In defense of resting

I have been watching recently some documentaries about software development, including the classic Triumph of the nerds (available in YouTube in three episodes, 1, 2 and 3) and Indie Game: The Movie. They are both very good  and I’d recommend them not only to developers, but to people interested in technology and/or entrepreneurship in general.

But they are very good exponents into something very present on the software scene, which is presenting crunch mode, working insane hours, in some sort of glamourised way. It is part of the usual storytelling and, and probably, part of the hard work -> ??? -> profit logic.

Let me told you something. When I was starting my career, on my first long term job, we once had a very strong deadline. This made us work in crunch mode for a long time (around 2 months). That meant working around 12 hours or more per day, 6-7 days a week. The very last day (a Sunday), I started working at 9:00 AM and went home the Monday at 6:00 PM, only stopping for eating something quick and going to the toilet. The rest of the team did similarly.

Continue reading

Password Extravaganza: Open discussion about security

In recent times, I’ve been thinking quite a lot about security on Internet. And I mean my personal security on Internet. There has been some recent examples of leaked passwords on some common websites (LinkedIn, I am talking about you!), and I get the impression that the way I was handling passwords on the past was no longer good enough. Luckily, I never had problems, but I thought that I needed review my habits and to take it more seriously.

As with everything that is new, when I open my first email account (about 15 years ago) and register in the very first web pages, my security concerns weren’t really that much important. I started with a relatively (for the time) strong password with more than 6 characters, upper and lower caps + numbers that I can remember easily. Back in the day that was strong enough. I then started to use it everywhere. I’ll call it “password A” from now on.

After some time, I realised that it wasn’t really that good of a strategy, so I got another coupe of stronger passwords, and use them on “sensible” places, like my email, which is the most important point on the chain, or later Facebook.

So, some time ago, I started to think more and more about this, and started being more conscious to password security and the challenges it present. I am going to describe what are my views about passwords and my strategy about them. I am not a security expert, and I think there are a lot of wrong assumptions and myths around passwords. That’s why I want to be open about that, and try to make a “call for review” to share tips and see if I am doing something wrong and see other ways. So, please, add whatever you feel is interesting.

Continue reading

ffind: a sane replacement for command line file search

Screen Shot 2013-03-26 at 22.53.13
I tend to use the UNIX command line A LOT. I find it very comfortable to work when I am developing and follow the “Unix as IDE” way. The command line is really rich, and you could probably learn a new different command or parameter each day and still be surprised every day for the rest of your life. But there are some things that sticks and gets done, probably not on the most efficient way.

In my case, is using the command `find` to search for files. 95% of the times I use it, is in this form:

find . -name '*some_text*'

Which means ‘find in this directory and all the subdirectories a file that contains some_text in its filename’

It’s not that bad, but I also use a lot ack, which I think is absolutely awesome. I think is a must know for anyone using Unix command line. It is a replacement for grep as a tool for searching code, and works the following way (again, in my 90% usage)

ack some_text

Which means ‘search in all the files that look like code under this directory and subdirectories that contains the text some_text (some_text can be a regex, but usually you can ignore that part)

So, after a couple of tests, I decided to make myself my own ack-inspired find replacement, and called it ffind. I’ve been using it for the last couple of days, and it integrates quite well on my workflow (maybe surprisingly, as I’ve done it with that in mind)

Basically it does this

ffind some_text

Which means ‘find in this directory and all the subdirectories a file that contains some_text in its filename’ (some_text can be a regex). It has also a couple of interesting characteristics like it will ignore hidden directories (starting with a dot), but not hidden files, it will skip directories that the user is not allowed to read due permissions  and the output will have by default the matching text in color.

The other use case is

ffind /dir some_text

Which means ‘find in the directory ‘/dir’ and all the subdirectories a file that contains some_text in its filename’

There are a couple more params, but they are there to deal with special cases.

It is done in Python, and it is available in GitHub. So, if any of this sounds interesting, go there and feel free to use it! Or change it! Or make suggestions!

ffind in Github
ffind in Github

UPDATE: ffind is now available in PyPI.

Magical thinking in Software Development

I guess we all Python developers heard this kind of argument from time to time:

Python is slower than C++/Java/C# because is not compiled.

Other than the usual “blame the others” when working with other companies (usually big corporations than thinks than using anything except C# or Java is laughable), you can also see a lot of comments in technical blogs or places like Hacker News or Reddit with similar, simplistic arguments. You can recognise them on the usual rants about how technology X is The Worst Thing That Ever Happened™ and Should Never Be Used™

That’s a form of Software Development Magical Thinking. This can be really harmful for software development, specially when the opposite, positive form is used. Let me define Software Development Magical Thinking in this context:

Software Development Magical Thinking noun Assuming that a technology will magically avoid a complex problem just by itself.

Probably that will become clearer after a couple of examples:

Java is a static type language and it is safer than dynamic type languages like Ruby.

We program in C++ so our code is very fast.

MongoDB / NodeJS / Riak is web-scale.

Please note that those are not completely, utterly wrong statements. C++ can be very fast. Static typed languages can avoid some bugs related with input parameters type. But there is no guarantee that creating a system in C++ is going to act like a magic wand against slow code. Or that Erlang will avoid having a single point of failure. And you’ll get as sick of bugs and security issues both on static type language and dynamic type languages. *

Those are all complex problems that need careful design and possibly measurements to deal with them. Deep analysis of the problem, which usually is more complicated that looks on the first place. Or even worst, the problem is not as bad as it looked and the designed system is more complex that it should, trying to catch a problem that never arises. Not to exclude having previous experience to avoid subtle errors.

Let me say it again. There are problems that are HARD. In software systems they are confronted almost daily. And no single thing will make you forget them. Even if you use a very good tool for what you’re doing (like Erlang for concurrency), which usually implies paying a price (in development time, etc), doesn’t replace vigilance and issues could eventually appear. Unfortunately, making software is tough.

The problem with Software Development Magical Thinking is that it is very easy and it is also very natural. Seductive. We know that “general Magical Thinking”, simple solutions to very complex problems, is quite common. Hey, a lot of times, it even seems to work, because the Feared Problem will only present after certain size that is never attained, or after the designer leave the company and left a latent problem behind. Most of the time, making a totally informed decision is unrealistic, or simply not possible, and some risks must be taken.

But as software developers we should know that things are not that easy, even if we have to compromise. Each bug that takes time methodically eliminating causes. Every measurement that makes you wonder what is the best metric to reflect a value. Every time you realise that there was a back-of-the-envelope calculation that shows something that will have an impact on some design aspects. Those are all reminders that should makes us think that there are no silver bullets and we shouldn’t take lightly all those difficult problems.

Make decisions. Design systems. Choose a tool over others. Take risks. But don’t be delusional and careless. Be conscious that software can bite you back. Be vigilant. Be skeptic. Avoid Magical Thinking.

PD: And please, don’t say “Python is slow”. Just don’t. It is not for most of the jobs. It is not going to make you win a discussion unless you carefully measure and proof it. And, perhaps most importantly, raises my urge to kill.

* No, I am not going to comment anything the Mythical Web Scale property.

EDIT: Wow, it has been submitted to Hacker News here. Just in case any one whats to add to the discussion there.