Coding Horror

From an audio interview with Ron Jeffries:

The reason the kitchen is a mess is not because the kitchen is poorly designed, it's because we didn't do the dishes after every meal.

Michael Feathers recently wrote an eerily similar entry about the professional chef's concept of working clean:

One other thing that I liked about the Pastry Chef's competition was the way that the chefs were judged. There was more to it than just the final judging. All during the preparation, judges walked from station to station with clipboards, making little notes. One of the criteria that they used was working clean. Imagine that.. working clean.. The judges were watching to make sure that the chefs rubbed clean every bowl and utensil immediately after use. If they didn't, well, they were marked off.

Micah Martin left a great comment that illustrates how integral "working clean" is to professionals in the restaurant industry:

In my college years I was a chef/line cook at a few restaurants. Indeed working clean is a common theme in the kitchen. The term I heard over and over was "Clean as you go!". "Clean as you go!" wasn't so much a suggestion, but rather a law. Those cooks who didn't constantly clean would wind up in trouble. Their workspace would become so messy within a matter of an hour or two that the quality of food rapidly diminished. This problem would progress until the other cooks were forced to step in and clean up. This had a negative impact on the entire kitchen and Nobody was happy it happened. Interestingly, line cooks, even without college degrees, were extremely efficient as self-management. Those cook who didn't work clean, were taunted, teased, and pushed around until they cleaned up, or quit.

For software developers, working clean means constant refactoring. If you don't stop occasionally-- frequently, actually-- to revisit and clean up the code you've already written, you're bound to end up with a big, sloppy ball of code. If you forget to regularly clean up behind yourself, things get smelly. Working clean means following your nose and addressing those nagging issues before they become catastrophic.

In addition to working clean, cooks also spend a lot of time thinking about mise en place, how their cooking stations are arranged for optimal work. Michael Feathers explains:

There's an section in [the book Kitchen Confidential] where he talks about what cooks do late at night after the customers have gone home. They generally do what many people after work, they go out for beers and sit around talking about work, but what do they talk about really? Tony says that the subject that always comes up is something called mise en place. Mise en place is a blanket term for how you set up your station.

Is your tub of butter at the eleven o'clock position or at the one o'clock? Do you have two paring knives, and do you keep them next to your cutting board or next to your garnish bin? When you spend the night churning out meals, these decisions make a difference. Everyone has their favorite theory about the proper miz. Tony says that many cooks get downright mystical about it. According Tony, you'd better run if you are caught messing with another cook's miz. Sharp knives have multiple uses, apparently.

The concept of mise en place should be familiar to software developers. It's why every member of the team has their development system set up identically. It's why we use a common set of development tools. It's why we take advantage of existing frameworks like nUnit and Log4Net instead of writing our own.

Good programmers should be borderline obsessive about their "miz". Our craft changes too rapidly for us to ever be completely satisifed with the way we're working today. There's always something better on the horizon.

I'm often asked why the book Refactoring isn't included in my recommended developer reading list. Although I own the book, and I've read it twice, I felt it was too prescriptive – if you see (x), then you must do (y). Any programmer worth his or her salt should already be refactoring aggressively. It's so essential to the craft that if you have to read a book to understand how it works, you probably shouldn't be a programmer in the first place.

There's nothing wrong with codifying refactoring guidelines in a book. But the most important guideline is to watch for warning signs in your own code – so called "code smells".

Developing your "code nose" is something that happens early in your programming career, if it's going to happen at all. I combined all the documented code smells I could find into this reference; most of these smells should be familiar to you.

Code Smells Within Classes

Code Smells Between Classes

This list was derived from the Smells to Refactorings PDF, and the Smells to Refactorings Wiki, which also provide additional guidance on the specific refactorings that might be helpful in each instance. The important thing, from my perspective, isn't the refactoring – it's learning to recognize the scent of your own code.

And if you want examples of the stinkiest code imaginable, How to Write Unmaintainable Code is a good place to start.

Here's a not-so-gentle reminder from David Pickett that some programming interview questions – in this case, "how would you write a routine to copy a file?" – are, well, stupid*:

Q. What about the attributes?
A. Make the attributes the same.

Q. Should I modify the attributes of the source file? If this file copy is part of a backup or archive operation, it'd probably be a mistake to leave the 'Archive' attribute on.
A. No, leave them as-is.

Q. What if the source file has the Archive attribute off? If I make it off on the new file as well, it could screw up the user's backup software.
A. Just make it the same. I don't care about the user's backup software.

Q. Well, I'm not sure that's the best approach to take when thinking about designing software FOR users, but if you say so.
A. ...

Q. What about compression? It's a file attribute, but the copy destination may not support compression.
A. Don't compress the copy.

Q. Even if the source is compressed, and the destination supports compression?
A. YES.

Q. What about encryption? What if the source file is encrypted, but the destination does not support encryption?
A. Don't encrypt the copy if the destination doesn't support it.

Q. Mmmmm, sorry, don't mean to digress, but … that could be a serious security hole. Especially if wherever this file copy function ends up supports arbitrary parameters (directly or indirectly).
A. Look, just copy the damn file.

"How would you write a routine to copy a file" is just another interview riddle; it doesn't deserve a face value response. David's answers are even better-- they implode the question under its own weight.

The only rational answer to "how would you write a routine to copy a file?" is another question: why would any competent programmer ever write a file copy routine?

The last time I checked, moving mount Fuji wasn't a part of our business plan, either.

* With apologies to Al Jaffee.

I've had great success using ethernet sniffers (such as Etherdetect, or Ethereal) to troubleshoot communication problems. Installing a sniffer, even after installing the required WinPcap packet capture library, doesn't require a reboot. I frequently use sniffers to troubleshoot servers and desktops alike. Ethernet sniffers should be a standard tool in your development troubleshooting toolkit, too.

However, Windows ethernet sniffers do have one significant limitation: they can't sniff localhost traffic. Localhost packets don't pass through the regular network stack, so they're invisible to an ethernet sniffer.

What's a poor developer to do? The only recourse is a local HTTP proxy, such as Fiddler:

Fiddler has some special integration with IE that makes it particularly easy to use, but it can be used with Firefox as well.

I had some erratic results under IE7, but Fiddler basically works as advertised. There's tons of supporting documentation on how to use it, including two MSDN articles. I'm using Fiddler as a localhost sniffer that's limited to the HTTP protocol, but it does have some capabilities beyond what you'd see in a sniffer. For example, with Fiddler you can set breakpoints and tamper with the HTTP data before it is sent or received.

On the whole, I'd prefer to stick with a sniffer for localhost debugging. But a HTTP proxy like Fiddler is a reasonable workaround.

From the IEEE article Why Software Fails:

Last October, for instance, the giant British food retailer J Sainsbury had to write off its US $526 million investment in an automated supply-chain management system. Merchandise was stuck in the company's depots and warehouses and was not getting through to many of its stores. Sainsbury was forced to hire about 3000 additional clerks to stock its shelves manually.

This is only one of the latest in a long, dismal history of [software] projects gone awry. Most IT experts agree that such failures occur far more often than they should. What's more, the failures are universally unprejudiced: they happen in every country; to large companies and small; in commercial, nonprofit, and governmental organizations; and without regard to status or reputation. The business and societal costs of these failures -- in terms of wasted taxpayer and shareholder dollars as well as investments that can't be made -- are now well into the billions of dollars a year.

The problem only gets worse as IT grows ubiquitous. This year, organizations and governments will spend an estimated $1 trillion on IT hardware, software, and services worldwide. Of the IT projects that are initiated, from 5 to 15 percent will be abandoned before or shortly after delivery as hopelessly inadequate. Many others will arrive late and over budget or require massive reworking. Few IT projects, in other words, truly succeed.

From Rapid Development:

If Las Vegas sounds too tame for you, software might just be the right gamble. Software projects include a glut of risks that would give Vegas oddsmakers nightmares. The odds of a large project finishing on time are close to zero. The odds of a large project being canceled are an even-money bet (Jones 1991).

In 1998, Peat Marwick found that about 35 percent of 600 firms surveyed had at least one runaway software project (Rothfeder 1988). The damage done by runaway software projects makes the Las Vegas prize fights look as tame as having high tea with the queen. Allstate set out in 1982 to automate all of its office operations. They set a 5-year timetable and an $8 million budget. Six years and $15 million later, Allstate set a new deadline and readjusted its sights on a new budget of $100 million. In 1988, Westpac Banking Corporation decided to redefine its information systems. It set out on a 5-year, $85 million project. Three years later, after spending $150 million with little to show for it, Westpac cut its losses, canceled the project, and eliminated 500 development jobs (Glass 1992). Even Vegas prize fights don't get this bloody.

The history of software development is a tremendous success. Just look around you for evidence of that. But that success has a long, dark shadow that we don't talk about very much: it's littered with colossal failures. What's particularly disturbing is that the colossal failures keep recurring year after year. The names and dollar amounts may change, but the story is otherwise the same. Two recent examples are the Canadian gun registry and the FBI's Virtual Case File system.

If you're looking for more examples of colossal software project failure, you don't have to look very far:

• Software Hall of Shame (from IEEE article Why Software Fails)
• History's Worst Software Bugs (Wired)
• Software Horror Stories (Nachum Deshowitz, Tel Aviv University)
• Forum on Computer Risks (ACM moderated mailing list)
• Failure Rate (collection of failure rate statistics from IT surveys)

You'd think that the software development industry would have matured over the last ten years. And it has:

The 10th edition of the annual CHAOS report from The Standish Group, which researches the reasons for IT project failure in the United States, indicates that project success rates have increased to 34 percent of all projects. That's more than a 100-percent improvement from the success rate found in the first study in 1994.

Asked for the chief reasons project success rates have improved, Standish Chairman Jim Johnson says, "The primary reason is the projects have gotten a lot smaller. Doing projects with iterative processing as opposed to the waterfall method, which called for all project requirements to be defined up front, is a major step forward."

The Standish Group has studied over 40,000 projects in 10 years to reach the findings.

Project failures have declined to 15 percent of all projects, a vast improvement over the 31-percent failure rate reported in 1994. Projects meeting the "challenged" description -- meaning that they are over time, over budget and/or lacking critical features and requirements -- total 51 percent of all projects in the current survey.

Failing is OK. Failing can even be desirable. But you must learn from your failures, and that requires concerted postmortem introspection and analysis. I'd like to think that a large part of the statistical improvement cited above is attributable to sharp project managers and savvy developers who studied the first CHAOS report. Once you know what the common pitfalls are, it's easier to avoid them.