Kode Vicious

RSS
Sort By:

Outsourcing Responsibility

What do you do when your debugger fails you?

July 1, 2014

Topic: Development

2 comments

Forked Over

Shortchanged by open source

April 23, 2014

Topic: Development

0 comments

The Logic of Logging

And the illogic of PDF

February 24, 2014

Topic: Development

0 comments

This is the Foo Field

The meaning of bits and avoiding upgrade bog downs

January 14, 2014

Topic: Development

2 comments

Bugs and Bragging Rights

It's not always size that matters.

November 11, 2013

Topic: Development

0 comments

A Lesson in Resource Management

Waste not memory, want not memory—unless it doesn't matter

September 3, 2013

Topic: Networks

4 comments

The Naming of Hosts is a Difficult Matter

Also, the perils of premature rebooting

June 18, 2013

Topic: Development

1 comments

Cherry-picking and the Scientific Method

Software is supposed be a part of computer science, and science demands proof.

April 22, 2013

Topic: Development

1 comments

Swamped by Automation

Whenever someone asks you to trust them, don't.

February 12, 2013

Topic: Development

1 comments

Divided by Division

Is there a best used-by date for software?

January 10, 2013

Topic: Development

3 comments

Code Abuse

One programmer's extension is another programmer's abuse.

December 5, 2012

Topic: Development

0 comments

Can More Code Mean Fewer Bugs?

The bytes you save today may bite you tomorrow

August 8, 2012

Topic: Development

1 comments

A Nice Piece of Code

Colorful metaphors and properly reusing functions

June 5, 2012

Topic: Development

1 comments

A System is not a Product

Stopping to smell the code before wasting time reentering configuration data

April 12, 2012

Topic: Development

2 comments

Scale Failure

Using a tool for the wrong job is OK until the day when it isn't.

February 21, 2012

Topic: Development

1 comments

The Network Protocol Battle:
A tale of hubris and zealotry

A tale of hubris and zealotry

January 5, 2012

Topic: Networks

24 comments

Code Rototilling

KV hates unnecessary work.

December 14, 2011

Topic: Development

0 comments

Wanton Acts of Debuggery

Keep your debug messages clear, useful, and not annoying.

October 24, 2011

Topic: Development

1 comments

Debugging on Live Systems

It's more of a social than a technical problem.

September 13, 2011

1 comments

How to Improve Security?

It takes more than flossing once a year.

August 12, 2011

Topic: Security

1 comments

File-system Litter

Cleaning up your storage space quickly and efficiently

July 12, 2011

1 comments

Interviewing Techniques

Separating the good programmers from the bad

June 14, 2011

5 comments

Storage Strife

Beware keeping data in binary format

May 5, 2011

Topic: Databases

0 comments

Porting with Autotools

Using tools such as Automake and Autoconf with preexisting code bases can be a major hassle.

March 3, 2011

Topic: Development

0 comments

Bound by the Speed of Light

There's only so much you can do to optimize NFS over a WAN.

December 14, 2010

Topic: Networks

3 comments

Gardening Tips

A good library is like a garden.

October 18, 2010

Topic: Development

0 comments

A Paucity of Ports

Debugging an ephemeral problem

August 24, 2010

Topic: Development

2 comments

Collecting Counters

Gathering statistics is important, but so is making them available to others.

June 4, 2010

Topic: Development

1 comments

Avoiding Obsolescence

Overspecialization can be the kiss of death for sysadmins.

April 29, 2010

Topic: Development

0 comments

Broken Builds

Frequent broken builds could be symptomatic of deeper problems within a development project.

March 17, 2010

Topic: Development

5 comments

Commitment Issues

When is the right time to commit changes?

February 10, 2010

Topic: Development

0 comments

Standards Advice

Easing the pain of implementing standards

December 30, 2009

Topic: Compliance

4 comments

Merge Early, Merge Often

Integrating changes in branched development

October 29, 2009

Topic: Development

4 comments

The Meaning of Maintenance

Software maintenance is more than just bug fixes.

August 14, 2009

Topic: Quality Assurance

6 comments

Painting the Bike Shed

A sure-fire technique for ending pointless coding debates

June 25, 2009

1 comments

Don't be Typecast as a Software Developer

Kode Vicious's temper obviously suffers from having to clean up after the mistakes of his peers. What would he have them learn now so that he can look forward to a graceful and mellow old age?

March 13, 2009

1 comments

Pride and Prejudice:
(The Vasa)

What can software engineers learn from shipbuilders?

February 23, 2009

0 comments

Debugging Devices

I hope you're lucky enough to have decent documentation and support from your vendor. If not, then I'll see you at the bar. I'm the guy sitting alone at the far end, crying into a chip manual with an always-full gin and tonic. My bartender knows me well.

January 8, 2009

0 comments

Get Real about Realtime

Dear KV, I'm working on a networked system that has become very sensitive to timing issues. When the system was first developed the bandwidth requirements were well within the tolerance of off-the-shelf hardware and software, but in the past three years things have changed. The data stream has remained the same but now the system is being called on to react more quickly to events as they arrive. The system is written in C++ and runs on top of Linux. In a recent project meeting I suggested that the quickest route to decreasing latency was to move to a realtime version of Linux, since realtime operating systems are designed to provide the lowest-latency services to applications.

December 4, 2008

0 comments

Beautiful Code Exists, if You Know Where to Look

Dear KV, I've been reading your rants in Queue for a while now and I can't help asking, is there any code you do like? You always seem so negative; I really wonder if you actually believe the world of programming is such an ugly place or if there is, somewhere, some happy place that you go to but never tell your readers about.

October 24, 2008

2 comments

Sizing Your System

Dear KV, I'm working on a network server that gets into the situation you called livelock in a previous response to a letter (Queue May/June 2008). Our problem is that our system has only a fixed amount of memory to receive network data, but the system is frequently overwhelmed and can't make progress. When I ask our application engineers about how much data they expect, the only answer I get is "a lot," which isn't much help. How can I figure out how to size our systems appropriately?

September 24, 2008

0 comments

The Virtue of Paranoia

Dear KV, I just joined a company that massages large amounts of data into an internal format for its own applications to work on. Although the data is backed up regularly, I have noticed that access to this data, which has accumulated to be several petabytes in size, is not particularly well secured. There is no encryption, and although the data is not easily reachable from the Internet, everyone at the company has direct access to the volumes, both physically and electronically, all the time.

July 28, 2008

Topic: Security

0 comments

Latency and Livelocks

"Dear KV: My company has a very large database with all of our customer information. The database is replicated to several locations around the world to improve performance locally, so that when customers in Asia want to look at their data, they don't have to wait for it to come from the United States, where my company is based..."

April 28, 2008

0 comments

Poisonous Programmers

Dear KV, I hope you don't mind if I ask you about a non-work-related problem, though I guess if you do mind you just won't answer. I work on an open source project when I have the time, and we have some annoying nontechnical problems. The problems are really people, and I think you know the ones I mean: people who constantly fight with other members of the project over what seem to be the most trivial points, or who contribute very little to the project but seem to require a huge amount of help for their particular needs. I find myself thinking it would be nice if such people just went away, but I don't think starting a flame war on our mailing lists over these things would really help.

March 4, 2008

0 comments

Take a Freaking Measurement!

Have you ever worked with someone who is a complete jerk about measuring everything?

January 17, 2008

Topic: Quality Assurance

0 comments

The Next Big Thing

Dear KV, I know you did a previous article where you listed some books to read (Kode Vicious Bugs Out, April 2006). I would also consider adding How to Design Programs, available free on the Web (http://www.htdp.org/). This book is great for explaining the process of writing a program. It uses the Scheme language and introduces FP (functional programming). I think FP could be the future of programming. John Backus of the IBM Research Laboratory suggested this in 1977 (http://www.stanford.edu/class/cs242/readings/backus.pdf). Even Microsoft has yielded to FP by introducing FP concepts in C# with LINQ (Language Integrated Query).

November 15, 2007

0 comments

Gettin' Your Head Straight

Dear KV, One of the biggest problems I have is memory. Not the RAM in my computer, but the wet squishy stuff in my head. It seems that no matter how many signs I put up around my cube, nor how often I turn off all the annoying instant messaging clients I need to use for work, I can't get through more than 15 minutes of work without someone interrupting me, and then I lose my train of thought. If this happens when I'm reading e-mail, that's not a problem, but when working on code, in particular when debugging a difficult problem in code, this makes my life very difficult.

August 16, 2007

0 comments

KV the Loudmouth

What requirement is being satisfied by having Unclear build a P2P file-sharing system? Based upon the answer, it may be more effective, and perhaps even more secure, to use an existing open source project or purchase commercial software to address the business need.

June 7, 2007

Topic: Open Source

0 comments

Advice to a Newbie

Dear KV, I am new to programming and just started reading some books about programming, particularly C++ and Visual Basic. I truly enjoy programming a lot, to the extent that for the past couple of months I have never missed a day without writing some code. My main concern now is what the world holds for programmers. If someone is called a programmer (i.e., professionally), what will he or she really be programming? As in, will you always be inventing new software or what, really? This is mainly in the case of someone who will not be working for someone else.

May 4, 2007

0 comments

APIs with an Appetite

Dear KV, This may sound funny to you, but one of my co-workers recently called one of my designs fat. My project is to define a set of database APIs that will be used by all kinds of different front-end Web services to store and retrieve data. The problem is that a one-size-fits-all approach can't work because each customer of the system has different needs. Some are storing images, some are storing text, sound, video, and just about anything else you can imagine. In the current design each type of data has its own specific set of APIs to store, search, retrieve, and manipulate its own type of data.

March 9, 2007

0 comments

A License to Kode

Dear KV, I'm in the QA group for a medium-size startup in Silicon Valley, and one of our VPs sits on the board of a company that makes code-scanning software--you know, the stuff that spits out warnings about all the bad things you can do in C and C++. We've definitely found our share of buffer overflows and other problems in our code, but this stuff is expensive, more than $5,000 a seat and I'm just not sure its worth it. What do you think of these tools?

February 2, 2007

0 comments

Peerless P2P

Dear KV, I've just started on a project working with P2P software, and I have a few questions. Now, I know what you're thinking, and no this isn't some copyright-violating piece of kowboy kode. It's a respectable corporate application for people to use to exchange data such as documents, presentations, and work-related information. My biggest issue with this project is security, for example, accidentally exposing our users data or leaving them open to viruses. There must be more things to worry about, but those are the top two. So, I want to ask "What would KV do?"

December 28, 2006

0 comments

Understanding the Problem

Is there any data showing that Java projects are any more or less successful than those using older languages?

November 10, 2006

0 comments

Saddle Up, Aspiring Code Jockeys

Dear KV, I am an IT consultant/contractor. I work mainly on networks (Im a Cisco Certified Network Associate) and Microsoft operating systems (Microsoft Certified Systems Engineer). I have been doing this work for more than eight years. Unfortunately, it is starting to bore me. My question is: How would I go about getting back into programming? I say getting back into because I have some experience. In high school I took two classes of programming in Applesoft BASIC (archaic, I know). I loved it, aced everything, and was the best programming student the teacher ever saw. This boosted my interest in computer science, which I pursued in college.

October 10, 2006

0 comments

Facing the Strain

Dear KV, I've been working on a software team that produces an end-user application on several different operating system platforms. I started out as the build engineer, setting up the build system, then the nightly test scripts, and now I work on several of the components themselves, as well as maintaining the build system. The biggest problem Ive seen in building software is the lack of API stability. It's OK when new APIs are added--you can ignore those if you like--and when APIs are removed I know, because the build breaks. The biggest problem is when someone changes an API, as this isn't discovered until some test script--or worse, a user--executes the code and it blows up.

September 15, 2006

0 comments

Pointless PKI

We've had problems in the past with internal compromises, and management has decided that the only way to protect the information is to encrypt it during transmission.

July 27, 2006

Topic: Security

0 comments

Logging on with KV

Dear KV, I've been stuck with writing the logging system for a new payment processing system at work. As you might imagine, this requires logging a lot of data because we have to be able to reconcile the data in our logs with our customers and other users, such as credit card companies, at the end of each billing cycle, and we have to be prepared if there is any argument over the bill itself. I've been given the job for two reasons: because I'm the newest person in the group and because no one thinks writing yet another logging system is very interesting.

June 30, 2006

0 comments

Phishing for Solutions

Dear KV, I noticed you covered cross-site scripting a few issues back (Vicious XSS, December-January 2005-2006), and I'm wondering if you have any advice on another Web problem, phishing. I work at a large financial institution and every time we roll out a new service, the security team comes down on us because either the login page looks different or they claim that it's easy to phish information from our users using one of our forms. It's not like we want our users to be phished--we actually take this quite seriously--but I don't think it's a technical problem. Our users are just stupid and give away their information to anyone who seems willing to put up a reasonable fake of one of our pages.

June 30, 2006

0 comments

Kode Vicious Bugs Out

Dear KV, I'm on a small team that is building a custom, embedded, consumer device that is due out by Christmas. Of course the schedule is tight and there are make-or-break dates that if we miss basically mean the product will never make it to market. Not the most fun environment in which to have problems. The software was carefully specified and laid out and then simulated while the hardware was being manufactured. Now we have real hardware, and real problems as well. Aside from the timing issues we found when we were no longer running the software in a simulator, several bugs remain that show up only under very special circumstances and that disappear when I use the debugger or turn on the logging code built into the system.

May 2, 2006

Topic: Development

1 comments

Human-KV Interaction

Dear KV, I've been reading your column occasionally and havent seen you address anything related to user interface design and how it can completely torque a piece of software. I happen to work as a programmer on a project for a company that sells point-of-sale software, which is a nice way of saying cash registers. The goals of the marketing people and user interface designers (we have several for our different product lines) always seem to twist the software into directions that only make it more fragile. These people ask for features that, while to a naive user might make the user interface easier to customize or use, to any of the programmers on the project its obvious that the feature in question will have a negative impact on code size, clarity, or some other nasty side effect.

March 29, 2006

0 comments

Gettin' Your Kode On

Dear KV, Simple question: When is the right time to call the c_str() method on a string to get the actual pointer?

February 23, 2006

0 comments

Vicious XSS

Dear KV, I know you usually spend all your time deep in the bowels of systems with C and C++ (at least that's what I gather from reading your columns), but I was wondering if you could help me with a problem in a language a little further removed from low-level bits and bytes, PHP. Most of the systems where I work are written in PHP, and, as I bet you've already worked out, those systems are Web sites. My most recent project is a merchant site that will also support user comments. Users will be able to submit reviews of products and merchants to the site.

January 31, 2006

0 comments

Kode Vicious:
The Doctor is In

Dear Kode Vicious, I've been reading your rants for a few months now and was hoping you could read one of mine. It's a pretty simple rant, actually: it's just that I'm tired of hearing about buffer overflows and dont understand why anyone in his or her right mind still uses strcpy(). Why does such an unsafe routine continue to exist at all? Why not just remove the thing from the library and force people to migrate their code? Another thing I wonder is, how did such an API come to exist in the first place?

December 16, 2005

0 comments

Kode Vicious Unscripted

The problem? Computers make it too easy to copy data.

December 8, 2005

Topic: Development

0 comments

KV the Konqueror

Dear KV, Suppose I'm a customer of Sincere-and-Authentic's (Kode Vicious Battles On, April 2005:15-17), and suppose the sysadmin at my ISP is an unscrupulous, albeit music-loving, geek. He figured out that I have an account with Sincere-and-Authentic. He put in a filter in the access router to log all packets belonging to a session between me and S&A. He would later mine the logs and retrieve the music--without paying for it. I know this is a far-fetched scenario, but if S&A wants his business secured as watertight as possible, shouldn't he be contemplating addressing it, too? Yes, of course, S&A will have to weigh the risk against the cost of mitigating it, and he may well decide to live with the risk.

October 18, 2005

0 comments

Kode Vicious Cycles On

Not only does California give you plenty of sun, it also apparently has employers that give you plenty of time to play around with the smaller problems that you like, in a programming language that's irrelevant to the later implementation.

August 18, 2005

Topic: Development

0 comments

Kode Vicious Gets Dirty

Dear Kode Vicious, I am a new Webmaster of a (rather new) Web site in my company's intranet. Recently I noticed that although I have implemented some user authentication (a start *.asp page linked to an SQL server, having usernames and passwords), some of the users found out that it is also possible to enter a rather longer URL to a specific page within that Web site (instead of entering the homepage), and they go directly to that page without being authenticated (and without their login being recorded in the SQL database).

July 6, 2005

Topic: Web Development

0 comments

Kode Vicious vs. Mothra

Dear KV, My co-workers keep doing really bad things in the code, such as writing C++ code with macros that have gotos that jump out of them, and using assert in lower-level functions as an error-handling facility. I keep trying to get them to stop doing these things, but the standard response I get is, "Yeah, it's not pretty, but it works." How can I get them to start asking, "Is there a better way to do this?" They listen to my arguments but don't seem convinced. In some cases they even insist they are following good practices.

June 7, 2005

Topic: Development

0 comments

Kode Vicious Battles On

Dear KV, I'm maintaining some C code at work that is driving me right out of my mind. It seems I cannot go more than three lines in any file without coming across a chunk of code that is conditionally compiled.

April 21, 2005

Topic: Development

0 comments

Kode Vicious Reloaded

The program should be a small project, but every time I start specifying the objects and methods it seems to grow to a huge size, both in the number of lines and the size of the final program.

March 18, 2005

Topic: Development

0 comments

Kode Vicious Unleashed

Dear KV, My officemate writes methods that are 1,000 lines long and claims they are easier to understand than if they were broken down into a smaller set of methods. How can we convince him his code is a maintenance nightmare?

February 16, 2005

Topic: Development

0 comments

Kode Vicious: The Return

Dear KV, Whenever my team reviews my code, they always complain that I don't check for return values from system calls. I can see having to check a regular function call, because I don't trust my co-workers, but system calls are written by people who know what they're doing--and, besides, if a system call fails, there isn't much I can do to recover. Why bother?

December 27, 2004

Topic: Development

0 comments

Kode Vicious Strikes Again

Dear Kode Vicious, I have this problem. I can never seem to find bits of code I know I wrote. This isn't so much work code--that's on our source server--but you know, those bits of test code I wrote last month, I can never find them. How do you deal with this?

December 6, 2004

Topic: Development

0 comments

Kode Vicious to the Rescue

Dear Kode Vicious, Where I work we use a mixture of C++ code, Python, and shell scripts in our product. I always have a hard time trying to figure out when it's appropriate to use which for a certain job. Do you code in only assembler and C, or is this a problem for you as well?

November 30, 2004

Topic: Programming Languages

1 comments