Programming Mistakes To Avoid

snydeq writes "InfoWorld's Peter Wayner outlines some of the most common programming mistakes and how to avoid them. 'Certain programming practices send the majority of developers reaching for their hair upon opening a file that has been exhibiting too much "character." Spend some time in a bar near any tech company, and you'll hear the howls: Why did the programmer use that antiquated structure? Where was the mechanism for defending against attacks from the Web? Wasn't any thought given to what a noob would do with the program?' Wayner writes. From playing it fast and loose, to delegating too much to frameworks, to relying too heavily on magic boxes, to overdetermining the user experience — each programming pitfall is accompanied by its opposing pair, lending further proof that 'programming may in fact be transforming into an art, one that requires a skilled hand and a creative mind to achieve a happy medium between problematic extremes.'" What common mistakes do you frequently have to deal with?

Printable version - All on one page

[Yuioup]

And now for the printable version with all the tips on one page:

http://infoworld.com/print/145292

Y

Re:Printable version - All on one page

[Bobakitoo]

It is the first time i bother to rtfa. Thank you very much, it been a pleasing experience.

Re:Printable version - All on one page

[CountBrass]

'programming may in fact be transforming into an art, one that requires a skilled hand and a creative mind to achieve a happy medium between problematic extremes.' Bullshit. Programming has always been an art that required skill and a creative mind. The only people who have claimed otherwise have been managers, who would prefer all techies were interchangable cogs, and crap programmers: the gimps and muppets of our trade.

Re:Printable version - All on one page

[commodore64_love]

>>>Programming has always been an art that required skill and a creative mind

plus logical thinking (like the machine you're programming). It always surprised me when my Professor/Director of Engineering said programming should not be considered a "science" or "engineering". He said they were the equivalent of bus drivers - just human beings running a machine.

At first I thought, 'Well maybe he has a point' but no not really. Driving a machine is a skill that can be learned in a day or two. Programming a machine requires years - the same amount of time needed to learn any engineering discipline.

 

Re:Printable version - All on one page

[Bobakitoo]

If you would have care to check the link, you would have see the IBM advertisment on the side. Also print layout is a feature of the site, OP did not invented it or hacked it in. Or maybe it is you that run ads-blocker and steal their labor? If you get mod down it will be only because you speak bullshit.

Re:Printable version - All on one page

[oneandoneis2]

Funny, that: When I view the link to the printable version, I get an ad in it.
Did you just not bother to look, or did you forget to turn off your adblock before looking? :)

Re:Printable version - All on one page

[ByOhTek]

And a lot of graphic/physical artist. I've seen many who do graphic arts, drawing and painting, who seems to think that if you are in any computer programming or science field, you have no creativity.

Re:Printable version - All on one page

[poetmatt]

what advertisement? I haven't seen ads on websites in years between my hosts file and adblock.

Re:Printable version - All on one page

[AmiMoJo]

I think driving is pretty similar. You can learn it in a few days of intensive training but if you want to be a really good driver you need to stick to best practices and learn how the car itself works and what its limits are.

Re:Printable version - All on one page

[RNLockwood]

Thanks. It's Ironic that the code visible in the text version does not display on my browser!

Re:Printable version - All on one page

[Noughmad]

Ads? On my Internet?

Re:Printable version - All on one page

[WrongSizeGlass]

More tips just in case these weren't enough:
* Watch your language! Code in a language you're familiar with (or at least one you've read about on the internet). Remember that some of them even have words that you can't use - I guess the First Amendment doesn't apply to programming!
* Syntax, syntax, syntax! Syntax is important people! Some languages need you to end the line with proper punctuation like a '.' or a ';'. Your compiler thingy or runtimer can't understand if you're mad or just typing hard. Bad syntax (!=) good programming
* Spaces! Spaces don't only make things easier to read, they also help the computer not get stuck in a super huge spellcheck loop. Thisisjusttoohardforastupidcomputertounderstandevenwhenit'snotrunningIE!
* Save your work! If you don't save your work you'll have to type it in every time you want to run your code. That makes it really hard to run it on more than one computer.

Re:Printable version - All on one page

[WrongSizeGlass]

Ads? On my Internet?

Sorry, but you must have left a box checked somewhere or failed to 'opt-out'. It happens al the time, really.

Re:Printable version - All on one page

[hesaigo999ca]

Amen to that brother, I applaud you for being so direct to the point.
Damn managers, make the lot of us doing all the work seem unimportant!

Re:Printable version - All on one page

[russotto]

No fair; that shows that all the tips cancel out except #3 and #4 (which partially cancel), leaving us with almost nothing.

Re:Printable version - All on one page

Programming has always been an art that required skill and a creative mind.

Actually, that is true of all engineering and mathematical fields. The basic stuff can be fairly routine, but when it comes to design (and frequently even in the implementation phase), it is more of an art and less of an exact procedure - otherwise someone would have automated the process. Doesn't matter if you are writing code, design an integrated circuit or designing an aircraft controller - there are always trade-offs and deciding what is 'good' vs. what is 'bad' is a judgment call, hence an art work.

Re:Printable version - All on one page

[olau]

That's because your professor learnt it in a day or two and now thinks he's a star programmer, while the sad truth is more like he's years from producing anything better than the crap beginners can crank out. As far as I can tell, most professors are at that level when it comes to programming. So none of his co-professors have probably corrected him. I've heard a Ph.d. refuse our explanation of why our SML student project processing strings as lists was slower than gzip (written in C) with "but they have the same time complexity".

It has the depressing side-effect that people in college are being thought principles that the real star programmers shy away from, while nobody is working on hammering the really important ones into them.

Of course, there are exceptions to this generalization.

Re:Printable version - All on one page

[that+IT+girl]

Thank you for this post.

Re:Printable version - All on one page

[that+IT+girl]

So very true. I happen to be one of the lucky few who are both right- and left-brained--logical, structured, but also creative and sometimes emotional. I've gotten some odd looks for explaining that I feel like programming is just like any other type of artistic expression--I can paint, draw, write poems, or write code. It is using a medium to create something bigger than the sum of its parts, and IMHO code can be both functional and pleasing to the eye or mind.

Re:Printable version - All on one page

[enjerth]

The tip wasn't even about the use of that new feature in Java. It was about the kind of "fast and loose" programming that leads to the need to check for nulls here.

In the end, however, such syntax improvements can only prevent code from crashing, not ensure that it's useful. After all, it doesn't eliminate the root of the problem: the proliferation of null values due to fast and loose programming.

I write code all the time that wastes a few CPU cycles for basically having insufficient user input (the "proliferation of null values"), but the result of the whole process is null. Yeah, executing at that time isn't USEFUL, but the CPU is a far more abundant resource than the time it would take to optimize it. If the CPU isn't getting hammered for more than a fraction of a second, it isn't worth it. Fast and loose programming (in this circumstance) is perfectly fine. Better checking for null in one common place and let the process fail gracefully than to check for nulls in the multitude of places that call this function.

Fast and loose programming is great as long as:
1. the process accomplishes nothing when key data is null, and
2. the process doesn't use a great deal of CPU to accomplish this.

Re:Printable version - All on one page

[GodfatherofSoul]

By that logic, an author is just a bus driver moving words and a pen, an artist is just a bus driving moving paint and a brush, an accountant is just a bus driving moving numbers and columns, et. al.

Re:Printable version - All on one page

[increment1]

The null checking and so called Elvis operators mentioned in tip #1 were considered for JDK 1.7, but ultimately ruled out. They do not exist in JDK1.6, and unless something changes, they will not exist in JDK 1.7 or 1.8.

It is a little bit ironic that the author cannot be bothered to get the details right in a tip about getting the details right...

Re:Printable version - All on one page

[LO0G]

I had a friend in college who got a double major in art and electrical engineering. When I asked her why she was working in such different fields, she responded that to her art and electrical engineering were both forms of art.

For some reason this has stuck with me for decades (yeah, I'm an old guy).

Re:Printable version - All on one page

[ConceptJunkie]

Either your Professor is an idiot, or he has no idea what programming is. I can guarantee a lot of programmers are not doing "engineering" and most aren't doing "science", but as a whole programming software has a lot in common with those fields.

A better comparison is that programmers are like bridge builders (or any other large engineering project). Bridge building is definitely engineering because you need to know a vast quanitity of information to properly design, build and test your project, and be able to apply it to new situations because every bridge is unique and every project has a new combination of problems to overcome.

Not all programming tasks are like major engineering projects, but you can't tell me that the people who work on Windows or the Linux kernel or Firefox or any other major piece of software aren't doing work at least as sophisticated as building dams, electrical grids or spaceships. And you can't tell me the software boffins designing new algorithms and systems aren't every bit as much scientists as the folks trying to find the Higgs boson.

Maybe you can build simple web pages in a couple days, and I'm sure there are a lot of "programmers" that don't rise much above that level, but that doesn't describe the whole industry. In a modern business, almost every employee is a computer operator, running the machine. That it is the equivalent of being a "driver". Some of those tasks are certainly simple, which is a good thing. Computers are supposed to be easy to use.

And on top of it all, driving safely and effectively does require a lot of experience. Someone might understand how to operate a car in a few minutes, and be able to use it to get around in a couple of hours, but I wouldn't put that person in, e.g., Boston traffic until he's had years behind the wheel.

Re:Printable version - All on one page

[ConceptJunkie]

I don't think anyone who programs, and loves it, would look at you odd.

And I can't imagine that there aren't a lot of really good programmers that don't "love" what they do because it is an art. Sure, there are thousands, maybe millions of grunts churning out brain-dead Java code to paste different libraries together, and while some of them might rise to more ambitious levels, the people who will truly excel at programming are the ones who have it in their blood. The best programmers are almost always the ones who were doing it for fun before they did it for a job.

I'm talking about the same kinds of people who took apart their alarm clocks when they were kids, or set up a BBS (back in the day), or wrote their own games. The people who use their computers to create and not just play Quake N. These are the same kinds of people who grow up to become great scientists, engineers, doctors, physicists, etc.

And I don't think any of them would consider your description as anything other than the obvious truth.

Re:Printable version - All on one page

[dgatwood]

Watch your language! Code in a language you're familiar with (or at least one you've read about on the internet). Remember that some of them even have words that you can't use - I guess the First Amendment doesn't apply to programming!

In spite of your attempt to mock the original tips as overly simplistic and obvious, you're actually touching on the most important rule of all with that comment:

Choose the right language for the job.

It amazes me how often people say, "I'm going to write this whole thing in Python or Ruby" simply because it's the latest "cool" language. These are the same people who built monstrosities in Perl just a few years back. These are the same people who in a few years will be lamenting that their giant blob of .NET C# code that ties together code in eight other programming languages is hard to maintain. And so on. You should choose the language based on what will best do the job, not based on what's popular today, and you should choose one language for the entire project before you start writing the first line of code.

No matter how esoteric the programming language, a programmer can learn enough of the the basics to start coding in a few days. You don't really need to worry about not being able to find programmers because not enough people know what you think is the ideal programming language for the project. Future hiring really shouldn't even be in the list of considerations. They're going to be learning a truckload of information on the job in their first few weeks anyway. In that context, learning a new programming language is just not a big enough hurdle to worry about.

Pick the language that best suits the size of your data sets, the structure of your data, and the tasks you need to perform on it. If you need to do regular expression processing, pick a language that supports them well. If you need to do XML parsing and walking through nodes of an XML tree, pick a language with true objects and a good garbage collector (read "not Perl"). And so on. Pick a language based on having features and functionality that will improve your ability to write the project in question and expand it to meet future needs, period. To do anything else is madness.

Re:Printable version - All on one page

[ConceptJunkie]

First off, InfoWorld are presenting the article in a way where ads are optional. Some people take the option. There is no contract involved in visiting a web site, just as there's no contract that keeps you from turning off your TV or changing channels during commercials, or do you consider that theft, too? Do you sit down and read every single ad when you read a newspaper? If not, how dare you?! You scoundrel! You thief!

No one is entitled to get paid for their work. People are only entitled to try to get paid for their work. The former is socialism. The latter is capitalism.

It's no one's fault but Infoworld's if their business model is broken.

Re:Printable version - All on one page

[NonSenseAgency]

Second the motion... And to further exacerbate the problem, "managers" only count dollars they can see, as in wages. So paying a skilled programmer that has "already been there done that, not going to make those mistakes again", is out of the question. Not saying there aren't good programmers coming out of school, but they haven't learned some of the basics of programming no matter how hard their teachers may have tried to drill it in. I have been a "hacker" since the 80s and still remember the console message from the IT manager "shut your program down, you're killing the mainframe..." This still happens every day to lots of new programmers while the experienced, skilled programmers become consultants called in only at the last minute to solve the problems caused by aforesaid manager for obscene amounts of money....wait what am I complaining about, I are one of those!

Re:Printable version - All on one page

[grikdog]

Mod +6 (where are my points??!)

Re:Printable version - All on one page

[NateTech]

Look for the professor who used to code in ADA for a living and left to teach. Best course I ever took. Including the comment, "If you can't find an error in a printout of your code with a red pen without running it or help from the compiler's syntax checker -- you really don't know how to code yet.". In a Beginning Java course in 1994 or 1995. I forget. That and, "Ask yourself -- Does this really need to be in a database? Most of the time, the answer is no."

Re:Printable version - All on one page

[NateTech]

No, coders are not required to sign the final plans, nor typically able to be held personally liable for negligence when their product falls down and ruins someone's life. Seen anyone in jail for the "Flash Crash" yet? Any Building Codes or government code safety inspectors? Get real. Software "engineers" can crank out mediocre crap their entire careers and get to keep their "engineer" title. If Civil Engineers did as badly or allowed people to occupy their half-finished work -- would you like to be a beta-tester of houses built with completely new and radical components made by 20-somethings every year or two? -- they'd be in jail or bankrupt from the successful gross negligence lawsuits.

Re:Printable version - All on one page

[sjames]

It's absolutely true, but only if those bus drivers meticulously plot their route in advance down to the exact degree the steering wheel if turned and when, the exact position of gas and brake, etc and then when the time comes to run the route they do it blind folded and it ACTUALLY works without killing someone 99 times in 100.

If that's what bus drivers do, then yes, computer programming is a lot like that.

Re:Printable version - All on one page

[commodore64_love]

>>(LINK TO PRINT VERSION)

Thus you've taken their labor w/o paying for it (i.e. not viewing the ads). I think people are entitled to get paid for their hours. Uh oh. Here come the -1 Mods to silence my speech (make it invisible) but I don't care:

I will Not be silenced just because people don't like my opinion.

Tests, Manual, Support by programmer.

[Barryke]

What common mistakes do you frequently have to deal with?
- Software only tested by programmer.
- Manual only written by programmer.
- Support can't do a day without programmer.

A good programmer should know when to delegate. Or their boss should. Depends on office culture perhaps.

Re:Tests, Manual, Support by programmer.

[sensei+moreh]

What common mistakes do you frequently have to deal with? - Software only tested by programmer. - Manual only written by programmer.

My mid-1980s solution: I wrote the code and handed it to my partner with brief usage instructions. He ran the code, making sure it did what it was supposed to and that it didn't break when entering nonsense (and came back to me with a few areas that needed fixing), and wrote the manual. I'm sure it worked out better than if I had written the manual

Re:Tests, Manual, Support by programmer.

[drinkypoo]

One modern solution is to write both from the specifications, then run the program according to the documentation to attempt to generate the screen shots...

Re:Tests, Manual, Support by programmer.

[Tacvek]

The only problem with that it that specifications vary wildly in the level of detail.

I've seen them be a very brief overview of what the program should do, leaving out all the important details that would belong in a manual. I've also seen specifications that specify the smallest details of the inner workings of the code, making it little better to base the manual on than the source itself.

Nevertheless, for most applications the best specification would be somewhere in between, and probably be well suited as a basis for the manual, so that is a good practice when possible. That said, it would be useful to have a back-up plan for when the specification is not a particularly good source for basing the manual on.

Re:Tests, Manual, Support by programmer.

[Tridus]

Don't think thats the fault of the programmer in a lot of cases. I'd love to have someone in my office to write a manual and do proper QA. But the budget doesn't include those things, and I don't get to set the budget.

Sometimes the reality is that you either get a program that doesn't have those things, or you try to do those things and don't have enough money to build anything.

Re:Tests, Manual, Support by programmer.

[Lumpy]

Unrealistic timetables... Your testing prototype ends up as the shipped code.
Senior programmer helps on the project... Yay we get old code we have to re-write for him.
Engineering gives us a craptastic design that we have to program around the limitations or problems in the platform. Causing a kludge that we pray will not unravel after it ships.

Those three I see nearly monthly.

Re:Tests, Manual, Support by programmer.

[Jimmy+King]

I agree. This is a very big problem for me as management keeps cutting back the tech staff where I work.

I write the code, I test the code, I write the docs for people. I've tried explaining over and over again that this is terrible. I shouldn't be the final tester. I already think it works or I wouldn't have written it that way and wouldn't be at the point of testing. This affects my testing and causes me to miss things. I also know how it's supposed to work too well and so don't even think to try stupid stuff that users inevitably do which breaks stuff.

Documentation is similar. I know how it works and how it was intended to work. At times this makes things obvious to me that are not necessarily obvious to someone else and so they may not find their way into the documentation.

Re:Tests, Manual, Support by programmer.

[balbord]

PHB: specifications??!!? We don't need no stinking specifications!
Me/you/anonymous programmer forced to work with said PHB (MYAPFWWSPHB): so we're supposed to work without a net, hu? Again, hu? You do remember last project and what you said could never happen again, right?
PHB: this time it's different! See? It's just a simple web app for just a few thousand users!!! What could possibly go wrong?
MYAPFWWSPHB: *sigh*

Re:Tests, Manual, Support by programmer.

[kbielefe]

Unless you're foregoing those items altogether, you're probably not saving any money. Testers have significantly lower salaries than programmers. When a programmer does all the testing, you are paying programmer rates for testing work.

Re:Tests, Manual, Support by programmer.

[WrongSizeGlass]

Ah, I see. All small-time open source software (software written by a single person in their own time) is a "mistake." Nice.

Oh please, that's not what he means and you know it. There are a lot of companies that think the person who wrote the code should also test it ("They know it better than anybody else!") and write the manual ("They know it better than anyone else!").

This is not a knock against "one person operations" such as OSS, freeware, shareware, etc. They are forced to deliver quality code, testing and documentation because it is their name on the product. When it's a company that is just trying to save money (or they just don't understand or even listen) then it's a bad thing. When you choose to be the chief, cook and bottle washer then it's your job to get everything right. When it's thrust upon you and it's not in your skill set or project timeline, well, then quality just suffers.

Re:Tests, Manual, Support by programmer.

[WrongSizeGlass]

One modern solution is to write both from the specifications, then run the program according to the documentation to attempt to generate the screen shots...

I have to write the specifications too, you insensitive clod!

Actually, small shops usually do based on the 100 questions they ask their clients (and the 5 - 10 usable answers they actually get).

Re:Tests, Manual, Support by programmer.

[Ihlosi]

Don't forget: - User interface designed by programmer

Re:Tests, Manual, Support by programmer.

[TheRaven64]

Another approach that I've seen is to write the manual first, then the code. The manual, in describing everything that the user can see and do, functions quite well as an informal specification and (usually) has the advantage of being more readable.

Re:Tests, Manual, Support by programmer.

[aztracker1]

I'm pretty happy with the process of the project I am working on now, I think the only shortfall is that the business doesn't always understand the groundwork that goes into a new project that doesn't always immediately present itself in end user/business stories(SCRUM). Beyond this, we have architects/developers, from there is business QA, developer QA, and a fair amount of planning. Aside from a lot of that planning taking a fair amount of time, we kill about a day out of every two week sprint in planning, and the business side is closer to 3-4 days (but they run 3-4 projects). All told it works pretty well. there are also requirements for Unit Test coverage, and peer review of the related code for all tasks as part of checkin/validation (as our PCI compliance strategy).

The hardest part, for me as a developer, is thinking in terms of being testable. I still don't do "Test First" though I do see the value in having the Tests... even in writing them after, you see logic flaws, and find pieces that don't work as you would think. As to end user expectations, having them involved about 20% of the time in the project is essential in any kind of workable solution. If a user/client isn't able to match at least 20% of the time for the development of the project on confirming/writing expectations and documentation, the project shouldn't be done. It's that simple.

Re:Tests, Manual, Support by programmer.

[Quirkz]

As long as someone goes back and cleans up the manual things change during the coding process. Cant' tell you how many times I've seen manuals with screenshots, but the documentation and shots are from two versions ago, before major navigation items were rearranged or fields were renamed. On the mild end you might get something where the manual specifies "enter your email address" and the software has a blank for "user name" but on the extreme end you'll have a manual that says "check the box for value X" but on your version that box doesn't even exist at all.

Re:Tests, Manual, Support by programmer.

[frank_adrian314159]

Yup. As an old tech writer friend told me once: "If I can't easily explain it to a user, the design is wrong."

Words to live by. The only other thing to remember is that sometimes designs that are "simple to explain" are still pains in the butt to use because the model doesn't match real world uses and makes doing what it needs to do laborious. But that you can figure out by adding a set of common usage scenarios to the user document, as well.

Re:Tests, Manual, Support by programmer.

[ConceptJunkie]

And yet so many companies are perfectly happy to do this.

What's worse is that programmers are seldom as good at testing as good testers (and I include myself in that).

Re:Tests, Manual, Support by programmer.

[blair1q]

If you document what you know and give that to the user then it's their fault for doing stupid stuff and you can charge them more to change it provided they didn't spell it out when they told you what they wanted it to do before you wrote it.

If you don't, then you're asking for it.

Re:Tests, Manual, Support by programmer.

[HornWumpus]

Your tech writer friend is a moron.

If the problem is truly complicated then the solution will also be complicated.

Expecting to be able to easily explain everything is the attitude of a pre-teen (or a tech writer).

Claiming the design is broken as soon as thought is required is not-unusual among the lazy.

That said unnecessary complications are the second biggest mistake made at design time (just following leaving out a necessary complication while intending to add it later).

Re:Tests, Manual, Support by programmer.

[honkycat]

I disagree. First, you seem to be jumping on a bit of understatement by the OP's reference (and writing with a needlessly disrespectful tone that seems not unlike the "attitude of a pre-teen" yourself).

But more substantively, in all but rare cases, I think the OP's tech writer friend has a very good point and can hardly be called a moron on the basis of the statement. The user for a piece of software can be (or should be able to be) assumed to be familiar with the problem that the software solves, just not with the particular software. If the software is well designed, then there should be a fairly clear connection between sub-tasks in the software and therefore be easy to explain. Just because a solution is complicated does not imply that it's hard to explain.

If the software is introducing complications that don't have analogs in the methods for solving the problem that came before that software was written, then that's a big red flag that something is wrong with the design.

Re:Tests, Manual, Support by programmer.

[xero314]

According to Fredrick Brooks, in the mid 60's, the manual is the specification. All you need in a specification is the details that one would need to use the system. Then both the Engineers and the Testers can do their respective tasks based on the manual. If you have to turn the specification into a manual then the specification is either too verbose, or lacking in detail.

That's not to say that there are not other documents along the way, just that the end result, before implementation, is a manual that explains how the application is used. This also keeps you from designing systems that require screen shots in the manual for even the most rudimentary tasks.

Re:Tests, Manual, Support by programmer.

[xero314]

Like any engineering process you have to update the specification when the specification actually changes. If you manual is the specification, as it should be, then before you implement a change you update the manual (specification).

There is no need to "go back and clean up" anything. You implement what the manual/specification says. If it turns out the the manual/specification is incorrect then you fix the manual/specification and then implement the change.

So next time your boss says, can you change that from saying "email address" to "user name" and your manual/specification says "email address" just tell them that you would be happy to do that once the manual/specification is updated to reflect the change.

Re:Tests, Manual, Support by programmer.

[Quirkz]

Can anyone really get away with telling their boss that? I've had what I consider fairly reasonable bosses, and the best response I'd get from saying "I ain't doing it until it's in the specification documents" is "yes, we'll send a note to the person who controls the specs, but you're making the change now." Much more often I'd get "the client needs this changed yesterday, do it now, and try to remember to tell the documentation guy when you're done." Then again, I've never worked any place particularly formal about development practices. Maybe others really do work that way, but I'd have to see it once to believe it.

Re:Tests, Manual, Support by programmer.

[BraksDad]

I have always maintained that the best projects (in terms of funcionality and accepance after rollout) were the ones that included at least one Tech Writer. As a PM, I required testers to be provided by the customer. Testers were also required to physically sign off on their testing. Apply those two principles and things will turn out much better. This stuff works even better if everyone involved in the project has a title and every title has a job description.

Re:Tests, Manual, Support by programmer.

[NateTech]

Holy ****. You still get manuals?! Must be nice. I've been doing tech support for over 15 years, and nowadays all I get are Quick Start guides that suck, Admin Guides of totally disorganized unrelated trivia no one needs, and Release Notes with a hundred bugs listed as fixed that I already know about because I turned in the trouble tickets on them and lived through that pain already. And maybe a stolen Sales slide show or two as a road-map for where we're going so when the customer says "when will this stupid crap be fixed?" I can make up a date, pad it heavily, and then say "maybe" by then. What are these "manuals" of which you speak? I have them for my airplane, but not any software in the last ten years.

Re:Tests, Manual, Support by programmer.

[HornWumpus]

The tech writers basic mistake is thinking that _he_ should be able to easily explain it to the end user.

Which reflects the arrogance of the tech writer.

Take the following as given

If the problem is complicated.
The end user understands the problem.
The software is not unnecessarily complicated.

It does not follow that the tech writer can 'easily explain it' unless he first understands the problem, the software and the niche language used.

Those three things are not easy for an English major (especially if the problem involves math beyond arithmetic).

If the problem and software are complicated and the tech writer wants an 'easy' job he will produce useless crap.

In my experience there are many problems that are simply beyond the understanding of most tech writers.

This is not just supposition speaking, this is experience.

Good smart tech writers might exist somewhere.

Re:Tests, Manual, Support by programmer.

[honkycat]

Ok, you're right. People who are not qualified for their jobs can't do their jobs well. Was that really your point?

Programming Mistakes To Avoid...

...just try to avoid errors and you should be set.

Re:Programming Mistakes To Avoid...

...just try to avoid errors and you should be set.

But Warnings are ok. Just no errors. Warnings still compile.

Re:Programming Mistakes To Avoid...

[jekewa]

I know you're being factitious, but software compiled with "acceptable warnings" may also lead to runtime failures.

I once had a job writing C++ software where the lead made us write code with zero warnings, turning the compiler to the most strict. Justifiable suppression was allowed (for example, in cases of ambiguous type-casting from library headers). While I thought this was overkill, we were internally hired to help a group whose software was woefully unreliable; turns out they went the other way, turned off all compiler warnings and suppressed some "acceptable" errors. Correcting their errors and compromising on some of their warnings brought the quality of their software to at least a stable level.

There is a middle ground, but I've chosen to go with the zero-tolerance route on warnings; they're easy to get rid of, and encourage careful and thoughtful use (and even abuses).

A good rule of thumb is that if your IDE or compiler is complaining about it, you probably left yourself open for a failure.

Of course, not having any warnings doesn't prevent errors due to bad logic...that's a whole other ball of flame-bait.

Re:Programming Mistakes To Avoid...

[pjt33]

Except when the warning or error is wrong. I spent Friday afternoon trying to avoid an error in a WiX compilation and concluded that the only way to do it was to deliberately introduce a bug. ICE57 believes that the DesktopFolder is "per-user", whereas it should be "per-user or per-machine" because it changes according to the installation context.

Re:Programming Mistakes To Avoid...

[Anrego]

they're easy to get rid of

Except in bulk.

I find it's a lot like memory leaks. If you run your program through a leak checker frequently, it is very easy to stay on top of the leaks. The same is true about warnings. You know what code you introduced, so chances are the new warning is somewhere in there. It's when you leave "fixing the warnings" or "plugging the leaks" till the end that you run into the mountain... and it tends to be a convenient chunk to skip when a project is behind on budget.

Re:Programming Mistakes To Avoid...

[jekewa]

True that. Like I said, justifiable suppression in some cases. I guess if you can't work around or suppress the warning, you'd have to agree to allow it to remain. This seems to be one of those cases.

Re:Programming Mistakes To Avoid...

[jekewa]

Absolutely easier when you're working on it than when you go back to clean it up. Since the project I'd mentioned had been developed with a strict eye on warnings, it was fairly easy to avoid writing (or at least committing) code with warnings. In the other project I'd mentioned, it took us a few weeks to clean up their wrongfully suppressed warnings and errors.

If you do it right, following the rules along the way, there's little clean-up to do when you're done introducing new code. Even in a hasty flurry of activity.

Re:Programming Mistakes To Avoid...

[Thing+1]

Good thing we still pay InstallShield, then, I guess...

Re:Programming Mistakes To Avoid...

[pjt33]

Why? This isn't a bug in WiX, it's a bug in Microsoft's unit tests for MSIs, and according to the first hit on their page when I google Vista logo certification you have to use MSI and pass ICE57 if you want to be certified. So it doesn't matter what you use to create your installer: you still come up against the buggy unit test.

Re:Programming Mistakes To Avoid...

[Thing+1]

The why is my comment was somewhat a response to the latest InstallShield newsletter, in which they championed Microsoft's latest decision to remove functionality from their products. Visual Studio Installer is going away (the VDPROJ projects, I presume) and Microsoft is recommending customers to waste even more of their hard-earned R&D funds on installer technology that they used to provide as part of VS. And anyway my company is so small that we don't even use InstallShield properly. But I can't convince management to move to WiX, because "there's no support for it."

Maintaining code by others are always a nightmare

[TheViciousOverWind]

Until you spend enough time with it, to learn why the original programmer did as he did.

As I see it, most projects start out with a good structure and the best of intentions, and then comes deadlines and the developer having to juggle several projects at once, and then a shortcut is taken here, then there. And suddenly you end up with a non-documented project where the only person that knows how it works is the original developer.

There will however always be BAD code by bad programmers. I've taken over Java progress where everything was OOP'ed into hell (as in a bazillion classes more than was needed for the application) and PHP projects which should be OOP'ed but consisted of about 500 files that included each other in a huge confusing net.
I've also had to take over projects where the original developer was using new technology because he thought it would be fun (at the expense of the customer). Having a huge website in PHP/MySQL and then having crucial parts of it in Ruby/PostreSQL is just a maintenance nightmare.

Mistake #13

Equating web programming with all programming.

Re:Mistake #13

[digitig]

I thought the article was going to fall into that trap, but it avoided it. Some of the examples were web programs, but the overall points were widely applicable.

Re:Mistake #13

[pnewhook]

No, its basically all about web programming.

Re:Mistake #13

[digitig]

Really? So input validation, usability and the decision whether to be open or closed source are only relevant to web programming? Good grief, all those hours it turns out I've wasted...

Re:Mistake #13

[pnewhook]

Open or closed source is not a programming decision, its a business decision. If input validations was parameter checking, then sure. Most of the volume of the code does not concern user usability, only the GUI part.

Re:Mistake #13

[digitig]

Open or closed source is not a programming decision, its a business decision.

That's true of a few of them, actually. The balance between usability and security should be a business decision too, for example. So reserving programming mistake #14 for the complement to #13 (assuming nothing is a web app? Nobody seems to be making that one) we have programming mistake #15: taking decisions that are outside your competence or responsibility.

Only one programming mistake to avoid:

[Harold+Halloway]

Learing how to do it in the first place.

Re:Only one programming mistake to avoid:

[Harold+Halloway]

Or even 'learning'.

Tchoh.

do x but not too much!

[0111+1110]

Programming mistake No. 1: Playing it fast and loose
Failing to shore up the basics is the easiest way to undercut your code. Often this means overlooking how arbitrary user behavior will affect your program. Will the input of a zero find its way into a division operation? Will submitted text be the right length? Have date formats been vetted? Is the username verified against the database? Mistakes in the smallest places cause software to fail.

Fair enough. So debug while you code. Seems like good advice.

Programming mistake No. 2: Overcommitting to details
On the flip side, overly buttoned-up software can slow to a crawl. Checking a few null pointers may not make much difference, but some software is written to be like an obsessive-compulsive who must check that the doors are locked again and again so that sleep never comes.

Doesn't mistake number 2 contradict number 1? Or am I missing something? I guess he's saying debug while you code, but not too much. After reading the rest I see that that was his algorithm for writing the whole article. Rule 1: do x; Rule 2: But not too much! I didn't really find the article all that useful.

All programming should be assembly language programming anyway and a lot of his rules don't seem to apply to assembly language programming. Remember rules aren't necessary when you are a programming god who only codes directly in machine opcodes. Even assemblers are for weenies. Man up and become one with the machine!

Re:do x but not too much!

[Chrisq]

Doesn't mistake number 2 contradict number 1? Or am I missing something?

The whole lot is full of contradictions:

4: Delegating too much to frameworks 8: Reinventing the wheel
9: Opening up too much to the user 10: Overdetermining the user experience
5: Trusting the client 6: Not trusting the client enough

I think that there is a meta-message, akin to Buddha's middle way. Don't take any rule to extremes.

Re:do x but not too much!

[Okind]

Programming mistake No. 1: Playing it fast and loose.

Fair enough. So debug while you code. Seems like good advice.

Programming mistake No. 2: Overcommitting to details.

Doesn't mistake number 2 contradict number 1?

Yes it does. The difficult part is knowing the balance, as indicated by the summary: "programming may in fact be transforming into an art, one that requires a skilled hand and a creative mind [...]"

Re:do x but not too much!

[icebraining]

Fair enough. So debug while you code. Seems like good advice.

s/debug/test/

Re:do x but not too much!

[BiggerIsBetter]

Yes it does. The difficult part is knowing the balance, as indicated by the summary: "programming may in fact be transforming into an art, one that requires a skilled hand and a creative mind [...]"

Personally, I believe we'd be better off it professional programming transformed from an art into an engineering discipline. IMHO, building robust and efficient applications should be a boring and repetitive exercise in design and implementation of prescribed design patterns... maybe then we'd turn our industry's abysmal success rates around.

Re:do x but not too much!

[Okind]

Personally, I believe we'd be better off it professional programming transformed from an art into an engineering discipline. IMHO, building robust and efficient applications should be a boring and repetitive exercise in design and implementation of prescribed design patterns... maybe then we'd turn our industry's abysmal success rates around.

A good point. Sadly, I've yet to come across an easy to understand development process that doesn't pin down way too much. We're doing Agile for a reason.

Re:do x but not too much!

[turbidostato]

"The whole lot is full of contradictions"

No, it isn't. It goes "don't do that... but don't fall in the other extreme".

That's on line with his central idea that programming is "an art, one that requires a skilled hand and a creative mind to achieve a happy medium between problematic extremes".

Re:do x but not too much!

[syousef]

Doesn't mistake number 2 contradict number 1? Or am I missing something?

The whole lot is full of contradictions:
4: Delegating too much to frameworks 8: Reinventing the wheel
9: Opening up too much to the user 10: Overdetermining the user experience
5: Trusting the client 6: Not trusting the client enough
I think that there is a meta-message, akin to Buddha's middle way. Don't take any rule to extremes.

Confucious say: This one skitzo mutherfucker

Re:do x but not too much!

[Lumpy]

Sounds like a plan, you willing to go and tell HR and the executives that we now need to be paid ENGINEER pay scales?

Those that control the money dont want programming to become elevated to Engineering status, they would have to pay us all more across the board.

Re:do x but not too much!

[Tridus]

That, and being able to figure out what people actually want in the first place.

Quite a few projects fail simply because the people requesting it have no idea what they actually want. They can't articulate their needs, or why they need it, or even where the idea came from. If you can't nail that down, the rest of it is a crapshoot.

(The only thing worse is when they DO know what they want, and it's for entirely irrational reasons.
"We want Sharepoint!"
"Okay, why?"
"Umm... because we do!"
"What does Sharepoint do that you want?"
"Documents, and stuff!"
"Sigh...")

Re:do x but not too much!

[silverglade00]

Don't take any rule to extremes.

Except sometimes you should. ;)

Re:do x but not too much!

[robot_love]

All things in moderation, including moderation.

Re:do x but not too much!

[TheRaven64]

Good plan, as long as I don't have to pay for it. We have techniques for formal verification of systems. They increase the time and expense in developing a piece of software by a factor of 100-1000. They catch most problems, although certainly not all (and you can actually prove that it's not possible to catch all of them). We don't use them, because for most cases, good enough software now is better than good software in a couple of years and costing a few orders of magnitude more.

Re:do x but not too much!

[Dreadrik]

That, and being able to figure out what people actually want in the first place.

Yes, this is a very important part, which reminds me of this old gem

Re:do x but not too much!

[blair1q]

No, there are several contradictions, and several of the "mistakes" are complicated policy issues that coders don't get to decide until they're in lead positions. It's not a very good article.

Re:do x but not too much!

[Noughmad]

It's also another way of saying "I don't know anything about programming or programmers, so I'll just say something in between".

Re:do x but not too much!

[NateTech]

Real engineers have to pay for personal liability insurance for when the bridge falls down and the public sues them in Civil court, so that pay scale isn't as grand as you might think.

Missing from the article

[eagleyes]

The most common programming mistake to avoid: Reading badly written articles about "what programming mistakes to avoid".

Re:Missing from the article

Or just avoid any of the _____World network. 95% of the articles seem like click trolling trite to me.

Re:Missing from the article

[gravyface]

Was just about to write an identical comment. The summary read like someone who's never programmed before; I stopped reading after that and assumed the article was bunk. Sounds like I was right.

Re:Missing from the article

[nschubach]

It's a whole lot of:

1. Wash your baby in the sink with warm water
2. But not too warm
3. When you do your laundry put in enough clothes to fill the tub
4. But not too many clothes
5. When you cut your lawn, make sure you lower the mowing deck
6. But not too low

The things he lists are pretty basic by any measure and he expanded the list to cover both extremes of the processes. What he has is a list of 6 things you should think about when going into a project, but they are Development-101 topics.

Re:Missing from the article

[Late+Adopter]

You know the article is bad when their first example includes a Java language syntax feature that DOESN'T EXIST. Also, wouldn't it be *better* to use a NullPointerException, since you can write the logic for the error-free case without clutter, and then consequently DEAL with the error when it arises?

Re:Missing from the article

[obarel]

Reading is never a mistake. Following bad advice is another matter. Read, consider, reject.

accompanied by its opposing pair

[Barryke]

Doesn't mistake number 2 contradict number 1? Or am I missing something?

Yup. FTA:

Below you will find the most common programming pitfalls, each of which is accompanied by its opposing pair, lending further proof that programming may in fact be transforming into an art -- ...

Mistakes?

[thermal_7]

I very rarely see programming mistakes. There seems to be 2 kinds of programmers.

- Those who care about what they do and try hard.
- Those who don't care about what they do and don't try hard

The later write terrible code, but it is just because they are either lazy or aren't suited to the profession and can't get enthused. Very rarely do you see someone who cares about there work make a big mistake (and if so they are probably just starting out).

Re:Mistakes?

[Chrisq]

I very rarely see programming mistakes.

Neither do the bad programmers!

Re:Mistakes?

[syousef]

Very rarely do you see someone who cares about there work make a big mistake (and if so they are probably just starting out).

Really? I see it all the time from very intelligent but inexperienced programmers. I've seen a few spin their wheels and end up depressed about their whole job.

Re:Mistakes?

[treeves]

Neither do the OTHER bad programmers, right?

Programming Mistake #0

[Voulnet]

Programming mistake #0: Believing that your computer degree (Computer Engineering or Computer Science alike) automatically puts your code in a high level of quality.

Not to bring any academia vs industry argument, but many students miss the idea of a Computer degree with programming courses in it: The degree intentionally doesn't go to details because it needs to give you a background into a broader set of subjects. Industry needs one to be very attentive to details in that one thing he's doing at the moment.

Re:Programming Mistake #0

[digitig]

True enough. And since every rule has to have a complement, 0a: Assuming that you don't need to learn any of that theory: algorithms, data structures, normalisation and so on

Re:Programming Mistake #0

[hedwards]

Indeed, and that goes for most other degrees as well. There isn't time in even the 10 years or so it takes to get a PhD to really cover everything you need to know for a bachelors, so they try to fix you up with the need to know stuff along with the information on how to fill in the gaps.

"Common" mistakes

[Alex+Belits]

The only common mistake I see is not firing the programmer who makes any of those "common" mistakes. There is absolutely no reason for any of this shit to be "common" unless "programmers" who make them are uneducated dumbasses who should never be allowed anywhere near software development.

Now, please, give me the list of "common mistakes" made by surgeons and aircraft engineers, and compare them with this list of amateurish crap.

Re:"Common" mistakes

[icebraining]

UK doctors leave 722 objects inside patients in 1 year

Re:"Common" mistakes

[prionic6]

I really could not find much data, but the total number of surgical
procedures performed in the U.S. per year is around 70 million. I'd expect the UK to have at least 10% of that. That means about 700 lost objects for 7000000 procedures, 1 in 10000. Pretty good track record, although these are not the only mistakes to happen of course.

Re:"Common" mistakes

[tudorl]

Now that's what I call encapsulation :)

Re:"Common" mistakes

[cowboy76Spain]

UK doctors leave 722 objects inside patients in 1 year

I would have that patient(*) arrested for trying to steal a complete surgery unit...

As per TFA (as I only read them once every while, when I read it I quote it), it just states 6 issues (security, user freedom) and says "don't do it too much, don't do it too little"). Useless, because the point is knowing exactly what is too much or too little.

*: I know it says "patients"... but the joke is worth it..

Re:"Common" mistakes

[Alex+Belits]

It's not about "too much" or "too little", it's about decisions that make absolutely no sense.

Re:"Common" mistakes

[erroneus]

While I agree with what you say, the problem is that bad programming is largely the result of cultural personality shift.

Lately, I have been taking some classes on web development... yeah I don't know Photoshop, Illustrator or Flash particularly well -- I like text editors though dreamweaver is growing on me. There is one person in the class who is all about shortcuts. He doesn't want to understand anything, he just wants "results." He's a business man who runs a company that is all about outsourcing. He actually doesn't know anything and doesn't do much of anything -- he's a project manager. He gets wind of a project, starts advertising job positions based on the project and then bids on the project. Business outsource to people like him, who in turn, outsources to others. All the while, he knows next to nothing about what is going on or how to do it. Why is this bad? Simple: QUALITY. How does he know if it's good quality? How does he know if it's secure or stable? He can't, he doesn't and he doesn't care. He is the personification of what is wrong with our current business practices. LOTS of people are like this and getting increasingly like this. This includes programmers and especially younger programmers.

I have a co-worker who fancies himself a programmer. Looking at his results, I would have agreed with him. But one day, I was tired of the way his table output looked, so I went in to patch it to put "" in where all empty cells would appear. It was super easy. But looking at his code was not! I was shocked and disturbed by what I saw in his source code. A professional he is not. Not comment one in his code. Structure was for crap. It reminded me of my days programming BASIC on Apple/Commodore/TRS-80. You "think it and write it" was my style back then and is apparently his style now. The world needs a LOT less of this. Meanwhile, REAL programmers get no recognition and want none... they care about the quality of the code while project manager care about deadlines.

Once upon a time, programming was an art of out-thinking the user. It was often a game of predicting their mistakes and stupidity and working to prevent them from blowing the system up. The article opens up with precisely this mind set. But before long, programming short cuts began appearing and even "write a program without writing any code" started to appear. (When I first saw "RAD" tools, I cringed heavily. "Are people really comfortable not knowing what these black boxes do?" Apparently, YES!)

I once commented on a topic about programming and validating input. I was responded to with a lot of negative feedback talking about how much time and trouble it is; how much of a performance issue it could cause. I was shocked that people actually felt that way. (Heh, someone even tried to school me on "RegEx" processing... did I really have to point out that more simple and direct methods are actually faster? Sure, RegEx-s occupy a smaller portion of your source code, but the object code and library dependencies are often higher, not to mention that "generic" code blobs often do a lot of unnecessary things. It's cool, I get it -- I think in terms of assembly language and I care about wasted instructions and wasted memory -- I grew up in a 64k limited environment.)

Should programmers be fired for making "common mistakes"? Well, yes and no. I say no because I wouldn't consider anyone who makes those mistakes to be "programmers."

Re:"Common" mistakes

[deoxyribonucleose]

The only common mistake I see is not firing the programmer who makes any of those "common" mistakes. There is absolutely no reason for any of this shit to be "common" unless "programmers" who make them are uneducated dumbasses who should never be allowed anywhere near software development.

Hardly these mistakes, surely? Most of these 'mistakes' are judgment calls, and any programmer will be guilty of most of them if put under sufficient time pressure.

Also, as a wise man observed, housebreaking a pet by killing the puppy the first time it pees on the rug is a bit inefficient.

Re:"Common" mistakes

[deoxyribonucleose]

Most of these 'mistakes' are judgment calls,

Everything a programmer does is a judgment call.

and any programmer will be guilty of most of them if put under sufficient time pressure.

"Any programmer" can mess up implementation if he is in a hurry. Bad design is a sign of stupidity and ignorance.

Also, as a wise man observed, housebreaking a pet by killing the puppy the first time it pees on the rug is a bit inefficient.

There are huge organizations called "schools" made specifically for the purpose of educating people. Once someone works as a programmer, it's too late to tolerate idiotic crap from him.

OK... I'll just... back away quietly. Here, have some candy and coffee. Would it bother you terribly to stop pointing that bazooka at me?

Re:"Common" mistakes

[squizzar]

Perhaps if we had the oversight that medicine and aviation gets, where cutting corners or rushing things doesn't happen (often) because the consequences are much more dire we would be more perfect. It's a cost-benefit thing: software that just about works is usually good enough for people, and the crashes/data loss/inconvenience don't justify the cost of producing better software. That is, of course, in the eyes of whoever is managing the product, so they may well be completely wrong, but it is the decision they make.

In the right circumstances software is developed to be nigh on perfect - think industrial control systems, aviation, your cars engine management, most of which will operate for years on end without any problems (I know there are counter examples, but for the most part this sort of stuff works pretty well). There's an article somewhere describing the processes used by the company that writes the software for the space shuttle, it's phenomenal, they don't make mistakes because they scrutinize _everything_ in crazy detail.

I'd be interested to see some statistics comparing medical and other procedures with different levels of 'consequence'. I'd bet there are more botched sutures than heart bypasses for example, because suturing is simpler and less likely to kill someone and can therefore be rushed or done to a lower standard.

Re:"Common" mistakes

[Waffle+Iron]

Now, please, give me the list of "common mistakes" made by surgeons and aircraft engineers, and compare them with this list of amateurish crap.

If you don't understand the fundamental differences between working with software and working with physical objects, then you must not be much of a software developer.

Here's one small example: A surgeon does the same thing over and over. If your boss came in every morning and told you to rewrite the same quicksort routine every single day, then you probably wouldn't make many mistakes either.

Re:"Common" mistakes

[AmeerCB]

That's pretty short-sighted. Most programmers, even computer engineers and CS types, learn good programming practices after they have entered industry. School gives you a solid base to start from, but you need real-world experience to really sharpen your skills.

At some point, YOU were that guy making common mistakes. You learned from those mistakes and became a good programmer because your boss didn't fire you the first time you nested your classes a little too deeply.

Re:"Common" mistakes

[russotto]

Now, please, give me the list of "common mistakes" made by surgeons and aircraft engineers, and compare them with this list of amateurish crap.

I can come up with three for surgeons off the top of my head. Add the whole surgical team and you'll get more.

#1 Leaving stuff inside the patient that shouldn't be left in there
#2 Operating on the wrong body part
#3 Operating on the wrong patient

I don't know about aircraft engineers, but clearly they do make big mistakes, as Boeing has had to rework parts of its 787, and various corrections to engineering flaws have had to be made to planes after they were put into service.

Re:"Common" mistakes

[hedwards]

No, that's a bad track record, those mistakes are typically referred to as "never events" for a reason. Nothing should ever be left in a body following surgery, ever. The only reason why it happens is that the surgical team failed to do a complete inventory of the equipment before and after the procedure.

Leaving an object in a person can quite easily lead to death or permanent disability.

Re:"Common" mistakes

[HeckRuler]

How about them F-22's that went dark when crossing the timezone to the next day in the pacific?

Re:"Common" mistakes

[prionic6]

So it seems to be good that I'm a programmer, not a surgeon ;)

Re:"Common" mistakes

[MikeBabcock]

Including the tools with the patient? That's just good OO design :)

Re:"Common" mistakes

[prionic6]

If the software you write has a fatal error once every 10,000 procedures you're a real fuck up. I'm not impressed by that percentage.

_potentially_ fatal.

Re:"Common" mistakes

[aztracker1]

LOL, I'm guessing you've never been in the hiring process... I've been contracting for a long time, and it always seemed to irritate me how often I would get asked the same very basic questions over, and over again. Then, in the last year, I was involved a couple of times on the technical screenings for several open positions. I couldn't believe how many people looked very similar to me, on paper, and couldn't answer some very basic questions. Despite putting "expert" on their resume. I'm inclined not to do that, despite being near that level on a couple of related topics. The other side, is the filtering of resumes needed before even getting that far was atrocious. The recruiting/consulting companies didn't filter well, and like so many HR departments have no understanding of what technical requirements or skills are related enough to be sufficient. It's actually a very sad state of affairs.

Re:"Common" mistakes

[Just+Some+Guy]

UK doctors leave 722 objects inside patients in 1 year

That's actually not the fault of the doctor, except in the "it's his O.R. so anything that happens in it is his responsibility" sense.

The "circulating" tech or nurse is the non-sterile person who fetches stuff out of cabinets, opens packages, and makes notes like "opened a package of 10 sponges" (typically by making a row of checkmarks on a pre-printed form).

The "scrub" tech or nurse is the sterile-gowned-and-gloved person standing next to the surgeon who passes instruments, puts knife blades on the scalpel handles, loads the needle drivers, and keeps track of the gazillion tiny pieces to everything. There are so many removable parts because everything has to be able to be broken down into pieces small enough to clean, sterilize, and package, and part of preparing for a surgery is re-assembling all the stuff so it'll be ready if the surgeon needs it.

The circulators and scrubs work together as a team. The circulator will say stuff like "here's the 10-pack of sponges", and the scrub will relay messages like "I counted them and there are 10 sponges there" or "I opened a package of 5 needles and there are actually 5 needles". The circulator will check off "10 sponges" or "5 needles" or "bolt and wingnut for the retractor" to build a list of everything that has been opened in the room which could possibly fit inside someone.

At some point, the surgeon will say, "OK, I'm getting ready to close". At this point, "the count" begins. The circulator will ask how many needles the scrub has, and the scrub will answer (including the one that the surgeon is actively using at that moment). If the counts match, the circulator will check off "needles" and move on to sponges, or knife blades, or wingnuts, or whatever else they'd opened earlier. When they're done, the circulator will announce that the count is correct and the surgeon will finish closing, which they're already well into by this point because the count is pretty much always correct.

Except when it's not.

The biggest ass-chewing I've ever received in my life was when I was in the Navy and scrubbing for some captain and we couldn't reconcile the number of sponges. One was missing, and the presumption was that it was still inside the patient. After a few minutes of pissed-off-high-ranking-officer-screaming, they wheeled the patient out anyway and prepared to X-ray them to find the missing sponge. Ideally, everyone would stop what they're doing and stand around while we searched, but the realities of surgery are that the anesthesiologist plans the sleeping and waking cycles and you really don't want to start putting them back down into deep anesthesia or keep them down longer than absolutely necessary.

So, we tore the room apart. We moved cabinets. We dismantled the surgical table. We dumped all the trash - clean and hazardous - onto the floor to dig through it. The captain would periodically stick his head in to ask why the hell we hadn't found the f'ing sponge yet and what the hell was wrong with us and did we know whether this was a courtmarshalling offense.

Finally, the anesthesia resident - a much lower-ranking officer fresh from med school - sheepishly asked what a sponge looked like. Turns out, one had fallen on the floor during the case and he'd "helped" us keep the room clean by throwing it in the anesthesia trash that he was responsible for.

As an enlisted person, that was the one time in my career that I actually yelled at an officer (who had the good grace to accept that he'd screwed up and had it coming to him). He went and told the surgeon what happened, X-rays were avoided, courtmarshalls were cancelled, and we scrubbed the room down from ceiling to floor because we'd strewn bloody trash all over the place while digging through it.

Anyway, so yeah. The counts are ultimately the responsibility of the surgeon, but the surgeon is not the person who actually does the counting - nor could they possibly be expected to without dramatically lengthening the time a patient would have to spend under anesthesia. Behind every object left inside a patient is a scrub and/or circulator who accidentally miscounted or who lied on the count sheet to hide their screwup.

Re:"Common" mistakes

[Alex+Belits]

If you don't understand the fundamental differences between working with software and working with physical objects, then you must not be much of a software developer.

I am an embedded systems developer, and this is why I have to avoid using software you and other "developers" of your kind make.

As I recommended to other crap writers in this thread, go fuck yourself.

Re:"Common" mistakes

[Waffle+Iron]

Well gee, It must be easy for you to not to make mistakes when you program your little toy programs embedded in your little sandbox devices.

Now why don't you generalize some more of your limited experiences as if they somehow applied to the whole wide world?

Re:"Common" mistakes

[stilz2]

Informative and interesting. Thank you for taking the time to write this post.

Re:"Common" mistakes

[falconwolf]

There are huge organizations called "schools" made specifically for the purpose of educating people. Once someone works as a programmer, it's too late to tolerate idiotic crap from him.

As has been true for years, today what's taught in college is Windows and one IDE or another not programming. The best programming class I had in years was programming PERL. For it we didn't use an IDE, we typed using a text editor then dropped down to the command-line for testing.

Falcon

Re:"Common" mistakes

[Thing+1]

OT: apart from your signature, your comment fit exactly in the stupidly-small-buffer-with-no-standard-deviation. I clicked "read the rest of the fucking comment" and only saw your signature. I liked your comment, and thank you for the insight; I'm not happy about Slashdot's idiocy.

Re:"Common" mistakes

[Alex+Belits]

My "little" programs are embedded Linux systems. Most of system software written for Linux is actually very reliable -- as opposed to desktop Windows crap that you seem to hold as a standard of reliability.

Re:#1 - Not managing the pointers and memory yours

[icebraining]

Unless you're coding in machine opcodes like a previous poster suggested, you're already losing some optimization potential by relying on the compiler/interpreter to do it for you. Even in C you're relying heavily on machine generated code. So why is garbage collection so bad?

It seems to me like the structured programming debate all over again.

Pointer typedefs

[QuoteMstr]

Pointer typedefs were a bad idea in the 1980s. They're just terrible today. One pet peeve of mine is this:

typedef struct _FOO { int Blah; } FOO, *PFOO;

void
SomeFunction(const PFOO);

That const doesn't do what you think it does. There was never a good reason to use pointer typedefs. There is certainly no good reason to do so today. Just say no. If your coding convention disagrees, damn the coding convention.

Re:Pointer typedefs

[Alex+Belits]

People DO THAT???

Re:Pointer typedefs

[QuoteMstr]

Ever see Windows code?

Re:Pointer typedefs

[$RANDOMLUSER]

That const doesn't do what you think it does.

It never does.

Re:Pointer typedefs

[luis_a_espinal]

Pointer typedefs were a bad idea in the 1980s. They're just terrible today. One pet peeve of mine is this: typedef struct _FOO { int Blah; } FOO, *PFOO;

void SomeFunction(const PFOO);

That const doesn't do what you think it does. There was never a good reason to use pointer typedefs. There is certainly no good reason to do so today. Just say no. If your coding convention disagrees, damn the coding convention.

Care to elaborate (on pointer typedefs and the CONST PFOO usage)? Honest question from someone that hasn't touched a C/C++ for the last 12 years and is trying to clear the cob webs.

Re:Pointer typedefs

[Psychotria]

Pointer typedefs were a bad idea in the 1980s. They're just terrible today. One pet peeve of mine is this:

typedef struct _FOO { int Blah; } FOO, *PFOO;

void
SomeFunction(const PFOO);

That const doesn't do what you think it does. There was never a good reason to use pointer typedefs. There is certainly no good reason to do so today. Just say no. If your coding convention disagrees, damn the coding convention.

Care to elaborate (on pointer typedefs and the CONST PFOO usage)? Honest question from someone that hasn't touched a C/C++ for the last 12 years and is trying to clear the cob webs.

The pointer is constant... not what it "points to" and the typedef "hides" that

Re:Pointer typedefs

[$RANDOMLUSER]

His point was that a PFOO is a POINTER to a struct _FOO, and so when you say void SomeFunction(const PFOO), you're saying that the POINTER is constant, not the thing being pointed to, which is probably not what was intended. Since the definition of PFOO is located elsewhere, probably in another header file, it's easy to get yourself confused as to what data type you're dealing with.

Re:Pointer typedefs

[mosschops]

I've never come across that mix of separate attributes with defined types. Typically there will be a PCFOO to go with the PFOO, which has the const as part of the typedef: such as LPSTR and LPCSTR.

Typedefs allow you to keep the whole type atomic. I prefer:

PCSTR p1, p2;

to

const char *p1, *p2;

where the pointer symbol needs to be repeated on the second variable, despite 'const char' being common to both.

Re:Pointer typedefs

[ColdGrits]

That const doesn't do what you think it does.

It never does.

Fundamental rules of programming -

1. Constants aren't.
2. Variables won't.

Re:Pointer typedefs

[The+New+Andy]

The obvious reason you might want a typedef like that is for a mostly-opaque data-structure, where you have several different implementations, some of which require a level of indirection, some of which don't. (The "mostly" in "mostly-opaque" is there to mean that calling code never accesses the type directly, but the type is complete, so the compiler can put it on the stack).

In short - pointer typedefs are good for the times when you really want to say "this is data of some type, maybe a pointer, maybe a struct, maybe an int".

(oh, and to add to your complaints about that code - _FOO is also a reserved identifier...)

Re:Pointer typedefs

[Arlet]

My pet peeve is the unnecessary use of the underscore in struct _FOO. I prefer this:

typedef struct foo { int blah; } foo;

I hate caps too, except for constants.

Re:Pointer typedefs

[emt377]

Ever see Windows code declare anything const?

Re:Pointer typedefs

[emt377]

Not to mention using a typedef so you can type PFOO instead of *FOO is like '#define ZERO 0" so you can type ZERO instead of 0. There's just no point to it.

Re:Pointer typedefs

[noidentity]

I take that one step further, since typedefs are salvation:

typedef int int_array_size_1 [1];
typedef int int_array_size_2 [2];
typedef int int_array_size_3 [3];
typedef int int_array_size_4 [4];

See, now I don't have to use evil types directly:

int_array_size_3 a; // ahhh, much better

But I can hear you now, "how does that work if the size is a named constant?" Never fear!

#define SIZE 3

#define ARRAY_OF_SIZE_( type, size ) type##_array_size_##size
#define ARRAY_OF_SIZE( type, size ) ARRAY_OF_SIZE_( type, size )

ARRAY_OF_SIZE( int, SIZE ) a; // and you thought it was impossible... ha!

Re:Pointer typedefs

[nebular]

What drives me nuts is the over use of Foo and Bar as labels in programming examples. I completely failed my first course on C++ in college because the instructor would use nothing but Foo and Bar and derivatives for everything in his examples. I would get so lost because everything would look exactly the same and I would confuse foofoobar for foobarfoo (Made much worse when I would drift with my ADHD and come back and try to figure out what he did during the 2 minutes I wasn't paying attention).

Luckily now that I'm back in school 10 years later, my programming instructor has stressed that whatever you label you label it for what it does or what it will store, no matter how small or simple the program is going to be. Much easier to follow along now.

Re:Pointer typedefs

[msobkow]

Pointer typedefs were very useful in the age of the "_FAR" attribute with MSVC. If you wanted your code to be portable, it was easiest to hide the extra "_FAR" attribute in the typedef rather than counting on the programmers remembering to include a "MY_FAR_MACRO" on every pointer utilization.

Re:Pointer typedefs

[zeroshade]

IT BURNS IT BURNS!!!!!

Re:Pointer typedefs

[MikeBabcock]

While I understand your point, I do love constant names. I wish more programmers used them well. Silly examples:

const int TRUE = 1;
const int FALSE = !TRUE;
const int SUCCESS = 0; /* isn't a bad idea either when working with stdlib */

I get peaved when programmers through constants around in code and can't be bothered using a const declaration and a variable name to help future maintainers know why and from where they chose these numbers.

const int MAXCUST = 1000;

For example, the above is very valuable, when trying to figure out why code says something like "int c[1000];" ... whereas "int c[MAXCUST];" tells me the thought process involved. As does the probably subsequent "for (i=0; i1000; i++);" long afterward in the code.

Re:Pointer typedefs

[multipartmixed]

What you describe is incredibly uncommon IME outside of redmond-derived code bases.

Re:Pointer typedefs

[QuoteMstr]

Ah, hysterical raisins. I never wrote 16-bit code; that's a good explanation now that you mention it. Thanks.

Re:Pointer typedefs

[$RANDOMLUSER]

Christ, I'd forgotten that. Thanks for reminding me, now I won't sleep tonight.

Re:Pointer typedefs

[Noughmad]

Ever see Windows code?

$ git clone git://microsoft.com/windows.git
fatal: unable to connect a socket (Connection timed out)

Sorry, but no.

Re:Pointer typedefs

[jgrahn]

Pointer typedefs were a bad idea in the 1980s. They're just terrible today.

*Typedefs* in general are terrible. They have two main uses in my book, and both are specific to generic programming in C++. Traditional uses IMHO mostly serve to obfuscate the type system (since they're just aliases).

Re:Pointer typedefs

[mosschops]

It is indeed more common in Win32 code, but that's not exactly a small segment.

Re:Pointer typedefs

[luis_a_espinal]

The pointer is constant... not what it "points to" and the typedef "hides" that

Oh, I thought it was something else the OP was referring to and that was escaping me. I don't see why 'typedef' would hide that ...unless the person doesn't know that the const in const struct _FOO * only refers to the constant pointer to the struct _FOO (and not to what it points to.)

I wouldn't see it so much as typedef hiding that fact as much as I would see it about people not knowing the rules wrt to const and pointers.

Re:Pointer typedefs

[luis_a_espinal]

His point was that a PFOO is a POINTER to a struct _FOO, and so when you say void SomeFunction(const PFOO), you're saying that the POINTER is constant, not the thing being pointed to, which is probably not what was intended. Since the definition of PFOO is located elsewhere, probably in another header file, it's easy to get yourself confused as to what data type you're dealing with.

Ok, now I get what the OP was referring to. Thanks!

Re:Pointer typedefs

[smellotron]

You know what's even better?

const char *p1;
const char *p2;

The type is atomic without resorting to a typedef. There's one less superfluous dependency. It's inviting to add initializations.

Best way to handle nulls?

[Compaqt]

He gives one example of an attempt to avoid null pointer errors in Java next:

  public String getFirstName(Person person) {
            return person?.getName()?.getGivenName();
        }

But is it a good idea to use null to mean "no value specified"? What would be better, and what are the tradeoffs? Storing 0 or ""? Storing a special (constant/static) instance object nullValue?

Re:Best way to handle nulls?

[Chrisq]

He gives one example of an attempt to avoid null pointer errors in Java next:

public String getFirstName(Person person) { return person?.getName()?.getGivenName(); }

But is it a good idea to use null to mean "no value specified"? What would be better, and what are the tradeoffs? Storing 0 or ""? Storing a special (constant/static) instance object nullValue?

I think it is useful to collect the NULLs together to deal with at a higher level - a quick way to deal with a null person, name, or given name identically.
Scala has a type "None" that does mean no value specified. I haven't got my head over the trade-offs, pros and cons but it seems to work nicely in case statements.

Re:Best way to handle nulls?

[Alex+Belits]

Anything as long as it's consistent.

And "fixing invalid values" is a completely retarded idea to begin with.

Re:Best way to handle nulls?

[Tridus]

Speaking as someone who hasn't coded Java in a very long time, what does that example actually do if getName() is null?

Re:#1 - Not managing the pointers and memory yours

[MadKeithV]

So why is garbage collection so bad?

'cause it tends to flush predictability right down the toilet. When is the garbage collector going to swing around to do its thing? Are you *sure* it's going to be when it has enough time to do so? Or is it going to pick exactly the wrong moment? Am I going to run out of memory at an awkward time triggering a collection of thousands of objects I haven't used in ages?

Yes, all of these have perfectly valid workarounds.
However, then you are right back to knowing exactly what your compiler and environment are going to do, and sometimes even holding its hand. Manually triggering a collection isn't all that different from handling memory management yourself.

The Right Tool for the Right Job sometimes is low level. And by the way, many great programmers know quite well what the compiler will do with particular important bits of code, and if they do not, will invoke the compiler to generate assembly or intermediate-language code to be sure. Yes, in garbage-collected languages too, I've used ILDASM quite a bit to know what C#/.NET was doing, exactly.

Programming Mistakes To Avoid

[$RANDOMLUSER]

1) VB
2) Perl
3) Silver bullets
3) Writing your own "framework".
4) Using somebody else's "framework".

Re:Programming Mistakes To Avoid

[rrohbeck]

Whenever yo hear "framework", run like hell.

Re:Programming Mistakes To Avoid

[cowboy76Spain]

I don't see many problems using a well-defined, well-supported framework you are familiar with.

Of course, the part of being familiar with it means an overhead that can be important. If you are just going to use it once, maybe it is not worth the time using it (if it is optional). But once you get to know it, many of them are good at solving the issues they were created for...

If we follow the trend of "frameworks does not serve at anything", we'll be back to programming in assembly soon.

Re:Programming Mistakes To Avoid

[JasterBobaMereel]

If you need a framework - your language is not suitable - Ruby is a scripting language not really designed for web transactions, that's why rails was invented

If your language allows you to do any of these mistakes ask yourself if you need the power it gives you, if you do then it's your responsibility to not do these, if you can't/won't avoid these use a language that manages it for you ....

Re:Programming Mistakes To Avoid

[HeckRuler]

It's a terminology thing. The computer industry is awash in buzzwords. Some stick.
But when was the last time you heard the gcc refereed to as a "framework"?
Sure, using the right technical definition, you could probably apply it to the gcc. But you could also apply it to the x86 architecture, the cpu and memory, and the Internet on the whole. Most of these terms are worthless out of context.

Re:Programming Mistakes To Avoid

[MikeBabcock]

Perl is sometimes the best language for the job. Especially when doing what it was designed for; extraction and reporting.

I've seen very few other languages that can do rapid parsing of text so easily and clearly. Log analyzers come to mind quickly, like calamaris.

Re:Programming Mistakes To Avoid

[RightSaidFred99]

I god damn hate VB (.NET). I don't understand why people use it. Why? Why? I mean why would you use that when C# is available. I just don't get it. To add insult to injury, they use VB expressions in WF in .NET 4.0. It's befuddling to me. Nobody with any god damn sense god damn likes VB. Period.

Perl is actually good for what it was designed for. If I want to script some UNIX shit (simple to complex, but _scripting_) I use Perl. None of this shell bullshit except in special circumstances. The problem with Perl is all these UNIX sysadmins did a bunch of scripts in Perl and thought "shit, I can code this synchronization script in Perl, why don't I start writing larger and larger applications in it?". It all went downhill from there. First, most sysadmins are not programmers. Second, Perl becomes an unmitigated mess as the size of the script/application increases.

Agreed on the rest, especially "frameworks". I have a catalog of about 14 years of code in a variety of languages that I will try to reuse where possible, and shit like Enterprise Library is pretty good, but frameworks are only really useful in a few cases - new teams or old teams with a lot of new members coming on. In those cases frameworks can help constrain the new developers and keep the code cohesive until the team develops a little more.

Re:Programming Mistakes To Avoid

[RightSaidFred99]

You're misunderstanding what a framework is. For example, see "SharpArchitecture" or "Spring". I actually think Spring is fine, it's called a "framework" but it's really a bunch of cohesive utilities, it doesn't really constrain the way you write your code. SharpArchitecture, on the other hand, is a framework in the truest sense. The worst are the home-grown, shitty frameworks some asshole in your company writes and expects you to use.

Re:Programming Mistakes To Avoid

[Noughmad]

Whenever yo hear "framework", run like hell.

Except when the framework is Qt.

GOTO...

[Ecuador]

Is it indecent of me to reminisce on the days of olde when such a topic would simply turn into a lengthy discussion mocking BASIC programmers?

Re:GOTO...

[Errol+backfiring]

Not really. VB grew up (it is now just java with syntactic sugar). PHP, on the other hand, is going back to the 80s of the previous century.

Re:GOTO...

[rrohbeck]

You won't believe how many GOTOs I see regularly in our C/C++ sources :(

Re:GOTO...

You won't believe how many GOTOs I see regularly in our C/C++ sources :(

Come now, we don't know if this is good or bad until we see the "GOTO" macro!

On a more serious note, goto's for local jumps can often lead to cleaner code. I use goto whenever I see fit and I'm not polite when someone blindly parroting a 40 year old essay challenges me on it.

Re:GOTO...

[ledow]

I happen to agree with the general idea of that thread - goto is powerful, even in good code, but it easily misused to create spaghetti code. The choices then available are: Remove goto from the language / never use goto, or careful audit each use of goto to make sure it provides sufficient advantages and *doesn't* make the silly mistakes possible.

The languages that remove things that provide complications to inept programmers (e.g. pointers, goto etc.) tend to be the ones that are hardest to program with predictable efficiency for.

There's nothing wrong with goto. Just don't lob it into code without thinking about it.

Re:GOTO...

[syousef]

Worst commerical code snippet I've seen looked something like.

a *= 0;
b *= 1;

Single letter variable names, and code that multiplies one variable by 0 and the other by 1 indicate the programmer was either bored or making a pathetic attempt to keep their job by obfuscating the code.

Re:GOTO...

[mrjb]

Mod parent up.

Avoiding GOTO was always about the structure of the code. It's all too easy to mess up the structure of code when GOTO is used, so as a rule of the thumb it should be avoided. However, over time people have missed the point entirely and turned the GOTO debate into a discussion about syntax, rather than structure.

It's perfectly possible to use GOTO, yet write completely structured code - how did you think a compiler translates a WHILE loop? It will use JMP/GOTO for this. Did you think the compiler changes the structure of your code even the slightest bit? Think again, because it won't. You can draw out the flow diagram of your code and it will be absolutely identical.

Not all languages have a try..finally construct. In such a language, in a function that opens, reads and closes a file, rather than duplicating cleanup code several times over for each possible error that occurs, a GOTO can be an elegant way around this; saving maintenance, maintaining readability, but most importantly, maintaining structured code.

Re:GOTO...

[zeroshade]

Not all languages have a try..finally construct. In such a language, in a function that opens, reads and closes a file, rather than duplicating cleanup code several times over for each possible error that occurs, a GOTO can be an elegant way around this; saving maintenance, maintaining readability, but most importantly, maintaining structured code.

This could be handled by simply having a "process_error" function or whatnot. Especially elegant would be encapsulating using OOP. All the cleanup code existing inside the class and functions. You have to remember that if you have your try...catch...finally. If you throw an error inside the catch, the finally will never get called (kinda blows the whole guarantee out of the water huh?). For example, if you open, read, and close a file. Use an object wrapper that will clean up upon destruction of the wrapper. That way when the function ends, whether successfully, catching an error, or dying horribly, you're guaranteed that it get's cleaned up. Most languages that provide a destructor mechanism guarantee that it will always be called when the object is destroyed (whether by going out of scope or by explicitly destroying the object). Goto in this situation would probably be unnecessary to have structured code and in fact would probably complicate it further.

Re:GOTO...

[pesc]

There's nothing wrong with goto.

Correct. It is the labels that mess things up.

{ // long, long code //
a = 1;
a_label:
b = 2;
return a*b;
}

When reading code, the label messes up what you know about the state of the program. What are we returning here? You have to scan the entire function and find the gotos to know.

Re:GOTO...

[siride]

Right...but the parent was talking about those situations where you don't have try-finally and OOP, like in C. In that case, goto really is the best solution. And as it stands, exceptions are actually worse than goto because where the execution flow ends up after an exception is thrown is unpredictable as it is basically a goto to a runtime-determined location outside the called function.

Re:GOTO...

[siride]

And that's significantly worse than seven layers of nested if-statements and loops? If the function is so complicated that you have to expend considerable mental effort to figure out who calls the labels, then you'd probably have the same problem with nested loops and if-statements.

Re:GOTO...

[RightSaidFred99]

Amen. I actually had some guy tell me that "break" in foreach loops was evil, and just like a goto.

I then notified him that "return keywords considered harmful!".

Re:GOTO...

[TheRaven64]

The goto statement in C is not the GO TO statement that Dijkstra was complaining about. He was talking about an unconditional jump with an unbounded destination. The C goto is a local goto, which can only jump within a single subroutine, is not incompatible with structured programming, and can be the best tool for the job (although I've recently seen code that used a chain of gotos to simulate a nested if, which was just horrible).

In C and C++, the closest equivalents of Dijkstra's GO TO are longjmp() and throw.

Re:GOTO...

[blair1q]

True.

The use of goto is not justified by ignorance of the underlying action of while, do, for, switch, break, continue, return, throw, f(), or longjmp, but is justified by knowing their underlying action and finding it inadequate or obfuscatory.

(I get the nagging feeling I missed one...and not in asm...)

Re:GOTO...

[fwarren]

I wish all new programmers could sit down and learn to code from a FORTH guru.

Having to work with BLOCKS of 16 lines of 64 chars each are great. When you learn from someone who writes well documented, easy to maintain code. In FORH you tend to factor definitions down to about 5 to 7 words (excluding noise words like DUP + . ). Good definition names are of utmost importance. Short definitions with a program designed around lexicons of words that do THINGS to build a custom language that describes the problem you are trying to solve. If what you are trying to do takes more than 16 lines of FORTH in a definition, 99% of the time it is natures way of saying "You are doing it wrong."

My functions in other languages tend to be a bit longer than that. But I still use good names and build a program by building groups of functions that work together as their own private lexicon. Anytime a function approaches a page of paper in size, I start to get the feeling that I am not solving the problem the right way. Something should probably be factored out, which often means a) I don't understand the problem as well as I should and b) the function I am working on is probably names wrong as well.

Re:#1 - Not managing the pointers and memory yours

[dhavleak]

#1 - If you are a programmer, BE A PROGRAMMER and manage the pointers and memory allocations yourself. Garbage collection is for little boys. Men deal with it on their own with techniques that work and are efficient.

So mega-strongly disagree dude. Not saying you shouldn't do heavy lifting when necessary -- just that you should only do it when necessary. Don't re-invent the wheel every time. Frameworks exist that do work for you for a reason. Chose your frameworks well, understand them in depth, and you can do good things. If you "start from the first principles" every time, you end up with a humongous fucking surface of new code -- which is bound to have a nasty bug or three. It comes down to choosing the best tools for the job.

#2 - Initialize all variables to known values. int i; doesn't cut it. int i=0; does.

True dat. Lots security pitfalls here too -- not just garden variety bugs.

#3 - Use descriptive variable names

So true. Corollary to that: because a variable name is descriptive, don't make wanton assumptions about it.

#4 - you shouldn't be allowed to program anything new until you've been a maintenance programmer for a few years and seen the crap code that others puke into the world. Your crap code stinks too, BTW.

I'd modify this to say "always, always, always have a peer-review process". Junior devs are prevented from checking in crap because it gets caught by senior devs. The junior devs also learn quality habits from reviewing senior devs' code. Multiple reviewers is always a good thing. Review your design among the entire team before anyone writes a single line of code. Remember to keep security in mind when reviewing code. Use static analyzers when you're done with the "human" aspect of the review. Apply every imaginable quality bar to your code, and only check it in once it has passed scrutiny.

to avoid what?

[zwarte+piet]

I'm supposed to program mistakes to avoid what?

Re:to avoid what?

[rrohbeck]

To avoid working code of course.

Re:to avoid what?

[Noughmad]

The browser's title bar says "Programming mistakes to avoid - Sashdot". Not unreasonable.

Is this real?

[Psychotria]

I've not worked as a programmer for, hmm, maybe 15 years and all of this was known way back even before I "retired" from that line of work. Perhaps all these levels of abstraction upon abstraction make things harder to understand. Back in my days these "pitfalls" were obvious because we all (well, not all, but a lot) knew ASM and actually even used it regularly (even inline, *shudder*).

Someone above mentioned pointer typedefs and gave the example of typedef struct { int Blah; } FOO, *PFOO; (yes I left off the bit before the the opening brace deliberately.) and then suggesting that people don't know that void SomeFunction (const PFOO) {} doesn't behave as expected. Now this could, I suppose, be seen as a failure of the language. But, shit, any idiot who understands the underlying logic can see why that causes problems. Which goes back to my point of maybe all these modern levels of abstraction and getting away from the machine are, in some ways, detrimental.

Now, get off my lawn. Umm, except I don't have a lawn because I sprayed the growth inducing hormone RoundUp all over it, but that is beside the point. I think.

Re:Is this real?

[turbidostato]

"I've not worked as a programmer for, hmm, maybe 15 years and all of this was known way back even before I "retired" from that line of work."

Yes: there's an obvious problem with programming and it's that "we" as a guild are not building upon past experience. For the most part, the current generation of programmers are making the same kind of mistakes that where common -and learnt how to avoid, even 20 years ago. Can you imagine, say, aviation if you had to engineer an Airbus 380 all the way from Otto Lilienthal to-date instead of building on past knowledge? That's what I feel too many times when dealing with new development projects.

Now the question is: what could we do so new programmers start where the previous generation left instead of having to build their own knowledge almost all the way along again?

Re:Is this real?

[noidentity]

Layers of abstraction do make it harder to debug problems, since it may be at a different layer. But proper layering doesn't make it harder to understand. Let's take a filesystem. I can create a file, write some data, then close it. Assuming no errors, I now have a file that I can open and read the data back. That's abstraction working with you. It's much simpler to understand than the raw disk blocks, or the disk driver, or the hardware registers written to achieve that (and that's only for the hardware it happens to be on at the moment... it could be over a network for the next file).

Re:Is this real?

[MikeBabcock]

What I find much worse is the number of programmers who don't use const at all. In fact, the C standard library under-uses it too, imho.

I've seen under-use of const by both new and old programmers, forgetting that the compiler can save them time and effort both debugging and optimizing.

So many simple things, so little time.

Re:Is this real?

[molecular]

Now, get off my lawn.

You left your lawn 15 years ago. It's now made of plastic and kids play there.

How to avoid mistakes

[wzzzzrd]

Always think of your code as some sort of API if you care about clean, maintainable code. This is a good talk about API and code design: http://www.youtube.com/watch?v=aAb7hSCtvGw/ from Josh Bloch. It's entertaining too.

Re:How to avoid mistakes

[aug24]

Always think of your code as some sort of API

I will steal and use that when mentoring. Thanks.

Justin.

Re:How to avoid mistakes

[molecular]

Always think of your code as some sort of API if you care about clean, maintainable code

Wew, dude, I thought an API was a place to hide all the ugly code!

Re:How to avoid mistakes

[wzzzzrd]

Wew, dude, I thought an API was a place to hide all the ugly code!

See, dude, if you code an API you have at least a place to hide the ugly code, which means there is also some good code. Otherwise there would be just the ugly code. A small step for the coder, a big step for the maintainer. Of course, this doesn't apply to me, as I don't write ugly code ;)

Re:Maintaining code by others are always a nightma

[YeeHaW_Jelte]

All true. My personal favorites are larger, long running projects where all of the above is true and all kinds of undocumented business logic is embedded in the code making a rewrite unfeasable and you have to decide which part of the code is outright sloppy or bad, which parts are feasable and which parts aren't actually being used anymore. Top that off with the original developers being unavailable (either dead or fleeing) and you'd be painting a pretty accurate run-of-the-mill software enviroment.

Re:strcpy and strncpy

[Alex+Belits]

I often deliberately choose a string manipulation that involves strcpy() and even strcat(), just to make a point that those are perfectly valid and useful functions, despite some morons writing insecure code with them.

The only really unsafe function is gets().

Philosophy for Software Designers

[Aceticon]

I did went throught the list in TFA and while their "programming mistakes" list is sound, it's all over the place and often doesn't dig down to why should you do or not a certain thing.

So I decided to put down a list of, low level principles and concerns to consider when doing software. Given my own level of experience and the fact that I'm getting tired of maintining code by people who have never managed to cross the threshold from junior/medior software designer to senior designer, that is the target audience.

So here goes:
- When designing/coding software, assume that sooner or later it's going to be called-by/changed/extended by a junior developer. They cannot be relied on to recognize design structures or practices and will do things like passing bad parameters in, or incorrectly use it (for example, misusing a singleton). My solution to this is defensive design/coding: check for nulls at library entry points and fail-fast (avoid "junk-in junk-out" scenarios - those just make for data corruption and hard to track bugs), make sure things like singleton classes cannot be instanciated normaly, avoid obscure constructs that must be used in a "right way" (i.e. functions that should be called in a certain order) and overall try and make your design so that the natural way of using it is also the correct way.

- When designing software, before employing a certain construct (for example a design pattern) ask yourself "What do I want to achieve with it?". Complex software structures are used instead of simple (and easier to understand) ones because they achieve certain objectives which outweight the increase in complexity - don't use it because it's fancy/fashionable/elegant/everybody-does-it: those are not proper reasons. The cost to maintain, support and extend code grows with code size and complexity and using fancy structures just because is a way to dig a deep hole for your colleagues and your future self. Consider that it's allways cheaper to "add it later if and when we need it" than "maintain code that is twice the size for 6 months". For example, what is achieved by defining an interface for which now (and in the foreseeable future) only one implementation exists?

- Design and code your software so that Responsabilities and Domain-knowledge are contained together in their own modules/classes. Avoid leakage of concerns (i.e. "we do it this way here because we know that the code we call in another module works in such and such way"). This makes it easier to find ALL the code responsible for doing a certain kind of thing and avoids the dreaded "I changed it in one place but forgot to change it in another place" problem. For example, don't mix your database access code (that knows all about SQL and tables and such) with your web-page generation code (which is experting in user interaction via HTML) since they are independent domains (you can have one without the other).

Programming Mistakes to avoid

[maroberts]

Being still employed by the company when the project goes overtime and over budget.
Experienced programmers should've found another employer at a higher salary before their incompetence is discovered....

Re:Maintaining code by others are always a nightma

[BiggerIsBetter]

There will however always be BAD code by bad programmers. I've taken over Java progress where everything was OOP'ed into hell (as in a bazillion classes more than was needed for the application) and PHP projects which should be OOP'ed but consisted of about 500 files that included each other in a huge confusing net.

I see this one as a lack-of-experience problem. People have good intentions and want to build scalable, extensible, maintainable code. This is good. Unfortunately however, they're wrong. The apps they're building are small irregardless of the amount of thought they put into them, and they won't have to scale and extend the way they think they might - you don't need interfaces and impls and arbitrary inheritance for everything when the webapp is 4 screens of Spring WebFlow! Sure, if you're building something that warrants it, this is the way to go, but most of aren't building apps that big or flexible. It seems to take time to learn this, and to know when to apply the patterns and when to just build it.

As a smarter man than I once said, Make things as simple as possible, but no simpler. If you do that, your code will work, it'll be understandable by the next guy, and you'll have a fighting chance of meeting your deadlines.

Mistake Number 1

[Fnord666]

Make sure the code in your article compiles or is even legal syntax. The following is supposedly sample Java code:

public String getFirstName(Person person) {
return person?.getName()?.getGivenName();
}

WTF?

Re:Mistake Number 1

[Terrasque]

My two questions when reading that:

1. If there is a null pointer in there, what would the return be?

2. Would the return be any more useful than the default mode (which would be crash + burn)?

Re:Mistake Number 1

[TempeTerra]

I've recently been trying to do something similar in C# (the other Java), and that syntax would be really handy.

For instance, pulling values out of an XML object if you want parent.element("person").element("addresses").element("work").element("line3").Value ... but when the XML was parsed the person might not have any addresses, a word addres, or whatever is meant to be on line3. You have to check each level individually for null, which is a damn lot of code for nothing useful, or you write a helper function which either returns the final value or null if any of the hierarchy is null.

They've just put that in the language directly, which is fine by me.

Re:Mistake Number 1

[smellotron]

parent.element("person").element("addresses").element("work").element("line3").Value

That's not too hard to work around. Suppose that instead of returning an absolute NULL, each of those functions instead returns an "null" object? If they all work by returning a flyweight, then really you're just looping through the same empty-object over and over again.

I've done this in C++, PHP, and Python. I imagine it extends equally into other languages. The C or C++ approach would be to have a global static hidden somewhere in the source file, and just use that constant as your null object.

Meh it's not all programming

[js3]

Half of these are design mistakes

Re:strcpy and strncpy

[dhavleak]

I often deliberately choose a string manipulation that involves strcpy() and even strcat(), just to make a point that those are perfectly valid and useful functions, despite some morons writing insecure code with them.

The only really unsafe function is gets().

That's just stubbornness for it's own sake. These are violently unsafe functions. People do manage to make asses of themselves even with so-called 'safe' string APIs, but there's no good reason to not use them. Strcpy() or strcat() have pitfalls that are really esoteric, and if you keep using them you'll eventually make a mistake and end up with some absolute motherfucker of a bug with security ramifications you wouldn't even have imagined.

my favorite: more is always better

[Uzik2]

Just add more code! That always makes it better. Closely followed by "It's unreliable/broken" "We've got to rewrite that old xxxx in m$'s new blah-ty-blah framework!".

Two Major Mistakes

[grcumb]

My two most common mistakes:

1. Variable scoping
2. Memory leaks
3. Off-by-one errors

Re:Two Major Mistakes

[pr0nbot]

Variable scoping -- in javascript especially!

I'd add, "errors in the error handling"

Re:Two Major Mistakes

[AmeerCB]

"Variable scoping -- in javascript especially!"

Absolutely. I've been programming javascript for a long time and I still confuse myself with its variable scoping.

I think part of the problem is that most web developers have never been formally trained in javascript. Most likely they were formally trained in OOP languages like C++. And if you try to apply the rules of those languages to javascript, you have just enough knowledge to dig yourself a gigantic hole.

Re:Two Major Mistakes

[aztracker1]

Fair enough... for (var i...) { for (var i...) {} }, even if bad form, tends to work in other languages.

*ALL* variables in JS are scoped to the function they are declared in (with var keywork) or global.

Functions are first-class citizens, they can be extended upon, and have a dual-role as a constructor.

I think if more programmers understood how variable scoping and closures work in JS, they would get a lot farther. Why it's always in either lesson 1, or lesson 2 when I do intro to JS classes for developers.

The PRE programming mistakes

[petes_PoV]

By the time the coding starts, most projects are already doomed. The basic mistakes that occur before any code is written have a far greater effect on the project. While these are almost all outside the control of the programmer, he/she always gets the blame due to the "last person who touched it, broke it" principle. My short list of favourites would be:

Allowing too many options / features in the design. The classic example being unable to decide whether feature A or B is best, and ducking the issue by including them both

Assuming 5 working-days of effort can be achieved in a working week. Conveniently forgetting about all the office overheads such as "progress" meetings, timesheet administration, interrupted work, all the other concurrent projects. Even the most efficient, single-threaded operation needs half a working-day per week just for the trivia.

Following on from that, conveniently forgetting about annual leave commitments, national holidays and the possibility of sickness. If 5 working-days per week is impractical, 12 working-months in a year is downright negligent.

The tacit assumption that testing will inevitably be followed by reelase - rather than bug-fixing.

Holding the end-date constant while delaying the start, or presuming that all delays in the specification, design, approval stages can somehow be reclaimed during coding (how: by thining faster?)

Re:The PRE programming mistakes

[WillerZ]

Just out of interest, do you work at IBM?

Re:The PRE programming mistakes

[blair1q]

1. Allowing too many options / features in the design

Easy to manage if you can organize them under a few classes and they don't couple too hard; if you let them all have a different top-level class you're fucked.

2. Assuming 5 working-days of effort can be achieved in a working week.

_The Mythical Man-Month_ covered this (mumble) decades ago.

3. The tacit assumption that testing will inevitably be followed by release - rather than bug-fixing.

Seriously? That's a firing offense.

4. The rest.

Most of that is just generic bad project management. It's not at all limited to software practice. It's a feature of allowing inexperienced or untrained PM's to do your scheduling, which is a very frequent choice of middle management, which becomes a hindrance when things start to go off the rails. This is the sort of thing that makes Agile processes relatively successful; when you plan for chaos and get it, it doesn't look so much like failure.

Avoid over engineering and over generalising

[rgravina]

The biggest programming mistakes I've had the displeasure of making, or discovering in others code, almost always centre around one of these two problems:

1. The code is over-engineered
2. The code was abstracted before there was even a need for the abstraction.

I remember when I was less experienced, how thrilled I'd be over code that was clever, solved many problems aside from the one I was trying to solve, and had some clear reusability built in. What a work of art, I thought.... until I eventually realised that much of the extra code I had written didn't get used, the abstracted code was never reused - or even if it was, I couldn't predict how it would be reused and the abstraction was clumsy at best, useless at worst.

It's sad when this happens - good intentions, but the end result is a lot of waste. I'm embarrassed to look over my earlier code which is like this.. I like to think I do it less now, but the temptation is always there... I'm going to need to do this later anyway... I can just abstract this bit here and reuse it some day in the future...

My advice now... Don't do it! Just wait until the reuse case comes along, or the new feature request comes along, and *then* do it. You'll know so much more about the problem domain then, or you might avoid days (weeks!) of wasted effort.

Re:Avoid over engineering and over generalising

[crunchygranola]

Good points. I am an "agile programmer" from way back - I have been pushing Boehm's Spiral Model of development since 1986 when he published it. Having been a practitioner of this for some 15 years before it got relaunched under the name "agile" I am unimpressed by the recent prescriptive formulations on the "right" way to be agile - but the principles are sound. One of the best simple take-aways is to avoid over-designing. Keep the code clean and strive for simplicity and clarity. If you only have on type of object (not several types) why create an interface, an abstract implementation of the interface, the concrete implementation of the abstract class, a factory class when you could just instantiate the damn object with its own constructor (I am working with inherited code that does exactly this).

Re:#1 - Not managing the pointers and memory yours

[complete+loony]

If you are a programmer, BE A PROGRAMMER and manage the pointers and memory allocations yourself

I look at the problem like this;

I've solved a fair number of sudoku puzzles in my time. You build a mental set of rules and patterns you look for, and you repeatedly apply them to the remaining squares. On a really hard puzzle you'll often reach a point where you get stuck. You keep scanning for patterns in the remaining numbers but you just can't see the one clue that causes the rest of the solution to fall out.

But a computer program? Once you tell it how to find something, it never forgets to apply a rule. You may think you can keep following a small set of simple rules while building a complex software solution. But chances are pretty good that you'll miss something. If you can hand a task like memory management to a software solution, there's a good chance it will do a better job at tracking memory than you will.

Its always been the case

[JustNiz]

>> 'programming may in fact be transforming into an art, one that requires a skilled hand and a creative mind to achieve a happy medium between problematic extremes.'"

Its not transforming into it, it's always been an art. And that has got nothing to do with whether its web programming or not.

The reason that this is even news to some people is that most managers fight hard to bury that fact, because the vast majority of them are one-trick ponies that incorrectly think that everything can and should be reduced into a plannable production line process, and that we developers are all simply non-creative, cheap and freely interchangeable commodity called a 'coder'.

Admitting programming is an art makes management have to admit that:
1) Not all programmers are the same therefore we have value, so need to be paid appropriately.
2) Its not a predictable process so you can't micro-manage us.

Re:strcpy and strncpy

[Alex+Belits]

These are violently unsafe functions.

If those are unsafe, then dereferencing a pointer or using an array is unsafe, too -- and that means, a programmer is unable to write safe code no matter what.

People do manage to make asses of themselves even with so-called 'safe' string APIs, but there's no good reason to not use them.

What?

The only kind of "safe" strings handling that I am aware of, is operations on strings that are combined with allocation (in object-oriented or almost-object-oriented way). Their purpose is to simplify common operations, any "safety" is at best a side effect that shouldn't matter if programmer is not a moron in the first place.

Strcpy()

strcpy()

Case-sensitive names should be written as they are defined, no matter where they are in a sentence.

or strcat() have pitfalls that are really esoteric, and if you keep using them you'll eventually make a mistake and end up with some absolute motherfucker of a bug with security ramifications you wouldn't even have imagined.

I repeat -- if you can mess up strcpy(), you can mess up anything, and should not be allowed to write any code to begin with. It does not matter how many opportunities you are given to jump in front of a bus or a train -- what is important is that you should not do it.

LabVIEW Programming

I hate it when some enterprising test engineer decides to add a constant value in place of the instrument reading to force a pass.

Then when you 'fix' this, the shit hits the fan cause you're the one who has 'broke it'. (Not that the DUT's are faulty)

Especially love it when it's on a testset for a train's break force tests...

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:#1 - Not managing the pointers and memory yours

[Bengie]

I was recently working on a horribly written .Net app that created and de-referenced tons of objects in its main loop. The net result was memory usage going from 200MB one second to 500MB another second. Based on how quickly over all system memory was cleared up, the .Net GC must kick in right away. I'm not talking about objects lingering around for minutes or even tens of seconds, I'm talking about just a few seconds.

If you're going to gripe about using a language that uses a GC, then it's perfectly valid to gripe about ANY abstraction you use between you and the computer to program. Like any tool, it can be incorrectly used.

Never code anything important between ...

[140Mandak262Jamuna]

Never code anything important between 1PM and 3PM (or whatever is your most sleepy time of the day based on your circadian rhythm).

Re:Never code anything important between ...

[Vectormatic]

and NEVER commit anything after 5 PM into version control

Re:Never code anything important between ...

[Lilith's+Heart-shape]

I made that mistake last Friday night. :(

My experience exactly

[Kupfernigk]

You've run out of spare mod points, so I will just say I agree 100%.

(How about a Java application where a block of simple, everyday fixed classes were written in Groovy? See; nothing changes. New toys used to make the same old mistakes.)

SELECT FROM dual for no reason

[albyrne5]

This one bugs the hell out of me:

In PL/SQL, when people for some bizarre reason avoid using IF/THEN/ELSE and normal := assignments, but instead to a SELECT DECODE FROM dual.

Why?! Dear Lord why?

It's harder to read. It's slower. It's against normal practises. It's an utterly unecessary use of SELECT.

So why do they do it? And why do they insist - when I point out their stupidity - that it's "just developer preference" and "there's no performance hit"?

HELP ME!

Don't get me started

[mrjb]

Don't get me started on preventing programming mistakes. If I'd address the most common programming mistakes that I've ran into in the wild and write an article about each of those mistakes at a time, I would end up with a whole book on the matter and would probably call it "Growing Better Software".

I find the given top 12 list of mistakes a bit weak- I'd be able to avoid all of these and yet write horrible code. My personal recommendation for a top 12 of programming mistakes to avoid would be:

1. Failing to check function parameters before using them: null pointers, limits, lengths, etc. This will make your program unstable and/or unpredictable.

2. Spending too little time thinking about and designing the data structure of the application. This will make you get stuck when maintaining/extending your application.

3. Following every market hype - When the marketing bubble bursts, you'll have to start over again.

4. Designing user interfaces without actually involving users - You'll be surprised how easy it is to confuse users.

5. Infinitely deeply nested if/else statements - This will make code absolutely unreadable.

6. No documentation whatsoever - Who's going to maintain your code after you change jobs?

7. Ignoring existing, universally accepted standards - so you'll cause interoperability issues or be doomed to either reinvent the wheel.

8. Hard-coded values/magic numbers - as a result, any change must be made in code rather than allowing power users to configure their own system.

9. Littering code with global variables - this implies statefulness of code, making it pretty near impossible to predict how a function will behave next time it is called.

10. Being unaware of the "Big O" order of your algorithms, causing code to be unnecessarily inefficient.

11. Strong platform dependency: This can shorten the lifetime of your application to whenever the next platform upgrade takes place, or keep you stuck at the current version of the current platform forever.

12. Thinking you can figure out everything by yourself - In learning by doing, experience can only follow from making mistakes. By getting yourself a mentor or an education, you can actually learn from the mistakes that thousands have made before you.

13. Stopping at 12.

Re:Don't get me started

[zwarte+piet]

13.00001E+00 Using floating point numbers. 14. Copy coding. 15 using multple definitions of the same datastructure 16. using the default structure packing for datastructures that are shared between applications 17. (too) small buffers 18. being incomplete....

Re:Don't get me started

[smellotron]

1. Failing to check function parameters before using them: null pointers, limits, lengths, etc. This will make your program unstable and/or unpredictable.

I would go one step up from that: Failure to understand the contract of an API is what gets people. It's fine for basic functions like the C mem{cmp,move,cpy,set} functions to assume inputs are correct. It would be expensive to check them for every single call, and anyone passing in a NULL value to these functions can't be trusted to honor the return code anyhow. However, any competent developer using that API understands the contract, and does their own checking as necessary.

Also, checking vs. NULL usually only catches a small set of null-related issues. Assignment to a member of a NULL "object" might be hitting the address 0x20 (for example), which is indeed non-NULL but still invalid.

Re:Don't get me started

[mrjb]

Failure to understand the contract of an API is what gets people. It's fine for basic functions like the C mem{cmp,move,cpy,set} functions to assume inputs are correct.

Agreed. Of course when developing that API, it's important to make the right choices for that contract, to balance performance vs. safety. In the original PC BIOS* a high priority was given to safety of the code; as such, screen I/O performance was dead slow. One could of course argue that they made the wrong choice. But hey, at least the BIOS would never crash. (* See "Personal Computer XT System Technical Reference" for the actual commented BIOS listings).

Ok - with aircraft being manufactured for war

"Now, please, give me the list of "common mistakes" made by surgeons and aircraft engineers, and compare them with this list of amateurish crap." - by Alex Belits (437) * on Tuesday December 07, @05:57AM (#34471506) Homepage

Back in 1996-1997, I had a programming contract with a MAJOR "eisenhower military industrial complex" company (who shall remain nameless).

Each day during work, I had to go report to a major in the military who was my supervisor right after lunch at noon or thereabouts, to go over code I was writing for them.

In doing so to get to his office, I would have to pass through an aircraft hanger (underground no less & connected to a major airforce base in the south eastern US) where they were making both troop transports, bombers, and jet-fighters, etc..

At the far end of the hanger was a sign that read this:

"DO YOUR BEST WORK, BECAUSE OUR YOUNG MEN & WOMEN'S LIVES RIDE ON IT"

That got to me, as I had a family member currently in the service.

So, one day, I happened to be walking through it with the major at my side who was my supervisor.

First pass through, He noticed that I looked at that sign then... and I did so, again, on the way back when he & I passed back through it to get back to his offices from where I was working.

He, upon noticing I kept staring in the direction of that sign each time we went thru said hanger, asked:

"What do you keep looking at over there in that direction?"

I replied "That sign. I have a younger brother in the armed forces (who is now currently a major himself no less a decade later now) and that sign 'gets to me'"

To which he replied "Ok, 'off the record'?"

I said "Sure, ok..."

To which he stated "Kid, I don't want to 'burst your bubble' but that sign? Is bullshit!"

To which I said "What do you mean?"

To which he finally stated "The reason WHY we have this contract is, we are the 'lowest bidder' & those planes?? They are built like shit!"

To which I asked "Why do you say that?"

He closed it with "Ok - each arch in the airframe is SUPPOSED to have 10 rivets - we only put in 7 - just to save money & make contract budget + to profit!" (or something FAR less than what it was supposed to be by the intended design, etc.)

(This made me also realize that big business does this for profit, and hell with peoples' lives... even those of those who defend us).

Sure, the planes were going to get "torn up" & shot at anyhow, but to make them shabbier than intended, violating the engineering team's init. designs, doesn't help with them being able to TAKE such abuse either... FAR from it, imo @ least!

How would you all like to know this & see it happen, and know that YOUR brother OR sister in the military was riding on aircraft that were built far less structurally sound than they should have been according to their intended design... especially when said planes would be getting into fights in the air?

APK

P.S.=> That's my story in regards to "mistakes" (intentional ones in the NAME OF PROFIT, hell with lives) being made in warfare aircraft of all kinds being made. I hope I didn't offend anyone with it, but there it is! Enjoy... apk

IMHO the biggest mistakes

[drolli]

Programming without carefully selecting the solution. I maintain a small measurement control system and before even making the smallest extension i will read and think about the different possibilities in question before typing the first line of code. Then i will try to isolate the new code so that a possibly wrong decision at that stage can be cured quickly.

So lets condense it to: Think hard and try to make the right decision and still assume it will be wrong.

A special corollary of this is to give a malus to all solutions which needlessly bind you a specific implementation.

Re:Maintaining code by others are always a nightma

[Vectormatic]

try maintaining code written by an architect

currently i have a couple of bugs to fix on a system which, functionality wise isnt all that incredibly exciting, however the system was written entirely in a one man sprint by a design-happy architect. The end result is so complex it took him over four hours to explain just the easy half of the project..

Re:Mistake #14

[pnewhook]

Ignoring team dynamics

If you get a software lead that is a primadonna, thinking he knows absolutely everything without listening to anyone including the project lead, customers or his own developers (I've been there), the project is doomed to fail. Doesn't matter what it is, when the team works poorly, the output is crap.

My advice to everyone is if you have a team member that is more of an obstacle than an asset, and everything turns into an argument, then get rid of him as fast as you can.

Memory failing

[sepiroth]

• wondering how this could have ever worked
• forgetting to save the file and wondering why it does not work
• editing a different file and wondering why there is no change in the behavior
• implementing the same part again while vaguely remembering to have seen it somewhere already
• forgetting why I did not implemented it this way before

Re:Maintaining code by others are always a nightma

[Savage-Rabbit]

There will however always be BAD code by bad programmers. I've taken over Java progress where everything was OOP'ed into hell (as in a bazillion classes more than was needed for the application) and PHP projects which should be OOP'ed but consisted of about 500 files that included each other in a huge confusing net.

Taking over projects fitting those descriptions is never a good idea. They are nothing but pain, it's impossible to resolve the problems with the app and the code unless you opt for a complete rewrite. If, however, you go that route the remaining developers will be pissed off because they wrote the crappy code and you are basically saying that their ugly baby is ... well ... UGLY! What's worse, you are saying it out loud for everybody including the PHBs to hear. Eventually you end up being frustrated, your PHB either caves in to complaints about you and puts you in your place or you get laid off. Unless, of course, you anticipate this and quit before he gets the chance. There is no substitute for writing code properly and designing and planning your application properly no matter how insignificant the application seems to be because you will never know which piece of shit app will take off and scale into something much, much bigger. Myself, I learned this from a friendly lecture I was given by my boss after I handed in my first project on my very first job. He made me rewrite the thing entirely claiming it was better that I learned the value of things like database abstraction and MVC separation right away. He was right.

Re:Always an art & logical.

[JimB]

YES !! It was originally that way. An ART form. Managers FINALLY figured out how to cram programming into a 'form' (cookie cutter), and used all the early idiotic "Design Methods" to corral programmers & designers into lower paying, easily replaceable "jobs". The "systems programmers" at CNA (early 1980s) would wear flannel shirts while everyone else got sent home if not wearing a suit. That kind of power could not go unpunished. (I.E.: we helped in our own demise.)

Re:Maintaining code by others are always a nightma

[WED+Fan]

Or when BAD programmers, think they are good, and label other programmers as BAD. Which one are you?

Work on the Help Desk

[Geoffrey.landis]

Number one: ignoring users.

In my dream world, every programmer would be required to spend one day a week working on the help desk, just to get a chance to see what is important to the actual people who use the software.

Unit tests

[xRelisH]

are very important. I work in the embedded field, and it can be quite a pain in the ass to throughly test something without having a set of unit tests. It helps to have a mindset of encapsulating modules or groups of work, and abstract out the platform (at build time) if possible. Then have a set of unit tests that exercise the code that can run on your desktop machine. Doing this lends well to code responsible for doing calculations, that is often bug ridden if not unit tested.

Re:#1 - Not managing the pointers and memory yours

[zeroshade]

#2 - Initialize all variables to known values. int i; doesn't cut it. int i=0; does.

True dat. Lots security pitfalls here too -- not just garden variety bugs.

Just wanted to point out that this doesn't apply in all languages. When dealing with languages where int i; does initialize to a known value, it's unnecessary (though not wrong) to do int i=0;. For example, most languages that aren't C or C++. If you're coding in Java, you know that if you do int i; it will be initialized to 0 for you.

Anyone else have that issue

[HeckRuler]

Where you want to advise someone in one direction,
but then on the very next line you warn them not to go too far?

It makes the entire message a little watered down. They're all good points, in various scenarios, but the lesson I learned out of that was to do something in between both of the extremes... which is what I'm doing now. Huh, and here I just thought I was lazy.

Re:Maintaining code by others are always a nightma

[VGR]

I've taken over Java progress where everything was OOP'ed into hell (as in a bazillion classes more than was needed for the application)

I certainly have sympathy for you; I've taken over many code bases which were maintenance nightmares.

But I have to take exception (no pun intended) with your above statement. What you took over was not OOP in any way.

OO is not "do all the same crap but do it using copious amounts of inheritance."

I've seen people do what you describe---using an insane mount of classes---and it's abominable, but please don't pin that on OO. The whole point of OO is to minimize the need for looking through code, by making each class simple and opaque with a well-defined contract, so it can be treated like a black box as much as possible.

Most people who venture into OO just do all sharing of data and/or functionality via inheritance. I blame most CS curricula for this, as CS has taught for many decades that languages are all the same and just impose a few different syntax rules on what should be the same logic. Thus, most CS students see inheritance just another syntactic tool, and they are eager to make excessive use of it so they can feel like they're doing things the "Java way" (or .Net way, etc.).

And to try to be a little on topic: the article is quite correct that Java's new question-mark gimmick (the implicit null check) is one of the worst things to happen to software reliability in the last ten years.

Re:#1 - Not managing the pointers and memory yours

[Eric+Sharkey]

#2 - Initialize all variables to known values. int i; doesn't cut it. int i=0; does.

True dat. Lots security pitfalls here too -- not just garden variety bugs.

This is a pet peeve of mine. It's very bad advice to throw in meaningless initializations. If a variable has no meaningful value, you want tools like valgrind to be able to recognize this and catch code that tries to use this value. If you set it to 0, but then don't mean that variable to be read without being set to something else first, you've done yourself a disservice.

I once got fired over testing

[wiredog]

I told the boss "I don't write perfect code, and that's why we have testers." That day I was fired. A week later the test lead was laid off.

6 months later the company lost the contract and the manager was laid off...

Re:I once got fired over testing

[obarel]

You got fired because you don't write perfect code?
You got fired because you said that you don't write perfect code?
You get fired because you asked for testers?

No, you got fired because your manager was an idiot.

Re:I once got fired over testing

[JustSomeProgrammer]

I might have to agree a bit with your boss on this. While I don't believe I write perfect code I try to. I don't lay the responsibility of finding defects on testers. I find it a personal fault whenever a tester finds a defect in my code.

Now I could be misinterpreting what you're saying. I used to work with some people who wrote code and never even once tried to test it once themselves before they passed it off to QA. Sometimes not even building the code before checking it in. Getting them to write tests of any kind was impossible. It made them really hard to work with and made the QA cycle extraordinarily large. I'm more railing against this type of person claiming they are a developer than just someone who relies on someone else to also spot check their code.

I wouldn't want to work in a place where I am the final person looking at the end product being developed. But at the same time I do feel like testing is part of my responsibility as a developer.

Poor Article

[ryan.j.dew]

I could write articles like this in my sleep. It is vague and schizophrenic. Don't use frameworks that take care of common functionality, but don't reinvent the wheel. Ok? Use syntax that doesn't exist yet. Even better! Now write code that is long enough to get the job done, but not too long. Why didn't I think about that?! Waste of time

Re:#1 - Not managing the pointers and memory yours

[Just+Some+Guy]

#1 - If you are a programmer, BE A PROGRAMMER and manage the pointers and memory allocations yourself.

And output formatting. printf is for wussies. Also, networking; if you can't whip up your own application-tailored TCP stack, then you should go back to playing with VB. And GUI toolkits? TOOLKITS?!? What are you doing, building a footstool? Hell, no! Manly programmers don't use toolkits, they use the library of macros they built while apprenticing to Knuth.

You're completely right. All this mamby-pamby resource management crap is for Kindergartners and Excel users. Real Programmers flip bits with soldering irons, and we like it this way.

Fear of decisions

[Chemisor]

There is one mistake made by experienced (C++) programmers that really bugs me: fear of decisions. Every time this programmer needs to design something, he tries really hard to not place any constraints on the design until it becomes absolutely impossible to create an implementation without doing so. He separates interface from implementation. Then he separates the implementation from the real implementation by some indirect pattern like pimpl. (Heaven forbid that the API user would ever have to recompile!) He places no constraints on parameter values and spends months ensuring that the code handles each one, somehow, even for parameter values that clearly indicate that the caller royally screwed up. He makes all code reusable, even if nobody will ever do so. He writes all his code in templates, just in case the API user might want to write his own string class. He invents his own scripting language (with freeform syntax and comments and God knows what other features) and writes configuration files in it, just so the user could configure every possible variable in the program and to do it in the most ingenuous and convoluted manner.

To top it off, he then takes all of the above and puts it in a library. Never mind that he has never tried to use it with anything but the one little app he is currently writing. Never mind that the library is so bloated that linking to it would triple the memory footprint of OpenOffice. Never mind that nobody in the right mind would even consider using it. But it's OPEN SOURCE, man, so it must be GOOD!

Too few comments...

[wiredog]

My first job I came across /*Why did I do this?*/ above two pages (when printed out) of uncommented code. Code that started with

if(pow(2,(typeof(int)somenumber){while(something){for{...two pages of stuff}}}

He was, it turned out, checking to see if bits in an int (a 16 bit int) were set in order to control a machine. The machine's physical layout allowed 24 objects, but when the operators set it up for that it went berserk, because the 16 bit int was wrapping...

And no comments explaining what (and more importantly why) he was doing.

Re:Too few comments...

[Stregano]

Wow, I was seriously going to post this very same thing. I do see that there needs to be a healthy balance between too many comments and not enough comments. I have seen code where somebody put a comment behind something like this:
String startdate; //start date of the application
Yeah, there is no need for a comment there. It is pretty apparent that is the start date of the app. Also, I agree that if you are doing anything complex, comments need to be in there.

What I normally do when I know I am going to write something complex is to write out in plain English what is going to be happening through comments, and then program around the comments. I then use the comments almost like a TODO list to help me along. It helps me and it helps anybody who would look at this code later on down the line.

Complex code + no comments + complex code giving errors = huge pet peeve of mine

Now, I am not saying hand your code to me on a silver platter, but it would be nice to at least know what is going on without wasting precious time figuring out every little thing you did so that I can fix your error.

So...

[Graham+J+-+XVI]

What are the mistakes I should not avoid?

Re:#1 - Not managing the pointers and memory yours

[TheRaven64]

If you use malloc() and free() you throw determinacy out of the window too. Is malloc() going to be a very fast tree search quickly returning an allocation of the right size? Is it going to be a slow tree search through fragmented memory returning an allocation? Is it going to require a system call (and is that going to be mmap() or brk()? Depends on your OS / malloc() implementation)? Is it going to be able to allocate from a thread-local pool or is it going to have to acquire a mutex and (potentially) stall other threads?

In hard realtime systems, dynamic memory allocation is not allowed for exactly these reasons. On most modern systems, the cost of handling a page fault is significantly more than the cost of scanning the nursery in a generational garbage collector, so you may not even get better performance from manual memory management, which requires you to be quite conservative about deallocation.

Good programming is about choosing the right level of abstraction for the problem at hand. Some programs require you to be close to the metal, others are best served by a very high level of abstraction, reducing the amount of code that you right (and, typically therefore, the number of bugs).

Good programmers are lazy, they like to solve a problem once and then forget about it. Saying that you would never use a particular tool is the sign of a terrible programmer - can you imagine a carpenter making the same claim? (I never use a hammer! Real carpenters always use a nail gun!)

Re:Maintaining code by others are always a nightma

[Herkum01]

I wish I could mod this up. There are two types of programmers, those that can take criticism and those who can't. The truly bad programmers don't want to hear it, and don't want to change anything. The other type are willing to listen, but cannot improve on their own; they need oversight to make them productive.

It also does not help when a large number of managers who are hired cannot do, more or less understand how, the work that needs to get done. Usually they don't want to get involved because they are busy in meetings being "productive".

The US should be the leader in IT, instead we want to ignore it because for a management, to get involved is too much like work. Everyone just wants to be paper pusher and makes life for programmers just hell because you can never get solid decisions on anything. If I had to start my career again, I would not get involved in IT; there are too many people who just have no idea what they are their doing and just pass the buck.

Re:strcpy and strncpy

[RightSaidFred99]

Your argument is silly, Super Programmer. In many cases you're not going to be the only person managing your code. Suddenly everyone else in the world is using strncpy() and you're using strcpy() just to be an ass, and you've got code with different conventions, one of which is just wrong (yours).

You must be coding facile code indeed to have written no extra code and to have handled strcpy() perfectly in every instance with 0 chance of error.

Please, please tell me you've coded something in the open source world so I can look at your code for 5 minutes, find an error, and laugh at you. Pretty please?

I'll tell you what, just to be an ass I'm going to start setuid root'ing all my programs whether they need it or not. What kind of incompetent programmer can't properly secure a program such that it can run setuid root, I ask you?

Re:UI by programmer.

[aoteoroa]

UI designed by programmer.

Yes: I'm looking at you, FOSS.

Or my favourite...UI's designed by graphic designers. I used to work with a fantastic designer. He had a real talent for creating visually appealing designs for our web apps that were simple and could be elegantly built with CSS but he insisted on putting menus and buttons in non-standard locations. The result was users had to relearn every interface and hunt for buttons. If we simply had OK, and Close buttons at the bottom right of dialogs, and the menus near the top right our programs would have been easier for new users.

Documentation

[GodfatherofSoul]

When we migrated to C++ a while back, my biggest gripe became the number of projects, library, et.al. that weren't documented. I won't name the very popular library, but when I contacted the developers (I was still new with C++ at the time), they told me to "read the headers." Your code is not documentation, no matter how well you comment your functions. There's a subculture out there that I don't get that has the mindset that "it was hard to write, it should be hard to use" (and that's almost a direct quote from a library author). I don't know if it's job security, elitism, nepotism, or what. But, with some projects there's a cold disregard (borderline hostility) towards the people who will actually be using the product.

Re:Documentation

[jgrahn]

When we migrated to C++ a while back, my biggest gripe became the number of projects, library, et.al. that weren't documented. I won't name the very popular library, but when I contacted the developers (I was still new with C++ at the time), they told me to "read the headers." Your code is not documentation, no matter how well you comment your functions. There's a subculture out there that I don't get that has the mindset that "it was hard to write, it should be hard to use" (and that's almost a direct quote from a library author). I don't know if it's job security, elitism, nepotism, or what. But, with some projects there's a cold disregard (borderline hostility) towards the people who will actually be using the product.

It's hard to take that seriously when you don't want to name the "very popular library". I understand that it may be sensitive re: the company you're working for, but you're asking us to buy into your views and at the same time give up the ability to check your facts ...

Re:Documentation

[GodfatherofSoul]

Huh? You want me to reproduce the email for you, too? I'm posting in a geek blog, not building a corporate fraud case.

Re:skill vs engineering

[LO0G]

There's one huge difference that makes programming different from engineering. Engineering is predictable - a mechanical, structural or civil engineer can accurately schedule the amount of time needed to produce a unit of work.

Programming isn't nearly as predictable - even the best developers I know can only schedule work to a tolerance of a couple of days. Invariably something turns out to be harder (or easier) than it was originally planned.

Re:skill vs engineering

I think you overestimate the predictability of the engineering disciplines.

Re:skill vs engineering

[eyrieowl]

huh? there's all sorts of problems that have been solved by engineers where I'm certain the engineer went into the situation without a clue of exactly how they were going to solve the problem...and thus no idea exactly how long it would take. Engineering is only predictable in the sense you say if the problem being solved is one which is relatively common. But if you're, say, engineering a novel new bridge, there's a whole host of problems which aren't "predictable".

Re:UI by programmer.

[ConceptJunkie]

Forget FOSS. Try Enterprise software. I've never seen more consistently bad and unusable software than anything designed for the "enterprise".

Re:Maintaining code by others are always a nightma

[ConceptJunkie]

I've taken over Java progress where everything was OOP'ed into hell (as in a bazillion classes more than was needed for the application)

So something like a typical Java library then?

Either your Professor is an idiot

[falconwolf]

or he has no idea what programming is. I can guarantee a lot of programmers are not doing "engineering" and most aren't doing "science", but as a whole programming software has a lot in common with those fields.

One of my favorite professors, I had him for calculus, physics, and programming, used to say to solve some of the problems in the classes he taught being creative would be helpful. Sometimes a problem had to be looked at in a different way, coming from a different angle.

Falcon

Choose the right language for the job.

[falconwolf]

TFA links to 7 programming languages on the rise, print version.

"I'm going to write this whole thing in Python or Ruby" simply because it's the latest "cool" language.

TFA above has this piece: "There seems to be two sorts of people who love Python [7]: those who hate brackets, and scientists. The former helped create the language by building a version of Perl [8] that is easier to read and not as chock-full of opening and closing brackets as a C descendant."

You should choose the language based on what will best do the job, not based on what's popular today, and you should choose one language for the entire project before you start writing the first line of code.

But what if a project is large and different sections are best written in different languages? With modularity a project can be broken down into different modules then the appropriate language can be used for each module.

Falcon

Re:Choose the right language for the job.

[dgatwood]

Although you can do it that way, you have to be really careful that the interfaces between modules are maintainable and scalable. It's not at all uncommon for such things to cause real problems down the line as you suddenly realize that you need tighter integration between those modules. Even in cases where the functionality is completely distinct right now, you should at least have a contingency plan for when you find yourself needing to rewrite a critical chunk of code in another language to integrate it with another critical chunk of code. And my rule is: if in doubt, choose C. It's still in heavy use after almost forty years for a reason.

My attitude towards Python is that any language in which whitespace is significant is a bad programming language. It was a bad idea when Fortran did it, and it's a bad idea now. You can justify it all you want from a code readability perspective, but the fact remains that it leads to really awkward coding practices, like indenting function bodies sixteen spaces just in case you need to add another nesting level. It brings back memories of BASIC and line numbering every ten lines. Same basic principle. It's also inherently harder to actually follow what's happening once a function gets more than a few lines long because there is no way to quickly jump back and forth between both ends of an indentation block because there are no braces to match, and after a few lines, it gets really hard to uniquely identify indentation levels. (BTW, saying "don't write functions that long" is a copout. A function should be a reasonable functional unit that makes it easy to understand what function does what, not arbitrarily broken up to work around the syntactic limitations of a programming language; if function is never useful outside the context of a single line in a single caller, it generally shouldn't be a function in the first place.)

The absolute last thing I want in a programming language is one that decides how I should format my code. If someone cares about how the code is indented, they should run indent(1) on it. It should not be necessary for me as a programmer to reindent code for correct operation. As such, I view Python as a solution in search of a problem. Don't get me wrong, Perl's syntax is awful, but PHP does a much better job of providing Perl-compatible regular expressions and proper classes in a language that's easily readable and maintainable. In turn, PHP's biggest flaw, IMHO, is that people think of it as a web template language and ignore its ability to be used for real code (and the interpreters aren't all that optimized, last I checked), which brings us to Ruby.

Ruby is at least interesting intellectually in that it seems to be trying to be a pure OO language. It seems likely that Rails will be both its biggest win and its biggest downfall in that we run the risk of it being seen as PHP is---a language for web pages and nothing more. It also has the very awkward concept of having no real multiline comment markers, and the near-constant abuse of multiline strings by developers to emulate them. There are probably some other bizarre things about it, but I haven't done enough work with it to complain about them yet. I usually wouldn't choose it, simply because I find pure OO to be more of a burden than a blessing for about 80% of the stuff I do, but it is at least interesting.

Fast and loose programming is great as long as:

[falconwolf]

We've come a long way from when hackers tried reduce the size of programs, however we've lost a lot along the way. Hell, to be a hacker as those in MIT's Tech Model Railroad Club was to be along the best programmers. Now a hacker is someone who's looked at a criminal.

Better checking for null in one common place and let the process fail gracefully than to check for nulls in the multitude of places that call this function.

That's a hacker routine, reducing the number of lines a program takes up. However that's not "fast and loose" programming.

Falcon

Re:Fast and loose programming is great as long as:

[enjerth]

I was just using "fast and loose" in the context of TFA, which called it "fast and loose" to allow a process to execute when key data is null (or at least that's how I interpreted it, TFA wasn't exactly clear).

Re:Fast and loose programming is great as long as:

[falconwolf]

I was just using "fast and loose" in the context of TFA, which called it "fast and loose" to allow a process to execute when key data is null (or at least that's how I interpreted it, TFA wasn't exactly clear).

Thinking about it I suppose it can be taken 2 ways. One, the way I looked at it, at least the "fast" part is that the program runs fast. It is optimized. The second way, perhaps what you meant, was that the program itself was written quickly. It wasn't given much thought to how it was programmed.

Falcon

Re:skill vs engineering

[LO0G]

Probably true. But for the vast number of jobs an engineer does, the work is very straightforward.

If I'm an architect and I want to know if my design is structurally sound, I know that I can hire a structural engineer for n hours of work and they'll be able to answer my question - and the number n is pretty much the same for all structural engineers. I'm not aware of any software engineers (and I am one) who schedule work by the hour (they may bill by the hour but they don't schedule by the hour).

Re:skill vs engineering

[LO0G]

That may be. I'm just parroting back what I was taught in college in my software engineering course. I've never worked as a mechanical or structural engineer.

But I do know that much engineering work is pretty-much cookie-cutter work.

Re:UI by programmer.

[falconwolf]

f we simply had OK, and Close buttons at the bottom right of dialogs, and the menus near the top right our programs would have been easier for new users.

If you use Windows but not all Linux distros or OSX is laid out the same. Heck, they can even be customized to work the way the users wants them, within certain areas. I use OS X and Ubuntu now but when I used Windows I even rearranged it's layout.

Falcon

Re:#1 - Not managing the pointers and memory yours

[mccrew]

Just wanted to point out that this doesn't apply in all languages. When dealing with languages where int i; does initialize to a known value, it's unnecessary (though not wrong) to do int i=0;. For example, most languages that aren't C or C++. If you're coding in Java, you know that if you do int i; it will be initialized to 0 for you.

What you are saying is of course factually correct. However, I disagree with the conclusion that just because a language does something you shouldn't also try to make you intentions as clear as possible.

Any developer worth his salt will program in a variety of languages over his career, with each language having its own semantics, conventions, and quirks. In my opinion, becoming a great developer is about cultivating a certain mindset. A great developer develops bulletproof habits, hard-won conventions learned across all programming languages.

In Java you don't have to initialize variables because the language defines semantics for that situation. It's technically not wrong, and a developer who chooses to recognize this and not initialize their variables is a not necessarily a lazy or bad developer, but it would raise my eyebrow. This leads to developing a bad habit which will bite you when you go to another language with different semantics, and your newly-declared int gets set to whatever trash value was lying around on the stack. It's all about the mindset.

12 Popup Windows to Avoid

[Ear+Phantom]

Thank you, Firefox, for blocking them.

The comments here on Slashdot are far, far more useful than the original article, which I found to be rather trite and derivative ("don't do X. don't do ~X").

What are Mr. Peter Wayner's credentials? Sounds like he hasn't touched a single line of code in his life--even the examples won't compile and don't do the same thing that he says they do.

Re:Maintaining code by others are always a nightma

[Platinumrat]

Try the the above "business logic is embedded in the code" when you're working for a company that is trying to sell a system to another customer. The developers then complain that Project X for customerX should do things the same way as Project Y for customerY did it. When you patiently explain that that's not how customerX do things, the development team then look at you as if you're an idiot. When your customers are government agencies, then you know there is a world of pain ahead for you and the development arm of the company you work for.

Re:Maintaining code by others are always a nightma

[BotnetZombie]

try maintaining code written by an architect

Isn't that some sort of racism? There are good architects, and there are bad architects.

Characterizing programming as art

[lwriemen]

Programmers, who want to characterize themselves as artists or craftsmen, are just too lazy to put in the engineering time. (Although, they do end up spending more time patching, fixing, and refactoring.) They don't want to document their requirements assumptions, provide adequate design documentation for reuse by other parties, be measured against their peers, and capture lessons learned by others. They tend to point to heavy-handed software management (another seriously delusional bunch) techniques as proof that the aforementioned doesn't work. The software industry as a whole needs a serious wake-up call, which will probably come from the rising amount of litigation, spawned by poor practices. The beauty of art is subjective, but software correctness is subject to scientific measurement.

Re:#1 - Not managing the pointers and memory yours

[fwarren]

Time is one of the best teachers. Better than peer review, better than cleaning code. Write your own code then come back and look at it in 3 or 4 years. It becomes pretty obvious how clean the code is, how easy it is to follow or how well it is documented. If you go to college, in the last 3 months you should be required to review, document, and modify software you have written over the past 4 years. I am afraid at the pace crap is thrown at you in school, most would not have time to appreciate the lesson it would teach them.
 

PMS Programming rules are great

[danparker276]

As long as you follow PMS Programming standards you are fine. Most depends on you situation, most places don't have the budget to do things the "Best Way"

Re:strcpy and strncpy

[Alex+Belits]

Suddenly everyone else in the world is using strncpy() and you're using strcpy() just to be an ass, and you've got code with different conventions, one of which is just wrong (yours).

If someone can't use strcpy(), he should not program in C. Avoiding "dangerous" functions will not make his code better, it will just wrong in some other manner because.

Please, please tell me you've coded something in the open source world so I can look at your code for 5 minutes, find an error, and laugh at you. Pretty please?

Current uClibc MicroBlaze port and various Linux drivers. Now go, fuck yourself.

Re:strcpy and strncpy

[Alex+Belits]

I'll tell you what, just to be an ass I'm going to start setuid root'ing all my programs whether they need it or not. What kind of incompetent programmer can't properly secure a program such that it can run setuid root, I ask you?

If program has to run in a non-MMU environment, this is exactly the case, as protections won't work there.

Other than that, programmer SHOULD always write software in a manner as if it will be safe to run setuid root. It should not actually be setuid root just in case that programmer might be wrong in some nontrivial manner -- there are plenty of ways to mess up security, and buffer overflow is only one of them, and easiest to avoid.

However if programmer can't calculate the size of his buffers, he is fundamentally incapable of writing any software that deals with buffers, and particular functions have nothing to do with it.

All things in moderation, including moderation.

[falconwolf]

I love that and have been saying it for years. "All things in moderation, including moderation itself

Falcon

Re:All things in moderation, including moderation.

[Thing+1]

Thank you, "Trading Places" (how do you give THAT possession???) costumed train priest/butler, who said almost exactly that ("itself" was not part of his quote).

Re:skill vs engineering

[HornWumpus]

Software engineering is slowly earning the title.

The reason that other types of engineers are better able to schedule jobs is the jobs have all been done many times before and the process, though complicated, is well understood.

As software engineers (as a group and as individuals) gain experience we are able to better schedule jobs.

I can schedule by the hour, but only for very small jobs.

My scheduling error is typically a % (which as I say varies based on risk, which varies based on many factors) of total job time, so if the total job is 40 hours I can pretty well say it won't take over 48 or less then 32 (I use +-20% as typical, tight specs, known tools.).

Of course if the client doesn't know what they want all bets are off. That's true for every type of engineer.

If an architect is breaking any new ground with their design you can bet the structural engineer will need more time and not be able to tell you exactly how long it will take.

I don't know where you got the idea that all engineering work outside software is 'very straightforward'.

All engineering is by its nature about trade-offs, is iterative and has no single 'correct' solution. (which isn't to say that there aren't incorrect solutions.)

Engineering is the union of applied science, business and art.

Nothing with that much to it can be called 'straightforward'.

Re:#1 - Not managing the pointers and memory yours

[DahGhostfacedFiddlah]

Furthermore, by not initializing variables, you are creating a special case for certain values. You are saying, in effect, "I will initialize variables to the correct value, unless that correct value happens to be [0|''|null]".

But I'd also argue that initialization doesn't have to occur at declaration. Constructors/factories/initializer methods are perfectly valid places for initialization.

Re:#1 - Not managing the pointers and memory yours

[falconwolf]

I'd modify this to say "always, always, always have a peer-review process". Junior devs are prevented from checking in crap because it gets caught by senior devs. The junior devs also learn quality habits from reviewing senior devs' code.

Though not the same when new programmers in school have asked on Slashdot how they can get experience or contribute to open source one bit of advise given is to pick an open source project then take one of the bugs listed as needing to be fixed. Then after a programmer has submitted some bug fixes they may be accepted as a contributor.

Falcon

Re:strcpy and strncpy

[dhavleak]

These are violently unsafe functions.

If those are unsafe, then dereferencing a pointer or using an array is unsafe, too -- and that means, a programmer is unable to write safe code no matter what.

You are just being stubborn for the sake of being stubborn. It's not about being unable to do your own buffer calculations. It's about using the tools available to you, to reduce the risk of making mistakes.

People do manage to make asses of themselves even with so-called 'safe' string APIs, but there's no good reason to not use them.

What?

The only kind of "safe" strings handling that I am aware of, is operations on strings that are combined with allocation (in object-oriented or almost-object-oriented way). Their purpose is to simplify common operations, any "safety" is at best a side effect that shouldn't matter if programmer is not a moron in the first place.

Hence the words "so-called"...

Strcpy()

strcpy()

Case-sensitive names should be written as they are defined, no matter where they are in a sentence.

What kind of pedantic asshole insists on capitalization on a message board, but refuses to see the basic sense in using functions that give you a little help?

or strcat() have pitfalls that are really esoteric, and if you keep using them you'll eventually make a mistake and end up with some absolute motherfucker of a bug with security ramifications you wouldn't even have imagined.

I repeat -- if you can mess up strcpy(), you can mess up anything, and should not be allowed to write any code to begin with. It does not matter how many opportunities you are given to jump in front of a bus or a train -- what is important is that you should not do it.

Get off your high-horse. Even the most elite programmers make mistakes.

Re:#1 - Not managing the pointers and memory yours

[dhavleak]

That's true actually.. the automated stuff should just be part of your post-build process, the guy writing the code gets immediate feedback on completing a build and fixes that crap before asking for a peer review.

You still need to run a build (and post-build verification) as part of a code review, to account for differences (if any) between your dev environments. Ideally there should not be any, but we know how that works. The most time-efficient way (on big projects) is to kick of the build so it can do it's thing, and then the post-build tools can do their thing, while you're reading code.

Re:skill vs engineering

[commodore64_love]

Same with my job - EE.

I work with computer boards and firmware (i.e. VHDL coding) and it's just the same. Like today: 10 hours and all I accomplished was four tests (instead of the planned ~50), because there was a problem in the wiring & finding the "bug" was difficult. Even now I'm not certain what the problem was, but I did eliminate it (removed the part and white-wired).

So yeah - engineering can be just as unpredictable as programming.

Re:Maintaining code by others are always a nightma

[BiggerIsBetter]

Did you just use "irregardless"???

Yes. I always liked The Far Side cartoons.

C programming

[falconwolf]

my rule is: if in doubt, choose C. It's still in heavy use after almost forty years for a reason.

Now I'm working on the book Learn C on the Mac. As I said in another post most of what's taught in college now, and has been for years, is Windows. I need a refresher for C and C++, though I'm thinking of working on Objective C next, and because I'm using a Mac now I thought I'd try that book. Then I want to get a book on C programming on Linux, I have a Linux PC I want to set up as a server and I want to dual-boot my laptop.

You can justify it all you want from a code readability perspective, but the fact remains that it leads to really awkward coding practices, like indenting function bodies sixteen spaces just in case you need to add another nesting level.

I have trouble reading code that isn't indented and nested. Of course I don't read much code and if I did I might get better. Then again there's a lot to be said about readability.

It brings back memories of BASIC and line numbering every ten lines.

I first programmed use line numbers for every line, of course they were numbered 10, 20, 30. I was shocked the first tyme I saw a BASIC listing that was not numbered every line, I thought there was something wrong with the listing.

Falcon

Re:skill vs engineering

[NateTech]

Really slowly. Let us know when software "engineering" has the equivalent of Building Codes and the head Enginner signs the document that makes them personally and legally liable for any wrongdoing at each code release/something new built. Coders have always wanted the "engineering" title without the engineering discipline.

Re:skill vs engineering

[LO0G]

The job of a structural engineer is to analyze a design and render opinions about the amount of stress a particular structure can withstand and to design structures which can resist particular loads. In the context I described (an architect designing a house), you're right that a part of their job is similar to that of a tester.

Re:#1 - Not managing the pointers and memory yours

[DMUTPeregrine]

While it's true that you really shouldn't be managing the pointers and memory allocations yourself due to the chance of introducing nasty bugs there is quite a lot to be said for knowing HOW to do so.

Re:strcpy and strncpy

[Alex+Belits]

strncat(), when applied to unexpectedly long string, unpredictably alters the data the program processes. Formally, that's just as insecure as running arbitrary code -- it just happens that for some software standards are so low, altering the data (producing garbage) is "more acceptable". The only thing this condition describes is the sorry state of software industry.

As for programmers making mistakes, the rate of mistakes made by every programmer at his skills level is constant and unalterable by his tools. If he isn't given an opportunity to miscalculate a buffer size, he will fill his quota by making a more fundamental error with just as disastrous consequences but without a "recipe" to fix. The only way to improve is to constantly pay attention.

Re:Maintaining code by others are always a nightma

[Vectormatic]

i think you mean discrimination, last time i checked architects arent a race.

also, this guy is a good architect, and that is the entire problem, he is so caught up in architectural purity and abstractions (and it all makes sense too) that his code has gotten so complex that it is near-impossible to understand without weeks of specific training

Re:#1 - Not managing the pointers and memory yours

[Just+Some+Guy]

Oh, I'd never claim otherwise! It's just that there are precious few times when I've ever actually needed to do that stuff myself for reasons beyond "because the language won't do it for me".

Re:#1 - Not managing the pointers and memory yours

[sac13]

Garbage collection is for little boys.

So, only men create memory leaks?

Re:strcpy and strncpy

[dhavleak]

quote>strncat(), when applied to unexpectedly long string, unpredictably alters the data the program processes. Formally, that's just as insecure as running arbitrary code

How so??

This captures the essence of our disagreement.

Altering data by inadvertently truncating a string is bad, and buggy -- absolutely -- you gotta do the work to validate your data beforehand to that doesn't happen. Absolutely. You're saying constantly pay attention, etc. etc. -- here's where you do that. Validate your data when it crosses trust boundaries, and use the right string functions, that *tell* you when your buffer was too small and your data got truncated, and handle that correctly in your code. I don't quite understand why everyone points out strncat() at the drop of a hat as if that's your only so-called safe option (it isn't, and it's only a slight improvement on straight up strcat).

My #1 programming mistake to avoid

[Junior+J.+Junior+III]

My #1 mistake to avoid is simply "Not understanding the layer beneath the layer you are programming in." It's nearly impossible to code something right if you don't understand at least the layer immediately beneath the one you are programming in, so you can understand how to use it properly to get your work done, and don't try to (inefficiently) re-implement stuff that is already handled in the layer below.

Re:skill vs engineering

[HornWumpus]

Almost there in aviation.

Asked back: Are all engineers 'personally and legally liable' for any mistakes they make?

Can software engineering earn the title short of structural engineering type sign offs?

Do you think the people that engineered the Parthenon were not engineers because they were still figuring out how to build with 'crete and didn't follow building codes?

Re:skill vs engineering

[NateTech]

I'm just sayin' some Engineers work a lot harder for the title than others. Let me know when there's a PE certification for software. ;-) Software seems to be one of the areas where prima-donnas really like the title, and then bloviate endlessly online about how it's not a science-only, or a tech-only position, but it requires "Art". In the Civil Engineer world, the "Art" is handled by the Architect. The Engineer makes sure the damn thing doesn't fall on anyone's family. And there are TV shows about when they screw up... called "Disasters". I've seen some true software disasters in my time in Tech Support roles, and never once seen a TV show about them... because they happen consistently and every day, the world over. Thus my observation that "Software Engineering, isn't." At least, not yet. Not even close. :-)

Re:Maintaining code by others are always a nightma

[sjames]

Lack of experience is certainly one way it can happen. In other cases, what was once a small simple app finds itself used well beyond it's design life and outside it's design parameters. Somewhere in there it needed a re-factoring at least and probably a re-design to fit it's new larger role, but it gets nixed since it's "good enough for now". Lather, rinse, repeat and suddenly it's a horrible mess.

In still other cases, expectations out of line with reality cause the problem. The app is supposedly going to be HUGE, running on a farm of thousands of servers with a million users each of which will create hundreds of pages. A year later, the 4 page app with 12 users running on the re-purposed desktop machine looks awfully over-designed.

It's even harder to get the OK to pare a program down to an appropriate scale. The natural evolution then is that more and more additions bypass large segments of it until it becomes the little program struggling to get out of the big pile of baggage all around it.

Re:#1 - Not managing the pointers and memory yours

[JonySuede]

Use static analyzers when you're done with the "human" aspect of the review

No do it before, you will save everyone time

Re:strcpy and strncpy

[Alex+Belits]

This captures the essence of our disagreement.

No, it does not.

Altering data by inadvertently truncating a string is bad, and buggy -- absolutely -- you gotta do the work to validate your data beforehand to that doesn't happen. Absolutely.

You can validate something "you" received from someone or something else -- in other words, across an interface. On the other side of this interface there can be something written with a wrong assumption of your code's parameters such as size of the buffer (or plenty of other equally important properties of your code that may be equally important for security). It may be someone else's code or your code, but if you have an interface with any nontrivial restriction on data, such as size, you can assume that whatever is on the other end may be wrong and should be checked -- this is a part of well-known rule about producing strictly defined output and being able to process loosely defined input.

On the other hand, you can absolutely not validate something you have just done yourself -- if you are wrong in one place (when you generated a string and presumably allocated a buffer or checked that result of your operation can fit in buffer you have) you can just as well be wrong in another place (when you given a number of strncpy() that you believe is the size available for copying). Strings don't get copied between buffers allocated just for them -- that's stupid, and this is what either passing a pointers (so nothing has to be allocated or copied) or strdup() (so allocation is guaranteed to be right) is for.

Strings are copied to produce strings, packets, binary file pieces, etc. from chunks of other strings -- in other words, as a part of text manipulation that can be simple or complex. This means, you still have to somehow determine how much space is available in your destination buffer when you copy this particular string, as your destination is likely the end of some other string or data structure. If you have to produce this number to stuff into your strncpy() function argument, you can be right, but just as well you can be wrong. Doing it multiple times just gives you more opportunities to be wrong.

On the other hand, calculating the size of the buffer when it is being allocated, or some when large, possibly complex, but predictable operation is started -- so it will not be possible for you to be wrong again -- is one calculation. Once you have passed this hurdle, you can be safe that your subsequent parts of this operation will not be able to overrun this buffer. Trying to "verify" that fact again will just fill your program with meaningless numbers -- constant or calculated. They will not make you safe. They will be multiple places that you will have to check and modify when you make any changes to your code. It is completely useless, and only hurts your security by making your code fragile. This is how secure and insecure design works. Not by calling "secure" functions or second-guessing calculations you have already done.

I don't believe, I have to explain those things to someone who supposedly understands what strcpy() is. No wonder, there is shit code everywhere.

Re:Maintaining code by others are always a nightma

[Abcd1234]

they won't have to scale and extend the way they think they might

Wow, talk about short sighted.

Good design is important for maintainability and scalability, yes. But it's *FAR MORE* important for testability.

Abstract classes, interfaces, etc, encourage loose coupling between code, and *that* leads to code that's unit testable. It *also* happens to produce code that's generally modular, extensible, and easily refactored. But that's just a pleasant side-effect.

In short, simple is good. Simplistic is not.

Re:strcpy and strncpy

[dhavleak]

This captures the essence of our disagreement.

No, it does not.

Sure, whatever, tough guy..

I don't believe, I have to explain those things to someone who supposedly understands what strcpy() is. No wonder, there is shit code everywhere.

Listen child - first of all, you keep referencing strncat/strncpy as if it's your only (so-called) safe string function available. Search harder son. The issue you called out, is the reason strncpy is a terrible example of a safe-string function -- but apparently you stopped there and came to a prematue conclusing instead of researching the issue the end, and you also decided you're a superprogrammer with all the answers. I'll leave the discovery of 'safer' functions to you as an exercise, mostly because the answer is platform dependant. Sometimes you might actually not have something better than strncat, so you end up having to roll your own. I'll leave the exact nature of the 'roll your own' function to you as an exercise as well, because in the process of figuring out what it should look like (or if you research a little and emulate something better than strncpy) you'll become a better coder.

This could have been a cordial conversation. Informative even. But you chose to be an asshole/internet tough guy. Do yourself a favor and research the topic a little. You have a glaring hole in your knowledge here, and I guarantee you within about 2 hours of reading you'll understand just how bad it is.

On the other hand, calculating the size of the buffer when it is being allocated, or some when large, possibly complex, but predictable operation is started -- so it will not be possible for you to be wrong again -- is one calculation. Once you have passed this hurdle, you can be safe that your subsequent parts of this operation will not be able to overrun this buffer.

Just to give you a hint along your research -- you're thinking along the right lines here. You merely need to expand on this thought a little, and you can come up with a 'safer' string function that takes advantage of this known-to-be-corret buffer size.

Next time, check your fucking ego at the door.

Root Cause Is Money

[SunSw0rd]

When you work it all the way down, most code issues are about the money. Companies sell code to make money. They want to pay as little as possible to produce it. And make as much as possible from it. Bad coders, ignorant coders, lack of testers, bad testers, ignorant managers, lack of processes -- all of it. Bad coders have jobs because companies only want to pay so little that only bad coders take the money. Ignorant coders of course are paid little. Testers cost money -- so hire as few as possible or have the bad ignorant coders test their own code. Hire/keep potted plants as managers because they are cheap. Take the money and run. Ultimately this is the root cause of it all. And it will never change. This is the way it was 30 years ago. This is the way it is today. This is the way it will be 30 years from now.

Re:skill vs engineering

[eyrieowl]

Now you know. And the Art of which you speak isn't about looking pretty, it's about being able to see the cleverly simple way to cleanly solve the problem at hand. It's an Art which isn't restricted to software, and it's most certainly not solved by architects. I'd equate the building architect to part of the requirements gathering process...then it's up to the civil engineer to find a way to meet the requirements (i.e., construct the damn thing such that it won't fall down).