Estimate Units
2009-02-13 | Filed Under Uncategorized
When you estimate tasks, should the estimates be done in hours, or in days?
As I see it, the big advantage of estimating in hours is that if you THINK in hours, you tend to get a more accurate estimate. There are lots of development tasks which will seem like they should take “no more than 2 days”, but if you think about all the individual steps (I have write create the page and the new service. And the stored procedure. And I’ll have to get a security review and a code review. And I have to remember to do the unit tests. Oh yes, and save time for bug fixes), the total comes out a big bigger.
As I see it, the big advantage of estimating in days is that it’s quicker and simpler. If you team is sitting there arguing whether a task is 3 hours or 4 hours, then you’re wasting time — after all, development estimates are never THAT accurate anyway: we always need to allow for the unexpected.
Considering these, I could be persuaded to do it either way. What is NOT useful is to think how many days it will take, multiply by the number of hours per day, then spend time arguing about whether it is one more or one less than this number.
Post Links
Permalink | Trackback | 2 Comments
An Exception to Every Rule
2008-12-31 | Filed Under Programming
I like automated code scanners, really I do. They can scan your code either before or after you check it in and review it for code formatting, memory errors, or even potential security problems. It can prevent lots of foolish errors and unnecessary inconsistencies.
But there is one catch [More...]
Post Links
Permalink | Trackback | 2 Comments
The Death of Ontology
2008-12-29 | Filed Under Programming
Once upon a time, all good software used some sort of a command language. Whether it was a word processor like Emacs, a typesetting program like TeX, or even something like a graphing program, everything had a command line at the bottom and some kind of command language that could be used to control it. Learning to use a piece of software meant reading the manual to see what commands it had, and what kinds of modifiers and arguments those commands took. There was, I expect, a whole science behind the creation of good command languages. I know, for instance, that many allowed you to use abbreviations so as they were unambiguous, so the better designed ones used a vocabulary that was carefully selected to be memorable but with no words that shared more than a couple of leading letters.
Then with a single innovation, the entire science of command language design became forever irrelevant. [More...]
Post Links
Permalink | Trackback | Leave a Comment
How Long is an Email Address?
2008-12-17 | Filed Under Programming
Suppose you are setting up your database table, and you want to create a column to store an email address. How many characters should you allow in the field? [More...]
Post Links
Permalink | Trackback | 2 Comments
My Security Nightmare
2008-12-04 | Filed Under Programming
As Willie Sutton didn’t say, “I rob banks because that’s where the money is.”
I work for a bank, and so I worry more about security than most programmers. After all, if a hacker were were truly motivated and competent who would they pick to go after? Probably a bank (the other good option is political or corporate espionage). Recently I saw two security-related stories which, when combined, form my ultimate nightmare: an effective attack for which I cannot imagine a possible defense. [More...]
Post Links
Permalink | Trackback | Leave a Comment
Election Guide, Nov 2008
2008-11-01 | Filed Under Politics
Here is a description of all items that will be on my local ballot for this upcoming election, along with my own personal recommendations on how I expect to vote, and why. For quite some time now, I’ve done this sort of research before elections; this time I decided to write it out. [More...]
Separation of Concerns
2008-10-27 | Filed Under Uncategorized
Once upon a time (in the dark ages of web application development) we built our applications as a single monolithic Perl CGI script, or perhaps a large JSP file containing the entire application. [More...]
Many ways to attack websites
2008-10-09 | Filed Under Uncategorized
Developers of web applications have quite a few different kinds of “attacks” to worry about. I will try to describe the major categories I know of, including one which is “new” as of the past month or so. [More...]
Post Links
Permalink | Trackback | Leave a Comment
Threadsafe Java Servlets – a solution
2008-10-07 | Filed Under Programming
In a previous post I wrote about how nearly all web applications built on Java servlets suffer from potential threading issues. Web browsers can make multiple simultaneous requests, which will result in multiple threads concurrently modifying the (not threadsafe) HTTPSession. Most people just ignore the problems (which strike rarely), some serialize all requests for the same session, but neither of these works as well in a world where AJAX-based user interfaces are becoming more common. I hope to describe the basic outline of a solution; explaining, as I go, the reasoning I used in coming up with it. [More...]
Post Links
Permalink | Trackback | Leave a Comment
Threadsafe Java Servlets
2008-09-23 | Filed Under Programming
Web servers are inherently threaded applications: their primary purpose is to serve up a website or web application to a large number of users. Essentially all of the frameworks for creating web applications, such as Java’s “servlet” specification and all of the structure built on top of it, provide built-in support for handling queries from different users simultaneously, and they make it possible for these threads to operate “safely” (without data corruption) so long as a few basic rules are followed (”Don’t store anything in the servlet instance variables.”, and “Don’t access anything stored in static variables unless it is threadsafe.”).
However, threading issues for web servers are not limited to the fact that there are multiple simultaneous users — it is also possible to be processing multiple HTTP requests a single user at the same time. [More...]
Post Links
Permalink | Trackback | 6 Comments