[socal-piggies] Slides for libcloud talk
Daniel Greenfeld
pydanny at gmail.com
Fri Feb 18 13:06:26 PST 2011
Michael,
I don't really have time to get into an epic religious discussion but
I'll try and sum it up nicely:
1. Think of exec/eval tools as weird magic best left alone. Regardless
of the complicated arguments, the truth is that simply debugging code
in an exec/eval argument is much harder. It means your variables are
stored in variables of variables. Web framework building is hard
enough without tossing in that sort of complexity.
2. I'm no security expert, but I do know that security experts always
raise the flag on Security-by-JavaScript (cough... facebook...
cough...) and exec/eval statements. If your code ever gets audited by
someone competent and they see exec/eval statements in your underlying
framework they are going to go postal.
3. SQLAlchemy, libcloud, psychopg, flask, Pyramid, Django, Zope,
pygame, scipy, and 99% of the Python world does things as explicitly
as possible. They don't do extra imports for you in their controllers
or modules, which seems like extra work in the short term. In the long
run, you know EXACTLY what is going on in a file - and that counts for
so much.
4. JKM's major rant on reddit was that this behavior defined in point
#1 above makes Web2py different than the rest of the Python world. And
that they are training a breed of new python developers who expect
different behavior in code then the rest of us. Call me a fanboy (and
employee), but he's right. If you have a problem with Web2py the
majority of the people on this list or any python list will be
crippled in their ability to help you. On the other hand, any of us
can figure out the individual components of flask, sql alchemy and
more because it is following the common pattern. So that means while I
may not know much about SQLAlchemy, I can figure out what's going on
inside.
Danny
On Fri, Feb 18, 2011 at 12:39 PM, Michael Chean <michael_chean at msn.com> wrote:
> Danny:
> I read that earlier and there was a thread on the web2py group addressing
> the issues that the author brought up. Honestly I'm too much of a beginner
> to
> understand the issue, but I think the writers on the the list seemed to
> cover it adequately. Here is the link:
> https://groups.google.com/forum/#!searchin/web2py/again%7Csort:date/web2py/dmN54cpMuXo/rNAdw9pEbX0J
> I would be interested in your take on this, in laymans terms :)
> Mike
>
>
>
>> Date: Fri, 18 Feb 2011 11:34:24 -0800
>> From: pydanny at gmail.com
>> To: socal-piggies at lists.idyll.org
>> Subject: Re: [socal-piggies] Slides for libcloud talk
>>
>> Alas, web2py does some weird stuff under the hood that makes me very
>> leery of using it:
>>
>> http://lucumr.pocoo.org/2011/2/1/exec-in-python/
>>
>> Danny
>>
>> On Fri, Feb 18, 2011 at 11:30 AM, Michael Chean <michael_chean at msn.com>
>> wrote:
>> > Looks like I missed an excellent talk. I realize that Django is the
>> > major
>> > Python web framework, but has
>> > anyone played with web2py? For a beginner its a very approachable
>> > framework. It also plays nice with
>> > GAE.
>> > Mike
>> >
>> >
>> >
>> >
>> > Date: Fri, 18 Feb 2011 08:40:15 -0800
>> > From: grig.gheorghiu at gmail.com
>> > To: socal-piggies at lists.idyll.org
>> > Subject: [socal-piggies] Slides for libcloud talk
>> >
>> > Thanks to everybody who attended the meeting last night. Here are my
>> > slides - please don't make them public because I submitted this talk
>> > as a proposal to the Velocity conference, and I'd like to see first
>> > whether it's accepted or not. If it's not, I'll post the slides on
>> > Slideshare.
>> >
>> > Thanks,
>> >
>> > Grig
>> >
>> > _______________________________________________ socal-piggies mailing
>> > list
>> > socal-piggies at lists.idyll.org
>> > http://lists.idyll.org/listinfo/socal-piggies
>> > _______________________________________________
>> > socal-piggies mailing list
>> > socal-piggies at lists.idyll.org
>> > http://lists.idyll.org/listinfo/socal-piggies
>> >
>> >
>>
>>
>>
>> --
>> 'Knowledge is Power'
>> Daniel Greenfeld
>> http://pydanny.com
>> http://cartwheelweb.com
>>
>> _______________________________________________
>> socal-piggies mailing list
>> socal-piggies at lists.idyll.org
>> http://lists.idyll.org/listinfo/socal-piggies
>
> _______________________________________________
> socal-piggies mailing list
> socal-piggies at lists.idyll.org
> http://lists.idyll.org/listinfo/socal-piggies
>
>
--
'Knowledge is Power'
Daniel Greenfeld
http://pydanny.com
http://cartwheelweb.com
More information about the socal-piggies
mailing list