Discussion - ORM Techniques
closed account (3hM2Nwbp)
I've suddenly found myself needing to dynamically cache a database, so I ran to Google and searched...resulting in the too-good-to-be-true solution of ODB - a free cross platform ORM solution. Naturally I was excited by this, because it was another chunk of code that I didn't have to write...or was it?
Reading onward into the product, I came across this in the license:
which is absolutely unacceptable in this case, but it was nice that they actually came out and said it rather than wrapping it up in a 100 page veil of legalese.
That got me thinking - how robust does this code need to be? The answer: Not very robust - which lead me to the following write up. The main thing that I don't like about it is the if/else chain structure. I might redo it with a function map, but I'd like some fresh ideas / eyes.
PS. I'm aware that the queries aren't protected from injection attacks (or properly un-escaped).
Reading onward into the product, I came across this in the license:
| Parasitic Licensing Entity wrote: |
|---|
By linking with the ODB runtime libraries (directly or indirectly, statically or dynamically, at compile time or runtime), your application is subject to the terms of the GPL version 2 which requires that you release the source code of your application if and when you distribute it. |
which is absolutely unacceptable in this case, but it was nice that they actually came out and said it rather than wrapping it up in a 100 page veil of legalese.
That got me thinking - how robust does this code need to be? The answer: Not very robust - which lead me to the following write up. The main thing that I don't like about it is the if/else chain structure. I might redo it with a function map, but I'd like some fresh ideas / eyes.
|
|
|
|
|
|
PS. I'm aware that the queries aren't protected from injection attacks (or properly un-escaped).
Last edited on
Never worked with databases, but will post anyway..
I don't understand why would you do this at all. Wikipedia says that ORM is needed when you're working with non-scalars, which is clearly not the case, as, while Attribute can store anything, saveAttributes will break if that anything is not a scalar.
Is this just an optimization so that you don't need to do queries every time you use those variables? I wonder if SQL doesn't have similar optimization of its own..
Another thing that baffles me is the way you save things (by generating an SQL query). Isn't there a better way which does not waste time converting scalars to strings, parsing the thing and then converting them back?
Though, what part of this is open to injection attacks? There isn't any user input, is there? Or am I misunderstanding what injection attacks are.
I don't understand why would you do this at all. Wikipedia says that ORM is needed when you're working with non-scalars, which is clearly not the case, as, while Attribute can store anything, saveAttributes will break if that anything is not a scalar.
Is this just an optimization so that you don't need to do queries every time you use those variables? I wonder if SQL doesn't have similar optimization of its own..
Another thing that baffles me is the way you save things (by generating an SQL query). Isn't there a better way which does not waste time converting scalars to strings, parsing the thing and then converting them back?
Though, what part of this is open to injection attacks? There isn't any user input, is there? Or am I misunderstanding what injection attacks are.
closed account (3hM2Nwbp)
I should have posted a better explanation of what it's for, but my original post used all (8192) of the characters allowed in a post. All in all, what was posted is an unoptimized quick and dirty mess (to see if the concept would actually work).
This is part of a little job that I picked up to help make an existing server-side multiplayer game framework easier to work with. Generally, they are seeing between 400 and 1000 users online, but the way their hand rolled framework is set up, it's a pain to add more features (by having to modify the saving routine, the loading routine, the user model, and data transfer routines). The idea behind the dynamic cache is to prevent the modification of the source code, prevent a recompilation, and hopefully eliminate the possibility of a bug sneaking in. To add a persistable attribute to the game, all that is needed is to create a new column in the database.
Yes, it will...however the creation of attributes is something that only the loadAttributes method should do (preventing the creation of any non-scalar attributes. I assume that ORM operates by breaking down non-scalar types into their basic types and then generating the appropriate query to insert them into the database.
I'm sure there is, perhaps a prepared statement...but I don't really have any experience with professional database management so I have some reading to do.
This is part of a little job that I picked up to help make an existing server-side multiplayer game framework easier to work with. Generally, they are seeing between 400 and 1000 users online, but the way their hand rolled framework is set up, it's a pain to add more features (by having to modify the saving routine, the loading routine, the user model, and data transfer routines). The idea behind the dynamic cache is to prevent the modification of the source code, prevent a recompilation, and hopefully eliminate the possibility of a bug sneaking in. To add a persistable attribute to the game, all that is needed is to create a new column in the database.
| Though, what part of this is open to injection attacks? |
|
|
| saveAttributes will break if anything is not a scalar |
Yes, it will...however the creation of attributes is something that only the loadAttributes method should do (preventing the creation of any non-scalar attributes. I assume that ORM operates by breaking down non-scalar types into their basic types and then generating the appropriate query to insert them into the database.
| Isn't there a better way (to save things?) |
I'm sure there is, perhaps a prepared statement...but I don't really have any experience with professional database management so I have some reading to do.
Last edited on
I just wanted to mention this:
This is correct only in the case that code is distributed. If no code is distributed, as would be the case with a server, no source code needs to be released. The GPL wrapping its disgusting little fingers around the program may still be problem even in this case (for example, if closed source licences for the server are expected to be sold at some point in the future, or if the owner just doesn't want to deal with the GPL), but I thought you should know this.
| By linking with the ODB runtime libraries (directly or indirectly, statically or dynamically, at compile time or runtime), your application is subject to the terms of the GPL version 2 which requires that you release the source code of your application if and when you distribute it. |
closed account (3hM2Nwbp)
Time to derail the thread.
Sometimes I really want to make a license that restricts the ability for derivative works to be licensed under the GPL vX...I really agree with this person when it comes to free software: http://dewimorgan.livejournal.com/21650.html
Maybe then I'll start writing more non-infectable public domain code.
Sometimes I really want to make a license that restricts the ability for derivative works to be licensed under the GPL vX...I really agree with this person when it comes to free software: http://dewimorgan.livejournal.com/21650.html
Maybe then I'll start writing more non-infectable public domain code.
I'm glad I don't use the GPL. I knew it was ridiculous but this is too far.
Also, does that apply to glibc?
Also, does that apply to glibc?
Luc Lieber:
http://www.dwheeler.com/essays/gpl-compatible.html
It's simply not an efficient method.
[EDIT]I really like that link you posted.[/EDIT]
chrisname:
The GPLv3 is even worse. That exception I made earlier with server-side software doesn't apply with it. Version 4 will presumably require some sort of blood price when you try to link to code licenced under it.
About glibc, keep in mind that it was intended as a system library for the GNU OS. It doesn't make sense to make a system library that doesn't allow you to run any software you want in the system.
http://www.dwheeler.com/essays/gpl-compatible.html
It's simply not an efficient method.
[EDIT]I really like that link you posted.[/EDIT]
chrisname:
The GPLv3 is even worse. That exception I made earlier with server-side software doesn't apply with it. Version 4 will presumably require some sort of blood price when you try to link to code licenced under it.
About glibc, keep in mind that it was intended as a system library for the GNU OS. It doesn't make sense to make a system library that doesn't allow you to run any software you want in the system.
Last edited on
| the GPL is viral and parasitic by design, while claiming to "protect our interests". However, people using such emotive words are generally regarded as frothing at the mouth. But I don't know of a better word than viral to describe "a clause that either prevents merging of two codebases with differing licenses, or causes the other license to fall out of effect, and which prevents all subsequent users of the code from adding or removing any restrictions or alternate licenses." |
Then I think that the usual copyright law is viral in nature too. So, copyright law can prevent me, The User, the one that Actually Does The Work, to make a copy of Windows/Word/Photoshop and proceed with my usual pressing work.
So, if the GPL is viral onto software companies, then the usual copyright law is viral onto Regular Users.
| And I don't know of any better term than parasitic to describe a clause which means "any GPL fork of an open source project originally released under another license, can take any improvements subsequently made in the other fork, but the other fork can't take any of the GPL improvements." |
Then I don't know of any better term than parasitic to have a program on my computer that cannot be modified by the User at All.
To me, complaining from the GPL is being a "cry-baby" - you are always free to go ahead and buy a professional library to suit your needs.
Last edited on
| Well, I think that the usual copyright law is viral in nature too. |
| Copyright is inherently viral, and any license, even the most liberal, like BSD, are viral to some extent. Many of the problems in the GPL come about because it is based on copyright, and many of the arguments here apply to all copyright licenses. |
| And I don't know of any better term than parasitic to have a program on my computer that cannot be modified by the User at All. To me, complaining from the GPL is being a "cry-baby" - you are always free to go ahead and buy a professional library to suit your needs. |
See http://web.archive.org/web/20030518160658/http://www.winehq.com/hypermail/wine-license/2002/03/0134.html for a more detailed explanation.
Last edited on
| To be honest, I don't understand this line of reasoning. I don't see how permissive licences are viral at all. Since you seem to have independently come to the same conclusion, maybe you could enlighten me? |
I was ironizing of the cited author. Also, I think he switched the paraziting and viral adjectives. I find his opening paragraphs don't make any sense.
You seem to have missed the point. He isn't talking about closed source in that paragraph at all. What he's saying is that the GPL encourages embrace extend and extinguish (or rather, fork extend and extinguish) against open source alternatives |
I agree, however I do not see it as a bad feature of the license. I think that companies that wish to sell us software should write everything themselves (or buy it among one another). I find that the GPL argument is the User vs The Software Companies.
Companies/Corporations basically wanted to quietly take us, the rest of mankind, for complete idiots, and in some sense they succeeded (example: Windows, Word).
At some point the technically able users assembled together and made a pact - called the GPL - that ensures that we have code that companies cannot use (to resell to us, except violating licenses), just like they have code that we, the Users, can't use (except overpriced or pirated compiled+linked binaries).
I see the problem as Software Users vs Software Companies, and the GPL is the users' main weapon.
Last edited on
| I was ironizing of the cited author. |
| I think that companies that wish to sell us software should write everything themselves |
Great software stands on the shoulders of giants.
| I find that the GPL argument is the User vs The Software Companies. |
| At some point the technically able users assembled together and made a pact - called the GPL - that ensures that we have code that companies cannot use |
I actually agree with all the non-adjective containing statements you made (i.e. we agree on the factual situation, just not on which aspects of it are good/bad).
Agree, but this is not how life works.
How do you comment on the fact that, for example, I can't use Mathematica's code freely. If 3 years ago, I had free and proper access to their C/C++ code for polynomials/matrices, plotting on the screen, etc., I probably wouldn't have had to reinvent the wheel. Assuming I am not a hard-headed prick that does everything himself anyways, I would had proceeded with what is supposed to be my mathematics specialty right away. Probably, by now I would be 1-2 years ahead of where I am right now.
A common problem shouldn't need to be solved more than once. After that you're just wasting everyone's time; |
Agree, but this is not how life works.
How do you comment on the fact that, for example, I can't use Mathematica's code freely. If 3 years ago, I had free and proper access to their C/C++ code for polynomials/matrices, plotting on the screen, etc., I probably wouldn't have had to reinvent the wheel. Assuming I am not a hard-headed prick that does everything himself anyways, I would had proceeded with what is supposed to be my mathematics specialty right away. Probably, by now I would be 1-2 years ahead of where I am right now.
Last edited on
I did say "common problem". For example, decoding compressed audio is a common problem.
But to properly answer your question, IMO access to information is an all or nothing thing. If you don't want to make it available, fine; but if you do make it available you shouldn't impose restrictions on its use. To me, closed source software and permissive or freer licences are both perfectly ethical. If Wolfram didn't want you using their code then that's just the way it is. That information never existed, as far as you know. It'd be worse to sell your soul to the devil for access to that information.
More pragmatically, couldn't you use the API to give instructions to the server (or "kernel" as it's called)?
But to properly answer your question, IMO access to information is an all or nothing thing. If you don't want to make it available, fine; but if you do make it available you shouldn't impose restrictions on its use. To me, closed source software and permissive or freer licences are both perfectly ethical. If Wolfram didn't want you using their code then that's just the way it is. That information never existed, as far as you know. It'd be worse to sell your soul to the devil for access to that information.
More pragmatically, couldn't you use the API to give instructions to the server (or "kernel" as it's called)?
Yes, I could, and same with MAPLE, but I never legally owned any of those (I have tried them (on MAPLE I even did actual work) of course using pirated versions).
However, equating using the GPL to selling your soul is a bit... oh well, Stallman does sound like a bad guy, but the devil should be looked for in the Microsoft camp ...
However, equating using the GPL to selling your soul is a bit... oh well, Stallman does sound like a bad guy, but the devil should be looked for in the Microsoft camp ...
Last edited on
Well, I wasn't talking specifically about the GPL. EULAs are closer to what I'm talking about.
Oh, in that case you don't even have the right to complain. And I say this as someone with equally shady practices.
| I never legally owned any of those |
Topic archived. No new replies allowed.