A Cultural Divide – Why The Hell Are We So Stubborn?

“The only thing that is constant is change.”
– Heraclitus

Bonfire of the Vanities

Over the last few months, there have been quite a few clamorous controversies in the global programming community, driven by diametrically opposing views on fundamental principles, often becoming very emotional, even aggressive over time. Here’s a couple:

In all these cases, both sides of the discussion accuse the other of being wrong, having no tolerance for different opinions, causing harm to the community, etc. etc. Both have the best intentions, obviously, and both are eager to point out that it’s all about cost and benefits.
(read more…)

Tobias Goeschel

Why agile development needs automatic tests

Test the basics

There are multiple reasons for tests. Two major reasons are:

  1. To prove that a change of the software adds the desired functionality.
  2. To ensure that a change does not break the existing functionality (regression testing).

It is possible in these two cases that the tests are executed by hand, in an automatic way or with a mix of both. But automated tests provide a big benefit in terms of effort for regression tests.

In addition to these major reasons there is a third one, which is especially important for agile development. To fully understand this additional reason I have to digress first.
(read more…)

Raimar Falke

Reflections on Curly Braces – Apple’s SSL Bug and What We Should Learn From It

Everyone’s shaking their heads

First of all, I assume that by now, everyone who has ever read a single tweet in his/her life has heard about Apple’s instantly infamous “gotofail” bug by now, and most of you have probably already read Imperial Violet’s analysis of it.

To sum up the debacle in short: A duplicate line of code, goto fail;, causes a critical SSL certificate verification algorithm to jump out of a series of validations at an unexpected time, causing a success value to be returned, and thus rendering the service vulnerable to attacks.

Bad. To say the least.

Now it seems that people unanimously agree in blaming missing curly braces around the if statement in this piece of code

if ((err = SSLHashSHA1.update(&hashCtx, &signedParams)) != 0)
    goto fail;
    goto fail;

for the entire mess, and the common conclusion from this fiasco is “always put curly braces around your if statements, and this will never happen to you”.

Or will it? I mean, I find it rather curious that everyone seems to blame the mouse, while there’s a giant elephant in the room…
(read more…)

Tobias Goeschel