Beefy Boxes and Bandwidth Generously Provided by pair Networks
No such thing as a small change
 
PerlMonks  

Re: Perl and CGI for the World Wide Web

by Dominus (Parson)
on Jun 09, 2001 at 21:34 UTC ( [id://87208]=note: print w/replies, xml ) Need Help??


in reply to Perl and CGI for the World Wide Web

I had a chance to review the first edition of this book about six months ago, and I can't agree with your excessively snide review. I don't think this is the best book in the world, but I do think it's a lot better than most of the books with which is competes.

The main point of your review seems to be that the book is bad because it doesn't discuss security issues in enough detail. But as we all know, beginners usually can't get security right even when it is explained clearly. When I was reading your criticism, I tried to imagine what would have satisfied you, and I don't believe that anything would have, unless maybe it was a much fatter book. Since I think one of the book's greatest strengths is that it's so small, I think that including a large and comprehensive section on security would have been a bad decision, decreasing the worth of the book. A small, incomplete section on security evidently would not have solved the problem here. So what's Castro to do? Are you saying that any small book about CGI must necessarily be Evil and Wrong? So it would seem. But I can't agree. I think a small book with a brief security warning and references to further information is just what is appropriate for a first book about security, and that is what we have here. I suppose in your perfect world, everyone is willing to study security for a month before they write a 'Hello World' CGI program, but I don't think that is a very realistic belief.

I also don't think that your criticism about strict and -w is on the mark. The Perl community's dogmatism about these features gets increasingly silly every year. The programs in Perl and CGI for the World-Wide Web are never more than about twenty lines long. They don't need strict. I'll say it again: They do not need strict. Use of strict will confer no benefit in this case. There is no use of references, so there is nothing for strict 'refs' to do. There is no use of baseword strings, so there is nothing for strict 'subs' to do, and even if there were barewards, they are unlikely to cause a maintenance failure in a program this small. And in a twenty-line program there is practically no difference between a global and a lexical variable, so use of strict 'vars' and my would be a waste of effort and space.

The style and maintenance rules for large programs simply do not apply here, because these are not large programs. I've heard plenty of arguments that you have to learn these style rules right from the beginning, apparently from people who think that if you once turn down the Path of Darkness your Soul is Lost Forevermore, and I think it's bullshit. A programmer has plenty of time as their programs get bigger to learn how to write bigger programs effectively. But it is not Castro's job , or the job of this book, to teach them; they should have another book for that. Anyone relying on Perl and CGI for the World Wide Web as their sole source of Perl information is going to write some very bad Perl programs, certainly, but an introduction to use strict is not going to help that. If you are worried about readers of this book perpetrating bad code, I think a better criticism would be that the book has so little material about subroutines and encapsulation issues. But as I said, I don't consider this a problem. There is plenty of time for the reader of this book to go and get a copy of Learning Perl. You say you started with this book, and it doesn't seem to have done you any lasting harm.

Now, that all said, what did I like about the book?

I liked the way it was broken down into small, easily digested units, one per page. I think that that, and the book's shortness, may be its best features.

One of my major criticisms of most introductory programming books is that they have very few realistic examples. Perl and CGI for the World Wide Web succeeds tremendously here. Every page has a clear, brief, and realistic example.

I liked the extensive discussion of permissions and the chmod() operator. I think too many books try to skip past this or keep their fingers crossed and try to ignore the issue, which Castro tackled head-on. (In your frothing about security you somehow missed this.)

I liked the discussion on page 27 of the distinction between the value of an expression and its side effects, although the terminology was a little strange: Castro missed the opportunity to introduce the term 'side effect'.

I found very few actual errors. Compared with, say, Perl For Dummies, this book is a marvel of correctness. In fact, it compares favorably in this regard with Object-Oriented Perl. Unlike most computer books, it's clear that it was carefuly edited and composed.

My most serious criticism of this book would be that it doesn't seem to include very much discussion of programming issues, such as how the programmer decides what variables and functions to use, and how the programmer breaks the task down into steps. But perhaps people don't have as much trouble with this as I think they do, or perhaps the many small examples Castro shows will provide a natural jumping-off place for new programmers to gradually extend and enhance the examples. The other worry I have is that the book seems to encourage the reader to paste in code without understanding what it's doing. Many times, the book says "Type a close parenthesis". It's hard for me to pin down just what I thought was bizarre about that, but I'll try. It seems to me to suggest that programming is about typing the right sequence of characters in the right order, and I don't think that's true. To program you have to have a deeper understanding of what's going on. (It reminds me of a comedy sketch I once saw in which a Shakespearean actor explained that Hamlet was the hardest role to play, because not only does he have more words to say than any other character, but one must speak all 12,483 words in the right order.)

One occasionally sees people asking questions like 'what do I type to change all the a's to b's in a string?' and then a couple days later from the same person 'what do I type to change all the f's to r's?' This person is missing something fundamental. I worried that the style of Castro's book would encourage this kind of misunderstanding. On the other hand, I was never sure that this was a real problem---maybe it isn't. I tried to imagine what I would have liked in place of "To do this, type this:...", and what came to mind was that I probably would have written "To do this, use this:..." But that is not different in any meaningful way.

Perl and CGI for the World-Wide Web is not the best possible book, and it has some serious problems. But it is valuable, and I think it will do a lot more good than harm. I have recommended it to people in the past, and I am looking forward to the second edition.

--
Mark Dominus
Perl Paraphernalia

Replies are listed 'Best First'.
(Ovid) Re(2): Perl and CGI for the World Wide Web
by Ovid (Cardinal) on Jun 09, 2001 at 22:40 UTC

    Thanks for the feedback. You raise some good issues and I realize that I should have tried to pay attention to some of the good in the book, rather than focus on the bad. This was a blunder on my part and clearly a blind spot that I tend to have.

    That being said, unlike footpad, I disagree with you strongly regarding the security and 'strict' issues. I'm on the beginners-cgi mailing list and I try to answer questions for them (sometimes I even get an answer right). However, I've noticed a disturbing trend: many of these people seem to be maintaining or developing sites for businesses. I try as well as I can to steer them to better coding practices, but I am seeing so many people doing work that should be handled better.

    Now admittedly, I may be biased here. I worked for a company where the lead programmer (of a small shop) learned Perl from Castro's book. While a sample of one is not the most useful for statistical analysis :), I saw poor coding habits that simply didn't need to be there. He never used strict. As a former Javascript programmer, he tended to end his Perl subs with return true;, not realizing that this was useless. Of course, his subs didn't need to return anything because all variables were global. He didn't check the status of his opens. He didn't validate any incoming data. He didn't...

    Well, you get the picture. The surprising thing is, this guy was brilliant. He just had never been exposed to proper coding practices. Others that I have worked with (confession time: I'm one of them) have had tendencies to push back when new things are introduced. Many, many people get into a routine where they are comfortable and when another programmer comes along and says "you really should use strict", they resist. You don't need strict when you've found all of the bugs in your code, right?

    Ask anyone who works with moderately complex systems (project management, software design, medicine, economics, etc.) and they'll all tell you the same thing: it's cheaper and quicker to prevent a problem than to clean it up after the fact. Pushing the glass away from the edge is a better solution than sweeping up the pieces. The same goes for good programming style: teach everyone from the start and they'll just do it. They won't know better. How many times have you heard someone say "I tried using strict but it breaks everything?" When that happens, more often then not, they just give up.

    Dominus wrote:

    When I was reading your criticism, I tried to imagine what would have satisfied you, and I don't believe that anything would have, unless maybe it was a much fatter book.

    Well, this is something I can agree with. I don't think the book would have to be huge, but essentially, Castro gave a 'Cliff Notes' version of Perl/CGI programming. Can you imagine a thin calculus book? I'm not saying that Perl/CGI is as difficult as the Calculus, but what I am saying is that, to know Perl/CGI programming, there is much more territory to cover than what Castro has presented. The readers of the book were short-changed.

    Dominus, I have a lot of respect for you, but I simply can't agree with you here. Too many people are exposed to poor code and are happy. They don't want to be told they're 'doing it wrong'. They often see it as a personal affront when someone points out code issues. If their stuff works, they're happy. Frankly, if their stuff works, I'm happy too. But not if I have to maintain it. Not if someone stores the price in hidden fields on a Web site. Not when someone defaces yet another Web site due to poor code. I, too, am looking forward to her next book, but only because davorg mentioned that it will be much better. Why deliberately start people out on a path that you know they must veer from?

    Cheers,
    Ovid

    Join the Perlmonks Setiathome Group or just click on the the link and check out our stats.

      Brief personal response


      My first Perl program was written to chop up Netscape bookmark files, as it was so long that I got tired removing all the extraneous bits (Last-Visited etc) by hand.

      I read some bits of the Programming Perl book carefully, wrote it, and three days later (part time) it worked.

      I then read about use strict; and decided to stick it in. It took another two full days to make this working program compile. But I learnt a lot about Perl.

      The moral - always use strict; or know why ;-)

      -- Anthony Staines
Re: Re: Perl and CGI for the World Wide Web
by footpad (Abbot) on Jun 09, 2001 at 22:05 UTC

    It is not the best possible book, and it has some serious problems. But it is valuable, and I think it will do a lot more good than harm. I have recommended Perl and CGI for the World-Wide Web to people in the past, and I am looking forward to the second edition.

    I disagree slightly. You may be right about the benefits regarding use strict, my and -w in Castro's examples, however, you must admit that those are good habits to get into. Indeed, I've found that by starting with good habits, I've avoided some of the problems we see posted so often. Also, other titles have shown that it is possible to start with good basics: security, CPAN, good program design, and so forth. While that title is perhaps not appropriate for a first introduction to programming, it can help experienced programmers learn better habits from the start. As I'm sure you're aware, once we get an idea into our heads, it's difficult to shake it.

    I agree that Perl and CGI for the World Wide Web can be a good place to start from some people; I fear, though, that some will presume that they have enough knowledge when finishing it to create and deploy production scripts. Given the relative lack of security information in the first edition, that would be very dangerous. The book does have some value, however, I would hope that people move from there to one providing more suitable education for production CGI scripts.

    As an aside, the second edition appears to be available (check the above link). Since davorg mentions that some of the more egregious problems have been dealt with, the new edition may be more successful than the first.

    --f

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: note [id://87208]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others having a coffee break in the Monastery: (3)
As of 2024-03-29 14:38 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found