Programming Leftovers
-
An Ode to Unit Tests: In Defense of the Testing Pyramid
It was 2014 when David Heinemeier Hansson set the Software Development world on fire. He was on a RailsConf stage when he proclaimed that "TDD is Death".
It was a bold move. But he was the leader that many unhappy with testing were looking for. Many followed along, splitting developers into two camps.
-
Taming Names in Software Development - Simple Thread
What is a name? A name is a label, a handle, a pointer in your brain’s memory. A complex idea neatly encapsulated. A name lets you refer to “the economy” , or “dogfooding” mid-sentence without needing a three-paragraph essay to explain the term.
If you think of software development as just carving up data into boxes and labeling them, it becomes clear why Naming Things is one of the two hard problems in computer science. Your brain has only so much space in working memory, and a good name makes the most of it. A good name is succinct, evocative, fitting. It reduces cognitive load and stand outs in your mind. Bad names are obscure, misleading, fuzzy or outright lies.
In software, really good names are meaningful, descriptive, short, consistent, and distinct. You will notice that ‘descriptive’ and ‘short’ are diametrically opposed. As are ‘consistent’ and ‘distinct’. There is no solution, only tradeoffs.
Descriptive names are safe, legible, clear. They tell you what exactly you’re dealing with, bring you up to speed, don’t require you to be an expert in the codebase or a mind reader. I understand exactly what BasicReviewableFlaggedPostSerializer is on my first time seeing it. But they can also be bulky and unwieldy.
-
The Story of A - by Kent Beck
A was a new student when they started complaining about their teammates. “Don’t they see that we need this & that & this & that? They need to let me make these changes.”
The business domain A & their team worked in was incredibly complex. The current system had been built emphasizing the behavior of the system & not the structure. As always, this led to a structure not well suited for further change.
A had been working in the system long enough to have ideas for how things could be better. There needed to be a hierarchy of these things & a factory for those things & a factory for the factory because eventually we wanted to do this & that. The diagram of the system as A imagined it was full of boxes & arrows.
The team was having none of it. They had features to ship. A’s pull requests were piling up, unreviewed. Stale PRs led to bigger PRs, further slowing the pace of structure change. A was, reasonably, frustrated.
-
A not so unfortunate sharp edge in Pipenv :: dade
I’ve been a proponent of pipenv for several years now, particularly for application development (rather than library development). While the features around virtual environment management and the integration with pyenv to automatically install the version of python necessary for an application are nice, the features that I’ve really advocated for are the separation of direct dependencies and transient dependencies, via Pipfile and Pipfile.lock, and the hash validation provided by Pipfile.lock. I find it helpful in improving the deterministic nature of builds (not solving, mind you, but improving), making sure everyone in the engineering organization is using the same versions of packages as everyone else. It’s also a minor reassurance against supply chain attacks, which is sort of what I want to write about today.
-
C++ Using std::cin
In C++, we need a mechanism to interact with users, or to get information from the users. For this purpose, C++ provides a standard library to entertain the input-output statement. The ‘iostream’, here ‘io’ means input and output, this stream deals with the input and output statements. This library contains all the methods that we need to input data from the user or output data on the console. First, we import this library and to input data we use ‘cin>>’.
The ‘iostream’ library has predefined variables ‘std::cin’ is one of them. The ‘std’ stands for standard and ‘cin’ means character input. The ‘iostream’ supports many built-in functions that we can use in our code by just importing the library.
-
OpenPGP key on FST-01SZ - Simon Josefsson’s blog
I use GnuPG to compute cryptographic signatures for my emails, git commits/tags, and software release artifacts (tarballs). Part of GnuPG is gpg-agent which talks to OpenSSH, which I login to remote servers and to clone git repositories. I dislike storing cryptographic keys on general-purpose machines, and have used hardware-backed OpenPGP keys since around 2006 when I got a FSFE Fellowship Card. GnuPG via gpg-agent handles this well, and the private key never leaves the hardware. These ZeitControl cards were (to my knowledge) proprietary hardware running some non-free operating system and OpenPGP implementation. By late 2012 the YubiKey NEO supported OpenPGP, and while the hardware and operating system on it was not free, at least it ran a free software OpenPGP implementation and eventually I setup my primary RSA key on it. This worked well for a couple of years, and when I in 2019 wished to migrate to a new key, the FST-01G device with open hardware running free software that supported Ed25519 had become available. I created a key and have been using the FST-01G on my main laptop since then. This little device has been working, the signature counter on it is around 14501 which means around 10 signatures/day since then!
-
On Sigils - Physics::Journey
This post was inspired by @codesections recent posts on sigils, particularly the notion of coding as a trialog between the writer, the reader and the machine.
[...]
We are dealing with coding languages. As with natural languages, syntax is a key marker that triggers cognitive mechanisms learned since childhood. While the base cultural setting for most of this is English, most human languages carry the notions of noun, verb, adjective and so on.