March « 2009 « Keep [C]*(od|do)ing

March 11 th

You exposed too much

Filed under: coding — Liwen @ 11:22 pm

Sometimes, actually most times, people love exposing, either to attract attention or express affection.

Topless

Look how happy they are! This must be enjoyable!

However, one probably should get himself fully covered when it comes to serious business – even it means sacrifice of agility and strength.

Japanese Warrior

This also applies to coding. When one’s code needs to interact with other people’s code or intends to serve as a service, the less exposure, the better. As one of the three pillars of OOP, encapsulation is defined as below:

In computer science, Encapsulation is the hiding of the internal mechanisms and data structures of a software component behind a defined interface, in such a way that users of the component (other pieces of software) only need to know what the component does, and cannot make themselves dependent on the details of how it does it. The purpose is to achieve potential for change: the internal mechanisms of the component can be improved without impact on other components, or the component can be replaced with a different one that supports the same public interface.

Encapsulation also protects the integrity of the component, by preventing users from setting the internal data of the component into an invalid or inconsistent state.

Another benefit of encapsulation is that it reduces system complexity and thus increases robustness, by limiting the interdependencies between software components.

Two weeks ago, I was asked to integrate a third-party online game into our system at work, here is the API I received.

For registration:

http://domain/service/commandHandler.php?Command=doCommand& RequestID=b5e555ec-7788-486e-8426-37d82a97a287&Code=234ab13&Name=XXXXXXXXX& Username= XXXXXXXXX&FirstName=NTVA&LastName=NTVA&Password=XXXXXXXX& Email=XXXXXXXXX&CountryID=2&State=NTVA&PostCode=NTVA&City=NTVA&Address=NTVA& PhoneNumber=NTVA&GenderID=1&DateOfBirth=20081111&IsAffiliate=FalseDiscountCode=& BannerID=XXXXXXXXX&IBAN=&BankAccountOwnerName=&SwiftCode=&BankName=

In the manual, it says only parameters marked as XXXXXXX are mandatory, others are all optional. sounds simple!

So here is what I did:

1. Send request like this: http://domain/service/commandHandler.php?Command=doCommand&RequestID=[Guid]& RequestCode=RandamCode&Name=XXXXXXXXX&Username=XXXXXXXXX& Password=XXXXXXXX&Email=XXXXXXXXX& BannerID=XXXXXXXXX.

Response: Error in FirstName, LastName.... blar blar blar.

2. OK I guess it expects every parameter to be passed in even they are optional. So sent request like the below – I would not say it’s dumb:

http://domain/service/commandHandler.php?Command=doCommand& RequestID=[GUID]&Code=RandomCode&Name=XXXXXXXXX& Username= XXXXXXXXX&FirstName= &LastName=&Password=XXXXXXXX&Email=XXXXXXXXX& CountryID=&State=&PostCode=&City=&Address=&PhoneNumber=&GenderID=1& DateOfBirth=20081111&IsAffiliate=False&DiscountCode=&BannerID=XXXXXXXXX&IBAN=& BankAccountOwnerName=&SwiftCode=&BankName=

Response: Error in FirstName, LastName... blar blar blar. This time all ‘parameter=’ didn’t complain, but all ‘parameter=NTVA’ failed.

3. After 10 more times try, I finally figured out:

The RequestCode need to be exact the same value as printed in the API example although there isn’t a single word of explanation about the mythical code.
All Parameters which have value NTVA in the printed API need to be set to something, if the values are available, you still need to set them to NTVA, NTVA means NULL or empty string.
The countryCode and GenderID must be numbers and again there is not a single sentence about those being mentioned in the manual. Who cares, let’s pass in the countryCode as 1 (I assure there will be at least one country) and GenderID=1
The DateOfBirth, you need to pass in a string in ‘yyyymmdd’ format, let’s pass 19800101 to make sure every user I registered can access whatever porn you are going to show…
Hooray, registration succeeded! But I got no userID?
Let me give those guys a call to check if I did it right. Then I was astounded by what I heard: the RequestID is not suppose to be unique, just as the magical RequestCode, you need to send the same value (exact as printed in the API) every tim. UserID is not returned with registration command because they can’t see why we need it, but all other commands would return userID so you can get it later if you want – So my assumption is that they don’t know how to return an ID for newly inserted row.

After all these steps, my first thought was to send the API to The Daily WTF.

How hard it could be to check whether a parameter is present in a HTTP request? Is it really impossible to determine if the value of the parameter is empty so I need to pass some stupid string like NTVA?

If things have been done down to such a level, I would not expect them to know encapsulation. (Notice all bold emphasised parts have been violated). But then how could you expect me to send user details into your database? Who knows what the data would end up to? Did you notice there are bank details to be expected?

The contact from the API provider is very enthusiastic about the project. Out of courtesy, I didn’t tell him that the API sucks.

From a tech perspective, I wouldn’t had gave it a go anyway, although the integration was cancelled due to other reasons.

Sometimes, actually most times, you need to get yourself well equipped before going out hunting for business. No one would choose vulnerable partner or hire naked soldiers. In a similar vain, skilled coders would not use overly exposed APIs, which will set everyone in trouble.

Show your robustness, not vulnerabilities.

HappyBirthdayChippendales

March 7 th

SHED

Filed under: self-development — Liwen @ 11:06 pm

Organising is not enough anymore, you need to get rid of that stuff – this thought struck me while I was struggling to categorise all my games, books, clothes in a sunny Saturday afternoon. I hoped I could go out and take some pictures, but my room is really cluttered.

Games like Grand Theft Auto IV, Metal Gear Solid IV, Gears of War 2, I thought I could enjoy them a lot if I have some time, which I never had. The impressions on these games I got from teasers and trailers have waned. What are still vivid are the Silent Hill Homecoming covers on the shelves in Game and the big coming soon post of Resident Evil 5. SSomehow I feel obligated to own them since I played every instalment of the series; you see I am still thinking about Chris Redfield’s journey, Niko Bellic’s adventure and Snake’s fate.

Video Game Characters

George Orwell’s 1984 and Coming Up for Air were my favourite books back in high school, I felt that I need to add the paper book into my classic collection even I already have pdf/epub/html versions in my computer. I also have a brand new copy of the Learning the vi and Vim. For a Emacs nut, this is totally crazy! I don’t know why I bought it in the first place, probably because it was a real bargain on Amazon back then?

Emacs vs Vi Cartoon

Every time when I fell guilty of wasting money on games, I buy books to compensate – as investing in education is never being a waste, it will put me on sleep at night.

But at the end of the day, your know the story, neither games been finished nor books been read.

A friend recommended Julie Morgenstern’s book When organizing isn’t enough, shed your stuff, change your life to me. I haven’t read it but I think I got the gist of it in terms of solving my little problem.

Less Stuff, less commitment – More efficiency.

Imagine if I only got one book on my desk, I would pick it up straight away and start reading, no need to wonder in front of a pile of well organised books feeling guilty of not being reading each one of them.

SHED is an acronym used in the book; it stands for separate your life; heave your trash; embrace yourself, and drive for the future.

March 1 st

Early, Often, Thoroughly

Filed under: methodology — Tags: refactoring — Liwen @ 7:25 pm

Along with the growth of my consciousness and experiences in software development, I discovered that there are three words which can be used universally really count: early, often and thoroughly. Here are two examples of using the template:

Refactor early, refactor often, refactor thoroughly.
Test early, test often, test thoroughly.

For 9-5 programmers (The programmers who come to work at 9am, shut down their computers at 5pm and go home with coding-proof bubbles around them.), my points would seem to be over killing. The overwhelming effort needed to practice the principles is enormous, after all, not every coder would like to put these things as his/her epitaph.

For well versed desktop application developers, these three words, early, often and thorough, might not be innovative, as we all have read The Pragmatic programmer and Steve McConnell’s Code Complete. However, from a web developer’s point of view, they are quite interesting.

A typical web application development circle includes requirement, specification (optional), design, coding, testing and delivery. We apply different three word formulas to each stage.

Requirements and Specification

Gather early, gather often, gather thoroughly.

Clients, especially shareholders, usually are non tech savvy type of people, they come to you: ‘We want a website, we want it next month and we like Facebook pop-up bubbles!’. I am so glad you said ‘pop-up bubbles’!

Gathering requirements should be absolutely essential and it is the first deference of disappointment. Some small agencies, including the ones I worked with, tend to pitch their ‘free designs’ in the first meeting, do the hard sells, tell the client nothing could not be done – even if the client want the web to trap real fish.

Instead of trapping clients with free design and ocean deep low price and then rip them off when it comes to tiny changes and maintenance, a well composed contract that is based on enough requirements would be more appropriate. For web applications, personally I don’t think specifications are usually necessary and somehow they produce more disappointment than satisfactions. Reason? it’s not easy to get the specific level right. How specific is specific enough? ‘Membership management’ equals nothing when it comes to design and coding, but ‘The site needs three roles, respectively gusts, registered users and vip users’ will guarantee future changes to be incurred. For a requirements-change-everyday application, you might want to spend more time to gather the right requirements to ensure the solidity of design – both visual and coding.

Design and Coding

Refactor early, refactor often, refactor thoroughly

Not to repeat many great talks (PDF) and discussions on this topic, I will only say one point that I found very interesting yet paradoxical. DRY is the first thing I learned from my C++ class and I believed in it for many years. But for web applications, it becomes quite disadvantageous sometimes: If the page only needs to be alive for three days, code generator and wizard are your best bets. Duplication? don’t worry about that, you would not have a chance to modify them before they die out from Google.

Testing and Delivery

Test early, test often, test thoroughly.

User involve early, user involve often, user involve thoroughly.

Test is a big topic and will not be discussed here.

User involving might be a pleasant way to work with, it is definitely the most efficient way of avoiding disappointment and disagreement. Let the end users involve from the beginning to the end. Give them a prototype of interface to play with, ask for feedback after each stage/component. There is a thing called one-mind, but you and your client don’t usually have it. Sometimes user doesn’t know how much effect would be involved for a small change of his mind; sometimes a big change the client is afraid of telling you may only requires one line code change. Communicating with user can synchronize user’s expectation and developers’ decision, reducing the unhappiness caused by the parts which developers put a huge amount of effort in but lives out of user’s expectations and prevent client changing mind like a kid – which is far more efficient than specification and user would appreciate it.