Sign in to follow this  

C++ code review

This topic is 2590 days old which is more than the 365 day threshold we allow for new replies. Please post a new topic.

If you intended to correct an error in the post then please contact us.

Recommended Posts

Hi. I'd like to hear your thoughts on the code on my website -- www.webEbenezer.net. There are two kinds of software on the site -- hand-written and computer-written. This archive has mostly hand-written code, but the file msg_shepherd.hh is output from the C++ Middleware Writer.

There are two interfaces to the C++ Middleware Writer: a web interface and a command line interface. The command line interface is what I'm focusing on here. The command line interface is part of a three-tier architecture. One tier is the C++ Middleware Writer which is closed source. The other two tiers are open source and are in that archive. The middle tier is called the C++ Middleware Writer Ambassador and the final tier is a command line program currently called "direct", but that name is subject to change. Please be specific as far as suggestions. Thanks a lot.

Brian Wood
Ebenezer Enterprises

Share this post


Link to post
Share on other sites
I can't find where on your website you actually explain what the "C++ Middleware Writer" actually is. Judging by that file "msg_shepherd.hh" it seems to include serialization code generation, but that's about all I can figure out. And I now know the names of three tiers, but not what they're for or what they make up together.

Take a step back. What is this thing you wrote? What is it for? How does one use it? How does it work?

Share this post


Link to post
Share on other sites
Quote:
Original post by Sneftel
I can't find where on your website you actually explain what the "C++ Middleware Writer" actually is. Judging by that file "msg_shepherd.hh" it seems to include serialization code generation, but that's about all I can figure out. And I now know the names of three tiers, but not what they're for or what they make up together.


Since posting some thoughts like that have crossed my mind. Your post helps me get out of a lazy mood and actually do more than just think about it.

Yes, the C++ Middleware Writer writes low-level marshalling/serialization code based on high-level user input. One of the advantages of using the C++ Middleware Writer is that it writes marshalling functions for user defined classes if desired. In competing serialization libraries that job is done by users. If you make changes to class data members, it is on you to be sure you correctly update the associated serialization functions.

As far as the tiers, we used to have two tiers and have over the past seven months added a third. The middle tier, the C++ Middleware Writer Ambassador, holds a connection to the C++ Middleware Writer. The three tier structure has both administrative and performance advantages over the two tier approach we were using. Previously with the two-tier approach, all users needed to have firewall access opened up for them. Now all user requests are funneled through the ambassador and only that process has to have special privileges. In the two-tier approach every request involved establishing a connection with the C++ Middleware Writer and the password had to be sent with each request.

Quote:

Take a step back. What is this thing you wrote? What is it for? How does one use it? How does it work?


It is an on line C++ code generator. It's a binary alternative to SOAP. It is intended to be helpful in developing distributed applications with C++. There are two ways to use it: a web interface and a command line interface. The command line interface is a lot easier to integrate into a build environment than the web interface. Thanks for your comments.

Brian Wood

[Edited by - wood_brian on September 25, 2010 9:26:56 PM]

Share this post


Link to post
Share on other sites
Quote:

It is an on line C++ code generator. It's a binary alternative to SOAP. It is intended to be helpful in developing distributed applications with C++. There are two ways to use it: a web interface and a command line interface. The command line interface is a lot easier to integrate into a build environment than the web interface. Thanks for your comments.

Ok. So I think I finally understand what you are selling. That isn't clear AT ALL from your website. That mostly stems from the fact that your webpage is just a jumble of text with no real formatting.
* A code formatter like seen here on my blog would help to make your code snippets more readable. As would a non-black-and-white color scheme that emphasizes links and headings better to give a good separation of text.

* Specifying exactly what your tool does would be good. While it is somewhere in your page, and you've stated it here in the forums, it isn't obvious from your site. You need to really redo the "flow" of the page to Introduce->Compare->Try so that people can get all the information they need from the front page. Likewise, I could care less about your changelog when I visit the front page.

* Naming and grouping your links better would help the flow. Having "Web interface to ...." as one of the top links doesn't really do me any good, since I don't even know what I'm looking at yet. Secondly, since I don't know what I'm looking at I also don't know what I'm supposed to do on that page. After a proper introduction to the service, chaning the link to a "Try the web interface here..." would be a better introduction to that page.

* "Userguide! Oh god, now I need more files?" - What are these middle files? You don't even mention them when comparing your tool to Boost. The boost code is explicit, in my code, and readable. Your code "automatically" takes care of things, but until I clicked the "web interface" link, I had no idea I even had to write these other "middle files"(or maybe there were hints, but I still didn't know what they were supposed to look like).

* Comparing to boost? Could you supply the WHOLE pipeline somewhere? I know with the boost code all I need is that one file. With yours I see that it generated a file, but you don't supply how it did so (ie your middle file and the process to get that generated file). This is huge since it immediately seems your tool is more complicated, so the benefits need to outweigh that complication.

* Are your "middle files" more readable than the boost code? not sure they are.
* How can I tailor the output/input? The endianess of my files tends to matter when reading them from different platforms. Boost's version is explicitly written in my code, so I can do those transforms there.
* How can I tailor the output/input? Boost has a bunch of serialization methods, like XML, binary, text. Can I somehow do that with your tool?

* Consider changing the name of your tool "Middleware Writer" and "Middleware Writer Ambasador" sound like "buzzwords" to me. Pick something unique, related to serialization, and less wordy. Actually, the "less wordy" part goes for a lot of your descriptions of your tool. Again, people need to first know what it is you are selling?(serilization) How is it different(automatic)? how do you use it?(online) Don't confuse people by throwing all that information at them at once. Enterprise descriptions like "The command line interface is part of a three-tier architecture." read as "blah blah blah" to most people. However technically correct the statements might be. You need to walk people in piece by piece so they are sold before the complexity hits. Remember, your customers are idiots, and they are always right. If something else seems simpler, they are going to go look at that first.

Lastly, since you've posted about this a lot on the forums, I'd go back and look at all those posts. What questions do people have? How important are those answers? The more important the answers and the dumber sounding questions should be answerable on the front page of your site within a moments look at the page. If I have to search for more than 5-10 seconds to find the simple answers that will sell the product, then you just lost a customer.

Share this post


Link to post
Share on other sites
Quote:
Original post by KulSeran

Ok. So I think I finally understand what you are selling. That isn't clear AT ALL from your website. That mostly stems from the fact that your webpage is just a jumble of text with no real formatting.
* A code formatter like seen here on my blog would help to make your code snippets more readable. As would a non-black-and-white color scheme that emphasizes links and headings better to give a good separation of text.

* Specifying exactly what your tool does would be good. While it is somewhere in your page, and you've stated it here in the forums, it isn't obvious from your site. You need to really redo the "flow" of the page to Introduce->Compare->Try so that people can get all the information they need from the front page. Likewise, I could care less about your changelog when I visit the front page.

I expanded on my introduction. It used to say:

We offer free services aimed at helping those who are developing applications with C++.

Now it says:

We offer free services aimed at helping those who are developing applications with C++. Our primary service is the C++ Middleware Writer. It is an on line code generator that writes low-level C++ marshalling code based on high-level user input.

Thanks for your comments. When I get a chance I'll reply to some of your other comments.

Brian Wood

Share this post


Link to post
Share on other sites
I've gotten some helpful feedback here and have made a few changes to the site based on that. The feedback so far has focused on the website and documentation. It's fine if you want to comment on that. Code review comments would also be helpful.

Share this post


Link to post
Share on other sites
I only had a look at a couple of files but I must say I find your usage of curly braces requires some though for me to see the flow, for example in your loop in main that would take me a bit of effort to to see the flow of logic and to me it looks like you have a catch outside of main,

You have a couple of instances of repeating the same code surrounded by macros

#ifdef BIG_ENDIANS
static ReceiveCompressedBuffer<LeastSignificantFirst>* otherlocalbuf =
new ReceiveCompressedBuffer<LeastSignificantFirst>(4096);
#else
static ReceiveCompressedBuffer<MostSignificantFirst>* otherlocalbuf =
new ReceiveCompressedBuffer<MostSignificantFirst>(4096);
#endif



I personally would change this to something like the following

#ifdef BIG_ENDIANS
typedef ReceiveCompressedBuffer<LeastSignificantFirst> ReceiveCompressedBuffer_t;
#else
typedef ReceiveCompressedBuffer<MostSignificantFirst> ReceiveCompressedBuffer_t;
#endif


Your code would then read

static ReceiveCompressedBuffer_t* otherlocalbuf = new ReceiveCompressedBuffer_t(4096);


Regarding this code you use a lot of statics and the repeating magic numbers are somewhat questionable.

Share this post


Link to post
Share on other sites
Quote:
Original post by CmpDev


Thank you for your comments. I tend to agree with what you suggested regarding the typedef, but am still thinking about it. The following function is from the same file. I believe in some circles the return statement in the body of the loop would be frowned upon.


int32_t
getConnected(cmwa_config_data& cmwadata)
{
int32_t sockfd;
if ((sockfd = socket(AF_INET, SOCK_STREAM, 0)) < 0) {
throw failure("socket() failed. errno is ") << errno;
}

// Some platforms don't support getaddrinfo yet, but
// all seem to support gethostbyname still.
sockaddr_in ambaddr;
ambaddr.sin_family = AF_INET;
if (cmwadata.localhost_) {
ambaddr.sin_addr.s_addr = inet_addr( "127.0.0.1" );
} else {
struct hostent* hostEnt;
if ((hostEnt = gethostbyname("www.webEbenezer.net")) == NULL) {
throw failure("gethostbyname() failed. errno is ") << errno;
}
ambaddr.sin_addr = *(struct in_addr *)hostEnt->h_addr_list[0];
}


for (;;) {
int const basePort = 56789;
for (int j = 0; j <= 19; ++j) {
ambaddr.sin_port = htons(basePort + j % 10);
if (connect(sockfd, (struct sockaddr*) &ambaddr, sizeof(ambaddr)) == 0) {
return sockfd;
}
// 111 is connection refused and 113 is no route to host.
printf("connect() failed on port %d. errno is %d\n", basePort + j % 10, errno);
}
sleep(cmwadata.sleepseconds_);
}
}

Share this post


Link to post
Share on other sites

Here's an include file in the archive I mentioned. It is fairly simple.
It has two types that are marshalled between the three processes involved.


#ifndef account_info_hh
#define account_info_hh

#include <stdint.h>
#include <include/loki/flex/flex_string.h>
#include <lil_string.hh>

class Counter;
class SendCompressedBuffer;
template <typename R>
class ReceiveCompressedBuffer;

struct account_info {
uint32_t accountnumber_;
lil_string password_;

account_info()
{}
template <typename R>
explicit account_info(ReceiveCompressedBuffer<R>* buf);

void CalculateMarshallingSize(Counter& cntr) const;
void SendMemberData(SendCompressedBuffer* buf) const;
void SendTypeNum(SendCompressedBuffer* buf) const;
void
Send(SendCompressedBuffer* buf, bool = false) const
{
SendMemberData(buf);
}
};

struct user_info
{
uint32_t accountNbr_;
flex_string<char> directory_;
flex_string<char> filename_;

user_info()
{}
template <typename R>
explicit user_info(ReceiveCompressedBuffer<R>* buf);

void CalculateMarshallingSize(Counter& cntr) const;
void SendMemberData(SendCompressedBuffer* buf) const;
void SendTypeNum(SendCompressedBuffer* buf) const;
void
Send(SendCompressedBuffer* buf, bool = false) const
{
SendMemberData(buf);
}
};

#endif

Share this post


Link to post
Share on other sites
Here's another include file from the archive.


#ifndef ErrorWordsShepherd
#define ErrorWordsShepherd

#include <exception>
#include <include/loki/flex/flex_string.h>
#include <sstream>

class failure : public std::exception {
flex_string<char> what_;

public:
explicit failure(flex_string<char> const what_arg) : what_(what_arg)
{}

~failure() throw()
{}

char const* what() const throw()
{ return what_.c_str(); }

template <typename T>
failure& operator<<(T val) {
std::stringstream ss;
ss << val;
what_.append(ss.str().c_str());
return *this;
}
};

class eof : public std::exception {
flex_string<char> what_;

public:
explicit eof(flex_string<char> const what_arg) : what_(what_arg)
{}

~eof() throw()
{}

char const* what() const throw()
{ return what_.c_str(); }
};

Share this post


Link to post
Share on other sites
Another header file.


#ifndef Counter_hh
#define Counter_hh

#include <stdint.h>
#include <ErrorWordsShepherd.hh>

struct Counter
{
uint32_t value_;
uint32_t max_;

Counter(uint32_t max) : value_(0), max_(max)
{}


void
Add(uint32_t arg)
{
if (arg > max_ - value_) {
throw failure("Counter::Add -- data exceeds max size");
}
value_ += arg;
}


void
MultiplyAndAdd(uint32_t one, uint32_t two)
{
unsigned long long op1 = one;
unsigned long long op2 = two;
unsigned long long prod = op1 * op2;
if (prod > max_) {
throw failure("Counter::MultiplyAndAdd");
}
Add(prod);
}
};

#endif


Share this post


Link to post
Share on other sites

Next file



#ifndef Formatting_hh
#define Formatting_hh

#include <stdint.h>

class SameFormat
{
public:
template <template<typename> class B, typename U>
void Read(B<SameFormat>& buf, U& data);

template <template<typename> class B, typename U>
void ReadBlock(B<SameFormat>& buf, U* data, unsigned int elements);
};


class LeastSignificantFirst
{
public:
template <template<typename> class B>
void Read(B<LeastSignificantFirst>& buf, uint16_t&);

template <template<typename> class B>
void Read(B<LeastSignificantFirst>& buf, uint32_t&);

template <template<typename> class B>
void Read(B<LeastSignificantFirst>& buf, uint64_t&);

template <template<typename> class B>
void Read(B<LeastSignificantFirst>& buf, float&);

template <template<typename> class B>
void Read(B<LeastSignificantFirst>& buf, double&);

template <typename Integer>
void Reverse(Integer& value);

template <template<typename> class B, typename U>
void ReadBlock(B<LeastSignificantFirst>& buf,
U* data, unsigned int elements);

template <template<typename> class B>
void ReadBlock(B<LeastSignificantFirst>& buf,
uint8_t* data, unsigned int elements);

template <template<typename> class B>
void ReadBlock(B<LeastSignificantFirst>& buf,
int8_t* data, unsigned int elements);
};


class MostSignificantFirst
{
public:
template <template<typename> class B>
void Read(B<MostSignificantFirst>& buf, uint16_t&);

template <template<typename> class B>
void Read(B<MostSignificantFirst>& buf, uint32_t&);

template <template<typename> class B>
void Read(B<MostSignificantFirst>& buf, uint64_t&);

template <template<typename> class B>
void Read(B<MostSignificantFirst>& buf, float&);

template <template<typename> class B>
void Read(B<MostSignificantFirst>& buf, double&);

template <template<typename> class B, typename U>
void ReadBlock(B<MostSignificantFirst>& buf,
U* data, unsigned int elements);

template <template<typename> class B>
void ReadBlock(B<MostSignificantFirst>& buf,
uint8_t* data, unsigned int elements);

template <template<typename> class B>
void ReadBlock(B<MostSignificantFirst>& buf,
int8_t* data, unsigned int elements);
};

uint8_t const least_significant_first = 0;
uint8_t const most_significant_first = 1;

#include <Formatting.cc>
#endif




Share this post


Link to post
Share on other sites
Forums are far from ideal for code dumps. Consider one of the many project hosting websites that let people browse code that's properly organized and syntax highlighted. The For Beginners forum has a relevant sticky: Source Control and Project Hosting Services Thread. I'd recommend using one of them instead of your 'files changed' account based stuff as well.

Also: Seriously? Your command line stuff has to talk back to your servers? For a simple serialization library? Talk about low bus factor. Many people are also quite rightfully paranoid about preventing source code leaks: do you at least use encryption? I see from your news you added encryption to the web interface, but chrome quite rightfully throws a fit because your certificate isn't even signed when I visit https://webebenezer.net/cgi-bin/samb.cgi.

And what kind of license terms is this under? Do I even get a license? Or am I SOL if you suddenly decide you don't want me using your library anymore? Besides the obvious of being forced back to hand editing unfamiliar serialization code.

Share this post


Link to post
Share on other sites
Quote:
Original post by MaulingMonkey
Forums are far from ideal for code dumps. Consider one of the many project hosting websites that let people browse code that's properly organized and syntax highlighted. The For Beginners forum has a relevant sticky: Source Control and Project Hosting Services Thread. I'd recommend using one of them instead of your 'files changed' account based stuff as well.

Also: Seriously? Your command line stuff has to talk back to your servers?

Yes.

Quote:

For a simple serialization library?

One thing the C++ Middleware Writer does that other libraries don't is automate the creation of marshalling functions. Maybe you've heard the advertising about how you can only get southwest fares at southwest.com. It's the same thing here.

Quote:

Talk about low bus factor. Many people are also quite rightfully paranoid about preventing source code leaks: do you at least use encryption?

There's no encryption on the command line interface yet. I expect to add that, but must first determine what encryption library to marry. I've put some work into that, but haven't come to a satisfactory conclusion yet.

Quote:

I see from your news you added encryption to the web interface, but chrome quite rightfully throws a fit because your certificate isn't even signed when I visit https://webebenezer.net/cgi-bin/samb.cgi.

And what kind of license terms is this under? Do I even get a license?


There's no license currently. I like not having that comment section at the beginning of each file, but I'm not adverse to using a license if that is needed. I'm not wanting to copyright the code, but am not sure if all licenses do that.


Thanks for kicking the tires here; your comments are helpful. I'd like to get more code and/or documentation related comments in this thread.


Brian Wood

Share this post


Link to post
Share on other sites
Quote:
Original post by wood_brian
One thing the C++ Middleware Writer does that other libraries don't is automate the creation of marshalling functions. Maybe you've heard the advertising about how you can only get southwest fares at southwest.com. It's the same thing here.


Marshalling is basically serialization for transmission (usually RPC calls) though. You still haven't addressed the main point: Why do I have to talk to your servers at all to accomplish this? Looking at what your code does, there is no reason whatsoever to be talking with a server you control in order to generate code. It could be accomplished with an offline tool. Certainly, in certain orgs (such as the one that I'm at) this is a deal-breaker in-and-of-itself.

Edit:

In addition to Sneftel's excellent example (application builds suddenly breaking when you make server-side changes)..

1) Versioning. If you change the generation logic then the app-side signature may change too. Having server-side generation means I can't version the generating logic with the app.

2) Privacy. Giving any sort of code or signature to a third-party requires, at the very least, security review, and most likely legal sign-off, and they probably wouldn't OK it anyway. Trade secrets can be leaked even by things as inconspicuous as a serialization contract.

3) Usability. Having to maintain a lifeline to your server limits how I can use your tool. Can I make a connection through my corporate firewall? What if we're having network problems?

Adding encryption isn't really going to help the basic issues. I'm also going to echo the "just plain weird" sentiment. Having this as a service rather than a redistributable tool or source makes me wonder why you'd choose that distribution model. Are you going to swap to a for-pay model under my nose, after I've made the investment of writing my code using your generator? Might as well use one of the other serialization tools out there and dodge the issue.

[Edited by - Rycross on October 25, 2010 2:38:00 PM]

Share this post


Link to post
Share on other sites
Requiring communication with your server is utterly anathema to professional development practices. Beyond the fact that they don't want to send you their code, any build engineer worth his salt won't want to be at the mercy of problems with your server, or unexpected breaking changes to the interface, or if you suddenly decide you want to move to a for-pay model, etc., etc. And even if they didn't care about those things, they STILL wouldn't use it, because the practice is Just Plain Weird. Like, "suspicious" weird. There's no reason for a code generator to be a remote application, so people won't use a code generator which is a remote application when there are code generators which are not remote applications available. Or, at least, I very much doubt they will. Of course, you know how well your stuff has done, so you can judge whether I'm right or not.

Share this post


Link to post
Share on other sites
Quote:
Original post by Sneftel
Requiring communication with your server is utterly anathema to professional development practices. Beyond the fact that they don't want to send you their code, any build engineer worth his salt won't want to be at the mercy of problems with your server, or unexpected breaking changes to the interface, or if you suddenly decide you want to move to a for-pay model, etc., etc.


This boils down to protecting the source code while continuing to develop it. The service is free in the meantime on line and we're free to license copies of the software to those interested in having their own copy. Do you think the well-known search engines are headed toward a for-pay model? I don't and don't plan to move to that in the future either. I'm not G-d though, so I'm not saying it will never happen either. If I end up there it will be reluctantly. Our business model is like the garage sale model except even better. Rather than deep discounts we make it free. Lots of stores are going out of business, but garage sales are popular these days. We currently have just one server, but if things go well, we'll add to that and add other locations to deal with the apprehensions of build engineers.

Quote:

And even if they didn't care about those things, they STILL wouldn't use it, because the practice is Just Plain Weird. Like, "suspicious" weird. There's no reason for a code generator to be a remote application,


There are a lot of reasons to make it a remote application. We manage the builds so you don't have to. The amount of code needed to be downloaded in our set up is orders of magnitude less than that of competing approaches. We're able to tell what functionality is being used and what isn't... what should be in the next release. We keep control over the source code so thieves across the globe aren't able to build their own sites with our software as the basis. There are a lot of sites out there that don't have a lot of depth and are fairly susceptible to shameless souls wanting to clone them. Some sites face hundreds of clone sites, trying to outdo them. Often the clone sites steal as much as they can from the original, including web designs.

Quote:

so people won't use a code generator which is a remote application when there are code generators which are not remote applications available. Or, at least, I very much doubt they will. Of course, you know how well your stuff has done, so you can judge whether I'm right or not.


Well, what other code generators are there that automate the creation of marshalling functions? We have unique support for a growing number of things that I don't think other code generators or compilers will have any time soon.

As far as putting code out there goes, in my opinion less than 15% of a product/project's classes need to be exposed. If that is unacceptable you have a couple options: buy a copy of the software or stick with the free option and invest in some some sed-like programs/scripts to conceal more of your secrets. The work on encryption will only help make people more comfortable putting their code out there.


Brian Wood

Share this post


Link to post
Share on other sites
Quote:
Original post by Rycross

3) Usability. Having to maintain a lifeline to your server limits how I can use your tool. Can I make a connection through my corporate firewall? What if we're having network problems?


Previously we had a two-tier model that posed problems related to your questions. Now it is a three-tier model:

C++ Middleware Writer (server)
|
C++ Middleware Writer Ambassador (server)
|
command line client that runs and exits.

Now firewall configuration is isolated to the machine hosting the C++ Middleware Writer Ambassador. With the two-tier model we had the problem for every client.


Adding encryption isn't really going to help the basic issues. I'm also going to echo the "just plain weird" sentiment. Having this as a service rather than a redistributable tool or source makes me wonder why you'd choose that distribution model. Are you going to swap to a for-pay model under my nose, after I've made the investment of writing my code using your generator? Might as well use one of the other serialization tools out there and dodge the issue.[/quote]

No matter how you pay for it -- page views or cash -- it's built as a service. I chose the model to support myself primarily. I don't plan to change to for-pay model, but I'm not G-d so I can't reliably predict what the future holds. Recently we hadn't had more than trace amounts of rain here in almost 4 weeks. I was watching the forecast closely and when they predicted rain one day and no rain came I was a little ticked. Thankfully it came the next day. Anyway, I don't have anticipate switching to a pay service. That wouldn't be much fun to implement. I like not needing to work on anything like that. So I can say that much: I have no for-pay infrastructure in place or planned.

Brian Wood

Share this post


Link to post
Share on other sites
Quote:

The work on encryption will only help make people more comfortable putting their code out there.

...
There's no license currently. I like not having that comment section at the beginning of each file, but I'm not adverse to using a license if that is needed.

It isn't about comfort. Its all about legality. I can't legally use your service without you signing a NDA that explicitly states what your tool does with our code, how you protect it, and how long you hold onto it. Its a complete deal breaker compared to other serialization methods.

No license is also a liability. A company needs to know exactly how they can and can't use the software. How liable you are for damages? Who owns the changes to your code base that are made by said company?

Quote:

I'm not wanting to copyright the code, but am not sure if all licenses do that.

IANAL. But, your thinking about this too late. It's already implicitly copyrighted. You have to explicitly place your code under a license or public domain.

Quote:

Well, what other code generators are there that automate the creation of marshalling functions? We have unique support for a growing number of things that I don't think other code generators or compilers will have any time soon.

You keep saying it "automatically generates marshalling functions". You keep leaving out that I still have to manually make those definition files for your tool. It's quite a bit faster for me to just write it all inline with boost::serialization. Sure, it is X lines more code, but I don't have a separate file to maintain. And that is huge. A 4Gb video game that ships with 4000+ files on the final disk came from 25Gb+ and 10,000+ files of source material. Adding another couple hundred or so files to match up with the serializable objects just adds complexity to an already bloated system.

Quote:

Now firewall configuration is isolated to the machine hosting the C++ Middleware Writer Ambassador. With the two-tier model we had the problem for every client.

Now my build machine (something that needs to be a secure and controlled enviornment) has one more potential security hole. Maybe due to your software, or just due to the fact that I now have one more open port on the machine to the outside world.

Quote:

We manage the builds so you don't have to.

But, as stated in above posts, that's an issue. Any outage in your service means 60+ people might not be able to work at full capacity due to a failed overnight build. Also, overnight builds can take hours even for incremental builds. Full clean builds can take most the day. Anything that slows this down, even just waiting on your servers and the internet, means one more thing to bring the build times up. This is really bad.

edit:
Quote:

Origional Post by Rycross
1) Versioning. If you change the generation logic then the app-side signature may change too. Having server-side generation means I can't version the generating logic with the app.

I want to REALLY REALLY stress this one. We tag builds, make disks, and move on. But, if the testers get back to us that disk 23561 had X bug, we need to take that branch and possibly roll-back and rebuild a local copy of that disk to check the bug out. It is also not unheard of for a really old disk (ie E3 Demo) being rebrandished by the publisher as a release marketing demo. So, a several month old branch may need to be burnt to disk. If you can't roll EVERYTHING back that point and build, then your SOL. You have to start the testing cycle on that disk all over again to make sure there aren't any bugs introduced by tool changes. Maybe that means you have to waste a tonne of time merge changes into that disk to make it match the tools. Maybe that means there are more bugs, and more code has to get merged in. Thats a lot of time wasted.

Suppose we used your tool. You need to keep all versions of your sever running, in case I have to roll back all my files by 6, 12, maybe 18 months to build something. With a local tool, it'd be in the "external tools" branch, and I'd get rolled back alongside everything else and I'd be good to go. With your tool, I have to hope your server is still running those old copies.

[Edited by - KulSeran on October 26, 2010 3:17:39 AM]

Share this post


Link to post
Share on other sites
Quote:
Original post by wood_brian
I don't plan to change to for-pay model, but I'm not G-d so I can't reliably predict what the future holds.
If you're not willing -- or even able -- to reliably predict the state of your service in the long term, then why should someone trust their project to it? Think about it this way: Would you undertake a major, commercial software development project in a language where there was a small chance that the compiler for that language would suddenly become permanently unusable at some unknown time? Especially if there was no other compiler for that particular language?

Share this post


Link to post
Share on other sites
Quote:
Original post by wood_brian
One thing the C++ Middleware Writer does that other libraries don't is automate the creation of marshalling functions.

Err, how does the earlier mentioned protocol buffers's protoc tool not qualify? It's multilingual, too. Sure, it doesn't try to parse the byzantine mess that is C++, instead choosing to use .proto files — but most would probably consider this a good thing:
  • You can refactor your code without fearing you'll break the binary format
  • The tool itself is much less likely to hiccup over syntax oddities be they standard or nonstandard, since the definition language is simpler

Quote:
There's no encryption on the command line interface yet.

Ouch.

Share this post


Link to post
Share on other sites
Quote:
Original post by MaulingMonkey
Quote:
There's no encryption on the command line interface yet.

Ouch.


Eh, I kinda disagree with this sentiment. It doesn't matter whether he encrypts transfer between the client and the server. I mean, interception is a concern, but the real problem is that his server can see the code at all. In other words, encryption doesn't resolve the root problem, so I'm rather ambivalent about its current absence.

A for-pay local-only client solves many of the problems, but at the same time its hard to decide whether writing a definition file and generating the marshalling functions instead of just writing the marshalling functions is going to be worth the cash. But Brian knows his market better than I.

If you could also generate cross-language serialization code with those files... That would be pretty useful in an org that utilizes a variety of languages.

Edit: wood_brian, I really hope that I'm not giving the impression that I'm attacking you or your code. I'm trying to give an honest opinion from the point of view of an employee making technology decisions.


Edit2: wood_brian: I'm wondering about the decision to make a separate SendCompressedBuffer and ReceivedCompressedBuffer. My first instinct would be to just make a single CompressedBuffer, but then I though that there may be useful distinctions to make between data you're sending and receiving. I'm interested to hear the design decisions behind that.

Share this post


Link to post
Share on other sites
Quote:
Original post by Sneftel
Quote:
Original post by wood_brian
I don't plan to change to for-pay model, but I'm not G-d so I can't reliably predict what the future holds.
If you're not willing -- or even able -- to reliably predict the state of your service in the long term, then why should someone trust their project to it? Think about it this way: Would you undertake a major, commercial software development project in a language where there was a small chance that the compiler for that language would suddenly become permanently unusable at some unknown time? Especially if there was no other compiler for that particular language?


Some of these issues aren't new to me. I know the lifetime of distributed applications is often more than 10 years and have known that for a long time. It is a little bit of the chicken or the egg question. While this remains a company of one full-time employee, questions like those you raise are somewhat valid. I can point to a stable track record -- the service has been available now for close to 8 years. The short-term future doesn't hold any obvious problems -- my health is fine -- got a flu shot yesterday. My perspective about predictions includes this:

Come now, you who say, “Today or tomorrow we will go to such and such a city, spend a year there, buy and sell, and make a profit”; whereas you do not know what will happen tomorrow. For what is your life? It is even a vapor that appears for a little time and then vanishes away. Instead you ought to say, “If the L-rd wills, we shall live and do this or that.” James 4:13-15

I enjoy working on this and hope to continue working on it. I admit that potential users have to face some of the issues you raise given the small size of the company. In the US we're coming up to Thanksgiving. The Pilgrims, in search of freedom, decided to leave their familiar countries behind and risked their lives getting to the homes the Indians had prepared for them. Ha. They risked their lives getting to a place where once they got there they would have to build homes from scratch. I fancy myself to be kind of an on line pilgrim in search of my fellow pilgrims. We're going to be on the boat (Have you seen those boats they took? The boats weren't anything like what you would want to go across the Atlantic in.) together for a long time. Getting this far hasn't been easy and I don't expect that to suddenly change. It is, though, what makes sense to me. Also the pilgrims weren't a wealthy bunch. Once they got here they didn't hire people to build them houses. Likewise, I know my fellow pilgrims aren't likely to be wealthy. The pricing (free) is basically what they can afford. Sigh.

Share this post


Link to post
Share on other sites

This topic is 2590 days old which is more than the 365 day threshold we allow for new replies. Please post a new topic.

If you intended to correct an error in the post then please contact us.

Guest
This topic is now closed to further replies.
Sign in to follow this