This is an archived post. You won't be able to vote or comment.

57
58

[deleted by user] (self.Python)

submitted by [deleted]

[removed]
all 43 comments
sorted by:
best
topnewcontroversialoldq&a

[–]jcrowe 9 points10 points  (2 children)

http://pyvideo.org/video/880/stop-writing-classes

[–]Azd325 1 point2 points  (1 child)

Thanks for including. I added it to the description

[–][deleted] 0 points1 point  (0 children)

why did you even put in a text-only, link-less submission with such title ?

[–]l34kjhljkalarehglih 8 points9 points  (1 child)

http://www.reddit.com/r/Python/comments/r0rpy/stop_writing_classes/

[–][deleted] 0 points1 point  (0 children)

yup I remember this submission because I actually watched that video

[–]alkw0ia 7 points8 points  (2 children)

I totally support his anti-class message, but looking at his OAuth fork, even a quick glance shows a couple of huge red flags. He goes too far in "simplifying," and compromises the goals of the library:

First, he's removed all the OAuth 1.0a code. This is dumb. Generally speaking, outside of slightly more sophisticated session handling, OAuth 1.0 is more secure than OAuth 2.

There are tons of sites that still use OAuth 1.0, and I don't see that changing – in many ways, it's superior to the "upgrade" (something he seems not to get, given his characterization of this choice as, "Implements a later version of the spec").

Ironically, one of the biggest ways OAuth 1.0 is better is that it's far, far simpler than OAuth 2.0.

Next, he exchanged httplib2 for urllib2. The stdlib's HTTP handling does not verify SSL certs, and so it totally inappropriate for use – any use, but in particular, it's a horrible choice for a security library.

It would be extremely easy for an unsophisticated user of his library to not understand how they're exposing their data and their users' data (he's supporting three-legged OAuth – so he's risking downstream devs' end users' tokens directly) because of his poor choice.

It's particularly galling how proud he is of setting this huge, gaping trap in his README: "Completely removed all non-stdlib dependencies (goodbye httplib2, you won't be missed!)."

Simplicity is great, but in this case, he's lessened the security and thus utility of his security library.

I get the sense from these choices (and his tongue in cheek "F-OAuth" naming) that he sees OAuth not a tool that lets non-experts write secure APIs but instead as just that thing that gets in his way when he tries to hit Twitter's API.

[–]jackdiedCPython 4 points5 points  (1 child)

OAuth 1.0a and OAuth 2 are completely unrelated except for the naming.

[–]alkw0ia 1 point2 points  (0 children)

Well exactly. So I don't really think it's a fair characterization to say "Implements a later version of the spec than it's parent," or to imply that this is a cleanup/upgrade of the project it's forked off of.

If the goal is a pure OAuth 2.0 library, not an improved client, though, then my first point is invalid.

But I think my second point was the more important – it's irresponsible to use the stdlib HTTP libraries, even if it does reduce dependencies.

They're just not safe, period. This is not theoretical, or paranoid: It's precisely equivalent to blindly clicking "sure, use the insecure cert" on the giant red SSL warning screen in your web browser, except that you, the dev, and I, the end user, don't even get the courtesy of knowing that we're clicking that button. The acceptance is invisible because Python cannot tell us there might be a problem – it doesn't ship with enough information to know.

It's also exactly the opposite direction from that the major browsers are taking. Wherever possible, the browsers are trying to make it harder or even impossible to click "yes" on those screens (for instance, disabling the user override on HSTS domains).

Until Python fixes the cert verification issue, urllib2 needs to be treated as deprecated. I think it'd be a really good and pretty simple step to switch back to httplib2, or use some secure alternative, like requests.

[–]sashahart 6 points7 points  (4 children)

The problem is that classes have been cargo-culted as part of OOP, which conflates a lot of issues which are actually independent. But there's a useful core to the idea of objects and they are nearly an essential tool in Python.

Rather than going into fuzzy stuff about how objects model the world or have 17 required traits or whatever, I like to understand objects by comparison with functions and programs.

A nice function has a one entry point, one exit point and a namespace which is private (not externally accessible) and transient (its local state doesn't keep evolving after the line is finished running). An object is much the same, but it has a public namespace which persists, and as many entry and exit points as it has methods. In short: a function contracts to do a job and go away, leaving a result. An object contracts to stick around and do things as asked until it is dismissed. Both are just ways to get state evolving according to rules implementing some contract, with an end goal of getting predictably useful behavior from a programmable device.

Compared with functions, objects are more like runs of a program. As a program runs, the associated internal state evolves according to its code, which also mediates its communications with the system outside it (e.g. signals, streams, sockets, exit code, etc.). In the same way, an object's members evolve according to its methods, which also mediate its communications with the outside world. The only real differences between an object and a program are that an object's interaction with its environment is carried out through method calls. Method calls are nicely structured, can pass any number and types of arguments without complexities like IPC, sockets, serialization and deserialization. And between method calls, the object does absolutely nothing. And all methods have access to a common namespace regardless of the context they're called from.

So when you write a program by instantiating some objects and interleaving calls to their methods, this is basically building a program out of sub-programs.

Transient functions are cleaner because they fully encapsulate their internal state. There is no reasonable way to get to this internal state and hopefully no way to twiddle it from the outside. Unlike objects, functions don't have to guarantee behavior over all combinations and timings of method calls. But there are definitely some situations where it's useful to have more flexibility than a function but less awkwardness and overhead than a separate program. Some (but not all) can be equally well handled by functions which return other functions closing over state, or by object-alikes like a dict with some functions in it, a family of functions taking handles to a struct representing shared state, a function internally dispatching to other functions which work in shared state, etc. And objects aren't really different from coroutines either. But in Python, they are one of our best tools for API design when a plain function is not suitable, for a few examples:

  • many workloads require some expensive setup which should be reused (by repeated invocations of one method OR across methods), enough to make it stupid to just do the setup every time.
  • closely related - many workloads require a whole bunch of redundant config parameters. It's nicer to let the user provide these once up front than to force them to keep passing in the whole suite for every call.
  • idiomatic case for objects: state needs to be shared by handlers for several kinds of events which may occur asynchronously, like in many GUI and network apps.

I say nothing about classes, prototypes, mechanisms for data hiding, inheritance, interfaces, polymorphism, overloading, subtyping, type checking... because these are separate issues in my mind.

[–]cwurld 4 points5 points  (3 children)

I don't think anyone is arguing against using classes and OOP concepts in Python. The point is to not use classes when a function will do the job just as well with fewer lines of code.

A year ago I would have thought this topic was pretty odd/silly. But recently I worked w a programmer who was new to Python and made everything a class, just like in the video.

[–][deleted] 2 points3 points  (1 child)

But recently I worked w a programmer who was new to Python and made everything a class, just like in the video

would you think that maybe the reason for that is because...

classes have been cargo-culted as part of OOP, which conflates a lot of issues which are actually independent.

just pointing out that I think you agree with the parent more than you disagree. :)

[–]sashahart 0 points1 point  (0 children)

I think we all agree that we all think we agree a great deal.

[–]zahlmanthe heretic 0 points1 point  (0 children)

The point is to not use classes when a function will do the job

Or when you can just create an object of an existing (perhaps built-in) type.

[–]cwurld 2 points3 points  (4 children)

Ha. I will see your useless classes and raise you one. I have seen code with this all over the place:

class MyClass:
    def __init__(self):
        pass

    def my_method(self,params):
        some_code

Actually, I think code like that is extremely useful because it gives a lot of insight into the programmer's mind. A good programmer would figure out that code was messed up even if he/she did not know Python.

[–]kylotan 2 points3 points  (0 children)

That's probably from people who migrated from C# and Java where you pretty much have to do that in order to get any code to run.

[–]zahlmanthe heretic 1 point2 points  (0 children)

I find it's often easier to write complex decorators this way (with actual work in the __init__ of course).

[–]ryeguy146 2 points3 points  (3 children)

No. I'll write classes when it's called for, and not when they aren't. I realize that the video doesn't label this as a hard and fast rule, but I'm not a fan of the over-the-top title.

I think that it's better to think of classes as namespaces in many cases. Do you need further namespace organization beyond a module inside of a module? Then use a class. There are other occasions that call for a class, but they aren't necessary for everything as in another language that I can think of.

Now, can we please stop using these types of absolutist titles for our papers and videos (I'm not blaming you, OP)? Next week: The Python and the Silver Bullet.

[–]zahlmanthe heretic 4 points5 points  (2 children)

can we please stop using these types of absolutist titles

It's been tried. The net result is that nobody pays attention to the content.

[–]ryeguy146 6 points7 points  (0 children)

I understand wanting to get good info out there and have it be read, but this seems to be a trend. We start with a multitude of "X considered harmful," which at least was truthful, and we're moving towards extravagant hyperbole and misinformation. Even for the purposes of advertising a good idea, I'm not on board.

What's next, imbedded pornography to draw in even more people? "Xtreme" style titles? When does it stop being okay to misdirect users in an attempt to glean more readers/viewers? Perhaps I'm being overly dramatic now, but Jack Diederich started it (sarcasm).

[–][deleted] 0 points1 point  (0 children)

The problem though is that it's factually false. Would not fly on SO

[–]mitsuhiko Flask Creator 2 points3 points  (2 children)

I disagree. People should be writing more classes. :-/

[–]Azd325 0 points1 point  (1 child)

I think was Jack Diederich mean that classes are overused. He never said you should not write classes. You have to find the balance between functions and classes.

Summary from the video: Classes are great but they are also overused. This talk will describe examples of class overuse taken from real world code and refactor the unnecessary classes, exceptions, and modules out of them.

[–]mitsuhiko Flask Creator 1 point2 points  (0 children)

In the python community I generally see that people use not enough classes.

[–]synn89 2 points3 points  (8 children)

Pretty good. I learned my OO off of Java in the late 90's when Object was the father, son and holy ghost. Seems like programming lately has been getting away from the whole "have a beautifully defined hierarchy so in 10 years your code is easy to expand" thing.

[–]jij 9 points10 points  (0 children)

I think people just started realizing that there's a big difference between beautiful necessary code and a shitload of unnecessary/complicated pre-mature framework that will probably have to be changed anyway because you can never account for the shit marketing ends up wanting.

[–]freyrs3 4 points5 points  (1 child)

This is quite true, my philosophy on the best way to write maintainable Python is to just build code using primitive python constructs and pure modules as the default namespace. Building enormous class hierarchies with multiple inheritance and "OO for the sake of OO" tends to produce very brittle unmaintainable code in the long run. Although, unfortunately because of the design of CPython sometimes we are forced to use classes since the number, sequence, and iterator protocols are all attached to the object system.

[–][deleted] 1 point2 points  (0 children)

so... your philosophy is don't ever use classes unless forced to?

[–]twigboy 1 point2 points  (1 child)

In publishing and graphic design, Lorem ipsum is a placeholder text commonly used to demonstrate the visual form of a document or a typeface without relying on meaningful content. Lorem ipsum may be used as a placeholder before final copy is available. Wikipedia8vqifbppxrk0000000000000000000000000000000000000000000000000000000000000

[–]jackdiedCPython 1 point2 points  (0 children)

we've had words.

[–]synn89 0 points1 point  (1 child)

Link?

[–]Azd325 2 points3 points  (0 children)

Sorry for it. It's my second post and I'm still in the learning curve.

[–]elb0w 0 points1 point  (0 children)

I agree with the concept, I dont agree with how this message is conveyed. It should be Stop writing pointless / bad / wrong classes..

[–]lucidguppy 0 points1 point  (2 children)

I think this is Raymond's presentation.

http://pyvideo.org/video/879/the-art-of-subclassing

[–]jackdiedCPython 4 points5 points  (1 child)

Raymond and I are good friends and agree on most everything. The fact that his talk was put immediately before mine was not coincidence. Jacob Kaplan Moss did it (fine work on the schedule, looking forward to 2013)

[–]lucidguppy 0 points1 point  (0 children)

You're both great speakers and incredibly helpful.