Skip to main content

Posts

Showing posts from January, 2016

Stabilization, Negative Goals and Cybersecurity

This post from Robert Martin,  Stabilization , along with some recent lectures on Cyber-Security (from MIT's Srini Devadas) came together with the insight that both the "patch & pray" cyber security and the passive stabilization process are each pursuing negative goals. In other words, they are trying to prove the absence of bugs or vulnerabilities. Proving a negative like this is impossible - you'd have imagine and try every conceivable data input or attack vector. Since you can only really prove a positive (when the system get this, it does that) - then as Bob Martin suggests - you need to check that you have high test coverage, and subsequently high code coverage when running those tests - not just x hours of problem free run-time. In the security realm, just because you have a firewall and haven't seen that you've been hacked, you can't simply assume you are safe, you need to test applications for specific attacks, like SQL injection, or by port ...

Maintainablilty

A question: What does the following code do?  public static string GetThing1(string s)  {       return s.Substring(s.Length / 2 - (1 - s.Length % 2), 2 - s.Length % 2);  } Given that code, take a look at the following, what doe this code do? public static string GetThing2(string s) {     //Given a string return the middle char if odd, middle 2 if even     string retVal = "";     bool even = (s.Length % 2 == 0) ? true : false;     int middle = (s.Length % 2 == 0) ? s.Length / 2 - 1 : s.Length / 2;     if (even)         retVal = s.Substring(middle, 2);     else         retVal = s[middle].ToString();     return retVal; } It probably didn't take too long to figure out they both do the same thing.  They are two different answers to the following question: Write a function to get the middle character of a string. Return the mid...