesting that it is last. I think because its not very interesting! Really how interesting is it to format a number. This chapter ends with a hangman game where the words are stored in files. Thats cool, something useful with files.

Infinity and Beyond!
The book ends with a few chapters to inspire the new programmer, computer simulations and hints on where to go next.

Overall an excellent book to inspire and keep a new programmer interested. Young and old alike. This book has fun stuff and tools to make it easy to learn (PyGame and PyCard). I’m actually wanting to go try some of this now…

This book is still in beta, but so far… I love it!

Chapter 1 is a very brief overview of RSpec and Cucumber and in Chapter 2 you are shown some examples. This is Real Code That Works! You can type it in and run. That is awesome, I was so excited last night that I almost couldn’t stop and go to sleep (Doc tells me to get more sleep. BAH!). I’ve done RSpec on a fairly large project before, a few years ago. I had seen some presentation at the Chirb meetings about some kind of testing involving Stories and Scenarios. It was interesting then… I just wasn’t sure how you can translate that into code. Now I see, it looks like this method has matured to the point where it is viable. Cucumber is only version 0.3.11 at this time but hey! Its cool, its tight, its gonna take off!

Chapter 3 - Starting off with a game example! WAY TO GO! Nothing more uninteresting than Yet Another Bank Account or Blog example. This is totally awesome. Its a very conversational at first, as you are learning how to apply the “Story” concept to the need. Once the planning is out of the way…. its time to code!

Chapter 4 - Cucumber, Writing steps to the stories

Chapter 5 - RSpec, writing rspec tests

Its great to see code that you can type in an run and its kinda fun, it a game! what isn’t fun about that! Great book so far Dave Chelimsky, Dave Astels, Zach Dennis, Aslak Hellesoy, Bryan Helmkamp and Dan North. Right on! Looking forward to the rest

Published by Apress
By Kevin Marshall, Chad Pytel, Jon Yurek
Book Info
Sample Chapter: Ch. 01 - Introducing Active Record
Table of Contents

Years ago when I was in PHP Land (now I travel quite a bit more! haha), I strugged for months with how to write a good ORM . It was tough, because I wanted to abstract the "boring logic" of retrieving records from a database without writing SQL but still remain flexible enough. I never really came up with a good model. I used the DAO from "extreme php" library which I think was a knock off from java. It was ok, but I still didn't feel like I had "arrived".

When I discovered Ruby on Rails, I found ActiveRecord. Ahh HA! Finally, this is what I was looking for. At first I thought it was part of Rails, but its not. Its a standalone library and you can use it with straight up ruby scripts.

I got a review copy of "Pro Active Record" some time ago and read it some when I got it, then some later, and now I am going to officially write up a review!

If you do anything with Active Record, get this book. The things that are briefly mentioned in most Rails books are described in detail in this book.

Chapter 1 - Introducing Active Record

Most of the time, the first chapters of a book are boring to me. I don't need another "History of the Internet" or how "HTML was developed" ... blah blah. But this one, the story is only 1 page. And it actually has some introductory scripts on using Active Record, so you can see right away how it works. It also explains the benefits of MVC and why ORMs are good. Some people still don't get it!

Chapter 2 - Active Record and SQL

This chapter helps you translate the "sql in your head" to how to write it with Active Record. I've used Active Record so much that now I have forgotten most of my SQL, which is kind of embarrassing. I now find writing sql tedious and boring! I would have actually called this chapter "Demystifying Active Record" since it explains why all the dynamic finders work. You'll also find transactions and locking explained here.

Chapter 3 - Setting up Your Database

Migrations! The Awesome Thing that can turn into a nightmare for large rails projects with multiple developers.... definitely have to decide on some best practices with your team on this one. The chapter has only one thing to say about this -- assume any checked in migration has already been run by your team and the migration should not be edited and checked back in! You'll have to make another migration file with your changes.

[tip]
Nola's Note: When you make a migration, test it both UP and DOWN!! Here's what I do --
write a migratiion
rake db:migrate (go up to the version with new code)
rake db:migrate VERSION=n-1, (go to version before the latest)
rake db:migrate (back to lastest)
rake db:migrate VERSION=0 (back to blank db)
rake db:migrate (back to latest)
[/tip]

Just to be sure its all good -- even on a new database!

Chapter 4 - Core Features of Active Record

Now is the fun stuff - Callbacks. This is magic. This makes Active Record so flexible, and is one thing I could never figure out how to do with my PHP ORMs. I use call backs to set defaults for fields. If its just a straight default, then I set it in the database but if I need to make a decision, (if this field then this field..) then I can use it in a callback.

Associations - at first this is very confusing! I don't know how many times I got "has_many" and "belongs_to" mixed around in the beginning.

Validations - Awesome. I had to do some ruby code without a database and I really really really missed the validations. It took me like 5x longer than it should! Understanding all of these validation methods will make your life so much more enjoyable. I really really hate doing boring, repetitive stuff...it seems so wasteful to me.

Chapter 5 - Bonus Features

Everybody likes a bonus and this isn't even the last chapter of the book.

Java people will like the Active Record Observers -- seems a little AOP to me (aspect orienteted programming) and something I probably have neglected to use to their fullest extent.

Acting up -- Learn how to "save time" with the "acts_as" magic: List, Tree, Nested Sets. If your data needs these structures, you got it made. I can imaging how much longer it would take to write this stuff in perl or php.

Composed of - I haven't used this, but this looks like a good way to make sensible objects out of database tables. There is quite a bit of explanation and examples of this, it will come in handy.

There are a few other in depth explanations of things, such as method_missing which is how alot of the magic happens. Rock on.

Chapter 6 - Active Record Testing and Debugging

Ahh yes, Testing. My favorite subject. My friends who know how much I love testing say I am sick. I must have an inner need to PROVE I am right or something, haha.

The chapter goes into depth about using test_unit with Active Record, sadly no RSpec. But, it does go into all the error messages that Active Record throws so you can write good try/catch blocks and make very exact error messages (probably best logged for the admin rather then displayed to the user!)

Chapter 7 - Working with Legacy Schema

Here's how you work with that old database that just won't die... or that management won't let you totally redo. Active Record follows some of the principles of Rails "convention over configuration" ... relying on table and column naming conventions to figure out how to build your object....but still giving you a way out if you want your tables singular and your primary id field called "myawesomeid" instead of "id"

I've used some of these things on an older database and it was possible! Not too bad if thats what you have to work with.

[soapbox]
Some people find this annoying "oh gosh! my library can't make decisions for me! OMG! That sucks" .. to that I say, "Umm ok. But if you follow these conventions then I can come into your project and know exactly what is going on" ... like with web standards, we all harp on how IE and FF do things differently, yet people want to bellyache about Active Record preferring to have plural names and id field called "id". Right.

Follow the dang convention and find something worth complaining about to complain about.
[/soapbox]

Chapter 8 - Active Record and The Real World

This chapter goes into depth about the library and encourages you to go read the Active Record code. Always a good idea to know what it is you are using I've actually learned ruby better by reading source code. The chapter walks you through basic structure of the files. Very cool.

[soapbox]
I used to work at a place that didn't like any "outside code" because they were afraid "OMG ... it will send our passwords to Russia!" ... ok, well I am not an idiot. I read over any code that I use that I didn't write. I look at the tests to see if I am using it right. I even RUN the tests so I can be sure its working as advertised.
[/soapbox]

Alternatives to Active Record - with EXAMPLES! If something about Active Record doesn't set too well with you, take a look at the alternatives. Sometimes I look at the alternatives and decide that the first wasn't so bad after all. You'll find examples of DBI, Og, ActiveRelation.

Finally a section on Q and A finishes up this book. The Appendix has a complete reference of ActiveRecord methods to make this book a well rounded reference, tips, documentation and very handy to have at your desk!

ProPHP Security

Published by: Apress

Authors: Chris Snyder and Michael Southwell

Book Site | Sample Chapter: Preventing SQL Injection | Table of Contents

At first, I thought this book was all about cleaning your input variables and filtering your output, XSS attacks, SQL injections but I was most presently surprised to find that it was that and so much more! In fact, I would have called this "ProPHP Security and Administration" instead! It is absolutely fantastic. It really is about security in all of the facets of web development - from server, to code, to database to the system users.

The book is divided into 4 parts:

- Part 1: The Importance of Security

- Part 2: Maintaining a Secure Environment

- Part 3: Practicing Secure PHP Programming

- Part 4: Practicing Secure Operations

Here are some brief overviews of the sections and the tidbits I found interesting:

Part 1:

The first part is the shortest and gives a general overview the what and why of security.

Part 2:

The second is much more hearty and goes into detail about Shared hosts and why they are secure and how to make the more so. It even dips into alternatives for the traditional shared hosts and goes into Virtual Machines. This is valuable to not only to administrators but to PHP Developers. After reading this, I understand the "why" behind many of the things about shared hosting that I found frustrating.

One of the most important things I found in this chapter is how to maintain separate development and production environments. When I was helping to set this up at one of my past jobs it was a topic that I couldn't find much information about. It also makes mention of version control, using wikis, bug tracking, sandbox and testing! Oh and here's a concept…. pretend your live system failed -- how well does your backup plan work?

How many times have I thought, I should make a cron job to back up my database to my home server every day/week? Have I ever done this? No! But now I have no excuse! Backing up a database and storing remotely is one of the sections in this chapter and code included! Fantastic.

There are chapters about Encryption theory and practice which I read several times to understand. It was interesting but it wasn't something I have to do right now in my life, but I will return to this book to refresh my memory when I do.

Securing Network connections SSL and SSH, these proved helpful as I have become the "Reluctant System Admin" for one of my projects -- partly because if they were to hire a part time person I'd rather they get a CSS person and I'd rather do the sys admin!

The Controlling Access section goes into details about using certificates with php, single sign-on, basic and digest http authentication … whoa this is some deep stuff! But good, when I was looking into this for a project a few years ago I couldn't find anything helpful. It continues with then permissions and restrictions, a lot about Unix permissions and keeping things running where they should, securing databases and PHP Safe mode!

Part 3

Finally -- the stuff that I thought the book would be about - validating user input, filtering output, preventing cross site scripting attempts, remote execution.. so much more to security than I thought! It talks about securing temp files, I always assumed the OS handled this and I didn't need to worry.

Part 4

Ahh -- Practicing Secure Operations… all you ever wanted to know about making sure your users are humans, verifying your users, setting roles for users, logging your users actions, preventing data loss, executing system commands safely, working with webservices and finally Peer Reviews! Sometimes it's that extra pair of eyes that can see things you miss.

Something I find interesting - in the section about preventing data loss, it talks about setting a flag on records that are "deleted" and then making a db view of the "good" data and using that to select from. One of the things I like in Ruby On Rails is this "acts_as_paranoid" model option that does about the same thing. Neato.

Pro PHP Security is a most excellent read and so much deeper than my brief overview here. It will be a handy book on my shelf to keep me on my toes regarding security in all areas of web development, from the server to the code, to the users, to best practices of security you will find this is a helpful book too!

Book Review
Beginning Ajax with PHP by Lee Babin, published by Apress

Book Site | Sample Chapter: 3 PHP and Ajax | Table of Contents

Although no stranger to Ajax, I received a review copy of Beginning Ajax with PHP expecting some watered down presentation of Javascript with some PHP thrown in. I was quite surprised to find a good presentation of using Ajax and PHP, easy enough for the beginner and still interesting for those who have done it for years.

The book starts out exactly how I would write it -- SIMPLE! The first time I did Ajax with XHR (xml http request), I used a plain text file, which I then read into a DIV at the click of a link. This takes a similar approach and has data stored in an array which is then accessed with a simple call to a PHP file. The following chapter, takes it a step further and this building upon previous chapters is a common theme in the book.

After going through the basics, the book gets into more practical uses of Ajax. The latter chapters talk about using forms to pass along data to be processed by Ajax and doing form validation. It also gives a good explanation of the proper use of the form methods GET and POST. It goes into detail about uploading images and other files using a hidden form submit trick, since XHR doesn't support file uploading (javascript is not allowed to access files on your harddrive). And this chapter is the perfect predecessor to the "Real-World Ajax Application" chapter where you will take what you have learned and create an Ajax based photo gallery. Practical, hand-on is the best way to learn something IMHO (Sorry "Hello World" scripts!). It is interesting that this chapter is in the middle of the book, when I would expect it at the end. Perhaps the author wanted the user to jump in and try it, instead of persevering to the end. I don't know about you, but often the last few chapters of the book go unread by me.

After the reader has confidence on how to use AJAX, the book gives the warning, “Whoa! Wait a minute! AJAX isn't appropriate for EVERYTHING!” It gives examples of when AJAX would be a good idea and when it would not. I think this is pretty important as each CEO now wants Ajax everywhere in their application but it's not always the best solution! And it talks about the classic, “THE BACK BUTTON”, problem. Then, in the same chapter, the book takes sort of a funny turn (in my opinion) and gives an introduction to PEAR.  The book explains how to use PEAR's HTML_TABLE class to illustrate a good use for Ajax in creating an Excel-like grid that sums columns. This is a very cool class but would have been better suited for an appendix.

The rest of the book seems to be a random splattering of interesting topics: web services, map applications, cross-browser issues (touches again on the back button problem - but a solution this time!). There is also a brief mention of security. This should have been more in the middle of the book (see above for skipped last chapters syndrome). What then follows is a testing and debugging chapter which would have been more effective as the 3 or 4th chapter in the book. Finally there is a chapter about the browser DOM.

A great minor addition to the book would be an overview of some Ajax libraries such as Prototype, JQuery, Dojo, etc.

Book Review: PHP Hacks by Jack D. Herrington, published by O'Reilly

I had borrowed a Perl Hacks book from and friend and really liked it, it was great! It had a lot of practical things as well as some fun things. I expected the same from PHP Hacks and I was not disappointed!

Here’s the table of contents:
http://www.oreilly.com/catalog/phphks/toc.html

O’Reilly also has some sample hacks:
http://www.oreilly.com/catalog/phphks/chapter/index.html

Here's some that I found interesting:

The Practical Stuff
Breadcrumbs
Not familiar with the term? Check it out. I think this hack may get you started on a breadcrumb function/method. In the end they suggest a xml file to show which page urls were parents of which. The way I've done this before was I had a class for each major section, and sub section, and had a method ->addCrumb($label, $url) which I had in the constructor…and the subsections of course would call the parent contructor and it kept the breadcrumb hierarchy intact. But hey, that’s the fun of programming - different ways to do the same thing to meet different needs! Definitely a good hack to get the juices flowing!

Building Lightweight HTML Graphs
Don't want to use flash to display a graph? use PHP to figure out the ratios and give you a width and use a table. I've done something similar by figuring out the width of a div, making the background a color… and I have used 1x1 pixel images that have been stretched to a certain width and height. It’s a very lightweight download for your user, that’s for sure! Later in the book, there's a hack for creating a Dynamic HTML Graph that will change without reloading the page.

Put an Interactive Spreadsheet on your Page
This one is so cool -- you need to read about it in the book yourself! Lets says, move over Google Spreadsheets! We can do it too!

Create Link Graphs
I call these Tag Clouds, not sure why they call them Link Graphs here in the book -- probably, tag clouds has been copy written by some Web 2.0 smartass. Here I am, sue me! This is a unique and visual way to show the popularity of certain words in a group. Rather than a numbered list, this is visual. I had this discussion not too long ago with a group and sadly, most of them didn't get it. I think if I actually used this sort of technique on a page, I'd include a "What's this?" link or an alternative view.

Create Dynamic Database Objects
This was very interesting to me because I love Active Record in Rails. This relies on some of the magic of PHP5 to work, probably this is not going to be the best performance code but really -- is anything easy the fastest?

Generating CRUD Database Code
Similar to previous, but a create-once and go method, this hack will read from a xml file and create CRUD objects for maintaining your database. These will probably be faster then the previous one -but you'd have to run this script or update manually when your schema updates. Some people hate code generation - some don't. Pear's DB_DataObject is a similar concept.

There are a few other nifty database hacks making this my favorite section of the book!

Turn any Object into an Array
Using foreach is my default iteration function and using the PHP 5 iteration interface on any object to give it that functionality is awesome. This is one of the most practical design patterns (other than the other favorite: singleton) that I talk about to people who ask me - what are design patterns and why should I care? Speaking of design patterns - tired of reading a design pattern book and trying to figure out the smalltalk or java code? the design pattern section of the book has diagrams and sample code that you can understand.

Fun Stuff

Build a DHTML Binary Clock
What is that you say? Take a look at ThinkGeek and learn how to make something similar in DHTML. Yes, this is not practical but its fun. Something fun is always a great way to get excited about programming and enjoy yourself.

Generate Your Unit Tests
I put this in the fun section because testing IS fun - I love it. One of the things people (normal people, not wacky test freaks like me) complain about testing is - no time! Here's a hack that will let you put your test in a comment and running this script on it will pull out those comments and write your test for you. Nifty!

Build GUI Interfaces with GTK
I've always wanted to try something with GTK, but never have. This hack shows you how to build a regex expression tool to test and play around with regex. I've had programs like this and they are darn handy when you want to do a quick check. So, after you've had your fun building this -- its practical as well.

Send RSS feeds to your IM Application using Jabber
Depending on your use, this may in fact be practical but I think its rather fun. I have not figured out a use for this myself but the book uses it to send weather forecasts to your IM client. Neat-o

What I didn't like about this book
not too much in the way of checking input variables. I know, probably they "leave that as exercise to the reader" but noobs and experts alike need to get this ingrained into the head by default. So I suggest also picking up Essential PHP Security

What I like
ER diagrams and control flow - Nice!
Handy size

I've only touched on a few of the great hacks and there are many more I also like, but didn't really want to give away the entire book! I suggest you pick it up and keep it handy. Next time you are bored -- flip though and find something interesting!