Earnest Engineer

This post from Robert Martin,  Stabilization , along with some recent lectures on Cyber-Security (from MIT's Srini Devadas) came together with the insight that both the "patch & pray" cyber security and the passive stabilization process are each pursuing negative goals. In other words, they are trying to prove the absence of bugs or vulnerabilities. Proving a negative like this is impossible - you'd have imagine and try every conceivable data input or attack vector. Since you can only really prove a positive (when the system get this, it does that) - then as Bob Martin suggests - you need to check that you have high test coverage, and subsequently high code coverage when running those tests - not just x hours of problem free run-time. In the security realm, just because you have a firewall and haven't seen that you've been hacked, you can't simply assume you are safe, you need to test applications for specific attacks, like SQL injection, or by port

A question: What does the following code do?  public static string GetThing1(string s)  {       return s.Substring(s.Length / 2 - (1 - s.Length % 2), 2 - s.Length % 2);  } Given that code, take a look at the following, what doe this code do? public static string GetThing2(string s) {     //Given a string return the middle char if odd, middle 2 if even     string retVal = "";     bool even = (s.Length % 2 == 0) ? true : false;     int middle = (s.Length % 2 == 0) ? s.Length / 2 - 1 : s.Length / 2;     if (even)         retVal = s.Substring(middle, 2);     else         retVal = s[middle].ToString();     return retVal; } It probably didn't take too long to figure out they both do the same thing.  They are two different answers to the following question: Write a function to get the middle character of a string. Return the middle character if it the length is odd, or the middle 2 characters if the length is even. Which version took less time to understand? P