There are several points during the pieces of a Django app’s lifecycle where you’d like to log in a user without going through the standard login views. These are situations when the user has authenticated their identity in some other way, for example:
- User just successfully signed up. There’s no reason to ask them to re-enter the credentials they just set up.
- User just reset their password.
The official documentation isn’t super clear on how to do it, but it turns out its incredibly easy:
from django.contrib.auth import login user.backend = 'django.contrib.auth.backends.ModelBackend' login(request, user)
The backend is used by the auth system later on in the process.
“The new Facebook is here. Try it now.” With those words, Facebook opened up its new redesign. The initial reactions were mixed at best. Application developers were frustrated with the changes. Users were also confused – where did the apps go? The new look for Facebook is a brilliant idea, extracting the value of the News Feed (originally a development that was met with skepticism) and taking it to the next level. This change is both subtle and blatant but will have a drastic effect on the direction of the Facebook ecosystem. A number of studies have analyzed the importance of simple incentives in causing drastic shifts in behavior and its clear that the leadership at Facebook is well aware of them.
The first part of the new picture is the user. After setting up all of my friends on Friendster, Orkut and Myspace the same question always came up. Now what? Sure, I could go look at my friends’ profiles for occasional changes or send them messages – but the first was often hard to find out about and the second I could do much easier with email. Having the Facebook News Feed gave me a reason to come back. Now that I had a friend network I could extract value from it. I could see what my friends were doing. Initially only basic Facebook related tasks showed up but with status messages and other data the same bit of the human psyche that’s made twitter a success. There was suddenly a reason to come back to Facebook on a near daily basis. To a site that’s monetized by advertising views, recurring visitors are a gold mine. The marginal cost to serve each one is tiny and the ad revenue more than sufficient to cover it. Even with all of its resources, however, Facebook’s ability to create functionality that would draw the user back to the site was insufficient. An ecosystem of developers working on Facebook’s platform could create orders of magnitude more content and that’s what the platform was meant to be.
The applications that integrated with the old Facebook would appear on the profile page so naturally, they had content that would add to a user’s profile: their favorite songs, the places they had traveled and their favorite quotes. Some apps did more: complementing the wall, adding features that changed over time (such as plants) or allowed users to play games with each other but the majority simply added static content to the profiles. They filled the need of users to express themselves but once that was done, well, now what? Facebook realized that the apps that were truly valuable to them were the ones that encouraged users to interact and come back to them. Ones that displayed content relevant to each user and ones that created interactions others would know about. Ones that did things that could go into the news feed. With that realization the New Facebook suddenly makes a tremendous amount of sense.
The applications that are static are now relegated to the Boxes tab where no one will see them. They extend a user’s profile but Facebook has never really cared about that. Facebook has realized that any piece of content, no matter how intrinsically exciting, gets old and tired. The only way to keep the site useful and the users coming back is to constantly provide new bits of content which is exactly what the New Facebook incentivizes developers to do.The applications that are now front and center are ones that the user can do something with on a recurring basis and even more importantly the user’s friends can do something with on a recurring basis. Applications that used to have their own versions of this (ie. Super Wall) and fractured a viewer’s update attention to multiple spots in the profile now get forced to use the main feed for their updates or get ignored. If you have an application that doesn’t allow users to come back to it and make changes then it will never be seen again.
For you, the user, this is actually a blessing in disguise. Yes, its hard to give up the current Facebook page with all of the cool doodads that your friends or that cute girl in your class have added to their profile but do you ever look at those doodads more than once? The new Facebook redesign gives you a way to see what online activities your friends have been up to in one centralized place. It’s the same need that Twitter, FriendFeed and many others are trying to fulfill as well.
Strings are a critical part of the Java language and especially so in a web application. Here are a variety of pointers for dealing with Strings.
Use StringUtils
A lot of the common String operations that aren’t in the JDK library are available in Commons Lang StringUtils. Check out those methods and you’ll find your code looking much cleaner (and you’ll have to write less of it!). Anytime you’re about to write a piece of simple string manipulation code that you think should be in the library, check Commons first.
Concatenating a List<String> or a String[]
Check out StringUtils.join() to see if it’s already done for you! Also, see the discussion below about the different ways to concatenate strings.
Case insensitive comparison
Strings have a .equalsIgnoreCase() method that lets you do what you actually want rather than worrying about case conversions.
Prefer StrBuilder to StringBuffer/StringBuilder
Instead of the JDK StringBu* classes and the associated confusion explained below, try using StrBuilder. Apache Commons has created this very handy class that has a much more powerful and flexible API than StringBuffer. Give it a try and you won’t be able to go back to the regular StringBu* classes.
StringBuffer, StringBuilder and +
Strings in Java are immutable, so to append two Strings together the JVM must create another String. When you do that just once, the performance impact is negligible but if you do it many times (in a loop, or a more complicated piece of code) the cost of all of those intermediate Strings adds up. In order to deal with this problem, the StringBuffer and StringBuilder class were added to the Java core libraries. StringBuffer is threadsafe but slightly slower (because of the synchronization) and StringBuilder is not threadsafe but slightly faster. Both of the builder implementations have the con that they make the code harder to read.
The difference between using StringBu* and the ‘+’ operator is generally trivial, except in loops where it can become a significant performance hit.
As a general guideline, you should use the ‘+’ operator to concatenate simple Strings. The java compiler will actually convert code like:
a = b + c + d;
To look like:
a = new StringBuilder(b).append(c).append(d).toString();
So you get the performance when the code is compiled, and easier readability while the code is still in source. As of 1.5, the compiler can NOT yet optimize away the ‘+=‘ operator.
This also means that if you use + in a loop, then you’re incurring a performance penalty for creating a new StringBuilder in every iteration. They’ll be garbage collected eventually, but its not a good habit to get into. Make sure to declare the buffer/builder outside of the loop:
StringBuilder b = new StringBuilder(); for(String s : stringList){ b.append(s); } return b.toString();
Again, most of the basic use cases where you’d want to do that are actually already implemented for you in Commons Lang StringUtils.
Don’t optimize String concatenations!
This may seem to go against the advice of the rest of this post, but bear with me. Don’t immediately go into your codebase fixing these issues everywhere they crop up. That’s just a waste of time. Use profiling to determine which loops are actually causing slowdowns and fix those. Just keep these tips in mind as you write new code and focus on core readability as a primary requirement.
I just moved this domain over from Bluehost to Webfaction. There’s a variety of reasons for this but mainly it just comes down to the fact that Bluehost has been incompetent just too many times for its own good.
Running a web server is not rocket science. You spin up a distribution, install some standard packages and you have a working web host. Things do go wrong though and that’s what distinguishes companies that know what they’re doing from ones that don’t. Time after time Bluehost has proven that they don’t understand the basics of keeping customers happy. Frankly that’s all I want. The actual product could be crappy and held together with gum and duct tape but I don’t care what it does under the hood. I just want my hosting experience to not make me pissed off and be accessible to the outside world. Here are the main issues and differences that have moved me to switch.
Server Status
Bluehost has one crappy page that shows server status whenever they feel like updating it with useful messages like “Our technician is currently investigating a server problem. The source of this problem is unknown at this time. The duration of assessing this is approximately 15 to 45 minutes.” that show without a timestamp or ever show a resolution. I have yet to hear from them about a single reason for the downtime or resolution. Compare that against Webfaction’s status blog.
Control Panel
Bluehost uses an industry standard, cPanel so there’s not much to fault there. However, the login process that they layered on top of it is completely insane. Not only do you send credentials over HTTP rather than HTTPS, those credentials are then SENT RIGHT BACK TO THE BROWSER in cleartext and then sent for a third time in cleartext to the server. Really?
Webfaction has its own control panel which, while less polished than cPanel, is actually incredibly effective and has some very cool abstractions set up for running multiple applications and sites.
Applications
Bluehost comes with a bunch of generic installable applications which are great if you’re a consumer and don’t really do web development on your own. Webfaction comes with a ton of pre-configured packages for Trac, SVN, Django, WordPress and a variety of others that are more friendly to the developer/technical person crowd.
File organization
This is my bluehost home directory:
[###@box500 ~]$ ls access-logs ioncube public_ftp sources tmp etc logs public_html ssl webalizer.conf fantastico_backups mail sourceguardian thermopy www
This is my webfaction home directory:
[###@web41 ~]$ ls bin lib logs sources webapps
Can you tell which host actually cares about the little details such as not putting random crap in a home directory? Most of the directories in the Bluehost root aren’t ones I’ve created or even touched. It’s similar to Apple’s restructuring of the standard Unix directories to names and a structure that actually *gasp* makes a little more intuitive sense (“what do you mean its not in /usr/share/sbin/etc/lib/? where else would it be?!?”).
Cost
Who cares? Seriously. If you’re paying anything from $6 through $20 a month for web hosting what difference does it make? $14 is one nice lunch a month and that’s really stretching the price differences. I’ll probably end up paying a few bucks more per month for Webfaction but its likely to make me a lot happier.
Mailing Lists
Both hosts use Mailman for managing mailing lists, however cPanel offers an automated way to create/delete them whereas Webfaction does it manually. How often do you actually create/remove mailing lists?
Because Bluehost can’t figure out a way to deal with spammers or understand that a customer who has been with them for over two years won’t suddenly turn into a spam king they limit the rate of SMTP messages you can send. So if you’re doing a reply-all with 20 of your friends, expect that email to take several minutes to complete sending. This is technical competence right up there with login over HTTP.
The Plug
If you’re reading my blog, chances are that Webfaction is a good host for you. Give it a try.
This is a stupid gotcha that took me WAAAAY too long to figure out.
If you’re using the Facebook API with the new profile pages and attempting to set the FBML for a box on the wall and info pages it won’t work out of the box. You need to take whichever client library you’re using (PyFacebook, PHP, etc.) and make sure to point it at http://api.new.facebook.com/. Only then will the profile_main parameter get properly parsed. It would be fabulous if Facebook was to make API differences like that explicit by say, oh, I don’t know, revving the protocol version?
In addition, if you’re using PyFacebook (at least up to r157) you should add the type parameter to facebook.profile.getFBML() in the __init__.py file for the library. Here’s the open issue in PyFacebook’s issue tracker.
The Collections Framework is an awesome way to represent may common types of data using the mathematical basis for sets. Sun has a great tutorial that explains what the framework is and how to use it. This is meant to be a simple guide (in the traditions of Effective Java) on how to use the framework correctly.
To make it clear at a glance, the good and bad code samples are marked in green and red respectively.
Collections have an isEmpty() method
The Collections framework goes out of its way to make the code reflect what you’re actually thinking. The proper way to check if a collection is empty is not to check if its size is zero. Use the isEmpty() method!
Avoid returning null to mean an empty collection
Leaving the possibility of returning a null instead of an empty collection makes your caller have to write extra boilerplate code to deal with that case. Most of the time an empty collection has the same meaning that a null would. Trying to use null to represent an error in whatever was supposed to generate the collection bypasses Java’s preferred way for handling errors: Exceptions.
Create an empty collection using Collections.empty***() methods
If you need an empty collection that’s guaranteed to stay empty (for example in your test code) use the Collections utility class to create them:
List myEmptyList = Collections.emptyList(); Set myEmptySet = Collections.emptySet(); Map myEmptyMap = Collections.emptyMap();
There are also constants for List.EMPTY_LIST, Set.EMPTY_SET, Map.EMPTY_MAP, but they’re best avoided since they do not support generics.
Iterate through collections using the foreach form when possible
You want the code to match your thought process as much as possible. Sometimes you can’t use the new foreach syntax introduced in Java 5 because you need access to the loop counter but in most cases the best way to iterate through a collection looks like this:
List foo;
for(String bar : foo) {
System.out.println(bar);
}
The same foreach loop also works for arrays, with the exact same syntax.
Choosing which collection type to use
When you create a new data structure, don’t think of whether it’s a hash table, tree, whatever. Think about what the relationship of what you’re storing is. Is it a Collection, a Set, a Map, or a List?
If you’re not clear on what the difference is between a Collection, Map, Set, and a List check out the Javadocs (Sun’s Cliff’s notes). Start with what the requirements are for the data structure. Does it need to be ordered? Does it need to be unique? etc. Those will tell you which interface you need to use, and then you can decide what the underlying implementation should be. What if you use the wrong type of map/set/list and performance sucks? Well, then changing that implementation involves one line of code. And no one else needs to know or worry about it.
The left side is always an interface!
Like the title says, what you’re assigning to should almost never be an implementation. As a corollary, you should never return an implementation instead of an interface.
Instead of:
ArrayList foo = new ArrayList();
HashMap bar = new LinkedHashMap();
public TreeMap foo(){
...
}
do this:
List foo = new ArrayList();
Map bar = new LinkedHashMap();
public SortedMap foo(){
...
}
There might be a few exceptions to this rule, but they’re VERY rare. If you find yourself in one of those, stop and think really hard about whether you do actually need to break it. Better yet, ask the developer next to you about what she thinks.
If you’re explicitly casting, chances are something is wrong. Use generics.
Try to use generics on your collections. Knowing if foo is a list of Integers or Strings will make your client code much easier to read and will protect you from a lot of mistakes. Much more importantly, it will make it significantly easier for the next person who reads the code to understand what’s going on. If you find that you need a collection that needs to store multiple types of objects, then you should ask yourself whether you really have the right data structure and interface. Almost always the need to do that is a sign of a bad OO design.
This is a brief guide to getting up and running against S3 in Python.
You will need the following things:
- AWS Developer account (you can sign up for it on http://aws.amazon.com)
- Make sure you sign up for S3 (select Amazon Simple Storage Service in the sidebar on the left of the AWS page and then click ‘Sign Up For This Web Service’ over on the right)
- Python (I’m assuming you have it set up and working already)
A great library to use for access to AWS is called boto and its homepage is here: http://code.google.com/p/boto. You can download the code directly and then run its setup.py to install it, or if you already have easy_install you can make it do all of the work:
C:boto-1.3a>python setup.py install
or
C:>python easy_install.py boto
Either way, you can verify that boto is properly installed by trying to import it in python:
C:>python Python 2.5.1 (r251:54863, Apr 18 2007, 08:51:08) [MSC v.1310 32 bit (Intel)] on win32 Type "help", "copyright", "credits" or "license" for more information. >>> import boto >>>
Once boto is set up correctly get your AWS identifiers from the “Your Web Services Account” dropdown in the upper right of the AWS pages. You’ll need to use both the Access key and the Secret key when you make the connection.
At the highest level AWS stores data in ‘buckets’. These are unique across the entire service and each account is limited to a max of 100 of them. Within the bucket you create key/data pairs that look like filenames.
The code to do this is super simple. You’ll probably need to replace ‘examplebucket’ with something else:
from boto.s3.connection import S3Connection from boto.s3.key import Key conn = S3Connection('', '') bucket = conn.create_bucket('examplebucket') k = Key(bucket) k.key = 'foo' k.set_contents_from_filename('foo.png')
Doing this will upload the file foo.png to the bucket ‘examplebucket’. That would mean that the file is accessible at: http://s3.amazonaws.com/examplebucket/foo. If you attempt to go to the appropriate URL for that file you’ll get an access denied error back. By default new objects in the bucket aren’t publicly readable. Making the object readable takes advantage of a shortcut built into boto. In the boto.s3.acl module there is a list of ‘ready-to-use’ modes:
CannedACLStrings = ['private', 'public-read', 'public-read-write', 'authenticated-read']
Now we just set the ‘public-read’ ACL on our key and it will become accessible through the URL:
k.set_acl('public-read')
From here, check out the official documentation and tools such as S3Fox that will make your S3 experience much easier.
You should also grab the bota documentation archive and save it locally to use as a reference.
On a whim, I downloaded the Doctor Who Series 3 soundtrack. I’ve been watching the show despite its cheesiness and the music is absolutely amazing. It’s in many ways a parallel to the show – both deep and subtle but at the same time fun and delightful. Doctor Who’s plot gets horribly cheesy at times and is almost unbearably steeped in deus ex machina. Fortunately, the music isn’t really susceptible to such undramatic resolutions (at least not that I can appreciate).
This turned out to be a pretty delicious way to spice up pasta and get rid of the veggies I had hanging around anyways.
4 tomatoes
2 red bell peppers, seeded and diced
1 onion, coarsely chopped
1 teaspoon minced garlic
1 dash red chili flakes
1 teaspoon basil
Salt & Pepper
1. Boil a pot of water. Throw in the tomatoes until their skins split then remove, wash with cold water and remove the skins.
2. Pot tomatoes into a large skillet and mash with a potato masher. Mix in everything else. Simmer on low-medium for 20 minutes (or more).
3. Mix with spaghetti.