RSSmeme | Stories Published on Coding Horror

Coding Horror: Adventures in Rechargeable Batteries (3)

on

Coding Horror (463) 5 days, 22 hours ago permalink

Every self-respecting geek loves gadgets. I'm no exception. And so many of my favorite gadgets have a voracious appetite for batteries. I don't know why all the other battery types fell so far out of favor, but between AA and AAA, I could probably power 95% of my household gadget needs. I've been a rechargeable battery user for years. It seems the frugal thing to do in the long run, and it's also healthier for ...

Shared by Dan MacKinlay (33) Elwood (11) takobell (17)

Contribute comment

Coding Horror: OpenID: Does The World Really Need Yet Another Username and Password? (7)

by Jeff Atwood (268) on

Coding Horror (463) 1 week, 1 day ago permalink

As we continue to work on the code that will eventually become stackoverflow, we belatedly realized that we'd be contributing to the glut of username and passwords on the web. I have fifty online logins, and I can't remember any of them! Adding that fifty-first set of stackoverflow.com credentials is unlikely to help matters. With some urging from my friend Jon Galloway, I decided to take a look at OpenID. OpenID aims to solve the ...

Shared by Cyli or Lithie (18) Jack (17) jeroendemiranda (31) karnoult (16) Mark (12) Mike F (671) tylermac (19)

Contribute comment

Coding Horror: Get Your Database Under Version Control (4)

on

Coding Horror (463) 1 week, 3 days ago permalink

A little over a year ago, I wrote about the importance of version control for databases. When I ask development teams whether their database is under version control, I usually get blank stares. The database is a critical part of your application. If you deploy version 2.0 of your application against version 1.0 of your database, what do you get? A broken application, that's what. That's why your database should always be under source control, ...

Shared by ggasp (19) Ming-Xun (17) Nathan (1) Tim (16)

Contribute comment

Coding Horror: Can Your Team Pass The Elevator Test? (2)

on

Coding Horror (463) 1 week, 4 days ago permalink

Software developers do love to code. But very few of them, in my experience, can explain why they're coding. Try this exercise on one of your teammates if you don't believe me. Ask them what they're doing. Then ask them why they're doing it, and keep asking until you get to a reason your customers would understand. What are you working on? I'm fixing the sort order on this datagrid. Why are you working on ...

Shared by Max Timchenko (2) Stephan Nedregaard (11)

Contribute comment

Coding Horror: Actual Performance, Perceived Performance (5)

on

Coding Horror (463) 1 week, 5 days ago permalink

If you've used Windows Vista, you've probably noticed that Vista's file copy performance is noticeably worse than Windows XP. I know it's one of the first things I noticed. Here's the irony-- Vista's file copy is based on an improved algorithm and actually performs better in most cases than XP. So how come it seems so darn slow? Let's start with Mark Russinovich's typically excellent and exhaustively in-depth analysis of Vista's file copy algorithm: Perhaps ...

Shared by Daniel Bell (16) Mo (33) Nathan Bowers (19) Ryan (11) takobell (17)

Contribute comment

Cross-Site Request Forgeries and You (48)

by Jeff Atwood (268) on

Coding Horror (463) 2 weeks, 4 days ago permalink

As the web becomes more and more pervasive, so do web-based security vulnerabilities. I talked a little bit about the most common web vulnerability, cross-site scripting, in Protecting Your Cookies: HttpOnly. Although XSS is incredibly dangerous, it's a fairly straightforward exploit to understand. Do not allow users to insert arbitrary HTML on your site. The name of the XSS game is sanitizing user input. If you stick to a whitelist based approach -- only allow ...

Shared by abhi (17) Andréia Bohner (49) Andrew Becherer (19) Andy (6) Anthony Garcia (13) Artem (15) Ashish Nayyar (9) atomantic (19) Brakara (7) Brandon Bloom (20) Christian (24) CMS (17) cristian (17) dan (19) Daniel (16) Dave (6) Denis Gobo (27) Derivadow (15) dW (17) federico silva (37) Jesper (28) Jesse (18) Justin Yost (129) Kevin Riggins (25) lishevita (25) Mark (26) Mason (21) maui (1) Max (15) Maxim (16) Mike F (671) Miles Rausch (9) Morton Fox (63) OJ (6) Omnipresence@wired® (13) Owen (15) Peter (8) pt9386 (49) rochoa (7) scott willeke (21) smuggyuk (15) spoon16 (33) sumidiot (19) Thomas Amberg (39) Vashira (20) Walter (25) WebFlint (11) Yuvi (22)

lishevita said: For the record, Drupal 6.4 is protected against XSRF. :)
Brandon Bloom said: I have a Django middleware installed that does #2

Contribute comment

Bill Gates and Code Complete (6)

by Jeff Atwood (268) on

Coding Horror (463) 3 weeks, 2 days ago permalink

By now I'm sure you've at least heard of, if not already seen, the new Windows Vista advertisements featuring Bill Gates and Jerry Seinfeld. They haven't been well received, to put it mildly, but the latest commercial is actually not bad in its longer 4 minute version: On the whole, I'd call these ads opaque bordering on inane. Rumor has it the entire thing has been cancelled. It wasn't entirely unsuccessful, I suppose; the goal ...

Shared by Aditya (11) Benk (20) Filippo (24) John (20) tgeros (17) Yuvi (22)

John said: Ha ha! I thought that technical bed-time story sounded fairly coherent. It's funny: it seems fairly obvious that the "platform wars" are drawing to a close. I remember when the OS was a big deal, but it does require some effort. Nothing brings the current situation into focus quicker than my being happy with a new computer as soon as I have Internet access: yes, I'll want that DVD with the backup of my e-mail, my instant messaging software configuration, my password database, etc. at some point, but the fact is that most of my e-mail and writing, and the stuff I read (RSS feeds), is all stored on the Web somewhere. And it all happened so seamlessly. I mean, I like Linux, and Ubuntu specifically too, but I'd be happy with anything I could use to access the Internet and play my music (that's the other big one, I guess), so long as it was free; the latter's my primary requirement, and my favourite thing about Linux.

Contribute comment

Stack Overflow: None of Us is as Dumb as All of Us (24)

by Jeff Atwood (268) on

Coding Horror (463) 3 weeks, 4 days ago permalink

I'm in no way trying to conflate this with the meaning of my last blog post, but after a six month gestation, we just gave birth to a public website. Of course, I'm making a sly little joke here about community, but I really believe in this stuff. Stack Overflow is, as much as I could make it, an effort of collective programmer community. Here's the original vision statement for Stack Overflow from back in ...

Shared by atomantic (19) Brit (17) ckk (17) Dave White (11) David Arcos (38) Diego Guidi (20) Eric (11) Eugene A. Grebennikov (1) Frank Sons (15) Jesse (18) Jon Galloway (14) JonB (7) Jonjon (21) Kevin (36) Mike (21) Nick (64) Régis Kuckaertz (28) Saul (18) spoon16 (33) Srinvard (39) tOMPSON (24) tumbleweed (19) Vishy007 (7) WebFlint (11)

David Arcos said: Me encanta StackOverflow, ya tengo RSSadas algunas categorías...

Contribute comment

Spawning a New Process (11)

by Jeff Atwood (268) on

Coding Horror (463) 1 month ago permalink

I don't usually talk about my personal life here, but I have to make an exception in this case. I debated for days which geeky reference I would use as a synonym for "we're having a baby". The title is the best I could do. I'm truly sorry. As an aside, this is something my wife and I have worked at for a number of years, and was only truly possible through the Miracle of ...

Shared by Abhinav Modi (13) Alan (19) ancameme (5) Catto (18) Jamie (8) Jim (27) joshb (12) kidakaka (33) Mike (26) sczizzo (8) Yuvi (22)

Contribute comment

Coding Horror: Programmers Don't Read Books -- But You Should (10)

on

Coding Horror (463) 1 month, 1 week ago permalink

One of the central themes of stackoverflow.com is that software developers no longer learn programming from books, as Joel mentioned: Programmers seem to have stopped reading books. The market for books on programming topics is miniscule compared to the number of working programmers. Joel expressed similar sentiments in 2004's The Shlemiel Way of Software: But the majority of people still don't read. Or write. The majority of developers don't read books about software development, they ...

Shared by Arachnid (12) Augusto (14) Jeff Fedor (18) joao (0) jordanc (14) Kazuyoshi Kato (10) molgar (9) Rene (19) Scott (17) trhall (19)

Contribute comment

Protecting Your Cookies: HttpOnly (109)

by Jeff Atwood (268) on

Coding Horror (463) 1 month, 2 weeks ago permalink

So I have this friend. I've told him time and time again how dangerous XSS vulnerabilities are, and how XSS is now the most common of all publicly reported security vulnerabilities -- dwarfing old standards like buffer overruns and SQL injection. But will he listen? No. He's hard headed. He had to go and write his own HTML sanitizer. Because, well, how difficult can it be? How dangerous could this silly little toy scripting language ...

Shared by _dot_ (1) | Balu | (28) Adam (15) Alan (33) Alastair Binns (2) Alec Resnick (29) Alex (18) Alexandru Savu (39) alfred westerveld (64) AndrewBadera (97) Andy (6) Andy Davies (9) Anthony Bowyer-Lowe (8) Arik (15) Artem (15) atul (153) Aviv (9) Azeem (20) Barry Ferg (16) Brakara (7) Cade (33) CannonGod (229) Catto (18) chimeric (22) Chris (13) Chris (10) Chris Newman (2) cnu (13) Compuwizard123 (41) D. Hayes (12) D. Lambert (3) Daniel (4) Danny (0) Daryl Milne (17) David (2) dd (17) Denis Gobo (27) Dennis (10) Denny (20) Dominik (47) Drew (0) FX Poster (18) Graham (6) iamnoah (12) Ian (17) Ivan Tarasov (13) James Mead (23) James Smith (14) Jamie Eisenhart (0) Jason Cartwright (18) jerobins (20) Jeroen (22) Jim (19) jmserra (7) jmvidal (15) Joel (2) John (0) John Higley (16) Jorriss (22) Julien Tartarin (7) Justin Yost (129) Karol F (41) KC (13) kebernet (61) Kevin (36) LouCypher (76) Marcio (8) Masakuni Kato (18) mathowie (2) Matthew Schultz (14) Mike Aizatsky (17) Mike Stenhouse (7) MikeG (19) Mone (14) Morton Fox (63) mucit (13) Nikki (45) OJ (6) Otto R. Radke (17) Paul (21) Paul Greeve (0) Paul Holbrook (0) Pete (19) ProfVegas (231) ritesh (19) rochoa (7) SamHyland (0) Santosh (20) Scott (24) Shaun (20) smerrell (18) smuggyuk (15) spoon16 (33) Srinvard (39) Takayuki (71) tig (41) Tim (52) Tim Disney (13) Tim Pickles (4) TiTi (161) Tom Drummond (0) Tony Ruscoe (22) Uri (13) vevck (16) William Spaetzel (22) Yaakov (20) Yuvi (22) zapnap (27) 狮子真好吃啊 (32)

Mone said: manca un punto, poter accedere ai cookie tramite javascript può servire a proteggersi da XSRF.HttpOnly cookies impediscono questa difesa ma non impediscono XSS, 'bloccano' (lui stesso parla dei buchi nelle attuali implementazioni) solo l'acceso a un'informazione delle tante disponibili a un javascript iniettato. Un esempio banale, il codice attaccante può sempre simulare una finestra di login falsa all'interno di una pagina valida...
jmvidal said: Good tip.
dd said: When you tag a cookie with the HttpOnly flag, it tells the browser that this particular cookie should only be accessed by the server. Any attempt to access the cookie from client script is strictly forbidden.

Contribute comment

Coding Horror: Classic Computer Science Puzzles (5)

on

Coding Horror (463) 1 month, 2 weeks ago permalink

Software developers do have a proclivity for puzzles. Perhaps that's why books like To Mock a Mockingbird exist. It's a collection of logic puzzles which is considered an introduction to lambda calculus, one of the core concepts of Lisp. Such puzzle questions are de rigueur for many programming interviews, though they're often abused. There is a downside to thinking of programming languages as solutions to arbitrarily difficult abstract mathematical puzzles. That's probably why Lisp has ...

Shared by Alan Kelon Oliveira de Moraes (7) Bramha (20) dew (38) Frenz (0) Jonathan (0)

Contribute comment

Deadlocked! (42)

by Jeff Atwood (268) on

Coding Horror (463) 1 month, 2 weeks ago permalink

You may have noticed that my posting frequency has declined over the last three weeks. That's because I've been busy building that Stack Overflow thing we talked about. It's going well so far. Joel Spolsky also seems to think it's going well, but he's one of the founders so he's clearly biased. For what it's worth, Robert Scoble was enthused about Stack Overflow, though it did not make him cry. Still, I was humbled by ...

Tagged sql coding programming tips performance database databases codinghorror sqlserver deadlock (0)

Shared by _dot_ (1) [Curtis W] (43) Alex (25) Assaf (18) BIGODE (30) Bill (19) Brit (17) Catto (18) clementi (30) Compuwizard123 (41) D. Lambert (3) David (9) Denny (20) Derrik (96) Duk (10) Eduardo (10) fmavituna (0) James Socol (10) Jeremy (64) jmserra (7) Justin Yost (129) kev (107) kidakaka (33) Macio (19) ManiacD (28) Morton Fox (63) MPx (16) Nick (20) Nick Campbell (21) omars (6) Paul (21) pmfa (23) Quinny (16) Roberto (38) Roshan (20) Saul (18) Srinvard (39) Steve (18) tim (36) TiTi (161) Warren (17) Yuvi (22)

Bill said: Maybe if you get a real dev stack, like Apache/MySQL/Django, you wouldn't have these problems.
David said: Wow. Loads speculation and misinformation over a simple example. By chasing down some of the links, I actually learned a good bit.

Contribute comment

Coding Horror: Setting up Subversion on Windows (6)

on

Coding Horror (463) 1 month, 3 weeks ago permalink

When it comes to readily available, free source control, I don't think you can do better than Subversion at the moment. I'm not necessarily advocating Subversion; there are plenty of other great source control systems out there -- but few can match the ubiquity and relative simplicity of Subversion. Beyond that, source control is source control, as long as you're not using Visual SourceSafe. And did I mention that Subversion is ... free? Allow me ...

Shared by ezu (11) John Conners (15) Stephan Nedregaard (11) Steve Bosman (16) Vaibhav (17) vonpmg (13)

Contribute comment

Check In Early, Check In Often (82)

by Jeff Atwood (268) on

Coding Horror (463) 1 month, 3 weeks ago permalink

I consider this the golden rule of source control: Check in early, check in often. Developers who work for long periods -- and by long I mean more than a day -- without checking anything into source control are setting themselves up for some serious integration headaches down the line. Damon Poole concurs: Developers often put off checking in. They put it off because they don't want to affect other people too early and they ...

Shared by Abdullah Cetin CAVDAR (46) Alan Dean (66) Alan Kelon Oliveira de Moraes (7) alex (11) Andrei (25) BabaSucks (5) Bartek (5) Benk (20) Bill (19) Bojan (8) Brit (17) Cade (33) Caiwangqin (11) Catto (18) Cem (19) chusemann (23) Claude (33) CMS (17) codefin (23) Compuwizard123 (41) David (21) Denis Gobo (27) Doug (24) Elijah Manor (16) Glen Horton (23) Gubatron (66) James Mead (23) James Socol (10) jasonb (7) Jeff (61) Jeffrey Vanneste (20) jerobins (20) Jim (16) Joel (2) jonezy (10) Jonjon (21) keith (85) Ken (20) Ken Sykora (22) kev (107) kidakaka (33) Kurt (19) lishevita (25) mathewbutler (20) Matt (1) Matthew J Hendrickse (2) Mike (16) Morton Fox (63) Mrinal (19) Nick Campbell (21) Nicolas Roberge (20) Nigel J (21) Page (23) peysal (4) PhatBoyG (13) Rich (20) Rob (161) robin (5) Ron (25) Roshan (20) Ryan Joseph (38) Saul (18) Sebastian (27) shivanand (23) Srinvard (39) Steve (17) Steve (24) Ted (6) tgeros (17) tim (36) Tim (52) TiTi (161) tOMPSON (24) Uri (13) Vashira (20) vevck (16) Vishy007 (7) Vodex (18) xrx (49) Yuvi (22) zapnap (27) Zoram (32)

Explore read seven notes

Ken said: Atwood as usual with some excellent advice
jonezy said: good advice for developers here
Nigel J said: amen
Vishy007 said: totally agree!
Claude said: I thought I was crazy committing small chunks of tested work.
tOMPSON said: I wish some of my colleagues would stick to this
David said: That's where branching comes in and exclusive locks go out. Unfortunately for us at DTC, MKS is junk :)

Contribute comment

Coding Horror: Your Desktop Is Not a Destination (3)

on

Coding Horror (463) 1 month, 3 weeks ago permalink

I'm of two minds on the desktop. If you're really using your computer, your desktop should almost never be visible. Your screen should be covered with information, with whatever data you're working on. I can't imagine why you'd willingly stare at a static background image-- or even a background image covered with a sea of icons. Unless you consider your computer a really expensive digital picture frame, I suppose. The desktop background, as I see ...

Shared by Igor Varyvoda (28) jh2fct (28) Jonathan (0)

Contribute comment

Software Branching and Parallel Universes (2)

on

Coding Horror (463) 1 month, 3 weeks ago permalink

Source control is the very bedrock of software development. Without some sort of version control system in place, you can't reasonably call yourself a software engineer. If you're using a source control system of any kind, you're versioning files almost by definition. The concept of versioning is deeply embedded in every source control system. You can't avoid it. But there's another concept, equally fundamental to source control, which is much less frequently used in practice. ...

Shared by Cem (19) Michael Letterle (18)

Contribute comment

The Perils of FUI: Fake User Interface (61)

by Jeff Atwood (268) on

Coding Horror (463) 1 month, 3 weeks ago permalink

As a software developer, tell me if you've ever done this: Taken a screenshot of something on the desktop Opened it in a graphics program Gone off to work on something else Upon returning to your computer, attempted to click on the screenshot as if it was an actual program. And let's not forget the common goating technique where you take a screenshot of someone's desktop, make it the desktop background, then proceed to hide ...

Shared by abhi (17) Adam (28) AdmOd (5) AJ (254) Alexandru Savu (39) Amit (17) andrin (22) Anu (16) Arik (15) Bruno Campagnolo de Paula (43) BuildMaster (9) Burad (2) Catto (18) darkeye11547 (179) Darrin (0) Dedalus (30) Denny (20) Fernando (37) fmavituna (0) Heather (27) HejGustav (24) Imran (3) James Socol (10) Jamie (8) János B (23) Jeff (61) Jesús Dugarte (20) jmvidal (15) John (22) Justin Yost (129) Ken (20) lishevita (25) LouCypher (76) Mark (26) mathewbutler (20) Maurice (14) Michael Kuhn (10) Mike (16) Mike F (671) Morton Fox (63) muchio (6) Nikola (8) Olivier Favre (Innovablog) (20) Phillie Casablanca (21) poorbird (28) Richard Bradshaw (17) Roberto (38) Scott (10) Srinvard (39) Stuart Maxwell (3) sumidiot (19) Tanel (4) Todd (20) tOMPSON (24) Tony (24) TroubledWine (19) turker (17) Uri (13) Vashira (20) Vipul (174) xeal (15)

andrin said: Things like this will probably become everyday news in the future. Most website owners and even many developers are clueless to this phenomena.
jmvidal said: Clever, and scary.
fmavituna said: http://ferruh.mavituna.com/firefox-master-password-dialog-weakness-oku/

Contribute comment

Coding Horror: Everything I Needed to Know About Programming I Learned from BASIC (3)

on

Coding Horror (463) 1 month, 3 weeks ago permalink

Edsger Dijkstra had this to say about Beginner's All Purpose Symbolic Instruction Code: It is practically impossible to teach good programming style to students that have had prior exposure to BASIC; as potential programmers they are mentally mutilated beyond hope of regeneration. I'm sure he was exaggerating here for effect; as much as I admire his 1972 "The Humble Programmer" paper, it's hard to square that humility with the idea that choosing the wrong programming ...

Shared by ali (13) Jesper (28) Olivier (18)

Contribute comment

Please Give Us Your Email Password (14)

by Jeff Atwood (268) on

Coding Horror (463) 1 month, 3 weeks ago permalink

A number of people whose opinions I greatly respect have turned me on to Yelp over the last six months or so. Yelp is a community review site, and a great way to discover cool new places in whatever neighborhood you happen to be in. I've enjoyed using Yelp, and I wanted to participate by submitting my first review, so I created a new account there. As part of the account creation process, I was ...

Shared by -ds (16) Augusto (14) b (0) Branton (6) Chris (14) Eduard (18) Ernesto Jiménez (20) Gavin Rehkemper (19) JD Hancock (15) msimoens (8) OfficeOfTheLaw (18) Olivier35 (11) Ryan Mulligan (11) stevied (15)

b said: test

Contribute comment