In this issue from March 2017: The importance of removing dead code; How sane people write terrible code; Some thoughts on CloudBleed; An easier way to make secure passwords; the need to Version Everything; and, Paying attention to your sleep cycle.
Sharpen the Saw is a somewhat delayed repost of a semi-regular newsletter of information I publish for the professional development of software developers. While targeted primarily at developers working with the Microsoft technology stack, content will cover a wider range of topics.
To subscribe, send me an email and I’ll put you on the list. Membership is moderated.
Always a way to improve the code you write every day.
Dead Code Must Be Removed
Source code tools like git and it’s older cousin svn make it really easy to track the evolution of source over time - there’s no need to leave old code in place by commenting it out. (I suspect that many developers do this because they don’t know how to look at the history of code within their source code versioning tool.)
There’s another form of dead code, however - code that is no longer used but still potentially executable. This code can be costly when refactoring or other changes require developers to make changes to the code even though it’s not actually used. In some cases, dead code can wreak devastating results when awakened.
In this interview with Kevlin Henney, he relates a tale of zombie code attacking the NYSE and talks about what you do with dead code.
A great developer does more than just write great code.
How terrible code gets written by perfectly sane people
Any developer with more than a few days experience has seen code and thrown their hands up in horror at the sight of it. In this post, Christian gives a series of perfectly reasonable reasons why a bunch of smart, intelligent and well-motivated people might end up delivering a mess.
- Giving excessive importance to estimates
- Giving no importance to project knowledge
- Focusing on poor metrics such as “issues closed” or “commits per day”
- Assuming that good process fixes bad people
- Ignoring proven practices such as code reviews and unit testing
- Hiring developers with no people skills
- Agile and done?
Read the article for a discussion on each of these points. You might find it rewarding (if a little uncomfortable) to think about the code you’re currently writing and/or maintaining as you read.
Staying safe online and writing secure systems are both harder than we think.
Pragmatic thoughts on #CloudBleed
The recent Cloudflare bug has been getting a lot of press. The nature of the bug means that it is very hard to assess just how damaging it has been. Some are saying that it’s a storm in a teacup - others that it’s the end of the world and every password should be rotated immediately.
As usual, Troy Hunt has taken a moderate stance and has a well-opined assessment of the issue on his blog. It is well worth the read.
There’s a new way to make strong passwords, and it’s way easier
If you do decide that CloudBleed means that it’s time to rotate all your passwords, it turns out that an easy way to make passwords stronger is to make them longer - they don’t need to be that cryptic as long as they are much longer than usual.
Next time you’re creating a new password for a new site (you are using a distinct password for every different site, aren’t you?) try this approach instead.
Sometimes the answer is random.
There’s a lot more that goes into the development of a complex software system than just the source code itself. Build scripts, configuration files, database schema, static data, and more, are all things that need to be tracked and versioned. Failing to do so can cause very odd problems - such as defects that can’t be reproduced in the test environment.
Video of the Week
Take some time to feed your mind.
Pay Attention to Your Sleep Cycle to Always Wake Up Early
If you’re not sleeping well (something I’ve struggled with for years), one key might be to pay attention to your sleep cycle. This video explains more.