From today’s post by Tim O’Reilly:
Beautiful Code, a collection of essays by master programmers about how they solved particularly hard problems, must have hit a nerve. It was our #9 bestselling title for the year, and the number one software engineering title industry-wide according to our analysis of Bookscan figures.
Florian and Adam opened the place up; Jeff and I were here 10 minutes later; Tony, Luke, and Yi Qing arrived in time for coffee, and DC and his hangover made it eight. Paul joined us for lunch (pizza… mm…); tests were written, bugs were found, tickets were updated, all in a slightly subdued atmosphere. It’s been a long three days, but very worthwhile: I’m very (very) pleased with how much everyone has accomplished, and very grateful for all the hard work. Stay tuned for announcements about new releases…
See also:
10:00 am start; thirteen of us busying away. We’re opening as many bugs as we’re closing (thanks to the testing team), but it still feels like progress. Lebanese food for lunch; coffee all ’round, and our first engagement announcement (congrats, David!). I’m reminded (again) just how much programming is a social activity: like knitting or sports, it’s often just an excuse for people to hang out together.
Later: we broke around 5:15; good progress on DrProject, OLM, and UTest. Best part for me is watching Luke and Yi Qing learn the find art of making developers cry from Adam; second best is watching DW gnaw on the cord for his headphones. You can tell how things are going by how hard he bites down…
Later still: speaking of gnawing, my other take-away from yesterday is how far behind my skills have fallen. On my right, Blake was launching DrProject with Eclipse’s PyDev plugin to test his changes to the wiki parser; on my left, DW was using using Selenium to get two layers of object/relational mapping to behave, while out in the main room, Jeff was playing games with Dojo and FireBug. I know what they’re all for, and tell my students they’re good things, but I don’t really know them. It’s been three and a half years since I was doing product development; AJAX, Rails-like web frameworks, Python Eggs and easy_install…a whole new set of dev tools have become “normal”. I either find a way to catch up, or reconcile myself to watching the waves from the shore instead of surfing.
Dmitri won the hippo for making the most contributions to the class last term. It’s now devouring him:
It’s now 10:29 EST, and the room is fuller:
11:00: helps if all the tests are running before you start to merge.
11:50: DC has merged his RPC interface into trunk; all the tests that were passing before are still passing.
12:10: still no sign of Ian, but I just checked code into DrProject for the first time in more than a year.
14:15: Ian has showed up, Pardis has her VMs, Martin has a new Ubuntu, Blake has a password, Ian has showed up, and tickets are being closed. Opened, too, thanks to Adam and his new crew, but we will not speak of that yet…
16:30: winding down — the major tickets for OLM have been closed, a double handful for DrProject are gone as well (but Yi Qing, Luke, and Adam have found more), and we have a reservation for Chinese food at 6:00. It’s been fun; looking forward to tomorrow.
Quote of the day: wireless is the new peanuts.
Pictures thanks to Andrew Louis and David Wolever — thanks, guys.
Via David Janes, dataportability.org: the open standards stack for the ubiquitous sharing and remixing of data.
http://www.thestar.com/article/288360 — interesting read (as in, how did I miss half these stories?).
Via Adam Goucher (who’s thinking about their application to testing): Hugh MacLeod on social objects.
Optimistic version control systems like CVS and Subversion allow people to decouple their work: instead of simultaneously editing the master copy of a file (and stomping on one another’s changes), each player changes a local copy, then merges it into the repository. In contrast, most ticketing systems still use the “everything’s on the server” model: there’s no notion of a “local” copy of the ticket database.
But Google Gears has got me thinking: could we build portals like SourceForge and DrProject on a “write then merge” platform? Would it improve performance? Scaling? Usability? Or is it just a hammer looking for a walnut? Any MSc students looking for a project out there?
My favorite books these days are Boynton’s Your Personal Penguin and Pratchett’s Where’s My Cow?, but since this is a magazine for programmers, not parents, I’ll turn my attention to six others: one very good, two useful, and three that missed the mark.
The first is Smith and Marchesini’s The Craft of System Security, which is the best undergraduate textbook on computer security I’ve read to date. The authors know their field well—Smith does academic research into trustworthy systems, while Marchesini has worked at several software security companies—and their experience is evident on almost every page.
The book is broken down into five sections: history, the modern landscape (which summarizes flaws in operating systems and networks, and explain where and why they arise), building blocks (including cryptography and authentication), applications (the web, desktop tools, e-cash) and emerging tools, such as formal proofs of correctness, hardware-based security, AI techniques for detecting intrusion, and human factors. The history section was particularly welcome: unlike most books aimed at developers, this one takes the time to explain and critique the US Department of Defense “Orange Book”, Bell and LaPadula’s groundbreaking work on formal analysis of security, and Saltzer and Schroeder’s design principles.
The topics in the middle three sections are more conventional, but still well done. Throughout, the authors hit exactly the right tone and level for their intended audience, use clear, pertinent examples, and provide extensive references to the primary literature. The final section, on emerging tools, is necessarily less nitty-gritty than its predecessors, since much of what they describe is still taking shape. Even there, though, they show how practical theory can be.
My one criticism of the book is that it doesn’t devote as much space as I would have liked to “soft” issues, such as the economics of information security, usability, or developers’ professional responsibilities. That’s a minor quibble, though; at over 500 pages, the book is already going to be a challenge to get through in a single semester course. I believe the rewards for doing so are considerable, and I hope many instructors and students choose to take it on.
Next up is Holmes’ Windows PowerShell Cookbook. Regular readers will know that I think PowerShell (formerly known as “Monad”) is one of the most important developments in practical programming in the last ten years. If you still need convincing, the recipes in this book show why. Yes, the syntax could have been better (there are better models to borrow from than Perl), but look at what you can do when your pipes and filters can pass objects around, instead of having to squeeze everything into lines of plain old ASCII. The core cmdlets show up several times, and hundreds of simple pipes and longer scripts are shown and explained.
Shortcomings? First, I would have liked more for developers, rather than users—if you want to extend PowerShell with new cmdlets, you’re going to need more than what’s here. Second, it all runs only on recent versions of Windows. As a result, examples involving Active Directory and registry manipulation probably won’t make much sense to readers from the other side of the “two solitudes” that are Unix and Windows. Finally, and most importantly, I don’t know why this is a printed book, rather than a dynamic web site. As much as I love flipping pages, I don’t think reference material belongs on paper any more: it’s hard to search, it’s never at hand when you need it, and the under-30s who do most of the world’s programming just aren’t that into dead trees.
I had the same reaction to Burns et al’s Security Power Tools. It contains a wealth of useful information on how to use a wide variety of tools for reconnaissance, penetration, defense, monitoring, and hardening, but some of it is already out of date (damn those new releases), and its 850 pages of often dense text would be more useful to me online and hyperlinked.
That said, it’s more than useful in its present form. The authors build firewalls, VPNs, and intrusion detection products for a living, and their in-depth experience with Linux, Windows, and Mac OS shows through in their examples. Most importantly, they almost never lose sight of the fact that the point of these tools is to find and fix problems. Sys admins and testers will particularly like this book, as it gives them a toolbox full of ways to find out what’s broken before the bad guys do. It’s not for cover-to-cover reading, but for sixty dollars plus shipping and handling, it’s a pretty good investment.
That brings us to the last three books in this month’s column. Shore and Warden’s Art of Agile Development was the best: well written and well organized, it covers everything in the agile canon without ever being preachy. However, it doesn’t say anything new: pair programming, test-driven development, continuous integration, and all the other practices it describes are now standard fare in undergraduate software engineering courses, and I doubt that anyone in industry who actually cares about their craft hasn’t heard about them before.
The same cannot be said of Pelesko’s Self Assembly. As the subtitle says, this book is about the science of things that put themselves together—in particular, about how we might be able to get nanomachines to build themselves in the same way as many biological molecules and other self-organizing systems. Most of it is very new (at least to me), and all of it’s fascinating.
However, playing this game requires more math than most programmers have today. If integrals frighten you, or if you’re not sure what an amphiphile is, a lot of what’s in here will wash right over you. If you’re under 30, this ought to worry you—it’s easy to imagine a future in which knowing aspect-oriented functional concurrent languages is the equivalent of being really good at COBOL, while all the really cool stuff is being done by physicists on nano-quantum thingies. Until then, though, this one is probably something most readers of this column will only want to dip into.
Finally, there is Inmon and Nesavich’s Tapping Into Unstructured Data, which I read in manuscript. To be frank, I’m not sure who this book is for: it doesn’t have enough depth or detail to be useful to programmers, and its “explanation” of the kinds of data to be found in spreadsheets and email messages won’t come as news to anyone in management, either. The authors have impressive credentials, and this is an important topic; it’s a shame the book doesn’t live up to either.
Lee Holmes: Windows PowerShell Cookbook. O’Reilly Media, 2007, 978-0596528492.
William H. Inmon and Anthony Nesavich: Tapping Into Unstructured Data. Prentice Hall, 2007, 978-0132360296.
John A. Pelesko: Self Assembly: The Science of Things That Put Themselves Together. Chapman & Hall/CRC, 2007, 978-1584886877.
James Shore and Shane Warden: The Art of Agile Development. O’Reilly Media, 2007, 978-0596527679.
Sean Smith and John Marchesini: The Craft of System Security. Addison-Wesley, 2007, 978-0321434838.
Recent Comments