Archive

Archive for February, 2010

Static vs. dynamic typing: an introduction

February 24th, 2010 3 comments
wood type alphabet on Flickr

A different kind of type ...

This is the first of a series of posts on the differences between static and dynamic typing in programming languages. This post is intended as an introduction to the topic.

What is a type?

The following definition comes from artima.com:

My definition is that a type is metadata about a chunk of memory that classifies the kind of data stored there. This classification usually implicitly specifies what kinds of operations may be performed on the data.

Types are a way of classifying data in computer programs. Getting down to the nitty gritty, the computer’s processor doesn’t care whether a given variable is a number or a string; it’s just a bunch of bits. In fact, in C, the type of a single character and the type of an integer using one byte are the same: char. It is interesting to note that C does not even have a type for strings; instead it uses a sequence of chars arranged sequentially in memory. The only way the computer knows that the string has finished is by ending it with a null byte, written as \0.

C++ is a newer language, and so it has a type for strings, called string. This gives you certain benefits. In C, you need to allocate enough memory to hold a given string; otherwise errors and security vulnerabilities may occur. The C++ string class abstracts this away, meaning that these security holes can be a thing of the past.

Types are a way of telling the computer the purpose of your data. Multiplying two floats together works differently to multiplying two ints – the processor must know whether the values it is multiplying are floats or ints in order to correctly calculate the result. They are also a way of telling other programmers (and yourself in a few days) the purpose of your code. For example, using a date type instead of using an int to hold a datestamp makes it very obvious that the value being manipulated represents a date, and not just an arbitrary number. Of course, while the computer couldn’t care less whether you are incrementing an integer by one or going forward by a day, to a human being this is a crucial distinction.

What is static typing?

Static typing is used by programming languages as diverse as C, Java, F# and Pascal. In a statically typed language, if x is declared as an int, x will always be an int (in the current scope at least). In other words, types are associated with variables. Older statically typed languages require the programmer to declare the type of every variable, which leads to wastes of typing like the following:

Button myButton = new Button();

Newer statically typed languages use type inference to allow the compiler to ascertain the type of a variable implicitly. Note that while the following is possible in a statically typed language with type inference:

myButton = new Button(); //myButton is inferred to be a Button

this is not:

myThing = new Button(); //myThing is inferred to be a Button
myThing = new Frame();  //myThing is a Button, not a Frame

A statically typed language will check types at compile-time. When the compiler gets to the second line in the snippet above, it will fail, because it will not be able to assign an object of type Frame to a variable of type Button. The compiler will check types wherever they are used, and ensure that no inconsistencies occur in the program.

What is dynamic typing?

Amongst the better known dynamically typed languages are Python, Ruby, JavaScript, Erlang and Smalltalk. In a dynamically typed language, any value can be assigned to any variable. There are still types, but the type is associated with the value rather than the variable. Using Python as an example, we could do the following:

myFile = open('foo.txt', 'r') #myFile is a File object
myFile = myFile.read() #myFile is now a string object
myFile = len(myFile) #myFile is now a number

In a dynamically typed language, type checking occurs at run-time. Before every operation is carried out, the interpreter must check to see if it is possible. Here’s an example in Python:

x = 10
y = 5
z = x * y

When the interpreter gets to the third line, it must first check to see if x and y are compatible with the * operator. If the above example had been in C, both x and y would have had to be declared as ints, or the program would not have compiled. The statement x * y would have been compiled to a single multiply instruction, so at run-time, this multiply instruction is carried out with no type checking.

Summary

So, types are basically just metadata about memory being used by your program. When the program is compiled or interpreted, the compiler or interpreter can maintain strict rules about how types can interact, or it can be a bit more laissez faire. There are good reasons for both approaches, and generally the choice is a trade-off between safety and flexibility.

The only way to get a proper idea of the different approaches and feels is to start coding. Python and Ruby are both great examples of modern dynamically typed languages. Have a look at C++, Java or Haskell for statically typed languages.

My next posts on this topic are going to look more deeply into some of the issues surrounding static and dynamic typing.

Categories: Programming Tags: ,

Static vs. dynamic typing

February 19th, 2010 11 comments

Over the next few weeks, I’m going to be writing a number of posts on the subject of static vs. dynamic typing. I think it’s a fascinating area to explore, and it’s one that affects our lives as programmers every day, yet it seems that a lot of people don’t really understand the distinction.

I won’t pretend to be an expert on the subject – I see this as much a learning experience for me as for the reader.

I’m also not going to pretend to be completely neutral – although I started programming in C++, at the moment I mainly program in Python and JavaScript. I’m aiming to keep as neutral as possible, as I don’t believe religion has any place in software development, and I truly believe that there are advantages to both systems.

Coming up

Categories: Programming Tags: ,

Amazon product information via Amazon Web Services

February 10th, 2010 31 comments

I recently suggested to a client that a good way to increase their sales on Amazon would be to show the Amazon price next to the “Buy from Amazon” link. I figured that there would be a simple, straightforward solution to this. I thought to myself “Amazon will have an API for that; they’ll have useful, up-to-date documentation …”

Nothing in life is as easy as it should be

Nothing in life is as easy as it should be

Well, I’m sure all of their documentation was useful, once, but not much was up-to-date. I ended up spending over an hour reading through various instructions, tutorials and references, before I was able to work out how to produce a simple REST request.

I’m hoping that by sharing my solution with you, you won’t have to go through all the brain-ache I had to endure. Feel free to leave a comment if it helped, or if any of the information didn’t work for you. This is my first how-to post so I welcome any feedback.

The AWS Signed Request Helper

I’m assuming you have an Amazon Web Services account. If not, click the link to get one.

The AWS Signed Request Helper is your friend

After spending what felt like days reading through everything I could find on the subject, everything clicked when I discovered Amazon Web Services’ Signed Request Helper. This useful little tool lets you specify the basic request parameters, and will walk you through the steps required to turn that into a fully functioning signed REST URL. Note that all requests are time-stamped, so you won’t be able to use a URL you made with the Signed Request Helper for longer than about 15 minutes. Here’s a sample session with the Signed Request Helper:

Unsigned URL:

http://ecs.amazonaws.com/onca/xml?Service=AWSECommerceService
&Version=2009-03-31
&Operation=ItemSearch
&SearchIndex=Books
&Keywords=harry+potter

Name-Value Pairs:

Service=AWSECommerceService
Version=2009-03-31
Operation=ItemSearch
SearchIndex=Books
Keywords=harry+potter
Timestamp=2010-02-09T22:27:04.000Z
AWSAccessKeyId=HIDDEN

Sorted Pairs:

AWSAccessKeyId=HIDDEN
Keywords=harry%20potter
Operation=ItemSearch
SearchIndex=Books
Service=AWSECommerceService
Timestamp=2010-02-09T22%3A27%3A04.000Z
Version=2009-03-31

String-To-Sign:

GET
ecs.amazonaws.com
/onca/xml
AWSAccessKeyId=HIDDEN&Keywords=harry%20potter&Operation=ItemSearch&SearchIndex=Books&Service=AWSECommerceService&Timestamp=2010-02-09T22%3A27%3A04.000Z&Version=2009-03-31

Signed URL:

http://ecs.amazonaws.com/onca/xml?AWSAccessKeyId=HIDDEN&Keywords=harry%20potter&Operation=ItemSearch&SearchIndex=Books&Service=AWSECommerceService&Timestamp=2010-02-09T22%3A27%3A04.000Z&Version=2009-03-31&Signature=7hZh9Dzo2WPh8JhEoAMs8mm2I6OgMaxL8pZifFcaVZY%3D

Huh?

If you’re unsure about what that all meant, here’s an explanation of each step:

Unsigned URL

The unsigned URL is what you’d use if Amazon had a simple REST API that didn’t require any authentication or signing. We’ve supplied a number of parameters. If you want to know more about these parameters, have a look at Amazon’s documentation on the ItemSearch Operation and the ItemLookup Operation.

Name-Value Pairs

This splits the query string into its constituent parts. You’ll notice that two new parameters have been added: Timestamp and AWSAccessKeyId. Timestamp is a current timestamp, specially-formatted. You’ll be able to find your AWSAccessKeyId when you log into Amazon Web Services.

Sorted Pairs

Now the Name-Value pairs have been sorted in byte order and URL encoded (e.g. + has been changed to %20).

String-To-Sign

This is the HTTP request representation of the original URL. Note the newlines – these must be included in the string for the next stage to work properly.

Signed URL

This is where the voodoo happens. The String-To-Sign and your AWS secret key are used to create an HMAC-SHA signature. For some more in-depth information on this procedure have a look at Amazon’s description.

HMAC Authentication Process

A sample implementation

Now let’s code it up. I’m going to be using PHP; implementation in other languages is left as an exercise to the reader.

This example will show how to get information on an item from Amazon.co.uk using the AWS API. We will be creating a function that will produce a signed REST URL from an Amazon product code. I’ve borrowed heavily from Amazon’s Introduction to AWS for PHP Developers, which is a useful resource, but with some crucial bits that were out of date.

The first thing to do is place your AWS credentials in a safe place. I usually use a directory called ‘safeinc’ in the parent directory to the web root. Make a file in that directory called aws.conf, as follows:

; AWS credentials
; Access Key Id
access_key = "Your access key"
; Secret Access Key
secret_key = "Your secret key"

Now it’s time to make a PHP file for our function. This function is going to take an ASIN (Amazon Standard Identification Number) and return a URL.

function makeUrl($itemId) {
  //load and parse credentials
  $creds = parse_ini_file($_SERVER["DOCUMENT_ROOT"] . '/../safeinc/aws.conf');
  //set up the base AWS URL. This can be changed to .com if necessary.
  $awsUrl = 'ecs.amazonaws.co.uk';
  $params = array(
          //AWS version date
          'Version' => '2009-03-31',
          //Look up an item by ASIN
          'Operation' => 'ItemLookup',
          //The ASIN
          'ItemId' => strval($itemId),
          //The AWS service being used
          'Service' => 'AWSECommerceService',
          //The timestamp must use this format
          'Timestamp' => gmdate('Y-m-d\TH:i:s.000\Z'),
          //Your Access Key
          'AWSAccessKeyId' => $creds['access_key'],
          //To make sure the response includes the Amazon price use this
          'ResponseGroup' => 'Offers',
          //Get Amazon prices, not third party merchants.
          'Merchant' => 'Amazon'
          );
  //Sort the params array by key
  uksort($params, 'strnatcmp');

We’ve reached the Sorted Pairs stage now, with hopefully no massive surprises. The next step is to produce the String-To-Sign.

  $qstr = '';
  foreach($params as $key => $param) {
    //each key-param combo will produce '&key=param'
    $qstr .= "&{$key}=".rawurlencode($param);
  }
  //Need to remove the initial '&'
  $qstr = substr($qstr, 1);

  //Note the newlines, and lack of '?' before query string
  $stringToSign = "GET\n"
    . $awsUrl . "\n"
    . "/onca/xml\n"
    . $qstr;

The final step is to produce the signature to make the signed URL. We’re going to be using PHP’s hash_hmac function for this.

  //hash_hmac's function signature:
  //string hash_hmac ( string $algo , string $data , string $key [, bool $raw_output = false ] )
  //The last parameter will be the signature, which must be base64-encoded.
  $params['Signature'] = base64_encode(hash_hmac('sha256',
                         $stringToSign,
                         $creds['secret_key'],
                         true)
                   );

  //Construct the URL
  $req = "http://$awsUrl/onca/xml?" . http_build_query($params);
  return $req;
}

Well, there you have it

Hopefully that solves your Amazon API woes. It turns out that it’s not really a difficult process, but you have to jump through a lot of hoops to get there. It’s a shame Amazon’s documentation isn’t more up-to-date, but then again, maybe that’s what blog posts like this one are there for. If this helped, or if you’ve spotted any mistakes or inaccuracies, let me know in the comments.

Categories: Programming Tags: ,