EDITOR'S EYE

The World of Software Development.

March 2007

Even the title has a special lilt to it -- "Beautiful Code". So what is beautiful code? It is code that is carefully designed and often unusal, but which solves a problem in an elegant way. It is code that acknowledges that trade-offs are made, and rules broken. It is code that gets the job done.

I'm not inclined to recommend books -- especially books that I haven't even read, let alone books that haven't even been published yet. But, for a number of reasons, I'm going to make an exception in this case. I'm going to break one of those rules, in other words.

Beautiful Code: Leading Programmers Explain How They Think, edited by Andy Oram and DDJ contributing editor Greg Wilson(and soon to be published by O'Reilly & Associates), is a book you'll want to have. I'm going to buy a copy.

So what's the book about? It is a series of chapters written by well-known (and some not so well-known) programmers who share projects they consider "beautiful code." Many of the contributors have written articles for Dr. Dobb's over the years. Those authors and their Beautiful Code contributions include:

• Jon Bentley on "The Most Beautiful Code I Never Wrote".
• Alberto Savoia on "Beautiful Tests" (okay, Alberto hasn't written for DDJ before, but he has an article in an upcoming issue).
• Charles Petzold on "On-the-Fly Code Generation for Image Processing".
• Lincoln Stein on "Growing Beautiful Code in BioPerl".
• Jim Kent on "The Design of the Gene Sorter".
• Diomidis Spinellis on "Another Level of Indirection".
• Adam Kolawa on "Beautiful Numerics"
• Christopher Seiwald and Laura Wingerd on "Code in Motion".
• TV Raman on "Emacspeak: The Complete Audio Desktop".
• Andreas Zeller on "Beautiful Debugging"

And these are just the programmers who have appeared in Dr. Dobb's Journal. Other contributions include:

• "Beautiful Brevity: Rob Pike's Regular Expression Matcher" by Brian Kernighan.
• "Subversion's Delta Editor: Interface as Ontology" by Karl Fogel.
• "Finding Things" by Tim Bray.
• "Correct, Beautiful, Fast (In That Order)" by Elliotte Rusty Harold.
• "Accelerating Population Count" by Henry Warren.

To mention a few...

Beautiful Code is a wrap, at least according to Greg Wilson, which I take it to mean that all the chapters have been submitted to the publisher and that the authors can kick back and relax until the proofing cycle starts.

Here's the publisher's description of the book:

How do the experts solve difficult problems in software development? In this unique and insightful book, leading computer scientists offer case studies that reveal how they found unusual, carefully designed solutions to high-profile projects. You will be able to look over the shoulder of major coding and design experts to see problems through their eyes.

This is not simply another design patterns book, or another software engineering treatise on the right and wrong way to do things. The authors think aloud as they work through their project's architecture, the tradeoffs made in its construction, and when it was important to break rules. Beautiful Code is an opportunity for master coders to tell their story.

And there's another reason to buy the book: All author royalties will be donated to Amnesty International. Beautiful indeed.

Posted by Jon Erickson at 11:53 AM  Permalink |

A coalition of technology users and vendors has announced what it claims is the first skills assessment and certification examinations for software developers to test their secure coding skills, find the gaps, and, if they choose, gain GIAC Secure Software Programmer (GSSP) status.

Organized by the SANS Institute, the Secure Programming Skills Assessement project tests secure coding skills in C/C++, Java/J2EE, Perl/PHP, and .NET/ASP. The tests are designed to enable reliable measurements of technical proficiency and expertise in identifying and correcting the common programming errors that lead to security vulnerabilities.

The project has six specific goals:

• Let employers rate their programmers on security skills so they can be confident that every project has at least one "security master" and all of their programmers understand the common errors and how to avoid them.
• Provide a means for buyers of software and systems vendors to measure the secure programming skills of the people who work for the supplier.
• Let programmers identify their gaps in secure programming knowledge in the language they use and target education to fill those gaps.
• Let employers evaluate job candidates and potential consultants on their secure programming skills and knowledge.
• Provide incentive for universities to include secure coding in required computer science, engineering, and programming courses.
• Provide reporting to let individuals and organizations compare their skills against others in their industry, with similar education or experience or in similar regions around the world.

The exams will be administered in August in Washington DC on a pilot basis, then will roll out worldwide through the remainder of
2007.

Study guides and practice tests are available at the project web site. If you're involved in writing secure code, this is a project you ought to take a look at.

Posted by Jon Erickson at 04:03 PM  Permalink |

Some of the top minds of the software industry joined me at last week's SD West 2007 Conference in Santa Clara. Which probably causes you to wonder, what the heck was Erickson doing there?

Okay, I admit that I was seriously out-gunned in the brains department -- but they didn't know that. At least not at first, anyway.

The event was the "Developer Bowl"-- a competition that pitted teams of smart guys against each other in a test of knowledge about the history, technologies, and traditions of software development. According to the Conference organizers, the Dev Bowl was "Back by Popular Demand!". Boy did I fix that. They'll be lucky if the Conference is let back in Santa Clara next year, let alone the Developer Bowl.

So the event went like this (or was supposed to): Two rounds, each made up of two teams. The two winning teams then face each other in the final round. The other rules? Well, I sort of made them up as we went along. I could do this because I was the moderator, host, or fool on the hill, whichever fits.

Round 1 pitted a team from Google against a team from Yahoo. The Google team consisted of Guido van Rossum, Joshua Bloch, Peter Norvig, and Peter Weinberger. The Yahoo team was made up of Chip Morningstar, Marc Abramowitz, Ramana Yerneni, and Philip Bohannon. Like I said, lots of very smart and very talented people. And then there was me.

So I asked them "During WWII, more than 80 women mathematicians were hired to calculate ballistic trajectories using desktop calculators. What were these ladies called?" Answer "computers." Josh Bloch nailed it. Then there was "Although it was the first machine with a GUI and mouse designed for the mass market, the $10,000 price-tag for the Apple LISA computer flopped. Who was Lisa named after?" Answer "Steve Jobs' daughter." If I recall, Yahoo's Ramana Yerneni got that one. You get the idea. Still, Round 1 went to Google.

In Round 2, a team from CodeGear, consisting of David Intersimone, Michael Swindell, Allen Bauer, and Ken Chan, faced the IBM team of Theresa Quatrani, Scott Ambler, Tony Fiorot, and Michael O'Connell. You'd have thought that I would have cut Theresa some slack, since it was her birthday. But this was serious stuff.

Google took off running with Josh Bloch leading the charge. (Please note that we did have to retire the buzzer button after the pounding Josh gave it.) Still, CodeGear surprised me, especially when Ken Chan came up with the answer to the question "What does the acronym 'YAGNI' mean?" Answer "YouArentGonnaNeedIt, an extreme programming tenet." (I should point out that I used Google to find the answer to that.) In the end, Google won out, taking the crown (such as it was) from reigning champ CodeGear who had held it since the last Developer Bowl.

All in all, it was a lot of fun and I'd like to thank each of the participants for their good humor and patience. And if the SD West organizers actually hold the event again next year, I hope the winning team will return to uphold Google's honor.

Posted by Jon Erickson at 02:10 PM  Permalink |

Bill Gates gave a speech to more than 1,700 Microsoft Most Value Professionals (MVPs) who attended the annual Microsoft MVP Summit held in Seattle a week or so ago. One thing that was notable about the keynote was that was Gates’ last address to the MVPs as Microsoft chairman. That doesn't mean that we've seen the last of Bill. He's actually a good speaker and will be stumping for one issue or another that's dear to his heart.

The other notable item, at least for me, is that I wasn't there. It wasn't because of Bill, and certainly not because of the coffee. But the boss said something about staying in the office for more than 15 minutes at a time. Still, I did receive a transcript of his speech, and it did touch on a variety topics -- some of which are obvioius, and others that are interesting. If I were to sum up the thrust of his comments, I'd say Gates was talking about transition. Here's what he said in, more or less, his own words:

Transition #1. Using a slice of spectrum, Wi-Fi has exploded into a huge thing. Now we're looking at adding new spectrum down in the lower end, what we call "white space," and making Wi-Fi even better than it is today. In fact, if we get that to happen, the idea of having cities that have full Wi-Fi coverage will become far more economic than it is today.

Transition #2. Moving from 32- to 64-bit. This transition is smooth with upwards compatibility. In fact, more and more of the chips that get pulled are capable of 64-bit. And so as the device drivers move across, we'll see first on the server a big wave to high percentage use there, then with about a two to three-year lag, that will happen on the client machine as well. In terms of a single machine, that should handle us for a long time to come.

Transition #3. Parallel programming. The speed of machines is going to depend on this parallel programming. Which means the operating system will take on higher level tasks. And so that as applications are calling the operating system, the sophistication of doing this parallel programming will be handled in the operating system itself. And so we'll take the graphics layer and move it up to a much higher level of API. We'll even take things like some of the physics capabilities and make those available in a standard runtime in the operating system, high level visualization, 3-D capabilities, those things built-in.

Transition #4. We'll have capabilities around databases, not just classic disk-type databases but also in-memory databases where you're manipulating XML type data structures in a rich way. And so often the things that applications had to do themselves, they'll be able to turn over and let us do in a parallel fashion using rich runtime libraries that we create.

Transition #5. TV will change. Shows themselves can be quite different. Instead of the news just being everybody sees the same, if you want to see more about soccer or the weather or skiing or various international issues, that's what you'll see, and other people will see what's interesting to them. The ads will be based on your interests, and even if you are intrigued by what they say, you can interact and get more information. And so the Internet is taking all the ways that information is distributed and changing them. Video in a sense is the final frontier in terms of size and bits, particularly as we move up to high-definition, the most challenging, and now today the ability to edit those things is becoming very possible.

Transition #6. Microsoft will change. The company can take a long term view out into what it should be doing to have breakthroughs in software. MS has a group that's doing software for robots. And it's just like at the beginning of the PC. The company doesn't exactly know what the breakthroughs will look like, or what the most popular applications will be. There are many possibilities, ranging from toys to helping elderly people in medical situations, to security type applications, manufacturing applications. But having software that takes the idea of planning and sensors and vision, and all the data and even robots working together, that that's an interesting software challenge

Transition #7. The software that Microsoft is creating fits into the whole theme of how software is changing -- a move towards Web Services. When we used to think about software, we always thought about a piece of software running on one machine, and all of its data had to be there. Well, today we think about software running essentially across the Internet, and instead of just a subroutine call on one machine, we can make a Web Service call that will find a resource and connect up to other machines.

Transition #8. The shape of the datacenter will change. Companies are building datacenters that today have hundreds of thousands and in the future will literally have millions of computers. And the way we do that to make sure that even if any one computer fails, that the system automatically recovers, those techniques can be applied in datacenters even going down to very small ones. And so taking the advance in hardware, and not only using it for performance, but using it for reliability is a very big deal.

Transition #9. In the future eventually when you actually write a piece of software, you won't know what computer it runs on. There will be management software that looks at all the pool of resources and decides, based on the responsiveness you want and which machine is working and the hardware parameters required, and decides how many machines to run it on, and therefore gets that right type of capability. So, things like emergency recovery, you'll often be able to take your software and run it on machines that you rent instead of your having to do that yourself. Information will be geo-distributed so that a problem at any one location can't cause either the software running or the data to be lost.

Transition #10. Three-dimensional models will start to be a very standard thing. Today, when we think about shopping on the Internet, well, it's still this flat, 2-D type interface, but because of the advance in graphics and performance, we'll be able to create stores, stores that match the real store or stores that don't exist at all, but have been custom made based on the interests that you have.

Transition #11. Microsoft has a goal of making business programming require a tenth the code that it requires today. Microsoft is now using a process called "Quest" process where they write their dreams about software, and say what will the office look like 10 years from now when the cameras and the screens and the communications are different, when there is no PBX but it's all done over the Internet, how will that look. What will the home look like as the projection screens and the Internet TV and the great mobile devices are there? And so we write that down, and we see what software breakthroughs or business intelligence or workflow or security will be required to do that, and then we match the quest with the product plans and see that they're moving towards that ultimate capability.

What I have called "transitions" doesn't constitute his entire speech, and in all likelihood I missed his main points. But you get the idea.

Posted by Jon Erickson at 04:31 PM  Permalink |

Okay, let's just call it "Mother Nature's GPS." But by whatever name, it seems that researchers have figured out what lets homing pidgeons home in on home.

According to a team led by Gerta Fleissner at the University of Frankfurt, it's not the iron will of the birds to find their way home, but the iron beaks. Scientists have generally known that the birds use the Earth's magnetic field for navigation. What they didn't know was the specifics. According to Dr. Fleissner, those specifics include iron-containing subcellular particles of maghemite and magnetite in sensory nerve cells of the skin that lines the bird's upper beak. And in more detail (perhaps more than you ever expected to hear), the nerve cells are arranged in 3D patterns that react to the Earth's magnetic fields in much the same way as a three-axis magnetometer. (A TAM is a device which measures the Earth's magnetic field, typically in three-dimensional Cartesian space. You then have to transform these measurements into meaningful bearing information.)

Fleissner's research, which is presented in a paper with the catchy title of "A Novel Concept of Fe-mineral-based Magnetoreception: Histological and Physicochemical Data From the Upper Beak of Homing Pigeons," indicates that the homing pidgeons sense the magnetic field independent of their motion and posture, therefore making it possible to identify their geographical position. Jeez, and I usually can't figure out where I am with a GPS device or not.

Posted by Jon Erickson at 12:27 PM  Permalink |

According to a study conducted by a pair of University of Washington researchers, some sort of security breach involving your personal records is not a matter of "if" but of "when."

The study, entitled "A Case of Mistaken Identity? News Accounts of Hacker and Organizational Responsibility for Compromised Digital Records, 1980–2006," was conducted by Phil Howard, an assistant professor of communication at the University of Washington, and Kris Erickson, a UW geography doctoral student. It revealed that electronic records in the U.S. are being compromised at the rate of 6 million a month in 2007, up some 200,000 a month from 2006.

Howard and Erickson base their projections on a review of breached-record incidents as reported in major U.S. news media (the New York Times, L.A. Times, USA Today, and major broadcast news media) from 1980 to 2006. The total through 2006 stood at 1.9 billion -- or about 9 records per American adult.

More specifically, the researchers found out that:

• Surprisingly, malicious intrusions were a minority (31 percent) of the confirmed incidents between 1980 and 2006. Most -- 60 percent, in fact -- were attributable to organizational mismanagement such as missing or stolen hardware. The balance of 9 percent was due to unspecified breaches.
• Probably because of California's Security Breach law that requires companies to disclose security lapses (and similar laws in more than 20 states), the number of reported incidents more than tripled in 2005 and 2006 compared to the previous 24 years.

The grand-daddy of all reported breaches is still the 2003 incident involving 1.6 billion records held by Acxiom, an company that stores personal, financial and corporate data. In that case, the intruder controlled a company that did business with Acxiom and had permission to access some files on Acxiom's servers, but illegally accessed into other records and then tried to conceal the theft.

A pre-publication draft of the paper is available.

Posted by Jon Erickson at 10:18 AM  Permalink |

So here's the deal: The SD West 2007 Conference is coming up in a little over a week -- March 19-23, to be exact -- at the Santa Clara Convention Center in (you guessed it) Santa Clara, California. Conferences like SD West are supposed to be educational, informative, and more than a little bit entertaining. Maybe for attendees. For me, they're just work of a different hue.

To give you an idea of what I'm talking about, at the SD Best Practices India conferences, Andrew Stellman, who was speaking at the events, tried to get me to ride with him in a motorized rickshaw. When I declined, citing a long list of tasks, he said "All you're doing here in India is working." (Boss, please take note.) To the best of my knowledge, there aren't any motorized rickshaws around the Santa Clara Convention Center, but there is light rail. While probably safer, it doesn't look as nearly as much fun.

So what kind of work will I be doing at SD West? Well, on Tuesday, March 20 at 5:00 PM is the Opening Floor Party. This will be a tough one. According to the promo, I'll have to "Grab a drink, something to eat, mingle with fellow attendees and check out the coolest new technologies." Goes on for a couple of hours.

Later the same day at 7:30 PM, I have to rush over to the Google Party. In this case "Google invites you to an evening of wining and dining and other cerebral pursuits. Enjoy a memorable night out with your fellow SD West attendees from around the world, compliments of Google." Haven't these people ever heard of OSHA or unions?

As if Tuesday isn't bad enough, on Wednesday, March 21 at 7:30 PM it is SD Expo's 20th Anniversary Conference Party. Again, cocktails, food, and music.

And then again on Thursday, March 22, there's an event called "Innovation Games with Luke Hohmann" which promises more "food, drinks, and fun."

I know, its a dirty job, but someone has to do it. Ah, I should mention that tucked in between these tasks are sessions on everything from testing, Vista, and ALM, to C++, Ruby, Web 2.0, and more. There are also tutorials by the likes of Herb Sutter and Bjarne Stroupstrup and keynote presentations by Robert C. Martin, Brian Harvey, and others.

I hope to see you there. Watch for me. I'll be the person with the furrowed brow and laptop computer. Everyone else will be having fun.

Posted by Jon Erickson at 10:04 AM  Permalink |

"Brain drain." It's cute and catchy and it rhymes. But that doesn't mean it isn't a problem. According to some studies, in fact, fewer than 6 percent of high-school seniors in the U.S. are planning on engineering degrees. A decade ago it was 36 percent. In 2000, 56 percent of the undergraduate degrees in China were in the hard sciences. In the U.S., 1 percent.

Part of the problem, according to many experts, is how science and math education are taught in U.S. schools, ranging from everything to how the material is presented to the teacher's qualifications. According to the October 2005 National Academies report Rising Above the Gathering Storm, about two-thirds of the students studying chemistry and physics in U.S. high schools are taught by teachers without major or certificates in the subject. With math taught in Grades 5-12, its about one-half. And many students are taught math by graduates in physical education.

On the upside, prompted in large part by the "Rising Above the Gathering Storm" report which initiated a national discussion about math and science education reform, some organizations and government bodies are trying to do something about this. In Kentucky, for instance, state legislators are pushing through bills that would give teachers salary increases if they perform well on the teacher-certification tests in math, chemistry, and physics. Bills would also provide $10,000 in grants for schools to start advanced-placement courses. The two-year cost of the bills is pegged at $13.9 million. Then there are programs like the North Carolina School of Science and Mathematics which is a public, residential high school where students study a specialized curriculum built around science and mathematics.

Addressing issues and examining programs such as these is the focus of the upcoming National Symposium for Scientists and Engineers: A Strategic Program to Develop Informed Leadership for Changing the Course of K-16 Science Education which will be held in Santa Fe, New Mexico on April 10-13, 2007.

Co-sponsored by Los Alamos National Lab and the National Science Resources Center, the symposium will examine the current state of science education in the U.S., particularly research and examples of effective science teaching and learning approaches, highlighting innovative best practice programs and exploring the role that scientists and engineers can play in facilitating the enhancement of science education in the nation.

The keynote speaker is Geoffrey West, president of the famed Santa Fe Institute and a scientist in the Lab's Theoretical Division. Other conference speakers include Terry Wallace, the Lab's acting principal associate director for Science, Technology, and Engineering; Sally Shuler, executive director of the NSRC; David Evans, undersecretary for science at the Smithsonian Institution; and Tom Bowles, the Lab's former chief science officer, who now serves as science adviser to New Mexico Governor Bill Richardson.

Posted by Jon Erickson at 09:20 AM  Permalink |

You can always tell when lawyers, accountants, and politicians meander into the realm of engineering. One way or another, things always get fouled up.

In Missouri, for instance, the question is whether a cell phone is really a telephone -- or is it something else? Actually, the answer sounds (no pun intended) straightforward. According to dictionary.com a telephone is "an apparatus, system, or process for transmission of sound or speech to a distant point, esp. by an electric device." That seems general enough to cover all kinds of phones, mobile and otherwise. Right?

Well, maybe for you and me, but not for phone companies like Sprint Nextel and Verizon Wireless. They say that their companies don't sell "telephone service" but instead sell "radio transmissions." So what's the big deal? Money, and lots of it. Millions of dollars, in fact.

As it turns out, Missouri has had for decades laws on the books that tax telephone services. The justification for the tax was that public utilities -- including telephone companies -- compensated governments for the use of publicly owned rights of way, which the companies needed for poles, lines, or other equipment. And, you guessed it, they want to collect taxes on cell phone services. That's where Sprint Nextel and Verizon draw the line, saying they aren't phone companies, but radio transmission companies.

For Missouri, that would mean about $80-$100 million a year in tax revenues for local governments. However, the cell phone companies refuse to pay, and unpaid back taxes and penalties are currently estimated at from $300-$600 million. Okay, Sprint Nextel and Verizon are now paying, but under protest.

Verizon is basing its claims on the fact that its wireless service travels through radio transmissions rather than wires or fiber-optic cables. Furthermore, the company says its towers are outside public rights of way.

Of course, consumers will lose no matter how it turns out. If the phone companies win, then the public is out useful tax dollars. If the state and local governments win, the cost of the taxes will be passed on to consumer.

So is a cell phone a phone or not? I guess it all depends on how you define "is".

Posted by Jon Erickson at 04:32 PM  Permalink |