Software engineers often work on teams. The team writes software that has value. In order to plan when that value will be realized, it is useful to know when the software will be ready to ship. Failing that, it is useful to measure how the team is doing so that management can take action if the plan isn’t going to work out. Both of these endeavors involve estimating the complexity, time, or risk of various software features.

Read On →

I first learned about Emacs Hydra in early 2015, and I didn’t really understand why it would be useful, but it seemed neat, so I dug in. In short, Hydra provides a transient form of modal editing in which keys are rebound to various actions. It turns out this is a very cool abstraction, even if it can take a few moments to wrap your head around the utility. Examples are helpful.

Read On →

The Ruby community is filled with attempts to use complex solutions to simple problems, often in the interest of making code smaller, tighter, or more convenient, but this is frequently a poor trade. Compactness in exchange for simplicity results in dense, complex code. Random Tests We rarely use random in our code. But as soon as we write tests, suddenly we feel the need to sprinkle random all over. Faker, for example, is a gem dedicated to generating random test data.

Read On →

In 2008, Jeff Atwood wrote of magpie developers: those who always are attracted by the latest programming framework or tool. He concludes: Be selective in your pursuit of the shiny and new, and you may find yourself a better developer for it. Unfortunately, nowhere in the blog post does Jeff offer any advice as to what criteria to use when being ‘selective’. In fact, the final sentence is the first time he actually advocates being selective; the rest of the post is dedicated to detailing the costs of picking up new tools:

Read On →

Rendering a modern web page is a hugely complex task, and users expect it to be accomplished in milliseconds. It requires comprehensive support for encryption, parallel network connections, rendering each of text, images, videos in accordance with CSS, as well as just-in-time compilation and execution of JavaScript. With all this complexity comes the enormous security concerns of downloading and processing assets from remote, often untrusted, servers. Ideally, the web would be an ecosystem built on standards, allowing anyone to build their own browser and read content on the web.

Read On →

Programs often handle numbers that are measurements. Measurements for the same dimension (time, distance, volume, pressure, etc.) can have many different units. There are two main drivers of this diversity: Granularity Fragmentation Time has seconds, minutes, hours, days, weeks, months, and years because of the need for different levels of granularity. Distance has meters and yards, centimeters and inches because of fragmentation. So, managing numbers with units has both intrinsic and incidental complexity.

Read On →

Observers are a useful mechanism to set up event flows. They are designed for ‘fan out’ communication, in which multiple objects are notified when a single object changes. Their power lies in their use of composition, allowing observers to be added and removed at runtime as necessary, based on the current state of the application. Many languages have implementations of the observer pattern. Ruby, for example, has a module Observable that implements the pattern.

Read On →

restclient is a major mode for Emacs that provides a simple, clear DSL for making REST API client requests and viewing the responses. I’ve found it very useful both when developing and testing API code, as well as when building clients that consume other APIs. It has numerous advantages over products like Postman since it uses clear syntax, can be operated entirely without a mouse, and is based purely on text, so it can be version controlled along with a project to document API call formats.

Read On →

The title of this post is borrowed from Dustin Kirkland’s blog, in which he discusses in some detail the issues with biometrics being used as a method of authentication. When Apple launched Touch ID on the iPhone and iPad, I was skeptical. Fingerprints are not equivalent to a password or PIN in three major ways: You leave fingerprints everywhere, including the device that uses them to authenticate you You can’t change fingerprints; if they’re compromised, there’s no recourse Fingerprints are something you are, rather than something you know When you move from a PIN to fingerprints for authentication, it’s important to understand these differences.

Read On →

Background Today, Let’s Encrypt opened up a public beta test of their service that provides a highly automated mechanism for obtaining an SSL certificate. This is very exciting because it has the potential to usher in a new era of free, ubiquitous encrypted internet connections. Unfortunately, the default client requires things that may not be available on, for example, a shared host. That client needs to manipulate the server process, which requires root access, and also installs certificates directly on the machine.

Read On →

Text-based formats are useful because they afford version-control, and therefore allow changes to tracked and diffed, even when many are contributing. When I’m thinking about responsibilities and collaborations within or among systems, I often find myself thinking in terms of some sort of directed graph. Often, it’s a simple model of how data flows through the components of the system. Paper and whiteboards are often the most readily available sources, but when the diagram will evolve and be refined over weeks, I seek a more malleable format.

Read On →

A colleague asked me if I had a good reading list for API design, since that’s part of my job these days. I did quite a bit of reading before I dug into doing design work, but never collected the best resources in one place. Until now! So, here are texts I’ve read that I would recommend familiarity with before setting out to design an HTTP API. RESTful Best Practices Todd Fredrich’s book RESTful Best Practices is a concise, free book filled with useful guidelines.

Read On →

This post is designed for those that have decided RSS is something to look into, but aren’t sure where to start. Get a Feed Reader I’ll address potential reader demographics in turn. This is not intended as a survey of available software. Rather, these are my picks after using more than a dozen RSS readers over the years. My prime pick, Google Reader, is no longer with us, but two worthy successors takes its place if you’re looking for professionally hosted web-based readers.

Read On →

RSS is a simple, easy technology that allows you to stop opening 30 tabs in your browser to check the news sites you care about. RSS unclogs your inbox of all the newsletters you subscribe to. RSS puts you in control. RSS is simple, distributed, ubiquitous, and free. You should be using it. But what is it? RSS is way for computers to read websites. Consider: much of the web is designed only for humans to read.

Read On →

In 2011, Canonical made Unity the default desktop environment for it’s market-leading distro Ubuntu. Unity has been in development since 2009, but remains the least sophisticated desktop environment available for Linux, and not only fails to innovate in any meaningful way, but represents a regression in the quality of software on Linux with respect to stability and configurability. As a result of Canonical’s insistence on using Unity (which was developed in-house at Canonical), entire Ubuntu spinoffs have been created with a goal of allowing users to easily avoid using Unity.

Read On →

Back in 2012, when I joined the startup scene in San Francisco, I was surprised to learn that so many took Klout seriously. They tracked their Klout rating over time, comparing it with others, and even had playful competitions to see who could increase their Klout score the most over a couple of months. When I first learned of Klout shortly after it came out, I didn’t think too much about it.

Read On →

Back in February 2005, SHA-1 was broken. The core of what “broken” means in this context is described very well by Bruce Schneier in his post announcing the attack: If you hashed 280 random messages, you’d find one pair that hashed to the same value. That’s the “brute force” way of finding collisions, and it depends solely on the length of the hash value. “Breaking” the hash function means being able to find collisions faster than that.

Read On →

BusinessInsider posted an article a couple of days ago entitled GOOGLE’S DIRTY SECRET: Android Phones Are Basically Used As Dumbphones. I’ll ignore the linkbait title and just address the content (though I won’t be linking to the article). There is really one fact that forms the gist of the article. Here it is, in my words: As much as 80% of the smartphone market is Android-based, but roughly 80% of the purchasing on smartphones is from iOS devices.

Read On →

As 2012 draws to a close, I think its worth taking a look at retro gaming. Near the dawn of virtual reality and well into the teens for globally shared MMOs, it’s popular to be playing and making “retro” games. What I’ve noticed, though, is that this is only true so long as the games aren’t too retro. Real Retro GOG.com has given really good old titles new life, which is a good thing for everyone, as I see it.

Read On →

After more than 15 years of work as a closed source language, Carl Sassenrath has decided that Rebol 3 will be released as open source. The code was released a few days ago, so I decided it was time to check it out. Why is Rebol interesting? The Rebol manifesto is great. Any computer science purist would fall in love: It’s about language… the enabling technology behind all technologies.

Read On →

According to Wikipedia, Alan Kay introduced the desktop metaphor in 1970 when he was working at Xerox PARC. I think it has served us well because it has allowed novice computer users to approach computers in ways that were familiar to them using old tools: trash cans, file folders, filing cabinets, and pieces of paper. Programs themselves occupied the screen real estate in the same way a piece of paper occupied the space on a desk; programs appeared in windows that could be moved around and could overlap, just as their tree-based counterparts. Although we’ve all worked in offices that had all those things, I’d venture a guess that no one under 40 today has ever worked in an office without a computer. I assert that it’s time to retire the desktop metaphor in modern computing.

Read On →

The purpose of my last post was to explain one reason why, in 2012, virtual reality is more than a pipe dream. It was meant to preempt a reaction of “Well, they’ve been talking about 3D movies and photos for 20 years also, and we have only made modest progress on that front.” As a coworker said when he heard I was excited about virtual reality: “That sounds like the 90s.” If you hype a technology for 20 years and it doesn’t really go anywhere, people become jaded and give up. I’m writing this because I believe there is good reason to have hope. Virtual reality is real, and it is cool. Let me explain why.

This post is meant to get into more detail about the current challenges associated with virtual reality, and the state of the art. Almost everything I’m going to write about is sourced from John Carmack’s 2012 QuakeCon keynote, and the follow-up panel discussion with Michael Abrash (seminal FPS developer with John Carmack, now researching VR at Valve Software) and Palmer Luckey (VR headset enthusiast and founder of Oculus, the makers of the Rift VR headset due for release in 2013). These discussions are the most comprehensive treatment of the current state of VR I’ve seen or read anywhere, and they are extraordinarily timely.

Read On →

Virtual Reality has been a geek dream for decades. If you haven’t been following closely, you might have missed the fact that all the technology needed to make it happen is here, right now. It’s not years off, it is being used right now, and it will be available to consumers in the coming months. To be honest, I haven’t been so excited for a gaming phenomenon since I rode my bike to Babbage’s to pay $6 for a few floppies that had Doom Shareware on them. How did this happen? After years of talk and marketing, we’ve made some modest inroads with 3D movies, and yet, all of a sudden, we have virtual reality. People are building it, and it is affordable.

Welcome to the desert of the real.

Read On →

You may already know that this blog is powered by Octopress (it says so at the bottom), which is a Ruby-powered static site generator. In the course of my travels, I found a wiki written in Ruby as well, courtesy of the folks over at GitHub. The wiki is called Gollum, and it powers GitHub’s project pages.

Gollum is badass.

For one, it accepts a whole slew of markup formats, including Org Mode (via org-ruby), but also the usual suspects, including Markdown, Textile and Creole.

Read On →

In the beginning, there were static web sites: sites that served documents, because that’s what the web was designed to do. Hyper text transfer protcol is document-oriented, as is the hyper text markup language. But the web became increasingly dynamic, with new sites requiring that documents be generated on-the-fly, which necessitated the use of databases. Weblogs came along, which are nothing if not document-oriented, but they tend to use dynamic technologies like databases anyway.

But there has been a trend lately towards blogs that are static. At first blush, a static blog, which is really nothing more than a collection of files in directories, seems inferior in most every way to its dynamic counterpart. {“Why would anyone use a static blog when engines like WordPress are so ubiquitous?”}

Read On →