11 November 2011

Android Nails Sandboxing

So I'm learning to programme the Android platform. Despite constantly typing it as "Androind" finding programming fun again after many years of regarding it as somewhere between tiresome drudgery and only mildly interesting in sporadic parts.

It's early days, yet, but I do think that Android's architects had one flash of brilliant insight: Using Unix user and group permissions to sandbox applications. Brilliant! We've had this mechanism since forever, and let's be honest, it's never been all that useful except in the very early years of Unix when we actually did have to put multiple users on a single computer. And even then, most users didn't understand it. Questions about umask and file permissions are among the commonest of Unix confusions I've run across for the past 25-odd years.

Warping the idea to mean that every application is a unique user is a flash of inspiration.

09 November 2011

QOTD


'the idea of immediate compilation and "unit tests" appeals to me only rarely, when I’m feeling my way in a totally unknown environment and need feedback about what works and what doesn’t. Otherwise, lots of time is wasted on activities that I simply never need to perform or even think about. Nothing needs to be "mocked up."'

Donald Knuth 25 April 2008

(Okay, so I'm late to the party. As always.)

06 August 2011

Design using Other Peoples' APIs

Where you are dependant upon somebody else's API, decouple from that API at the earliest possible opportunity so that the remainder of your system works in terms of your own abstractions rather than that somebody else's. This shields you from the random, spurious, and often unwarned changes they may make. It also enables you to place guards against the various stupidities they may likely perpetrate in the name of fashion or unthinkingness, and ensures that you are - as much as possible - forced to deal only with your own stupidities and unthinkingess.

This injunction includes decoupling from your own APIs where those are non-core to the subsystem under design.

05 June 2011

Housekeeping Note - Server Change

Explaining why I've been so quiet lately: Migrating data and upgrading the software that runs the blogs and farm site (plus a bunch of other stuff) to a new server.  Yay upgrade!  Boo problems!  Just in time, too, it would seem, since the old server started mysteriously and frequently rebooting for no good reason, so I'm pretty sure that its been down more than its been up for about ten days now. :-(

Sorry if its all been very dodgy.

If anybody notices anything noticably untoward, please let me know -- I think I've moved everything over successfully, but not yet 100% sure, but, with the old server dying, I just want everything off it as soon as possible, so haven't had time to test all my new configuration properly.

23 May 2011

Web Site Passwords

"Signing up" for yet another something-social-facebook-wannabe website, I was struck by a random Thought Particle.


Why do all these websites ask me to enter a password twice?

No, seriously! I know the stock answers. Hell, I've written such web-signup forms myself, more times than I care to think about.

Am I that likely to misspell a password? And who would care, when all I have to do is click a link that says something like, "I forgot my password!" to get a new password sent to me. Or a reminder. Or my original password. Or some other way of recovering from my "spelling error".

So, tell me again, why are we typing these things twice inthe first place?

11 May 2011

The Magic Key to Hiring Software Developers

Over the past several months and a half I seem to have run across a lot of Development Managers1 who repeatedly and quite consistently make poor-ranging-to-terrible hiring decisions about prospective developers.

One company I know about has had such terrible luck in hiring developers that they're looking at outsourcing all their development needs. And they're a software house! But you can hardly blame them for feeling demoralised and dispirited after numerous bad hires. Or can you...?

I recently met a programmer - let's call him Arthur2 - who was looking for some Java training. He has experience developing in C, and was looking for a basic Java foundation course, but he needs it to be spread out over evening and weekends. I found this to be admirable! A programmer investing in broadening his skills in his own time and at his own cost!

I don't normally take on that sort of part-time training, but decided to try and assist a fellow Seeker In Pursuit Of Excellence, and engaged Arthur further on ways we might be able to work together. Especially challenging, since I am not even within 500km of the same city as Arthur.

As the emails and telephone conversations flowed back and forth, I soon developed a sense the something was amiss. It took a while, but Arthur eventually told me that he needed the training "urgently and quickly". The penny dropped...

It took me back to a day some 8 or 10 months ago when, whilst helping a client with some recruitment interviews, I came across a candidate-programmer who clearly was unable to program at all. A fellow who allegedly held advanced degrees, and could certainly talk a good project, but who evaded and avoided any and all questions about actual programming. Asked anything about how he would design a programme for a variety of small and typical programming problems, he ducked and he dived, twisted, turned and blathered. Clearly he was unable to write code at all.

It is my working hypothesis that Arthus has talked his way into a Java development position, but is unable to code in Java. By his own admission he knows nothing of object-oriented design. I further conjecture that he may be unable to programme at all, and is not so much seeking a Teacher, but rather wants someone to whom he can effectively sub-contract his daytime work.

There are two mysteries wrapped up in these incidences.


How do such "developers" get hired in the first place?

Clearly the managers hiring them never, ever ask them to write code at any point in the recruitment process.

I have seen a good number of articles of late urging companies who are hiring software developers to make sure that candidates write code live, sometime during the interview process. Isn't this obvious? If you want to hire a bus driver, isn't it logical to put them behind the wheel of a bus and see how they handle the job? Why do we apply a different standard for testing the competence of software developers?

The actual form of code, and the depth of testing can vary, and need not be done all at once. You might simply ask for a whiteboard sketch of a solution in initial interviews. It may not always be necessary to sit candidates down with an IDE and some of your senior developers. Even the most superficial competence checking will quickly revela any bullshit artistry, and I firmly maintain that all people are possessed of exquisitely sensitive bullshit recognition skills.

In a sense, though - for me, anyway - there's a weirder question...


How does someone completely lacking competence in a skill have the chutzpah to talk their way into the job at all?

I can't imagine applying for a job as a Bus Driver. Sooner or later someone's going to expect me to actually drive an actual bus. And I can't. What makes people think they can get away with it just because the job ad says "Java Developer"?

Moral of the story? Just repeating what so many others have already said, in the hope that we can get the word out better. And we do have to get more hiring managers to pay attention, because evidently a whole lot of them are not paying attention yet. If you're hiring a developer, have them write code in front of you. If you really don't have the skills to judge their comptence, and you're starting with a completely new technology so that you lack any already-hired developers who do have the necessary technical skills, then get an outside consultant in to help. Or something.

But please stop hiring bullshit artists who claim to be software developers.


They're giving the rest of us a bad name.


Update: Also beware of technical Trainers who are unable to show you any of their code. Another smell of bullshit artistry!

[1] People acting in the role of Dev Manager, at any rate.
[2] I don't know anyone named Arthur, so I'm reasonably sure I'm not subconsciously picking on anyone.

20 April 2011

shrtn: A URL-shortener

Everyone should have their own personal URL shortener, shouldn't they?
I figured that this wouldn't take more than a couple of hours to write. And, indeed, the core functionality didn't take much more time than that. But then we start designing our way round the shortcuts and quick-and-dirty hacks we've used to "get things going quickly", writing unit-tests and comments explaining our thinking, adding some JSP pages so that we can exercise the whole mess, brewing a couple of batches of beer in between times... let's just leave it at a little bit longer!


Why?

Indeed! Why would anybody want Their Very Own Personal URL Shortener?


First: I don't really trust all the "cloudy" hype going around right now. For a start, I have no good reason to trust bit.ly, is.gd, goo.gl or any of the other several-dozen public shorteners. Not that I have much reason to distrust them, but really, I don't know them or the people behind them from a bar of soap. And why should I, like a sheep, participate in generating value[1] for someone who gives me little or nothing in return aside from a shorter, opaque URL that requires an extra network round-trip? And let's not forget that these entities have a nasty tendency to vanish, sometimes rather abruptly. Companies get bought and the acquiring company borgs the product, or sees no value in it, or any of a thousand other corpthink accidents may happen.

Then, too, what sort of assurance do I have that I'll ever be able to get my data (and if I shorten a reference, it's my reference) out of their service ever again? Granted that Google does make some effort in that direction (or at least nods benignly while their engineers do it), but, like the actions of the kakistocracy throughout history, things are only good until a single bad apple rots the barrel.


Second: I don't have PHP deployed on my servers and have no wish to add to the system-administration burden I already have to deal with, so I distinctly want something written in Java...


Third: A whole lot of the URL-shortening services out there don't give any analytics. At least not of those that I can self-host. I think that the analytics angle is compelling. Conventional web analytics - like Google Analytics - are only accessible to the people who created and host the content under analysis. They know where their audience came from, when and how, but nobody else does. If I refer people to some web-stuff[2] I'd like to get an idea of how many people I influenced - how many people followed my recommendation. It is a measure of my own reputation and influence, so highly personal[3]. URL-shorteners give us a way to measure, with a reasonable degree of accuracy and assurance, the influence we have in persuading others to follow our webby blatherings.

I will confess that Google's shortening service is pretty good, and has some nice-ish analytics, but I still think it's in our own best interest to keep at least some stuff out of Google's (or anybody's) mitts. Just on general principles.


An Unexpected Bonus

As it turns out, this is a really, really nice project to use for teaching a JSP/Servlet course, so I'll be reversing it into my Java web-dev course. It covers all the principles I like to get across, from container-managed security through session management and clever use of error-pages, to exploiting the underlying infrastructure properly (instead of hoping that some crapulatious web framework will substitute for your own lack of knowledge or understanding.)


Where?

I'll be releasing the code under the GNU Affero General Public License (probably via Google Code). Just have some tidying-up to do first (like getting license notices in place.) The first deployment is very feature incomplete - there's quite a bit I'd still like to add to the app - and some downright dodgy implementation details that need replacing in time, but for now its working for me.


Drop me a line if you're desperate to have it work for you and can't wait...

[1] At least I assume they get some value out of hosting their shorteners, otherwise why would they do it?
[2] I despise the word "content", despite using it quite frequently.
[3] And, YES, ego-gratifying[4].
[4] Or ego-destroying, as the case may be.
Related Posts Plugin for WordPress, Blogger...