The problem is there will be a whole bunch of people who will loudly proclaim that having penalties for corporations failing to protect this information is tantamount to socialism.
There are a lot of people who seem to think corporations should be free to do anything they want, and that if consumers want privacy they can choose to buy from companies who give it.
Of course, those people are morons who think the magical free market solves such problems.
As long as we consider corporate greed to be a replacement for regulating them, this is exactly what happens. If corporations have zero penalty for doing a crappy job of security, they'll keep doing a crappy job of security.
And until there are legal penalties for companies who fail to implement proper security, or to keep personal information safe... this will continue to happen.
When a company can sell your private data (because they embedded something in an EULA), or has no consequences for being incompetent, they'll just say "oops, bummer" and keep doing it.
So until there are real data protection laws, with real consequences... just assume these companies are incompetent, indifferent, and not accountable.
Because, let's face it, they are.
But for some reason people seem to think it's unnatural to make companies accountable. Because we couldn't possibly impose conditions on corporations... they have to be free to make a profit without any accountability.
All products which have marketing driving features probably have ZERO security. Because marketing all need a kick to the head and don't understand security, and explicitly don't WANT security or constraints, because that limits how they can make money with and would mean they need to do a better job of engineering.
Most modern tech is rushed out the door, with zero thought of security and privacy. And since it doesn't matter if they suck at both, they'll continue to do it.
Yeah, and of course no company who wants to set up a subscription model won't have fine print in the clause which says "you will be auto-renewed unless you explicitly cancel this in writing, 6 months in advance".
No way in hell I'd pay Microsoft a subscription for the damned OS.
Want to hasten your own decline for consumers? Try foisting a subscription model on them and then acting like it's not the consumer who owns the computer.
I can totally see Microsoft saying "OK, we're upgrading this, removing that, disabling that thing, adding this new component" and generally fscking around with the machine
Sorry, but no. This is literally just rent-seeking.
All of this crap which wants to be connected to the interwebs, and which wants to have voice control, and which wants to be a platform for ads...
This stuff has been created to benefit the company who made them.
They want ad revenue, they want analytics, they want to share that with third parties.
None of this stuff is trustworthy.
The Interweb of Stuff is a marketing gimmick, which has been built to maximize corporate profits.. it isn't secure, it isn't private, and it's probably been hastily written and rushed out the door according to the weenies in marketing.
Sorry, but a 'smart' TV, with voice recognition, hooked directly to the intertubes? If that isn't a recipe for violating your privacy I have no idea what is.
Trusting the makers of consumer electronics to give a damn about your privacy, or your security... well, that's just naive and stupid.
My DVD player, my TV, my XBox, my toilet, my fridge, my thermostat.... I have zero interest in having ANY of these devices connected to the internet. And this is precisely why.
Or is is like "moose"... one moose, two moose, three moose? Look at all the octopus.
Let's remember... and I say this as a native speaker who has had to learn all of the exceptions... English is a loose bastardization of French, Latin, German, Greek, Gaelic, and who knows what else.
It consists of 'rules' which are inconsistent, random, arbitrary, and depend on you actually knowing the rules from the language we stole the word from.
I've honestly given up on caring about some of the corner cases, and having spent many years listening to the small errors non-native speakers make... the errors they make are completely logical. The rules often aren't.
Octopodes sounds incredibly stupid, because I can't think of another word in the English language which is pluralized with "podes" -- which makes it such an extreme outlier as to be doubtful.
I find the more I understand and know the "rules" of English, the more I think it's a bit of a joke to claim these are, in fact, rules... any language which involves knowing the rules of the half dozen languages we stole words from is mostly just winging it.
I'm aren't convincimicated that debatalizing betwixt octopodes, octopi, octipadum, or octipum embiggens us in any cromulent way.;-)
So every time I see one of these stories, I'm forced to ask... is there any evidence to suggest this is real?
Or is this just one of those wacky theories physicists come up with and then try to find evidence for?
At this level, you average person can't tell the difference between bullshit and actual science -- though, I'm afraid calling it a "brane" makes me think more the former than the latter.
But it makes me wonder: Whom do you trust with your data?
Know who you can trust?
You, and encryption you implemented... absolutely nobody else. Period.
And, really, if they break into whatever keeps your private key for your crypto, you can't even trust that.
In an age where spy agencies have decreed they're allowed to do anything, and don't care about jurisdiction... assume the world is full of malicious actors.
Because it is.
If you're an acquisition by a US company away from having your data be under their jurisdiction, assume they'll get into it even if that involves breaking your country's law.
It seems the article writer has zero education about modern cars
I have come to the conclusion that most articles when they say "experts believe" you should substitute it for "some moron thinks this will happen".
I think this is a terrible idea, and is more of the "oh, you don't own the car, we just license it to you". Sorry, if it isn't mine, and I'm not the one who makes decision about it... WTF would I give you money for it then?
It is my car, and I, and I alone will decide what happens to it and when it happens. Not some idiot who thinks it's time to roll out a change.
If it isn't my car, I'm sure as hell not paying you for it.
So some fucking OTA update is going to fail while you're in the middle of driving because it just happened without asking you?
This sounds like some epic stupidity there.
I would NOT accept a car company arbitrarily making changes to my car without my knowledge or consent.
This is not a toy, this is not an app... this is a freaking car, and if it is MY car, you will only modify it when you have MY express permission. Not just because you think it's a good idea or want to hide your previous mistakes.
If these morons are going to claim their EULA gives them permission, they can screw off.
The world isn't supposed to consent to being spied upon by the NSA. If the world did consent, there'd be no point in having an NSA.
Well, allow me to make this clear on behalf of the rest of the world...
If the choice is between my privacy and liberty versus the lives of Americans... I will choose that Americans have to die before I give up my rights. Because if you think your rights are more important than my rights I don't give a fuck about you.
So America's sense of entitlement doesn't mean the rest of the world agrees.
Stop acting like the rest of the world should simply be saying "well, if it's for the security of Americans it's alright". It isn't.
There was a time when Americans would be outraged at this shit. Now they just say how it's OK because that's the job of the NSA.
Honestly, America is a bigger threat to the liberties of more people in the world than any Jihadi is.
And it's time we stopped pretending that a global surveillance state foisted on us by you guys is acceptable.
The only titles I've ever seen^Wheard of which used multi-angle were porn. It was^Wsounded gimmicky and didn't really add much. Or, so I'm told.;-)
The only other places I've seen it used was in some special features on DVDs so you could see the movie, and the original story-boarding side by side, or just one of them. But it was actually a nuisance to use.
It was one of those things which they added to the spec, and then everybody found themselves doing "OK, we have to use this feature... but what the hell do we do with it?".
The fact that it didn't ever catch on with DVDs tells me it's probably just as gimmicky and pointless when YouTube tries it.
It's a feature which was a solution in search of a problem.
And I predict it will be just as underwhelming this time around.
The difference: NSA data is claimed to have sidestepped the protections provided by the UK legal system.
Are we finally going to start seeing courts saying that the 5 eyes cheating to get around the legalities of spying on their own people by having other governments do it is a terrible idea?
Because that would be fucking awesome. When a government has been told "you can't do this" and "this is your evidentiary standard" -- to subsequently say "well, we got it this way, it was they who broke the law so it's OK" -- well that's pretty douchebaggy.
I would dearly love to see courts saying "Gee, the NSA has broken our law, and no matter if they think it's legal it isn't".
These assholes have decided they have no jurisdiction, and I'd like to see someone remind them that they do.
The world hasn't consented to be spied on by the NSA, so I'd love to see them and their counterparts brought up onto shorter leashes. Or shorter ropes.
They're like dogs who bite, if you don't get that under control you might have to put them down. And if they're going to sidestep the law, then they definitely should be put down.
On what basis do you conclude that "phone home" code will be included
Because Zuckerberg and Facebook are greedy douchebags who want the marketing/personal information?
Does the current React.js include such code?
Irrelevant, this is a binary, which means you don't really know everything it does.
As per TFA, Facebook did write it to benefit themselves, but that certainly doesn't mean it is useful only to them.
My inherent distrust of Facebook says it will be self-serving library -- because that's kind of what they do.
Maybe I'm wrong. Maybe I need to up my meds. Maybe I should apply another layer of tinfoil.
But I trust Facebook as far as I can throw Zuckerberg off a roof... and so far they've not allowed me to throw him off a roof, so I just assume I can't trust them at all.
You know what I suspect the other part of this dream is?
Ensuring there's a library of tools which will have code embedded in to to have every app phone home to Facebook and violate your privacy.
There is no way in hell Facebook is writing any tool which doesn't benefit them... which means by default I'm sure it will be set to call home to Facebook, and it would take lots of effort by developers to disable that.
Sorry, no, but apps which want to integrate with Facebook are annoying... no, I do not wish to share this shit online, and if I have a Facebook account, it's none of your damned business.
Annoyingly, most mobile apps are just vehicles to sell ads, and integrate with social media.
You need to write a test suite to confirm what works and what does not work.
No, before you do anything you need to spend some time understanding what it does and sifting through the code for a LOT of hours. You need to understand the layout, the coding style, start to identify the bits which look like duplicates but which might not be.
You need to be prepared to document the hell out of it, and be able to walk someone else through it -- if only as an exercise of "this is what I think I see, do you think you see the same thing?"
Your initial stuff should be entirely in your brain, on your whiteboard, in your paper notes, or in your electronic notes. There's no substitute for spending time ferreting around in the code.
If you start writing a test suite before you do anything... you probably don't have enough understanding of the code to write the test suite in the first place.
And then you'll spend your time trying to make the program fit your test suite.
Another option that becomes available after writing proper tests, is that you can make the decision to discard the entire project and start over from scratch.
No, if that's even an option, you need to review, understand, and document it first. If you go off half cocked writing a test suite only to decide you are going to scrap the whole thing... you've wasted your time writing the test suite.
Legacy code doesn't always play well with the idealized assumptions of "write a test suite". In fact, I'd say that's the last thing you want to be doing.
If your management thinks this is a magic process where you dive in on day 1... run like hell, because they have no understanding of what you are really doing and what it will take.
I agree about some code being unit-test-proof. I've definitely encountered some.
For the original poster... start with backups, so you 100% isolate yourself from your own stupidity... and I'm not calling you stupid, I'm saying everyone who has ever done this has had that "oh, crap, did I just do that?" moment. Plan for it now so you don't have to try to deal with it later.
Then spend a lot of time simply going through the code. Using something like FreeMind or a giant whiteboard to map out the high level stuff. Take paper notes. Lots of them. Spend a lot of time reading it, getting familiar with it, and developing a mental understanding of it.
Understand the hierarchy, the modules, and the high level stuff. Pick a few modules and delve into them. Dissect them to the point you can start to understand how the pieces fit together, and at least have a roadmap. You should be able to draw a diagram which broadly describes the chunks of functionality in your sleep.
If you are trying to make code changes on day one, you're doing it wrong. If your boss expects you to be doing code changes on day one, he's an idiot who doesn't understand what you're being asked to do.
I would say that easily the first few weeks (if not more depending on the code) should be spent doing nothing more than reading and trying to understand. And then doing it some more. Be prepared to walk through with a debugger just to confirm what you think is true -- surprisingly, it often isn't when dealing with someone else's code.
Think of this as being as much archaeology as a technical exercise... you are sifting through layers of code, likely built up over the course of years, and which has a very good chance of having its own unique nature and strangeness.
First, grasshopper, seek understanding. Then, accept that your understanding is incomplete. Then seek more understanding. =)
It's like trying to understand alien technology... you could put an eye out if you aren't fully sure you have learned what it really does.;-)
I've maintained several legacy code bases over the years.
And I will flat out tell you that unit tests have VERY limited utility in terms of understanding a mess of code you inherited. At least, in the beginning.
Sure, you can start with a couple of basic premises, and you can convince yourself those basic premises still work.
But the initial grokking of your code, understanding all places where a function may be used, understanding all of the tricky bits and gotchas, trying to understand why there are 9 functions which look like they do the same thing? That takes some time and effort, and quite possibly some tools.
Unit tests are great for starting to build up a few things, and move towards better stuff... but in a system which has several hundred (or several thousand) functions and interactions, resulting in really large numbers of code paths... having a few unit tests describing the stuff you understand doesn't mean all of the stuff you don't understand wasn't broken, simply because you don't know what you don't know.
So it is important to understand your new unit tests on legacy code are, at best, a VERY incomplete view of your code. That will improve over time, but you could potentially need to write a few thousand of them to be sure you're not breaking anything in the big picture.
If you do things wholesale, then you are likely to break something in an unmanageable way. Oh and make sure things are version controlled;)
Oh, yes.... This.. for the love of god, this.
You should learn how to tag branches and the like in your version control so you can identify a baseline of "before I ever touched anything" and then be able to cleanly build everything which predates you, as well as building your "after refactoring this part".
Branching/tags/whatever your version control calls it -- that doesn't take up much space, so use them often, and consistently. Let the tool do the heavy lifting of keeping track of what you've changed.
You do NOT want to find yourself unable to build it as it existed, or identify all of the diffs between what you started with and what you have.
You know, by the same token I've seen some of the "fine art" wankers saying outright "Photography can never be art because it's merely an objective representation taken by a machine".
And that reminds me why the "fine art" crowd can be as ignorant and clueless as anybody else by not understanding the medium. There's more to it than the pure mechanics.
A can of "Merde de L'Artist" (shit of the artist) can be art, but a photograph can't? Sorry, but don't expect us to take you seriously. with that claim. It means you don't understand enough about the process to know anything about it.
So, while I completely agree more technical people should have some understanding of art... I'm not convinced that the "art" people in general have much more of a clue.
But the body of work of someone like, say, Yousuf Karsh or Bob Willoughby or Ansel Adamsmakes me want to smack the art majors who claim photography can never be art, while they slavishly try to ape someone else's art.
Is photography a medium much more rooted in technology than painting? Yes, absolutely. Is it any less art? That's absurd.
You know, if amateur photographers would learn how to frame shots, that would be great. It would make most pictures suck less. The framing has been well described for decades. But there's more to it than just that.
But if you think all of the hacks with iPhones are suddenly going to make beautiful portrait photography, you underestimate just how bad most amateurs are.
In a world where the selfie stick is a real thing, I'm pretty sure the pros have nothing to worry about it your average person with a cell phone magically learned how to frame a portrait.
Indeed, the single most important factor is the sharpness of the image. But other important factors include the contrast between the face and background. Curiously, exposure quality is negatively correlated with beauty suggesting that photographers can create beautiful images by playing with under and overexposed images.
By the time you're talking about professional (or really good) photographers doing "fine art" photography, and understanding the mechanics of cameras it's simply a different thing.
And, I say this not as a "pro", but someone who has been taking pictures for much of his life -- taking decent pictures is more than just pointing the camera, and taking beautiful pictures involves a lot of technique.
Even gear isn't a guarantee... I've seen people take shit pictures with an SLR, and I've seen people take quite good shots with a point and shoot.
The problem is there will be a whole bunch of people who will loudly proclaim that having penalties for corporations failing to protect this information is tantamount to socialism.
There are a lot of people who seem to think corporations should be free to do anything they want, and that if consumers want privacy they can choose to buy from companies who give it.
Of course, those people are morons who think the magical free market solves such problems.
As long as we consider corporate greed to be a replacement for regulating them, this is exactly what happens. If corporations have zero penalty for doing a crappy job of security, they'll keep doing a crappy job of security.
And no idiotic "free market" will change that.
And until there are legal penalties for companies who fail to implement proper security, or to keep personal information safe ... this will continue to happen.
When a company can sell your private data (because they embedded something in an EULA), or has no consequences for being incompetent, they'll just say "oops, bummer" and keep doing it.
So until there are real data protection laws, with real consequences ... just assume these companies are incompetent, indifferent, and not accountable.
Because, let's face it, they are.
But for some reason people seem to think it's unnatural to make companies accountable. Because we couldn't possibly impose conditions on corporations ... they have to be free to make a profit without any accountability.
All products which have marketing driving features probably have ZERO security. Because marketing all need a kick to the head and don't understand security, and explicitly don't WANT security or constraints, because that limits how they can make money with and would mean they need to do a better job of engineering.
Most modern tech is rushed out the door, with zero thought of security and privacy. And since it doesn't matter if they suck at both, they'll continue to do it.
Yeah, and of course no company who wants to set up a subscription model won't have fine print in the clause which says "you will be auto-renewed unless you explicitly cancel this in writing, 6 months in advance".
No way in hell I'd pay Microsoft a subscription for the damned OS.
Want to hasten your own decline for consumers? Try foisting a subscription model on them and then acting like it's not the consumer who owns the computer.
I can totally see Microsoft saying "OK, we're upgrading this, removing that, disabling that thing, adding this new component" and generally fscking around with the machine
Sorry, but no. This is literally just rent-seeking.
All of this crap which wants to be connected to the interwebs, and which wants to have voice control, and which wants to be a platform for ads ...
This stuff has been created to benefit the company who made them.
They want ad revenue, they want analytics, they want to share that with third parties.
None of this stuff is trustworthy.
The Interweb of Stuff is a marketing gimmick, which has been built to maximize corporate profits .. it isn't secure, it isn't private, and it's probably been hastily written and rushed out the door according to the weenies in marketing.
Sorry, but a 'smart' TV, with voice recognition, hooked directly to the intertubes? If that isn't a recipe for violating your privacy I have no idea what is.
Trusting the makers of consumer electronics to give a damn about your privacy, or your security ... well, that's just naive and stupid.
My DVD player, my TV, my XBox, my toilet, my fridge, my thermostat .... I have zero interest in having ANY of these devices connected to the internet. And this is precisely why.
Or is is like "moose" ... one moose, two moose, three moose? Look at all the octopus.
Let's remember ... and I say this as a native speaker who has had to learn all of the exceptions ... English is a loose bastardization of French, Latin, German, Greek, Gaelic, and who knows what else.
It consists of 'rules' which are inconsistent, random, arbitrary, and depend on you actually knowing the rules from the language we stole the word from.
I've honestly given up on caring about some of the corner cases, and having spent many years listening to the small errors non-native speakers make ... the errors they make are completely logical. The rules often aren't.
Octopodes sounds incredibly stupid, because I can't think of another word in the English language which is pluralized with "podes" -- which makes it such an extreme outlier as to be doubtful.
I find the more I understand and know the "rules" of English, the more I think it's a bit of a joke to claim these are, in fact, rules ... any language which involves knowing the rules of the half dozen languages we stole words from is mostly just winging it.
I'm aren't convincimicated that debatalizing betwixt octopodes, octopi, octipadum, or octipum embiggens us in any cromulent way. ;-)
LOL!!
So every time I see one of these stories, I'm forced to ask ... is there any evidence to suggest this is real?
Or is this just one of those wacky theories physicists come up with and then try to find evidence for?
At this level, you average person can't tell the difference between bullshit and actual science -- though, I'm afraid calling it a "brane" makes me think more the former than the latter.
It gives me a brane cramp. :-P
Know who you can trust?
You, and encryption you implemented ... absolutely nobody else. Period.
And, really, if they break into whatever keeps your private key for your crypto, you can't even trust that.
In an age where spy agencies have decreed they're allowed to do anything, and don't care about jurisdiction ... assume the world is full of malicious actors.
Because it is.
If you're an acquisition by a US company away from having your data be under their jurisdiction, assume they'll get into it even if that involves breaking your country's law.
I have come to the conclusion that most articles when they say "experts believe" you should substitute it for "some moron thinks this will happen".
I think this is a terrible idea, and is more of the "oh, you don't own the car, we just license it to you". Sorry, if it isn't mine, and I'm not the one who makes decision about it ... WTF would I give you money for it then?
It is my car, and I, and I alone will decide what happens to it and when it happens. Not some idiot who thinks it's time to roll out a change.
If it isn't my car, I'm sure as hell not paying you for it.
So some fucking OTA update is going to fail while you're in the middle of driving because it just happened without asking you?
This sounds like some epic stupidity there.
I would NOT accept a car company arbitrarily making changes to my car without my knowledge or consent.
This is not a toy, this is not an app ... this is a freaking car, and if it is MY car, you will only modify it when you have MY express permission. Not just because you think it's a good idea or want to hide your previous mistakes.
If these morons are going to claim their EULA gives them permission, they can screw off.
This is so incredibly stupid as to defy belief.
Hey, that's how I got into it ... why in 1981 I was assured that being a nerd was a sure ticket to fame, fortune, and women swooning over me.
No, wait, it was the other one ... mockery, social outcast, and no play with the hunnies.
Come to think of it, that part came first and then the coding.
Awww, crap.
Because the bill was idiotic ... wow, it's been on a server, you must have abandoned it and therefor we don't need a warrant.
Right, because it should be totally OK for police to rifle through your stuff without legal authorization.
It's about time they started enforcing the 4th amendment ... maybe we're finally starting to see some common sense and sanity applied to this stuff.
Now if they can tackle the institutionally authorized perjury which is "parallel construction", we'll be getting somewhere.
It's time to remind law enforcement that they are not, in fact, above the law.
Well, allow me to make this clear on behalf of the rest of the world ...
If the choice is between my privacy and liberty versus the lives of Americans ... I will choose that Americans have to die before I give up my rights. Because if you think your rights are more important than my rights I don't give a fuck about you.
So America's sense of entitlement doesn't mean the rest of the world agrees.
Stop acting like the rest of the world should simply be saying "well, if it's for the security of Americans it's alright". It isn't.
There was a time when Americans would be outraged at this shit. Now they just say how it's OK because that's the job of the NSA.
Honestly, America is a bigger threat to the liberties of more people in the world than any Jihadi is.
And it's time we stopped pretending that a global surveillance state foisted on us by you guys is acceptable.
Can 'the law' be a euphemism for a hollow point bullet? Please?
The only titles I've ever seen^Wheard of which used multi-angle were porn. It was^Wsounded gimmicky and didn't really add much. Or, so I'm told. ;-)
The only other places I've seen it used was in some special features on DVDs so you could see the movie, and the original story-boarding side by side, or just one of them. But it was actually a nuisance to use.
It was one of those things which they added to the spec, and then everybody found themselves doing "OK, we have to use this feature ... but what the hell do we do with it?".
The fact that it didn't ever catch on with DVDs tells me it's probably just as gimmicky and pointless when YouTube tries it.
It's a feature which was a solution in search of a problem.
And I predict it will be just as underwhelming this time around.
Are we finally going to start seeing courts saying that the 5 eyes cheating to get around the legalities of spying on their own people by having other governments do it is a terrible idea?
Because that would be fucking awesome. When a government has been told "you can't do this" and "this is your evidentiary standard" -- to subsequently say "well, we got it this way, it was they who broke the law so it's OK" -- well that's pretty douchebaggy.
I would dearly love to see courts saying "Gee, the NSA has broken our law, and no matter if they think it's legal it isn't".
These assholes have decided they have no jurisdiction, and I'd like to see someone remind them that they do.
The world hasn't consented to be spied on by the NSA, so I'd love to see them and their counterparts brought up onto shorter leashes. Or shorter ropes.
They're like dogs who bite, if you don't get that under control you might have to put them down. And if they're going to sidestep the law, then they definitely should be put down.
Because Zuckerberg and Facebook are greedy douchebags who want the marketing/personal information?
Irrelevant, this is a binary, which means you don't really know everything it does.
My inherent distrust of Facebook says it will be self-serving library -- because that's kind of what they do.
Maybe I'm wrong. Maybe I need to up my meds. Maybe I should apply another layer of tinfoil.
But I trust Facebook as far as I can throw Zuckerberg off a roof ... and so far they've not allowed me to throw him off a roof, so I just assume I can't trust them at all.
LOL, I hope you meant "interpreted".
Otherwise all I get is "this code symbolizes the despair and longing of the programmer".
You know what I suspect the other part of this dream is?
Ensuring there's a library of tools which will have code embedded in to to have every app phone home to Facebook and violate your privacy.
There is no way in hell Facebook is writing any tool which doesn't benefit them ... which means by default I'm sure it will be set to call home to Facebook, and it would take lots of effort by developers to disable that.
Sorry, no, but apps which want to integrate with Facebook are annoying ... no, I do not wish to share this shit online, and if I have a Facebook account, it's none of your damned business.
Annoyingly, most mobile apps are just vehicles to sell ads, and integrate with social media.
Wow ... fascinating ... you should write a wiki-wiki article. ;-)
No, before you do anything you need to spend some time understanding what it does and sifting through the code for a LOT of hours. You need to understand the layout, the coding style, start to identify the bits which look like duplicates but which might not be.
You need to be prepared to document the hell out of it, and be able to walk someone else through it -- if only as an exercise of "this is what I think I see, do you think you see the same thing?"
Your initial stuff should be entirely in your brain, on your whiteboard, in your paper notes, or in your electronic notes. There's no substitute for spending time ferreting around in the code.
If you start writing a test suite before you do anything ... you probably don't have enough understanding of the code to write the test suite in the first place.
And then you'll spend your time trying to make the program fit your test suite.
No, if that's even an option, you need to review, understand, and document it first. If you go off half cocked writing a test suite only to decide you are going to scrap the whole thing ... you've wasted your time writing the test suite.
Legacy code doesn't always play well with the idealized assumptions of "write a test suite". In fact, I'd say that's the last thing you want to be doing.
If your management thinks this is a magic process where you dive in on day 1 ... run like hell, because they have no understanding of what you are really doing and what it will take.
I agree about some code being unit-test-proof. I've definitely encountered some.
For the original poster ... start with backups, so you 100% isolate yourself from your own stupidity ... and I'm not calling you stupid, I'm saying everyone who has ever done this has had that "oh, crap, did I just do that?" moment. Plan for it now so you don't have to try to deal with it later.
Then spend a lot of time simply going through the code. Using something like FreeMind or a giant whiteboard to map out the high level stuff. Take paper notes. Lots of them. Spend a lot of time reading it, getting familiar with it, and developing a mental understanding of it.
Understand the hierarchy, the modules, and the high level stuff. Pick a few modules and delve into them. Dissect them to the point you can start to understand how the pieces fit together, and at least have a roadmap. You should be able to draw a diagram which broadly describes the chunks of functionality in your sleep.
If you are trying to make code changes on day one, you're doing it wrong. If your boss expects you to be doing code changes on day one, he's an idiot who doesn't understand what you're being asked to do.
I would say that easily the first few weeks (if not more depending on the code) should be spent doing nothing more than reading and trying to understand. And then doing it some more. Be prepared to walk through with a debugger just to confirm what you think is true -- surprisingly, it often isn't when dealing with someone else's code.
Think of this as being as much archaeology as a technical exercise ... you are sifting through layers of code, likely built up over the course of years, and which has a very good chance of having its own unique nature and strangeness.
First, grasshopper, seek understanding. Then, accept that your understanding is incomplete. Then seek more understanding. =)
It's like trying to understand alien technology ... you could put an eye out if you aren't fully sure you have learned what it really does. ;-)
I've maintained several legacy code bases over the years.
And I will flat out tell you that unit tests have VERY limited utility in terms of understanding a mess of code you inherited. At least, in the beginning.
Sure, you can start with a couple of basic premises, and you can convince yourself those basic premises still work.
But the initial grokking of your code, understanding all places where a function may be used, understanding all of the tricky bits and gotchas, trying to understand why there are 9 functions which look like they do the same thing? That takes some time and effort, and quite possibly some tools.
Unit tests are great for starting to build up a few things, and move towards better stuff ... but in a system which has several hundred (or several thousand) functions and interactions, resulting in really large numbers of code paths ... having a few unit tests describing the stuff you understand doesn't mean all of the stuff you don't understand wasn't broken, simply because you don't know what you don't know.
So it is important to understand your new unit tests on legacy code are, at best, a VERY incomplete view of your code. That will improve over time, but you could potentially need to write a few thousand of them to be sure you're not breaking anything in the big picture.
Oh, yes .... This .. for the love of god, this.
You should learn how to tag branches and the like in your version control so you can identify a baseline of "before I ever touched anything" and then be able to cleanly build everything which predates you, as well as building your "after refactoring this part".
Branching/tags/whatever your version control calls it -- that doesn't take up much space, so use them often, and consistently. Let the tool do the heavy lifting of keeping track of what you've changed.
You do NOT want to find yourself unable to build it as it existed, or identify all of the diffs between what you started with and what you have.
You know, by the same token I've seen some of the "fine art" wankers saying outright "Photography can never be art because it's merely an objective representation taken by a machine".
And that reminds me why the "fine art" crowd can be as ignorant and clueless as anybody else by not understanding the medium. There's more to it than the pure mechanics.
A can of "Merde de L'Artist" (shit of the artist) can be art, but a photograph can't? Sorry, but don't expect us to take you seriously. with that claim. It means you don't understand enough about the process to know anything about it.
So, while I completely agree more technical people should have some understanding of art ... I'm not convinced that the "art" people in general have much more of a clue.
But the body of work of someone like, say, Yousuf Karsh or Bob Willoughby or Ansel Adamsmakes me want to smack the art majors who claim photography can never be art, while they slavishly try to ape someone else's art.
Is photography a medium much more rooted in technology than painting? Yes, absolutely. Is it any less art? That's absurd.
You know, if amateur photographers would learn how to frame shots, that would be great. It would make most pictures suck less. The framing has been well described for decades. But there's more to it than just that.
But if you think all of the hacks with iPhones are suddenly going to make beautiful portrait photography, you underestimate just how bad most amateurs are.
In a world where the selfie stick is a real thing, I'm pretty sure the pros have nothing to worry about it your average person with a cell phone magically learned how to frame a portrait.
By the time you're talking about professional (or really good) photographers doing "fine art" photography, and understanding the mechanics of cameras it's simply a different thing.
And, I say this not as a "pro", but someone who has been taking pictures for much of his life -- taking decent pictures is more than just pointing the camera, and taking beautiful pictures involves a lot of technique.
Even gear isn't a guarantee ... I've seen people take shit pictures with an SLR, and I've seen people take quite good shots with a point and shoot.