the codist - programmerthink

Everything Is Insecure

Published: 07/21/2014

In security the zeroth rule is "your security will fail eventually." What gets me angry is when people ignore this rule and claim otherwise.

Doing security right is very difficult. Yet even the most knowledgeable, paranoid, genius security expert knows that they only need to make one mistake, not know one tiny fact, or face a determined foe for long enough, and all their careful plans will fall apart.

The trick is to find make it as good as you can, as deep as you can, and anticipate as much as you can without making things so impossibly locked down you can't do anything. A joke I heard a long time ago was that "the only secure computer system is one with no I/O". Of course the joke is that it's useless if nothing can get in or out.

Read the rest of the article...

The Pain and Gain of Being Laid Off

Published: 07/17/2014

Stories now making the rounds that Microsoft will lay off up to 15% of its workforce in the coming year made me think about my own experiences.

There is both great pain and great opportunity in being on the receiving end which is not always obvious when the boot hits your ass.

I've been laid off 3 times in my 33 years of being a programmer, including my current job where my end date will be the end of August.

Read the rest of the article...

Monitor Or Fail

Published: 07/14/2014

Soon after I started in my present/soon to be former job in our mobile team, the product manager suddenly discovered one of our lines of business had had no sales in the past month.

Of course "sudden" and "the past month" sound like an oxymoron.

The situation at the time was that sales were only recorded in the upstream systems. We had our own mobile API which translated calls to and from the upstream ".com" systems for use by our mobile products. Although at the time we managed our own servers we had zero control or even input into what those upstream folks did. Thus we were given a report at the end of each month on what our sales were as if we didn't matter.

Read the rest of the article...

To Swift Or Not To Swift, Yet

Published: 07/09/2014

It's not very often that a platform changes languages. During this intermediate timeframe where Swift, iOS and OSX are all in beta it's hard to tell how the future transition will take place.

If you are looking for a job in the Apple universe right now, as I will be shortly, it is tough to know which language to focus on.

On one hand the future is clearly going to be Swift, the language is modern, has lots of useful features, is likely to have good performance and Apple wants us to use it. In the short term however all apps are still written in Objective-C and most people are unlikely to rewrite them, or much of them, in Swift for quite some time.

Read the rest of the article...

Frameworks and Frankenstein

Published: 07/08/2014

In the famous novel Dr. Frankenstein built his monster out of many parts from dead people. Initially he wanted to create a beautiful creature but the difficulties of reanimating and combining the parts made him create a hideous monster instead.

When you approach building an application, one of the earliest decisions you usually have to make is in choosing what to write yourself, and what to leverage from frameworks, libraries, toolkits and the like. Pick the right ones and development is accelerated, pick the wrong ones and you wind up with a monster. Often the decision might be initially good but over time becomes a nightmare.

The most important thing to understand in this decision is that whatever you choose, it becomes a part of what you will be delivering, almost as if you wrote it yourself. The customer won't care who wrote what or how well it integrates; they only care about how well the end result is. You can't tell the customer "It's not our fault, the gadget library was full of bugs." From their perspective you screwed it up.

Read the rest of the article...