• Announcements

    • khawk

      Download the Game Design and Indie Game Marketing Freebook   07/19/17

      GameDev.net and CRC Press have teamed up to bring a free ebook of content curated from top titles published by CRC Press. The freebook, Practices of Game Design & Indie Game Marketing, includes chapters from The Art of Game Design: A Book of Lenses, A Practical Guide to Indie Game Marketing, and An Architectural Approach to Level Design. The GameDev.net FreeBook is relevant to game designers, developers, and those interested in learning more about the challenges in game development. We know game development can be a tough discipline and business, so we picked several chapters from CRC Press titles that we thought would be of interest to you, the GameDev.net audience, in your journey to design, develop, and market your next game. The free ebook is available through CRC Press by clicking here. The Curated Books The Art of Game Design: A Book of Lenses, Second Edition, by Jesse Schell Presents 100+ sets of questions, or different lenses, for viewing a game’s design, encompassing diverse fields such as psychology, architecture, music, film, software engineering, theme park design, mathematics, anthropology, and more. Written by one of the world's top game designers, this book describes the deepest and most fundamental principles of game design, demonstrating how tactics used in board, card, and athletic games also work in video games. It provides practical instruction on creating world-class games that will be played again and again. View it here. A Practical Guide to Indie Game Marketing, by Joel Dreskin Marketing is an essential but too frequently overlooked or minimized component of the release plan for indie games. A Practical Guide to Indie Game Marketing provides you with the tools needed to build visibility and sell your indie games. With special focus on those developers with small budgets and limited staff and resources, this book is packed with tangible recommendations and techniques that you can put to use immediately. As a seasoned professional of the indie game arena, author Joel Dreskin gives you insight into practical, real-world experiences of marketing numerous successful games and also provides stories of the failures. View it here. An Architectural Approach to Level Design This is one of the first books to integrate architectural and spatial design theory with the field of level design. The book presents architectural techniques and theories for level designers to use in their own work. It connects architecture and level design in different ways that address the practical elements of how designers construct space and the experiential elements of how and why humans interact with this space. Throughout the text, readers learn skills for spatial layout, evoking emotion through gamespaces, and creating better levels through architectural theory. View it here. Learn more and download the ebook by clicking here. Did you know? GameDev.net and CRC Press also recently teamed up to bring GDNet+ Members up to a 20% discount on all CRC Press books. Learn more about this and other benefits here.
Sign in to follow this  
Followers 0
JustChris

I've been "cowboy coding" on the job most of the time. How do I get away from it?

30 posts in this topic

[quote name='phantom' timestamp='1318451219' post='4871967']
[quote]
But there was a problem -[b] I had decided[/b] that the user should be able to add any kind of data in the description of each to-do item. On my pages this was fine, but on the pages of the other two programmers, who were putting data right out of the DB and onto the page without htmlspecialchars() escaping, there were several script injection faults. The reason for this was the combination of two oversights; [b]I had not considered the implications of allowing users to enter any data, because *my* pages were OK with this data[/b]; I had gone off and asked somebody more experienced how to support this safely. [b]The other two guys had not considered the implications of dumping data right out of the database, because their input data did not allow html special chars.
[/b]
The solution, which I have now learned to provide in future, is to provide a data access method along the lines of getPageSafeData() which performs all the page safe escaping for you. This way,[b] next time I work with noobs, I can be sure my data isnt going to inject nasty things into their pages.
[/b][/quote]

Honestly, reading this, you are [b]all[/b] "noobs".
"I decided"... "they decided"... congrats you all failed Communication Skills 101.

There should have been no 'I' or 'they' in that, there should have been 'we' and you all should have decided on the right way to do things.

But don't worry, I've worked with people like you, deciding the 'right' way to do things without letting others who might need to know know... in fact I ran into that problem last week where, having communicated quite clearly with group leads over a couple of weeks that I was working on and changing file formats I came in one morning to discover one group had decided to change a file format without bothing to inform me.

So, complain about 'noobs' all you like but if you had all been following 'best practise' your problem might not have happened... and if you had talked and not just decided things on your own, well, same deal... but by all means, carry on in your little bubble where you are right :)
[/quote]

I'm not suggesting that I didn't make any mistakes - not testing other people's pages for them was an oversight (everybody on this project was a student, meaning that we all had gaps in our knowledge and should have tried to cover for each other) but in my defense, on this project people owned their code and worked on individual pages independently, without any kind of peer review process. It had not occurred to me that they might not know how to escape data before putting it on a page. I was subsequently able to perform identical script injections on their own pages. Besides, that, "people like me", and just about everybody else, constantly make decisions about what is right without discussing every single one with other people, of course this is confounded by certain team structures. This is not the same as making a change to something somebody else is already depending on - the injections began to become apparrent later on in the project when we started to integrate our work; something I thought should have been done gradually as each tool was completed, but which the project lead thought was best done after all tools were complete.
0

Share this post


Link to post
[quote name='phantom' timestamp='1318451219' post='4871967']
[quote]
But there was a problem -[b] I had decided[/b] that the user should be able to add any kind of data in the description of each to-do item. On my pages this was fine, but on the pages of the other two programmers, who were putting data right out of the DB and onto the page without htmlspecialchars() escaping, there were several script injection faults. The reason for this was the combination of two oversights; [b]I had not considered the implications of allowing users to enter any data, because *my* pages were OK with this data[/b]; I had gone off and asked somebody more experienced how to support this safely. [b]The other two guys had not considered the implications of dumping data right out of the database, because their input data did not allow html special chars.
[/b]
The solution, which I have now learned to provide in future, is to provide a data access method along the lines of getPageSafeData() which performs all the page safe escaping for you. This way,[b] next time I work with noobs, I can be sure my data isnt going to inject nasty things into their pages.
[/b][/quote]

Honestly, reading this, you are [b]all[/b] "noobs".
"I decided"... "they decided"... congrats you all failed Communication Skills 101.

There should have been no 'I' or 'they' in that, there should have been 'we' and you all should have decided on the right way to do things.

But don't worry, I've worked with people like you, deciding the 'right' way to do things without letting others who might need to know know... in fact I ran into that problem last week where, having communicated quite clearly with group leads over a couple of weeks that I was working on and changing file formats I came in one morning to discover one group had decided to change a file format without bothing to inform me.

So, complain about 'noobs' all you like but if you had all been following 'best practise' your problem might not have happened... and if you had talked and not just decided things on your own, well, same deal... but by all means, carry on in your little bubble where you are right :)
[/quote]

People like me? I accept that I made a mistake, choosing a more risky set of allowable data and not checking that my colleagues were able to handle it. I've taken a lesson away from this. We were all noobs - i was one of two interns, and the project lead was a PHD student who was new to project management.
0

Share this post


Link to post
Share on other sites
[quote name='alnite' timestamp='1318381369' post='4871680']
[quote name='tstrimple' timestamp='1318380159' post='4871674']
[quote name='alnite' timestamp='1318379625' post='4871672']
Look for another job. Find a company that doesn't interview you much about software development process.

TBH, I don't like companies that interview developers about software development process. It's completely irrelevant.
[/quote]

Depends on what you want to do... To be a great developer and an instrument of change in a company, you need to know what works and what doesn't. Especially if you're working at a company with a poor or absent SDLC policy. If you want to be just another cog in the machine cranking out code then sure... try to get a job at a big company where all you have to do is crank out another widget and let others worry about how to best get projects done.
[/quote]

As a self-improvement principle, then yes, you'd want to learn as much as you can to expand your knowledge and skill. However, most tech companies ask irrelevant questions to their interviewees just because they want the best candidate ever, regardless of what position they are looking to fill.

Successes of projects in a company depend on huge numbers of factors: CEO, management hierarchy, project managers, project executions, deadlines, visions, scopes, and many more. A single developer's vast knowledge about software development process won't have much impact on that. More likely he won't be put in charge to lead the project as his title is a "Software Developer" rather than a "Project Manager". Can he be outspoken and voice his concern and opinion what needs to be done during the course of a project? Sure, but whether he's going to be heard or fired depends entirely on the people running the company.
[/quote]

Truth is, big or small company, most software developers make shit people managers, so this is in fact a very good thing. After leaving games, I made a very lucrative career out of being a programmer with good people skills. At first I thought my success was a fluke and that "Gary the uber smart programmer guy" should have been the team/project leader, but as the years passed I did come to realize technically competent people that can actually lead ( it's like herding cats... ) other programmers while being able to talk to non-technical people are actually quite rare.
0

Share this post


Link to post
Share on other sites
[quote name='Antheus' timestamp='1318455426' post='4871997']
[quote name='speciesUnknown' timestamp='1318407215' post='4871768']
Needs must when the devil drives. Having had this bad experience, I've decided that the "best" way to avoid such problems in future is to provide a safe data access option. The alternatives is more people blaming me for their oversights, or disallowing control characters in user input.

Since what is best is a matter of opinion (everybody has different criteria) the only real way to determine what is best is to objectively look at the known facts.
[/quote]
Alternate approach would be called agile. While it typically manages to avoid paper trail, it's based around one-click deployments, comprehensive test suites and live testing. Very usable with active user base or fairly big QA team. Such form of agile tends to produce poor results when delivery is only sporadic, since the features are constantly in motion. And even agile tends to rely on stories for prioritization, so all features must be suggested upfront, no one developer may implement out of scope.
[/quote]

The problem with Agile in a corporate environment, is that you need to have an enthusiastic user base, which sadly is often not the case. The whole idea is rapid iterations based on user feedback, but if your users are unwilling, unable or slow giving feedback, Agile falls on its face. In a smaller environment, where many users wear many hats, this problem can be magnified even more! Another problem with Agile is, well frankly, decisions aren't always thought out as well as they should be.

Now if you have a dedicated QA department, Agile can work absolute wonders, but most people don't have a dedicated QA department.


Of all the different methodologies and techniques I have seen proposed, I had never seen one that comes close to a catch-all solution or that didn't have one major flaw. The only thing I can think of that I would universally recommend is pairs programming, watching paired programmings effect on your code base and turn around is simply amazing. Now that I work mostly by myself, I really miss having a partner; it both kept me honest and improved my code. Amazing part was, even when I was the senior and was paired with a junior programmer, it still had a positive effect on my code.

Actually, of all the roles or responsibilities I have had in my decade+ of professional programming, I think mentoring new developers was by far my favorite task. That I can to this day look the (very successful) careers of a half dozen people I mentored straight out of school fills me a fair bit of pride, more so than I have for any particular piece of code i've written! I guess that's why I spend so much time working on tutorials these days now that I am self employed.
0

Share this post


Link to post
Share on other sites
[quote name='Serapth' timestamp='1318872811' post='4873544']

The problem with Agile in a corporate environment, is that you need to have an enthusiastic user base, which sadly is often not the case.[/quote]

Yes, that's "Agile". I specifically said "agile".

[quote]The whole idea is rapid iterations based on user feedback, but if your users are unwilling, unable or slow giving feedback, Agile falls on its face. In a smaller environment, where many users wear many hats, this problem can be magnified even more! Another problem with Agile is, well frankly, decisions aren't always thought out as well as they should be.[/quote]

Agility is about quick turnaround and ability to respond to changes. It's accomplished by lowering barriers across all tiers. One of these may mean involving a client stakeholder. Who that is varies, so does their role. It's rarely the users, that's often counter-indicated, since many users will be simply too preoccupied with their actual work.

Some products and services were built using agile techniques based solely on metrics gathered from users. This is unrelated.
0

Share this post


Link to post
Share on other sites
There are some nice responses here. Even though they're not aimed at me, I learned a lot on what it is to work with a larger team.
But especially useful was Boolean's response, because I can relate to that one very well. I did a lot of work in fixing and reorganizing legacy code. I've started running a blog and posted a port of someone's older code on Github.

I think almost any company that gets several positive mentions on TechCrunch would have happy, enthusiastic developers and a good sense of how to handle projects. Otherwise, they wouldn't be able to grow as fast as they did. This is the kind of company that I'm aiming towards. I prefer working in a business where the software being made is the profit center and not a cost center that is delivered to an external client, like most "IT consultancies".

Having talked to someone that's been running his own web business for over 15 years, he says it makes sense, since the majority of the market are small customers and don't want uber-complex websites, companies can't justify bringing more than one developer for such work. As opposed to SaaS development, where they can afford giving more work since the software IS their main source of profit and can be as complex as they need.
0

Share this post


Link to post
Share on other sites
[quote name='JustChris' timestamp='1318963378' post='4873993']
There are some nice responses here. Even though they're not aimed at me, I learned a lot on what it is to work with a larger team.
But especially useful was Boolean's response, because I can relate to that one very well. I did a lot of work in fixing and reorganizing legacy code. I've started running a blog and posted a port of someone's older code on Github.

I think almost any company that gets several positive mentions on TechCrunch would have happy, enthusiastic developers and a good sense of how to handle projects. Otherwise, they wouldn't be able to grow as fast as they did. This is the kind of company that I'm aiming towards. I prefer working in a business where the software being made is the profit center and not a cost center that is delivered to an external client, like most "IT consultancies".

Having talked to someone that's been running his own web business for over 15 years, he says it makes sense, since the majority of the market are small customers and don't want uber-complex websites, companies can't justify bringing more than one developer for such work. As opposed to SaaS development, where they can afford giving more work since the software IS their main source of profit and can be as complex as they need.
[/quote]

A friend of mine contracted himself as a fractional employee to small-medium businesses and it was pretty brilliant. Basically he took his 40 hour week and sold 1/4 alotments of his time to 5 different businesses ( yes, he over sold ). Basically each company paid about 1/4 the cost of a fulltime coder ( about 60K / 4 ) with a 25-50% premium, so 20-25K each and he guaranteed at least 10 hours a week, onsite if needed and had more hours available on a per hour basis.


So basically he was pulling down about 100K, while 5 companies that couldn't otherwise afford a fulltime developer got a good deal and a consistent face to call on, which is actually a really big deal. Also with the 5th company, it could result in a ton of overtime, although if you get lots of "over the 10 hour" weekly hours, you can make a serious bonus.


It's a pretty interesting and quite lucrative scenario, if you can come up with 4 or 5 contracts to work with, and can manage the overlap conflicts which no doubt arise.
0

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0