Here is a great article by a self-confessed "terrible programmer" who points out his own "failings" as a programmer and how he covers them up, so that nobody will find out the truth. Of course, he is not a terrible programmer; quite the contrary. He is obviously an experienced programmer who is very good at what he does. (Note that I have no idea who this guy is.) The methods he uses to cover up his incompetence are time-honoured ways of ensuring that the code you release is as correct and robust as possible: do code reviews, use assertions liberally, test the snot out of your code, and use the right tool for the job.
As for me, I do use assertions all over the place, and I'm usually pretty good at writing tests for the modules I write. I am part of the core engine team for SQL Anywhere, a relational database management system from Sybase iAnywhere. When I add features to the database engine, I make sure I test boundary conditions, confirm the syntax of any SQL statements I add, and try to make sure that whatever changes I've made work in multiple types of databases, and on multiple platforms. However, I work on a lot of security-related features (encryption, authentication, database permissions, auditing), so I have to do more than just write tests — I have to think about how hackers could break into our systems, or otherwise gain access to data that they should not have access to. If someone was watching packets go by, could they use that information to break into the database? Could someone write a man-in-the-middle program that makes itself look like a server so that clients will connect to it instead of a real server? Can we eliminate the possibility of brute-force attacks, or at least slow the process down enough to negate the effectiveness of the attack? Can we give the DBA the ability to detect when intrusion attempts are happening, and determine where they are coming from?
Anyway, I occasionally make the same mistakes the author does — bugs in code, not initializing variables (ran across one of those this past Friday, actually), making assumptions that aren't true (and not backing up those assumptions with assertions), stuff like that. I use some of the same methods of covering up my own incompetence as he does, so perhaps I'm as terrible a programmer as he is. I can aspire, anyway.
Just remembered that my boss sometimes reads my blog, so maybe admitting my own incompetence here is a bad idea...
No comments:
Post a Comment