As a child I saw books all around the house. I remember seeing them in my dad’s office, in our living room, family room, and even by my parent’s nightstand.  With books going to digital formats more and more, my children will be less likely to see a book on my shelves as they grow older and will not ask, “What’s this book about” or “Hey dad would any of these be good for me to read.”  All of that is lost if all of my books are stored only in digital format.

As more books are delivered in digital formats will those piles of books disappear and reduce the desired reading of future generations?

Ayende recently posted a an article titled “Where is the bug”.  While reading the comments, I was disappointed by some of the answers to Ayende’s request to find the bug. Here are two of the comments that stood out to me:

• “You could argue the biggest bug is the use of a switch statement as it violates OCP.“
• “The use of a switch statement is a bug in itself.“

What bothers me so greatly is people’s inability to separate design discussion with bugs. A bug is defined on Wikipedia as:

A software bug is the common term used to describe an error, flaw, mistake, failure, or fault in a computer program or system that produces an incorrect or unexpected result, or causes it to behave in unintended ways

The two comments above don’t attempt to solve the bug and instead take an “ivory tower approach” to the problem (more befuddling is that removing the switch in favor of something else would leave the bug in place). This bugs me because we (as an industry) continue to care very little about the output and meeting of customer/business needs and more about code structure and semantics than actually working code.

Let me state for the record, it is perfectly acceptable to talk about code structure and design but please let’s not confuse a bug – an actual error or flaw in code – with poor design.

(I think it’d be humorous for Ayende to post some perfectly fine code and ask “Where’s the bug” and watch people trip over themselves trying to find something wrong)

James Senior posted on his Twitter account:

“oh dear lord no. why intel, why? http://ow.ly/2s2dm reminds me of when Intel got into the hosting business. http://ow.ly/2s2fT”

James is referencing an article posted by the BBC on the recent news of Intel’s takeover of McAfee for 7.68 Billion. While I agree with James on Intel’s foray into hosting – of course hindsight is 20/20 – I disagree with his position on this particular deal and here’s why.

Despite the rapid growth over the last 15 years of PC’s, viruses are still problematic. Despite continual efforts at training the masses, viruses still are far too prevalent. Additionally the methods for exploitation continue to spread and evolve faster than the education can keep up with.  For example, by now, the vast majority – save your grandmother – knows not to open executables sent via email (largely this practice is blocked at the email level anyway).  A smaller, but still growing population have learned to not open attachments from people you don’t know. And yet viruses at times runs rampant.

The virus landscape has largely changed with a more sophisticated modern day virus writer.  He/she is no longer malicious in their intent to infect your computer but instead often plant malware to consume and distribute private information on your computer. Certainly dangerous viruses still exist, but there’s less money in that.

Given that education can’t keep up (or thus far hasn’t proven to be able to keep up) with the changing exploits and security software saturation is still less than 100%, I see the move by Intel as a positive one. Imagine virus protection at the chip level. The virus uses the chip and it’s processing to do it’s damage. If the chip can refuse access to the virus, the virus is rendered ineffective.

In an environment with increasing questions/concerns about security threats, a chip maker who can offer it’s customers virus protection has a significant advantage over it’s competitors.  Additionally, every computer has a CPU and saturation into the market would be swift as computers with this technology would be introduced into the market as people replaced their old PC’s.

In an interesting twist to this story, I could see Microsoft having interest in this particular marriage. Largely portrayed by many as insecure, a chip with protection renders the discussion about OS security potentially moot. Whether Microsoft would admit to it or not, it has skin in this game.

Overall, I think Intel’s choice is a strategic one and might prove be a great one. After over two decades of security software, software hasn’t been the answer. That doesn’t mean software couldn’t be the answer, however history has thus far shown software as a weak solution.  It’s time for a game-changer. This could be the road to that much needed change.

Time will tell…

Now that we’ve entered August, we’re just three short weeks away from St. Louis Day of .NET (taking place August 20-21).  Last year I gave two talks (Rhino Mocks and beginner’s guide to unit testing).  This year I’ve been lucky enough to selected to be speaking again on two topics:

• Building and Creating a High Performance Team - This session will give you strategies to turbo charge your team. It will deal with everything from how to build trust within a team to talking to management to process/methodology. This talk will use real-world examples from my recent experiences with my team at J&P Cycles and will include perspectives from both the development side as well as the managerial side.
• Website Usability 101 - Do you want to create a more intuitive website? Want to make your customers happier? Website Usability is a very hot topic right now. I'll discuss several tools you can use to test your website and resources you can turn to if you're getting started in usability. First we'll define what it is and why you want it and then we'll walk through a series of tools and resources you can use. Attendees will see real-world examples throughout and will leave understanding how easy and quick testing can be.

This conference is one of the best in the Midwest bringing in great speakers and content with a great venue (Ameristar).  This year there are already over 500 people registered for the event with numbers likely to go even higher as the date nears!!  It’s a great chance to learn some new technical content to improve your .NET mastery as well as network with several other .NET professionals in the area.

(My dirty little conference secret: I like session content, St. Louis has some great content, but for me, it’s the discussion that take place outside of and between the sessions.  Breakfast with developers and geek out sessions over a pint of beer. St. Louis Day of .NET provided some of the best conversations of the year last year.)

If you’re planning on going let me know would love to connect in person…also I have two discount codes that I can offer that will get $75 off registration.

Was working on a blog post talking about a problem I’ve found in Git (1.7.0.2) and I thought I would check to see if it’s been fixed in the most recent version.  After downloading and installing I reviewed the release notes where I’m quite shocked to read the following:

“…All hopes to the contrary, Git for Windows is backed by only a handful of developers, in spite of being downloaded almost one hundred thousand times. You can expect developers to be enthusiastic to fix others' issues in such a situation only for so long. In short: Do not expect other people to fix your issues for you.”

Basically, what I get from this is that the msysgit committers are a bunch of whiners. What they fail to see is that the people who would benefit from their VCS may not have the same skillset to work on the code.  This is something we’ve realized long ago with Rhino Mocks. 

Should more people help? Possibly. As someone active in open source technology I don’t know that I can be of much assistance to the Git team – I am someone who benefits greatly from their software (I am quite thankful for it) but don’t have the requisite knowledge in C/C++ to assist in any meaningful fashion.

Just a bit disappointed to see this type of whining in their release notes – certainly there are far better ways to say what they’re trying to say.  Doesn’t represent msysgit or the broader open source community well.

Being new to Git I got thrown off a few weeks ago when cloning a remote repository and immediately seeing changes after the clone completed.  Scratching my head a bit, I reached out on Twitter and James Gregory came to the rescue.

How is it that right after a git clone <url>, git status shows modified files? (http://twitter.com/TimBarcz/status/5920294511)

What James showed me was that there is a setting core.autocrlf on your system which needs to match the remote repository.  If it does not match, when you clone the directory files will be changed.

After experiencing this myself and coming across it again the other day, I thought I’d put a quick video together showing the problem and the fix, since I suspect others will have it at some point as well.

To recap: when cloning a new repository, always perform a “git status” command right after the clone.  If you see modified files, a core.autocrlf mismatch is likely the culprit.  Change your setting, clone again, and you should be good to go.

Last week Jimmy Bogard posted why he believed the dependency injection pattern appearing in the NerdDinner application was flawed.  I want to take the opportunity to say the pattern in NerdDinner really isn't that bad and I want to explain why.  Before I go on I will say that I entirely agree with Jimmy's thoughts on the pattern for my own code and you won't find the anti-pattern Jimmy describes in my code.

So why isn't the pattern that bad? I see Dependency Injection as generally having at least two major benefits:

• Testability
• Flexibility (most often achieved by using an IoC container)

The pattern under scrutiny in NerdDinner accounts for testability, of which I am a firm believer in, but lacks in flexibility.  If I had to rank the two items above, I would rank testability above flexibility.  Testability is a core tenet on which I stand for with the code I write.

Explain Again Why NerdDinner is "Flawed"

To recap here is the code from Jimmy's post:

   1: public class SearchController : Controller {

   2:  

   3: IDinnerRepository dinnerRepository;

   4:  

   5: //

   6: // Dependency Injection enabled constructors

   7:  

   8: public SearchController()

   9:     : this(new DinnerRepository()) {

  10: }

  11:  

  12: public SearchController(IDinnerRepository repository) {

  13:     dinnerRepository = repository;

  14: }

The first constructor, when called, "news up" a new DinnerRepository() and passes it into another constructor on the same object which is generally considered "poor man's dependency injection".  This pattern is considered bad (this an anti-pattern) because some, of which Jimmy is one, believe you shouldn't "new up" new objects this way, choosing instead to allow a container to inject the primal dependency.  The problem I have with this view is that for many applications a container is overkill.  Many applications will only have one concrete implementation of a class, so in many ways this constructor and the object creation could be seen as providing a sensible default to the application, allowing the consumer to create an instance without worry about what else the object needs.

But You Said You Don't Write Your Code that Way?

Absolutely correct, I don't write my code this way.  Why? I already have a container set up in my application and so to not use it would be foolish.  We also have a complex application/domain, sometimes with multiple concrete implementations of an interface.

I used to write code this way using this pattern. Really. I don't feel ashamed to say so. The reason we adopted the dependency injection (DI) pattern in the application where this overloaded constructor "anti-pattern" was used was because DI allows for testability, and as I have previously mentioned, this "anti-pattern" doesn't stand in the way of testing.

I further believe that most developers must make a certain progression on their own.  We can write and share our experiences but in the end every developer out there must some day be convinced in their own time. \They must come to the conclusion on their own, like I did, that using "poor man's injection" will work for many many scenarios but will get ugly fast in others.

What's Really Wrong with "Poor Man's Dependency Injection"?

For simple applications/domain, typically not much (again, my opinion).  For complex domain the issue you will run into is maintainability/flexibility.  If you get to a complex domain and you use the pattern from NerdDinner you will someday have:

   1: public SearchController(new SearchService(new SearchLogService(new Logger()), new SearchRepository(new SessionBuilder()), new SearchResultFormatter(new FormatProvider())))

Ugly for sure.  This is why it's generally considered an "Anti-Pattern".  However for applications where the controller is the service-layer and controllers therefore use repositories, I would not be too concerned with the use of this pattern.

While Jimmy did a great job fixing the application, you first have to believe the application needed fixing.  Which of course, depends on context.  How big/complex is your application/domain?  Jimmy's application/domain is sufficiently complex as is mine, yours may not be.  For NerdDinner I believe the pattern was a suitable choice.

Quite often there is a fear that surrounds open source tools and frameworks.  For most shops the deciding factor against open source software is the apparent "risk" that is associated with a framework/tool that is not attached to any business entity.

In this post I want to share an interaction that occurred this last weekend to show you that the open source ecosystem is alive and very healthy.  And while I won't go so far as to say the "risk" doesn't exist (you have to come to that conclusion on your time when your own fears are allayed) I do hope that this post puts some of those fears to rest.

Saturday morning before I went off to work there was a question posted to the RhinoMocks mailing list (for those who don't know RhinoMocks is an open source mocking framework).  Before the end of the day the problem was resolved to a satisfactory conclusion.  The "solution" (I put in quotes because there appears to be a bug but at least now we know there is a bug...hence "solution").  The result is not as important as the events that transpired to reach that conclusion below is the timeline.

12:22 AM - Kenneth posts the problem he is encountering

6:53 AM - I respond on the mailing list back to Kenneth with my findings and let him know that I will get some experts in DynamicProxy involved

6:56 AM - I enlisted the help of Krzysztof Kozmic on twitter (Krzysztof is a committer on DynamicProxy by Castle as has a great tutorial series on Dynamic Proxy)

8:38 AM - Fellow Devlicious blogger Tuna Toksoz (also a committer on the Castle project) hopped on the case and reported his findings

9:22 AM - Krzysztof responds to Tuna's findings reporting back on the root cause

10:23 AM - Kenneth reported back with feedback of Tuna's fix

Ultimately, as I mentioned earlier the fix was that it was found that RhinoMocks "relies on the buggy behavior, hence the error" (Krzysztof's words).  Again the result here isn't what is important but rather the journey.  Often people fear the support ecosystem around open source software but the exchange above and the players involved should give you some bit of confidence in the support of open source.  It is worth pointing out that all of this happened on a Saturday, something you'd pay a premium for in a closed source model.

Whatever your roll in the software world is, one aspect you have to consider when choosing any solution is risk.  The traditional thought has been that with commercial software the support would be better when backed by a reputable name.  I think the exchange showcased above demonstrates that support for open source software can compete (and potentially surpass) support that any commercial piece of software could offer.  Keep that in mind the next time you are evaluating commercial software versus open source software.