A Chance Gardener
Harvesting open-source products and planting the next crop
A Lesson in Resource Management
Waste not memory, want not memory—unless it doesn't matter
A License to Kode
Code-scanning software is expensive and I'm not sure it's worth it. What do you think?
A Nice Piece of Code
Colorful metaphors and properly reusing functions
A Paucity of Ports
Debugging an ephemeral problem
A System is not a Product
Stopping to smell the code before wasting time reentering configuration data
APIs with an Appetite
Time for everyone's favorite subject again: API design. This one just doesn't get old, does it? Well, OK, maybe it does, but leave it to Kode Vicious to inject some fresh insight into this age-old programming challenge. This month KV turns the spotlight on the delicate art of API sizing.
Advice to a Newbie
Dear KV, I am new to programming and just started reading some books about programming, particularly C++ and Visual Basic. I truly enjoy programming a lot, to the extent that for the past couple of months I have never missed a day without writing some code. My main concern now is what the world holds for programmers. If someone is called a programmer (i.e., professionally), what will he or she really be programming? As in, will you always be inventing new software or what, really? This is mainly in the case of someone who will not be working for someone else.
Avoiding Obsolescence
Overspecialization can be the kiss of death for sysadmins.
Beautiful Code Exists, if You Know Where to Look
A koder with attitude, KV answers your questions. Miss Manners he ain't.
Bound by the Speed of Light
There's only so much you can do to optimize NFS over a WAN.
Broken Builds
Frequent broken builds could be symptomatic of deeper problems within a development project.
Bugs and Bragging Rights
It's not always size that matters.
Can More Code Mean Fewer Bugs?
The bytes you save today may bite you tomorrow
Cherry-picking and the Scientific Method
Software is supposed be a part of computer science, and science demands proof.
Chilling the Messenger
Keeping ego out of software-design review
Cloud Calipers
Naming the next generation and remembering that the cloud is just other people's computers
Code Abuse
One programmer's extension is another programmer's abuse.
Code Hoarding
Committing to commits, and the beauty of summarizing graphs
Code Rototilling
KV hates unnecessary work.
Cold, Hard Cache
On the implementation and maintenance of caches
Collecting Counters
Gathering statistics is important, but so is making them available to others.
Commitment Issues
When is the right time to commit changes?
Debugging Devices
I hope you're lucky enough to have decent documentation and support from your vendor. If not, then I'll see you at the bar. I'm the guy sitting alone at the far end, crying into a chip manual with an always-full gin and tonic. My bartender knows me well.
Debugging on Live Systems
It's more of a social than a technical problem.
Divided by Division
Is there a best used-by date for software?
Don't be Typecast as a Software Developer
Kode Vicious's temper obviously suffers from having to clean up after the mistakes of his peers. What would he have them learn now so that he can look forward to a graceful and mellow old age?
Every Silver Lining Has a Cloud
Cache is king. And if your cache is cut, you're going to feel it.
Facing the Strain
Dear KV, I've been working on a software team that produces an end-user application on several different operating system platforms. I started out as the build engineer, setting up the build system, then the nightly test scripts, and now I work on several of the components themselves, as well as maintaining the build system. The biggest problem Ive seen in building software is the lack of API stability. It's OK when new APIs are added--you can ignore those if you like--and when APIs are removed I know, because the build breaks. The biggest problem is when someone changes an API, as this isn't discovered until some test script--or worse, a user--executes the code and it blows up.
File-system Litter
Cleaning up your storage space quickly and efficiently
Forced Exception-Handling
You can never discount the human element in programming.
Forked Over
Shortchanged by open source
GNL is Not Linux
What's in a Name?
Gardening Tips
A good library is like a garden.
Get Real about Realtime
Dear KV, I'm working on a networked system that has become very sensitive to timing issues. When the system was first developed the bandwidth requirements were well within the tolerance of off-the-shelf hardware and software, but in the past three years things have changed. The data stream has remained the same but now the system is being called on to react more quickly to events as they arrive. The system is written in C++ and runs on top of Linux. In a recent project meeting I suggested that the quickest route to decreasing latency was to move to a realtime version of Linux, since realtime operating systems are designed to provide the lowest-latency services to applications.
Gettin' Your Head Straight
Kode Vicious is hungry. He sustains himself on your questions from the software development trenches (and lots of beer). Without your monthly missives, KV is like a fish out of water, or a scientist without a problem to solve. So please, do you part to keep him sane (or at least free from psychotic episodes), occupied, and useful.
Gettin' Your Kode On
Dear KV, Simple question: When is the right time to call the c_str() method on a string to get the actual pointer?
Hickory Dickory Doc
On null encryption and automated documentation
How to Improve Security?
It takes more than flossing once a year.
Human-KV Interaction
We can't guarantee you'll agree with his advice, but it'll probably be more effective than anything you've tried thus far.
Interviewing Techniques
Separating the good programmers from the bad
IoT: The Internet of Terror
If it seems like the sky is falling, that's because it is.
KV the Konqueror
Dear KV, Suppose I'm a customer of Sincere-and-Authentic's (Kode Vicious Battles On, April 2005:15-17), and suppose the sysadmin at my ISP is an unscrupulous, albeit music-loving, geek. He figured out that I have an account with Sincere-and-Authentic. He put in a filter in the access router to log all packets belonging to a session between me and S&A. He would later mine the logs and retrieve the music--without paying for it. I know this is a far-fetched scenario, but if S&A wants his business secured as watertight as possible, shouldn't he be contemplating addressing it, too? Yes, of course, S&A will have to weigh the risk against the cost of mitigating it, and he may well decide to live with the risk.
KV the Loudmouth
What requirement is being satisfied by having Unclear build a P2P file-sharing system? Based upon the answer, it may be more effective, and perhaps even more secure, to use an existing open source project or purchase commercial software to address the business need.
Know Your Algorithms
Stop using hardware to solve software problems.
Kode Vicious:
The Doctor is In
A koder with attitude, KV answers your questions. Miss Manners he ain't.
Kode Vicious Battles On
Dear KV, I'm maintaining some C code at work that is driving me right out of my mind. It seems I cannot go more than three lines in any file without coming across a chunk of code that is conditionally compiled.
Kode Vicious Bugs Out
What do you do when tools fail?
Kode Vicious Cycles On
Not only does California give you plenty of sun, it also apparently has employers that give you plenty of time to play around with the smaller problems that you like, in a programming language that's irrelevant to the later implementation.
Kode Vicious Gets Dirty
Dear Kode Vicious, I am a new Webmaster of a (rather new) Web site in my company's intranet. Recently I noticed that although I have implemented some user authentication (a start *.asp page linked to an SQL server, having usernames and passwords), some of the users found out that it is also possible to enter a rather longer URL to a specific page within that Web site (instead of entering the homepage), and they go directly to that page without being authenticated (and without their login being recorded in the SQL database).
Kode Vicious Reloaded
The program should be a small project, but every time I start specifying the objects and methods it seems to grow to a huge size, both in the number of lines and the size of the final program.
Kode Vicious Strikes Again
Dear Kode Vicious, I have this problem. I can never seem to find bits of code I know I wrote. This isn't so much work code--that's on our source server--but you know, those bits of test code I wrote last month, I can never find them. How do you deal with this?
Kode Vicious Unleashed
Dear KV, My officemate writes methods that are 1,000 lines long and claims they are easier to understand than if they were broken down into a smaller set of methods. How can we convince him his code is a maintenance nightmare?
Kode Vicious Unscripted
The problem? Computers make it too easy to copy data.
Kode Vicious to the Rescue
Dear Kode Vicious, Where I work we use a mixture of C++ code, Python, and shell scripts in our product. I always have a hard time trying to figure out when it's appropriate to use which for a certain job. Do you code in only assembler and C, or is this a problem for you as well?
Kode Vicious vs. Mothra
Dear KV, My co-workers keep doing really bad things in the code, such as writing C++ code with macros that have gotos that jump out of them, and using assert in lower-level functions as an error-handling facility. I keep trying to get them to stop doing these things, but the standard response I get is, "Yeah, it's not pretty, but it works." How can I get them to start asking, "Is there a better way to do this?" They listen to my arguments but don't seem convinced. In some cases they even insist they are following good practices.
Kode Vicious: The Return
Dear KV, Whenever my team reviews my code, they always complain that I don't check for return values from system calls. I can see having to check a regular function call, because I don't trust my co-workers, but system calls are written by people who know what they're doing--and, besides, if a system call fails, there isn't much I can do to recover. Why bother?
Latency and Livelocks
"Dear KV: My company has a very large database with all of our customer information. The database is replicated to several locations around the world to improve performance locally, so that when customers in Asia want to look at their data, they don't have to wait for it to come from the United States, where my company is based..."
Lazarus Code
No one expects the Spanish Acquisition.
Logging on with KV
Dear KV, I've been stuck with writing the logging system for a new payment processing system at work. As you might imagine, this requires logging a lot of data because we have to be able to reconcile the data in our logs with our customers and other users, such as credit card companies, at the end of each billing cycle, and we have to be prepared if there is any argument over the bill itself. I've been given the job for two reasons: because I'm the newest person in the group and because no one thinks writing yet another logging system is very interesting.
Merge Early, Merge Often
Integrating changes in branched development
Outsourcing Responsibility
What do you do when your debugger fails you?
Painting the Bike Shed
A sure-fire technique for ending pointless coding debates
Peerless P2P
Dear KV, I've just started on a project working with P2P software, and I have a few questions. Now, I know what you're thinking, and no this isn't some copyright-violating piece of kowboy kode. It's a respectable corporate application for people to use to exchange data such as documents, presentations, and work-related information. My biggest issue with this project is security, for example, accidentally exposing our users data or leaving them open to viruses. There must be more things to worry about, but those are the top two. So, I want to ask "What would KV do?"
Phishing for Solutions
Re: phishing, doesn't the URL already give away enough information?
Pickled Patches
On repositories of patches and tension between security professionals and in-house developers
Pointless PKI
We've had problems in the past with internal compromises, and management has decided that the only way to protect the information is to encrypt it during transmission.
Poisonous Programmers
Dear KV, I hope you don't mind if I ask you about a non-work-related problem, though I guess if you do mind you just won't answer. I work on an open source project when I have the time, and we have some annoying nontechnical problems. The problems are really people, and I think you know the ones I mean: people who constantly fight with other members of the project over what seem to be the most trivial points, or who contribute very little to the project but seem to require a huge amount of help for their particular needs. I find myself thinking it would be nice if such people just went away, but I don't think starting a flame war on our mailing lists over these things would really help.
Popping Kernels
Choosing between programming in the kernel or in user space
Port Squatting
Don't irk your local sysadmin.
Porting with Autotools
Using tools such as Automake and Autoconf with preexisting code bases can be a major hassle.
Pride and Prejudice:
(The Vasa)
What can software engineers learn from shipbuilders?
Raw Networking
Relevance and repeatability
Reducing the Attack Surface
Sometimes you can give the monkey a less dangerous club.
Saddle Up, Aspiring Code Jockeys
Dear KV, I am an IT consultant/contractor. I work mainly on networks (Im a Cisco Certified Network Associate) and Microsoft operating systems (Microsoft Certified Systems Engineer). I have been doing this work for more than eight years. Unfortunately, it is starting to bore me. My question is: How would I go about getting back into programming? I say getting back into because I have some experience. In high school I took two classes of programming in Applesoft BASIC (archaic, I know). I loved it, aced everything, and was the best programming student the teacher ever saw. This boosted my interest in computer science, which I pursued in college.
Scale Failure
Using a tool for the wrong job is OK until the day when it isn't.
Sizing Your System
A koder with attitude, KV answers your questions. Miss Manners he ain't.
Standards Advice
Easing the pain of implementing standards
Storage Strife
Beware keeping data in binary format
Swamped by Automation
Whenever someone asks you to trust them, don't.
Take a Freaking Measurement!
Have you ever worked with someone who is a complete jerk about measuring everything?
The Chess Player who Couldn't Pass the Salt
AI: Soft and hard, weak and strong, narrow and general
The Logic of Logging
And the illogic of PDF
The Meaning of Maintenance
Software maintenance is more than just bug fixes.
The Naming of Hosts is a Difficult Matter
Also, the perils of premature rebooting
The Network Protocol Battle:
A tale of hubris and zealotry
A tale of hubris and zealotry
The Next Big Thing
Dear KV, I know you did a previous article where you listed some books to read (Kode Vicious Bugs Out, April 2006). I would also consider adding How to Design Programs, available free on the Web (http://www.htdp.org/). This book is great for explaining the process of writing a program. It uses the Scheme language and introduces FP (functional programming). I think FP could be the future of programming. John Backus of the IBM Research Laboratory suggested this in 1977 (http://www.stanford.edu/class/cs242/readings/backus.pdf). Even Microsoft has yielded to FP by introducing FP concepts in C# with LINQ (Language Integrated Query).
The Obscene Coupling Known as Spaghetti Code
Teach your junior programmers how to read code
The Observer Effect
Finding the balance between zero and maximum
The Unholy Trinity of Software Development
Tests, documentation, and code
The Virtue of Paranoia
A koder with attitude, KV answers your questions. Miss Manners he ain't.
This is the Foo Field
The meaning of bits and avoiding upgrade bog downs
Too Big to Fail
Visibility leads to debuggability.
Understanding the Problem
Is there any data showing that Java projects are any more or less successful than those using older languages?
Vicious XSS
For readers who doubt the relevance of KV's advice, witness the XSS attack that befell MySpace in October.
Wanton Acts of Debuggery
Keep your debug messages clear, useful, and not annoying.
Watchdogs vs. Snowflakes
Taking wild-ass guesses
What Are You Trying to Pull?
A single cache miss is more expensive than many instructions.
Writing a Test Plan
Establish your hypotheses, methodologies, and expected results.