Profile picture
, 9 tweets, 2 min read
My Authors
Read all threads
So here is a right, but wrong, attitude among programmers.

It's right in stressing the importance of testing. Historically, testing has been deficient when programming, especially open-source projects.
One of the side effects of the Rise of GitHub is improved testing. Among the things you get with GitHub has your source code repository is the ease of integrated tests and "continuous integration".
I'd like somebody to do a study of it, but it seems to me that open-source projects are more likely to have automated tests now, and those with automated tests have better code coverage.
Testing dramatically improves reliability and gets rid of bugs. It's really important. However, the above tweet is wrong: the sorts of flaws hackers find are ones that don't get taught by tests. You can have 100% code coverage and still have major flaws.
Buffer-overflows are things that would never happen by accident. Take the Blaster worm bug, for example. It happened when a component received a machine name longer than 16 characters. No testing would find the bug because no part of the code could generate longer names.
The flaw was that an internal interface between two components was made external, and an external hacker could create input that no existing code could generate, either by hand or the hacker writing a lot of code themselves.
I don't think fuzzing would've found the Blaster bug, either. MS-RPC packets are quite complex, with multiple length fields needing to change in unison. Randomly flipping bits would cause hostile packets to be rejected before the bug could be triggered.
The recent Exim bug is similar. The error is between components delivering a hostname that comes buried deeply within SSL packets. Exim already has thorough test suites, lack of testing is not the source of this flaw.
Testing improves reliability in the face of accidental failures, but not intentional failures. It's like your car, designed to be robust against accidental failures, but is powerless against somebody knifing your tires or cutting your brake lines.
Missing some Tweet in this thread? You can try to force a refresh.

Enjoying this thread?

Keep Current with Pumpkin' Spice Rob 🎃

Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

Twitter may remove this content at anytime, convert it as a PDF, save and print for later use!

Try unrolling a thread yourself!

how to unroll video

1) Follow Thread Reader App on Twitter so you can easily mention us!

2) Go to a Twitter thread (series of Tweets by the same owner) and mention us with a keyword "unroll" @threadreaderapp unroll

You can practice here first or read more on our help page!

More from @ErrataRob see all

Profile picture
Pumpkin' Spice Rob 🎃
@ErrataRob
This NYTimes piece is garbage, a typical "think of the children" appeal to get you outraged rather than a serious discussion of the problem. It doesn't actually describe the scope of the problem, nor does it appreciate the difficulties in addressing the problem.
You can tell a story is garbage when it seeks to make you outraged over "baffling" injustices, rather than seeking to explain why. There are good reasons for Google's position, which the story seeks to hide from you rather than explain to you.
I don't know all of Google's reasons. I do know that it's impossible to write reliable algorithms to do this automatically, and that it's impossible to recruit/retain a workforce to do it manually.
Read 8 tweets
Profile picture
Pumpkin' Spice Rob 🎃
@ErrataRob
I just had a big, satisfying fart.

I mention this because googling on the web tells me that human farts are a much larger source of methane than these inhalers that are supposedly "choking the planet".
Notice how this article isn't news. It doesn't inform, putting things in perspective, but deliberately hides information, to foment outrage against asthmatics. How big a problem is this compared to the rest of carbon emissions? like human farts?
Globally, ~35 billion metric tons of carbon dioxide are emitted annually by mankind. This "635,000" metric tons sounds like a large number, but compared to all the other methane and carbon emissions, it's not measurable.
Read 5 tweets
Profile picture
Pumpkin' Spice Rob 🎃
@ErrataRob
Just to remind everyone, the Boeing 737 MAX problem was not a software problem. You can blame people's obsession with global warming more than you can blame software.
The feature of the 737 MAX's design is greater fuel efficiency. This meant using a larger engine ("larger" meaning physical size, not power). The larger engine wouldn't fit under the wing, so they had to mount it forward of the wing.
At this point, you now had a fulcrum bug: moving the engine up and forward meant the engine would cause the plane to pitch upward. This could cause the plane to "stall". A stall is very bad and would cause many crashes.
Read 9 tweets

Related threads

Profile picture
Anonymous 🐝
@YourAnonCentral
A world without a financial system by Heather Marsh georgiebc.wordpress.com/2013/02/13/a-w…
An overriding concern of many people participating in protests since 2010 has been the financial system. /1
From the September 17, 2011 protests against financial institutions and the symbolism of Occupy Wall Street to the widespread discussion of alternative currencies, money received more air time than even human rights and war. /2
Read 83 tweets
Profile picture
Practicing Developer
@practicingdev
Here are a dozen ways that a senior software developer can be highly effective without training other developers or moving into management.

(Thread)
1. Build internal tools that help pretty much anyone in their company be more effective at their job.
2. Work on spikes and prototypes whenever a new big project is coming up to identify risks and/or opportunities.
Read 13 tweets
Profile picture
Vlad Faust
@vladfaust
Programming life recap thread goes below
In school, it was Pascal. Not great, not terrible. I enjoyed playing star wars march on the beeper and to draw matrix-like symbols on the screen
In 2011, I started working on a number of Warcraft 3 maps. First it was triggers (visual programming), then vJass (some kind of Javascript) and cJass afterwards, which resembled C-like languages. My maps: xgm.guru/p/wc3/headhunt… and xgm.guru/p/ufs
Read 18 tweets
Profile picture
Hillel is speaking @ GOTO
@hillelogram
Several people asked me about this: what's the rigorous research that code review helps?

Most of our data comes from case studies: where we follow a single group and see how code review affected their existing system. These studies are incredibly useful for real world data.
One of our best sources here is the Smartbear analysis of their clients: smartbear.com/SmartBear/medi… They estimate that code review, done right, catches 70-90% of bugs. They also found in at least one case, code review cost half as much as letting bugs reach production.
The Smartbear stuff also found that many bugs would not have been caught by regular QA and testing, and also here that self-analysis also helps a ton: ibm.com/developerworks…

While very positive, Smartbear shouldn't be our only source, as they're selling a product.
Read 9 tweets
Profile picture
Cory House 🏠
@housecor
Here's my 7 step approach for creating conference talks. Perhaps this will work for you.

Thread.
Step 1: Consume incessantly. Official docs, open source projects, blog posts, videos, and books. Read lots of code. While doing so, slap unformatted, sloppy ideas in slides. Don't worry about wording or order. Just capture ideas. Focus on the why. That's what conf talks do best.
Step 2: Arrange slides by topic. I typically use sections in Powerpoint. Keep dragging until a logical order is found. Create bold title slides for each section so people recognize the transition.
Read 8 tweets

Trending hashtags

#decentralization #GraphQLDocumentary #FaaS #libraries #containers #remote #BH2019 #OpenSource #OpenAccess #EOSIO #IoT #access #GameA #EdgeComputing #GLAM #Facebook #openness #Sovereignty #XRP #EdgeAnalytics #NSSpain2018 #protocols #DataScientists #Serverless #SerenataDeAmor
Follow Us on Twitter!

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just three indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!