News, views, tips and tricks on Oracle and other fun stuff

Code Comments Gone Wrong

Dimitrios Kalogirou offers good advice:

Write self descriptive code ! Your code should be read like sentences. Avoid smart shortcuts and tricks because they break the reading… I use code comments when the code is not really self documenting. Comments should convey what code cannot. They should explain the reasons for a specific design decision, they should explain what code is supposed to achieve and why.
Comments Off on Code Comments Gone Wrong | Filed in Tips | Tags:

Women as Programmers

Yolande wrote:

The lack of women in programming is in part a cultural issue that differs from region to region. In developed countries, very few women work as programmers whereas in Brazil and India a lot of women pursue careers in IT. Women in developed countries perceive the field as isolating and very few young women graduate in computer science. This perception of isolation was based in reality decades ago, but that is no longer the case today.

Well, you may be surprised to learn that the earliest computer programmers were women and that the programming field was once stereotyped as female.

Comments Off on Women as Programmers | Filed in Technology | Tags: ,

The Hello World Collection

“Hello World” is the first program one usually writes when learning a new programming language. The first Hello World program appeared in chapter 1.1 of the first edition of  The C Programming Language, in 1978. Since then, Hello World has been implemented in just about every programming language on the planet.

The Hello World collection includes 428 Hello World programs in many more-or-less well known programming languages, plus 63 human languages.

Can you name the programming language based on its Hello World syntax? Take this quiz and let us know. (via)

2 Comments | Filed in Interesting | Tags:

Top 25 Most Dangerous Programming Errors

The 2010 CWE/SANS Top 25 Most Dangerous Programming Errors is a list of the most widespread and critical programming errors that can lead to serious software vulnerabilities. They are often easy to find, and easy to exploit. They are dangerous because they will frequently allow attackers to completely take over the software, steal data, or prevent the software from working at all.

[1] 346 CWE-79 Failure to Preserve Web Page Structure (‘Cross-site Scripting’)
[2] 330 CWE-89 Improper Sanitization of Special Elements used in an SQL Command (‘SQL Injection’)
[3] 273 CWE-120 Buffer Copy without Checking Size of Input (‘Classic Buffer Overflow’)
[4] 261 CWE-352 Cross-Site Request Forgery (CSRF)
[5] 219 CWE-285 Improper Access Control (Authorization)
[6] 202 CWE-807 Reliance on Untrusted Inputs in a Security Decision
[7] 197 CWE-22 Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’)
[8] 194 CWE-434 Unrestricted Upload of File with Dangerous Type
[9] 188 CWE-78 Improper Sanitization of Special Elements used in an OS Command (‘OS Command Injection’)
[10] 188 CWE-311 Missing Encryption of Sensitive Data
[11] 176 CWE-798 Use of Hard-coded Credentials
[12] 158 CWE-805 Buffer Access with Incorrect Length Value
[13] 157 CWE-98 Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP File Inclusion’)
[14] 156 CWE-129 Improper Validation of Array Index
[15] 155 CWE-754 Improper Check for Unusual or Exceptional Conditions
[16] 154 CWE-209 Information Exposure Through an Error Message
[17] 154 CWE-190 Integer Overflow or Wraparound
[18] 153 CWE-131 Incorrect Calculation of Buffer Size
[19] 147 CWE-306 Missing Authentication for Critical Function
[20] 146 CWE-494 Download of Code Without Integrity Check
[21] 145 CWE-732 Incorrect Permission Assignment for Critical Resource
[22] 145 CWE-770 Allocation of Resources Without Limits or Throttling
[23] 142 CWE-601 URL Redirection to Untrusted Site (‘Open Redirect’)
[24] 141 CWE-327 Use of a Broken or Risky Cryptographic Algorithm
[25] 138 CWE-362 Race Condition


Posted via web from

1 Comment | Filed in Interesting, Security | Tags: ,

How Do You Accurately Estimate Programming Time?

It can take a fairly stable team of programmers as long as six months to get to a point where they’re estimating programming time fairly close to actuals, says Suvro Upadhyaya, a Senior Software Engineer at Oracle. Accurately estimating programming time is a process of defining limitations, he says. The programmers’ experience, domain knowledge, and speed vs. quality all come into play, and it is highly dependent upon the culture of the team/organization. Upadhyaya uses Scrum to estimate programming time. How do you do it?

via Slashdot Ask Slashdot Story | How Do You Accurately Estimate Programming Time?.

Comments Off on How Do You Accurately Estimate Programming Time? | Filed in Oracle | Tags:

10 Things About Computer Programming You May Not Agree With

Are you a computer programmer? Here is what Half Sigma thinks about your profession:

  1. Computer programming is a low prestige profession.
  2. As you get older, your desire to completely relearn everything decreases, so you are likely to succumb to the temptation of staying with the familiar technology for too long.
  3. Whatever your position is, as a Computer Science person, you are socially classified as a geek.
  4. The computer programming industry within the United States is an industry with a shrinking number of jobs (because of outsourcing).
  5. Computer programming and IT in general is now seen as the foreigner’s industry and not a proper profession for upwardly mobile white Americans.
  6. Computer programmers face the need to move up to management or likely wind up as underemployed fifty-year-olds, only suitable for lower paying IT jobs.
  7. This trend, in which people without computer programming experience manage computer programming projects, is a result of the low prestige of computer programming.
  8. If you look forward to one day having your own private office, then computer programming sure isn’t the way to go.
  9. Computer programmers are cubicle employees, not considered important enough to be given nice workspaces.
  10. If you can’t get into a Top 14 law school or a top graduate business school, then public accounting probably provides a better career path than computer programming.

So, if you are a computer programmer, maybe you should change your career and become a database administrator. After all, database administration is one of the fastest-growing jobs in the United States.

I believe that no matter what your profession is, keeping up to date with the “what’s new” in your industry/technology is very essential to career development.

39 Comments | Filed in Interesting, Technology | Tags:

Do You Have These Symptoms?

One of my ex-coworkers emailed me this photo. The subject of the email was: Winner of “not my job” award.

When I looked at this photo, the word “laziness” started flashing in my mind. My thoughts then wandered to laziness as it related to programming. I then asked myself: what is laziness in programming? Here are a few thoughts:

  • Laziness is when you do not follow best practices.
  • Laziness is when you do not handle exceptions.
  • Laziness is when you do not research problems before asking dumb questions.
  • Laziness is when you do not check out what’s new in new versions.
  • Laziness is when you do not take the time to learn every feature available to you.
  • Laziness is when you do not comment or document your code.
  • Laziness is when you do it the quick and dirty way.
  • Laziness is when you do start coding before even understanding what the program really does.
  • Laziness is WHEN OTHERS THEN NULL.

Throughout my career I was guilty of being lazy. But some may argue that good programmers are not only lazy, but also dumb:

…for a lazy programmer to be a good programmer, he (or she) also must be incredibly unlazy when it comes to learning how to stay lazy – that is, which software tools make his work easier, which approaches avoid redundancy, and how he can make his work be maintained and refactored easily.

…a good programmer must be dumb. Why? Because if he’s smart, and he knows he is smart, he will: a) stop learning b) stop being critical towards his own work… a good programmer, when confronted with a problem from management, will adopt this mindset of being dumb; he will start asking the most simple, child-like questions. Because he doesn’t accept the parameters suggested to him that someone thinks make up the problem.

So, you should always try to be lazy in an “unlazy” way, and dumb in a smart way.

12 Comments | Filed in ColdFusion, Interesting, Oracle | Tags:

10 Programming Quotes and Lessons Learned

Here is a list of 10 programming quotes I picked from this longer list, and what I learned from each:

  1. It’s hard enough to find an error in your code when you’re looking for it; it’s even harder when you’ve assumed your code is error-free.
    Lesson: Always assume that your code is buggy and code accordingly.

  2. Be careful about using the following code — I’ve only proven that it works, I haven’t tested it.
    Lesson: Always test your code.

  3. Good code is its own best documentation. As you’re about to add a comment, ask yourself, “How can I improve the code so that this comment isn’t needed?”.
    Lesson: Write clear maintainable code.

  4. Incorrect documentation is often worse than no documentation.
    Lesson: Make sure your documentation really reflects what your code is doing and vice verse.

  5. Measuring programming progress by lines of code is like measuring aircraft building progress by weight.
    Lesson: The number of lines of code is irrelevant in measuring software development progress, measure by what the code does and how fast it does it.

  6. Just because the standard provides a cliff in front of you, you are not necessarily required to jump off it.
    Lesson: Do not blindly follow any standard, understand first.

  7. The most important single aspect of software development is to be clear about what you are trying to build.
    Lesson: Understand the problem first, then build the solution.

  8. Good programmers use their brains, but good guidelines save us having to think out every case.
    Lesson: Understand and use software design patterns whenever possible.

  9. Simplicity is the ultimate sophistication.
    Lesson: No comment.

  10. The primary duty of an exception handler is to get the error out of the lap of the programmer and into the surprised face of the user. Provided you keep this cardinal rule in mind, you can’t go far wrong.
    Lesson: Apply exception handling liberally across all your programs. 🙂

7 Comments | Filed in Interesting, Tips | Tags: ,

That Fine Code

So, I was tasked with changing a simple ColdFusion application. The application was written by a former co-worker who was also a “ColdFusion developer”.

The application has an HTML form in a login.cfm page that submits to a login_action.cfm page.

Now, take a look at this login_action.cfm, what am I supposed to do? Go hang myself? The following is an exact copy/paste: Continue reading…

13 Comments | Filed in ColdFusion | Tags: