Today I want to highlight a bit issue with the tech industry, and that is the gathering of requirements from customers. I’ve seen far too many product and project managers gather requirements from the client, then pass them to developers to implement without batting an eye as to their feasibility. Let’s use a specific example pulled from my work today: users can post images but post needs to go through approval before going live ...
…at least, not in the traditional, hands-on-keyboard sense. This is one of the things that a lot of CompSci graduates don’t realize when they head out into the workforce. When I look back at all my jobs and put on my PHB’s hat, I would say that I spend less than 25% of time coding. Another 25% of the time is reading code, yak-shaving or searching for solutions. The rest of the time is spent talking with people; this is a skill that neither CompSci, nor most university courses teach. These numbers always fluctuate (some days, I put my head down and code almost 100%), but it says a lot about how much “coding” I do. Also note that I wrote “talking with people”, not “talking to people” because there is a big difference. ...
I am working with a client right now on their Web application. While creating an account to do testing, I noticed a glaring security issue that allows people to harvest usernames. This topic has been covered before, I am still surprised that it keeps popping up around the Web, but this time is a bit different. I should note that the client knows about the issue, but what I want to point out in this article is how insidious the issue becomes. ...
One of the things that I dislike seeing in an application’s database architecture is the use of booleans. They do not convey enough information to any party to be meaningful, other than to ask a question that expects a yes/no answer. Often, questions such as those as a follow-up question that the field cannot answer. For example, in many databases I see the following fields on a User model: User ==== id primary key username the user's username credential password_encrypted authenticates the username ... other fields ... enabled true if the user is active, false otherwise When a user has been banned for doing something inappropriate, an application simply sends this query: ...
I finished speaking on the phone with a recruiter and, yet again, I had to spell out exactly what I look for in a job. It’s difficult to explain the same thing and have people understand what I mean, so I decided to be even more opaque and put it in a radar chart. That, and I love radar charts. To read the chart, higher numbers mean things I like doing more. And things I like to do more of, mean jobs that make me happy. And a happy Scott is a very productive Scott. ...
Note: Contrary to what you are about to read, I am still against metaprogramming on the whole, as it adds an unnecessary amount of magic that may confuse other developers. That being said, I would hate working in a language without it. Use sparingly, like junk food. “With great power…” Yadda yadda. Enjoy the article. I am currently writing a gem to wrap the Cleanspeak API and I was using the JSON examples in my test cases that they supply in their API docs. I wrote the test cases like so: ...
I have been looking into Elixir and I am enjoying the language (mainly from both a readability standpoint, I haven’t done enough to form an opinion about its performance benefits). I read the chapter on recursion and then applied it to a quick and dirty Fibonacci implementation (my favourite way to learn recursion in a new language). It is as easy ascreating a new file called fib.ex and adding the following: ...
I was using BitBucket the other day for a new client, but I wasn’t able to use my standard BitBucket account (business reasons). I attempted to add my standard SSH key (id_rsa) to the new BitBucket account but SSH keys must be unique to the entire BitBucket system. I don’t understand the reason for this uniqueness but there is a way around it using a rarely used SSH technique. First you need to generate a new SSH key. You will name it something different than the default (id_rsa) because it will be used exclusively for the new BitBucket account. ...
In honour of our friends down South celebrating their independence, let’s look at installing a local version of ruby onto a POSIX machine without requiring wrappers like rvm or rbenv. We want to be free to install things where we want, when we want, and how we want. Now that’s true freedom. Install GNU Stow Okay, you are going to need to install stow system wide for this step. This requires administrative permissions. I promise it’s the only thing. ...
A new framework crossed my radar on HackerNews today called Lotus. It is based on Ruby and attempts to adhere to proper OO principles. It looks simple to learn so I thought I’d give it a try. I ran into a few issues with the first example in the docs provided in the Github project, so I’ll post some fixes. This is running version 0.1.0 of the lotusrb gem. # config.ru require 'lotus' module OneFile class Application < Lotus::Application configure do routes do get '/', to: 'home#index' end end end module Controllers::Home include OneFile::Controller action 'Index' do def call(params) end end end module Views::Home class Index include OneFile::View def render 'Hello' end end end end run OneFile::Application.new If you paste that into a file called config.ru, you can then run it with rack: ...