As does the Chrome Javascript console. I'm sure Safari has one too.

Don't have any recent experience with Firebug but the Chrome debugger/repl is great. Makes js development 1000x better.

Oh and for completeness ie 8+ also have debuggers. Not as nice but useful for debugging ie specific issues.

Yeah I use Firebug extensively, and break points are helpful. But in some situations, like maybe where the value of a property could be affected by more than one function, I really think the more primitive alert()/console.log approach might work better. Perhaps that's a sign I should refactor, I don't know. At any rate, I can't wait for this.

daveT,
Thanks man. And yeah I know what you mean, I wouldn't blink an eye at debugging 700+ lines of PHP. But the same amount of code in JS can be a nightmare.

Current record is 600+ LOC and I'm still working on it....

I got that login to work finally. Unfortunately, nobody can forget their password.

Not sure how it compares to PHP, but I'm pretty sure its about the same thing. Fill out the form, press the button, if successful, the page redirects.

But it looks something like this in made-up code:

Suppose it redirects to some other page, though it doesn't have to:


What's interesting is that the account-confirmation page redirects to 404 if you tried to type it into the browser. Is that how PHP, etc., works?

A few interesting things to note:

1- You cannot name the login page the same as the account-login page. This isn't too interesting if you enjoy using your time to be productive.

2- pages in Clojure default to get, which I guess is why 1 happens. This also means that you have to explicitly cast them to post.

3 - In the account-creation page, it is perfectly acceptable to name the "post" page the same as the "normal" page. I have zero idea why this is true, but I guess I have to accept it.

I don't know much about clojure so it's tough for me to compare it to PHP, but I use a Post/Redirect/Get pattern for authenticating users. This seems to be pretty standard across platforms:

1. Users POST a username/passwd form
2. The server side pulls their username and passwd hash from the database for comparison, does whatever site specific is authentication needed.
3. The server sends back a 302 redirect to either the protected area if the login succeeds or back to the login page if login failed.

The advantage of Post-Redirect-Get is that it prevents duplicate form submissions. With only using POST and responding without a redirect, the form will re-submit when the user refreshes the page.

Forgot this part.

Um, well not really. There isn't a specific, defined way for handling user authentication in PHP. I guess if you wanted you could send back 404 headers anytime someone tries to access a page without being authenticated, but there are better ways of doing that.

I use sessions for handling access control. Python and Ruby can do sessions as well. Sessions allow you to maintain persistent data over the course of multiple requests. When a user successfully logs in, the server assigns them a unique ID. It's also possible to assign custom session variables to the user.

For me, when a user logs in successfully, their session ID gets regenerated to a new value. There are also session variables set for the unix time of their last activity, their username, a user ID number they don't know, and an SHA1 hash of a string containing their session ID, their browser's user agent, and some other value that I can't remember. I think it's their internal user ID that they don't know.

At the start of every PHP script that I only want authenticated users to access, there is a function for authentication. It first checks to see if the session variables that were set during login are still set. If not, they get redirected out to the login page.

It then calculates the same SHA1 hash of items and compares the result to the session variable of the same. If the values match, the script proceeds. If not, they get redirected out.

The reason for this step is to protect against session hijacking. By confirming an unknown, unique, predictable value, it becomes difficult for an attacker to misrepresent their identity to the server. Although session IDs are unique and are regenerated after login, they can be obtained by the user. This method requires an attacker to obtain an identical user agent string, the unique session ID, a confidential value stored in a database, as well as the order to place them in an SHA1 hash.

Finally, it gets the current unix time and subtracts the value of the last activity session variable. If the difference is less than 3600 seconds (1 hr), it resets the last activity session var to whatever the current time is. If it's more than 3600, they get redirected to the login with a message that their session has timed out.

That's a great answer, and I'm not sure how that is all handled with Clojure. Now I'll have to look that up.

I was saying that if I enter in the POST page, it goes to 404. I find it strange because I have a webpage defined and even a post-to link in the form header but there's nothing user-facing. Is that how PHP works?

No not at all. That's strange.

It was probably mentioned before, but the online SaaS course is starting soon
-> https://www.edx.org/courses/Berkeley...012_Fall/about

Don't miss it, if you are interested.

Why would putting a print statement be better than putting a break point and inspecting variables in the debugger?

I'm not convinced that it is. I'm only saying that in some particularly complex situations, like when more than one function may or may not be called based on uncertain factors, it's sometimes more helpful to use that approach.

You don't get my point. Yes it's possible to be a good developer on Windows, yes it's possible to build nice things with PHP.

It's simpler (and probably easier, too) with better tools and it's way more likely that a good programmer will run Linux, BSD or MacOS. In the same vain, it's also more likely that a good programmer will not work in PHP.

Yes PHP is just a tool but a book is also a tool to get some nail into a wall. I'll still prefer someone that picks a hammer over a book for that task even if there are some people that are really good at getting nails into walls with books.

Yes it's ultimately the programmers fault if he produces crappy code but I still think the point I made about certain languages breeding certain mindsets is a very valid concern.

No, hatred is about right. Sometimes you have to be opinionated.

Edit: I understand that my position may be strange and that we probably won't ever agree. I'll just stop talking about it (obviously won't but I can try)
You can even claim that you "won the debate" because i use both Windows and PHP based stuff

---

Actually the outcome of this back and forth was pretty excellent for me. I watched the Hickey talk again but this time decided to check out the long version eventhough some people in the comments of the railsconf one said not to bother because he's hating too much in that one. I think it's pretty excellent.
I kind of wish he'd actually write a book on the whole idea of designing simple stuff. I took notes in the form of a mindmap and I think I'll step through some code of mine with simplification on the mind

clown, are you talking about this talk? Where's the long one, this one is only about 35 minutes.

Another example is Multi-threading. Log files are absolutely essential when you are trying to debug something that runs in multiple threads. Trying to set break points and stepping through the interaction will often alter the way the pieces interact.

I said neither of those things, but those are (a big part of) the reasons PHP has such an image problem.

BTW, I manage a team of 18 PHP developers. And before I turned to the dark side, I was one myself.

I do have to say, though, that PHP is clearly a bad language. That should be obvious to anybody with a decent amount of experience.

That said, it's a useful one, and you can do good things in it. It's also fun to code in, afaic.

I'm not even going to comment on the php discussion but fun is probably the last thing I'd use to describe it. Too many inconsistencies in the API and a lot of unnecessary character typing = not a happy experience.

Shoe: The long talk is here:

http://www.infoq.com/presentations/Simple-Made-Easy

welcome back.

In response to the "hate." You have to admit that the Rails one is pretty opinionated.

As far as I understand it, he was a lead developer for telecoms for 20 years, and he was forced to use OO languages, like Java, and make them "functional" in order to deal with concurrency and complexity. It isn't so much that he is opinionated against OO as he is opinionated against mutability. Functional and immutable programming paradigms were birthed from the study of controlling concurrent state. Clojure takes polymorphism and a few other concepts that are popularly considered OO paradigms. I personally consider OO a frame of thinking about managing mutation and time-state. I don't think there's much debate left regarding why OO-style mutation is generally bad in creating concurrent programs.

Other popular notions, like "design patterns," are generally looked down upon in the Clojure community. ORM, strictly enforced and highly opinionated frameworks, like MVC a'la RoR, etc.

The Clojure for Lisp programmers is a highly opinionated talk as well. I haven't seen the Clojure for Java programmers talk, but I can imagine that there are strong opinions in there as well. Regardless, the guy has a lot of background and his opinions never seem off-the-cuff to me.

Yeah I don't enjoy php. I enjoy getting paid.

i just started a new job w/ a comm. real estate firm in financial analysis.

the big first project i'm working on is kind of a mega-unwieldy model that the guy before me made that is super unorganized, hard to run, and unbelievably inefficient.

i'm experienced with messing with inputs in models and getting the correct #s and assumptions, but i'm not as familiar with the programming language behind excel (more advanced vlookup commands than simple arrays, and only really basic macros/the most simplistic of vba).

i'm being tasked to spend my first 3-4 months before our analytical work for our client (a bank) to remake this model, in a more efficient manner.

i'm honestly a little overwhelmed, and while i'm confident i can figure it out i have no idea where to begin. can anybody offer any advice? feel free to ask questions, and i'll divulge as much as i can without breaching my NDA.

i think i could pickup more efficient programming with time and diligence, which it sounds like this will require. just not sure where to start. everything right now is excel derived, taken from inputs we get from a commercial real estate accounting software yardi.

Yeah that's the one I watched first. I'm talking about the InfoQ one. Essentially the same stuff but I liked the InfoQ one better (it's roughly 1h).

Edit: I think i'll watch Clojure for JAVA programmers eventually but holy hell it's ~2h+1h if saw that right

mburke, I had a project once where I was turning a big Excel model into Java code. Most of the calculations were in the Excel cells themselves (there was a bit of VBA used but it was pretty minor). Still it was really hard at first to figure out where the values were coming from for each cell since the formula within each cell was often like 500 characters long. Sound similar?

For that project I found the Excel "Trace Dependents" (hotkey is alt T-U-D) and "Trace Precedents" (alt T-U-T) features to be very helpful for figuring out what calculations were going on. These display arrows pointing to all dependent cells (or all preceding cells), which really helped me visualize what was going on in the spreadsheet.

****, this is fan-boy post, I fear:

I think Clojure does an excellent job of documenting its own raison d'etre via it's design and implementation choices, being a lisp, immutable, non-typed, dynamic, and (almost) purely functional. Maybe I'm too used to using Scheme to notice many of the oddities of the language at this point? Compared it to Scheme, it is refreshing to have multiple data structures and things like {}, [], etc, to clarify the data. Of course, having a real REPL is nice!

I think 3 hours would be better spent futzing around with Clojure -- or any functional program -- and seeing what it's like for yourself.

Clojure looks intimidating*, but the foundations are not that difficult. I've managed, with zero familiarity of the language 4 weeks ago, to concoct 600 LOC without breaking the entire system. Total hours is probably about 20 hours.

The quote, "Clojure demands that you raise your game, and pays you back for doing so," is applicable as well, of course.

*For me, seeing C-style code is highly intimidating.

Just finished part 1 (the almost 2 hour one). Yeah I can certainly see why it would be cool. Writing mostly Prolog on the job these days it's not even arcane.

Sequences on all data structures is hot.

Will watch part 2 after doing some other stuff.

Watched the 35min one. Definitely a solid watch. He reminds me of a not too distant relative of Robert Martin. I agree with his philosophies almost 100%.

Time to invest ~1h into the one on infoq. Here's a few that might be good?

http://www.infoq.com/presentations/Simple-Made-Easy
http://www.infoq.com/presentations/Value-Values
http://www.infoq.com/presentations/A...et-Rich-Hickey