• Advertisement
Sign in to follow this  

I've been "cowboy coding" on the job most of the time. How do I get away from it?

This topic is 2284 days old which is more than the 365 day threshold we allow for new replies. Please post a new topic.

If you intended to correct an error in the post then please contact us.

Recommended Posts

Hidden
[quote name='phantom' timestamp='1318451219' post='4871967']
[quote]
But there was a problem -[b] I had decided[/b] that the user should be able to add any kind of data in the description of each to-do item. On my pages this was fine, but on the pages of the other two programmers, who were putting data right out of the DB and onto the page without htmlspecialchars() escaping, there were several script injection faults. The reason for this was the combination of two oversights; [b]I had not considered the implications of allowing users to enter any data, because *my* pages were OK with this data[/b]; I had gone off and asked somebody more experienced how to support this safely. [b]The other two guys had not considered the implications of dumping data right out of the database, because their input data did not allow html special chars.
[/b]
The solution, which I have now learned to provide in future, is to provide a data access method along the lines of getPageSafeData() which performs all the page safe escaping for you. This way,[b] next time I work with noobs, I can be sure my data isnt going to inject nasty things into their pages.
[/b][/quote]

Honestly, reading this, you are [b]all[/b] "noobs".
"I decided"... "they decided"... congrats you all failed Communication Skills 101.

There should have been no 'I' or 'they' in that, there should have been 'we' and you all should have decided on the right way to do things.

But don't worry, I've worked with people like you, deciding the 'right' way to do things without letting others who might need to know know... in fact I ran into that problem last week where, having communicated quite clearly with group leads over a couple of weeks that I was working on and changing file formats I came in one morning to discover one group had decided to change a file format without bothing to inform me.

So, complain about 'noobs' all you like but if you had all been following 'best practise' your problem might not have happened... and if you had talked and not just decided things on your own, well, same deal... but by all means, carry on in your little bubble where you are right :)
[/quote]

I'm not suggesting that I didn't make any mistakes - not testing other people's pages for them was an oversight (everybody on this project was a student, meaning that we all had gaps in our knowledge and should have tried to cover for each other) but in my defense, on this project people owned their code and worked on individual pages independently, without any kind of peer review process. It had not occurred to me that they might not know how to escape data before putting it on a page. I was subsequently able to perform identical script injections on their own pages. Besides, that, "people like me", and just about everybody else, constantly make decisions about what is right without discussing every single one with other people, of course this is confounded by certain team structures. This is not the same as making a change to something somebody else is already depending on - the injections began to become apparrent later on in the project when we started to integrate our work; something I thought should have been done gradually as each tool was completed, but which the project lead thought was best done after all tools were complete.

Share this post


Link to post
Advertisement
[quote name='phantom' timestamp='1318451219' post='4871967']
[quote]
But there was a problem -[b] I had decided[/b] that the user should be able to add any kind of data in the description of each to-do item. On my pages this was fine, but on the pages of the other two programmers, who were putting data right out of the DB and onto the page without htmlspecialchars() escaping, there were several script injection faults. The reason for this was the combination of two oversights; [b]I had not considered the implications of allowing users to enter any data, because *my* pages were OK with this data[/b]; I had gone off and asked somebody more experienced how to support this safely. [b]The other two guys had not considered the implications of dumping data right out of the database, because their input data did not allow html special chars.
[/b]
The solution, which I have now learned to provide in future, is to provide a data access method along the lines of getPageSafeData() which performs all the page safe escaping for you. This way,[b] next time I work with noobs, I can be sure my data isnt going to inject nasty things into their pages.
[/b][/quote]

Honestly, reading this, you are [b]all[/b] "noobs".
"I decided"... "they decided"... congrats you all failed Communication Skills 101.

There should have been no 'I' or 'they' in that, there should have been 'we' and you all should have decided on the right way to do things.

But don't worry, I've worked with people like you, deciding the 'right' way to do things without letting others who might need to know know... in fact I ran into that problem last week where, having communicated quite clearly with group leads over a couple of weeks that I was working on and changing file formats I came in one morning to discover one group had decided to change a file format without bothing to inform me.

So, complain about 'noobs' all you like but if you had all been following 'best practise' your problem might not have happened... and if you had talked and not just decided things on your own, well, same deal... but by all means, carry on in your little bubble where you are right :)
[/quote]

People like me? I accept that I made a mistake, choosing a more risky set of allowable data and not checking that my colleagues were able to handle it. I've taken a lesson away from this. We were all noobs - i was one of two interns, and the project lead was a PHD student who was new to project management.

Share this post


Link to post
Share on other sites
[quote name='alnite' timestamp='1318381369' post='4871680']
[quote name='tstrimple' timestamp='1318380159' post='4871674']
[quote name='alnite' timestamp='1318379625' post='4871672']
Look for another job. Find a company that doesn't interview you much about software development process.

TBH, I don't like companies that interview developers about software development process. It's completely irrelevant.
[/quote]

Depends on what you want to do... To be a great developer and an instrument of change in a company, you need to know what works and what doesn't. Especially if you're working at a company with a poor or absent SDLC policy. If you want to be just another cog in the machine cranking out code then sure... try to get a job at a big company where all you have to do is crank out another widget and let others worry about how to best get projects done.
[/quote]

As a self-improvement principle, then yes, you'd want to learn as much as you can to expand your knowledge and skill. However, most tech companies ask irrelevant questions to their interviewees just because they want the best candidate ever, regardless of what position they are looking to fill.

Successes of projects in a company depend on huge numbers of factors: CEO, management hierarchy, project managers, project executions, deadlines, visions, scopes, and many more. A single developer's vast knowledge about software development process won't have much impact on that. More likely he won't be put in charge to lead the project as his title is a "Software Developer" rather than a "Project Manager". Can he be outspoken and voice his concern and opinion what needs to be done during the course of a project? Sure, but whether he's going to be heard or fired depends entirely on the people running the company.
[/quote]

Truth is, big or small company, most software developers make shit people managers, so this is in fact a very good thing. After leaving games, I made a very lucrative career out of being a programmer with good people skills. At first I thought my success was a fluke and that "Gary the uber smart programmer guy" should have been the team/project leader, but as the years passed I did come to realize technically competent people that can actually lead ( it's like herding cats... ) other programmers while being able to talk to non-technical people are actually quite rare.

Share this post


Link to post
Share on other sites
[quote name='Antheus' timestamp='1318455426' post='4871997']
[quote name='speciesUnknown' timestamp='1318407215' post='4871768']
Needs must when the devil drives. Having had this bad experience, I've decided that the "best" way to avoid such problems in future is to provide a safe data access option. The alternatives is more people blaming me for their oversights, or disallowing control characters in user input.

Since what is best is a matter of opinion (everybody has different criteria) the only real way to determine what is best is to objectively look at the known facts.
[/quote]
Alternate approach would be called agile. While it typically manages to avoid paper trail, it's based around one-click deployments, comprehensive test suites and live testing. Very usable with active user base or fairly big QA team. Such form of agile tends to produce poor results when delivery is only sporadic, since the features are constantly in motion. And even agile tends to rely on stories for prioritization, so all features must be suggested upfront, no one developer may implement out of scope.
[/quote]

The problem with Agile in a corporate environment, is that you need to have an enthusiastic user base, which sadly is often not the case. The whole idea is rapid iterations based on user feedback, but if your users are unwilling, unable or slow giving feedback, Agile falls on its face. In a smaller environment, where many users wear many hats, this problem can be magnified even more! Another problem with Agile is, well frankly, decisions aren't always thought out as well as they should be.

Now if you have a dedicated QA department, Agile can work absolute wonders, but most people don't have a dedicated QA department.


Of all the different methodologies and techniques I have seen proposed, I had never seen one that comes close to a catch-all solution or that didn't have one major flaw. The only thing I can think of that I would universally recommend is pairs programming, watching paired programmings effect on your code base and turn around is simply amazing. Now that I work mostly by myself, I really miss having a partner; it both kept me honest and improved my code. Amazing part was, even when I was the senior and was paired with a junior programmer, it still had a positive effect on my code.

Actually, of all the roles or responsibilities I have had in my decade+ of professional programming, I think mentoring new developers was by far my favorite task. That I can to this day look the (very successful) careers of a half dozen people I mentored straight out of school fills me a fair bit of pride, more so than I have for any particular piece of code i've written! I guess that's why I spend so much time working on tutorials these days now that I am self employed.

Share this post


Link to post
Share on other sites
[quote name='Serapth' timestamp='1318872811' post='4873544']

The problem with Agile in a corporate environment, is that you need to have an enthusiastic user base, which sadly is often not the case.[/quote]

Yes, that's "Agile". I specifically said "agile".

[quote]The whole idea is rapid iterations based on user feedback, but if your users are unwilling, unable or slow giving feedback, Agile falls on its face. In a smaller environment, where many users wear many hats, this problem can be magnified even more! Another problem with Agile is, well frankly, decisions aren't always thought out as well as they should be.[/quote]

Agility is about quick turnaround and ability to respond to changes. It's accomplished by lowering barriers across all tiers. One of these may mean involving a client stakeholder. Who that is varies, so does their role. It's rarely the users, that's often counter-indicated, since many users will be simply too preoccupied with their actual work.

Some products and services were built using agile techniques based solely on metrics gathered from users. This is unrelated.

Share this post


Link to post
Share on other sites
There are some nice responses here. Even though they're not aimed at me, I learned a lot on what it is to work with a larger team.
But especially useful was Boolean's response, because I can relate to that one very well. I did a lot of work in fixing and reorganizing legacy code. I've started running a blog and posted a port of someone's older code on Github.

I think almost any company that gets several positive mentions on TechCrunch would have happy, enthusiastic developers and a good sense of how to handle projects. Otherwise, they wouldn't be able to grow as fast as they did. This is the kind of company that I'm aiming towards. I prefer working in a business where the software being made is the profit center and not a cost center that is delivered to an external client, like most "IT consultancies".

Having talked to someone that's been running his own web business for over 15 years, he says it makes sense, since the majority of the market are small customers and don't want uber-complex websites, companies can't justify bringing more than one developer for such work. As opposed to SaaS development, where they can afford giving more work since the software IS their main source of profit and can be as complex as they need.

Share this post


Link to post
Share on other sites
[quote name='JustChris' timestamp='1318963378' post='4873993']
There are some nice responses here. Even though they're not aimed at me, I learned a lot on what it is to work with a larger team.
But especially useful was Boolean's response, because I can relate to that one very well. I did a lot of work in fixing and reorganizing legacy code. I've started running a blog and posted a port of someone's older code on Github.

I think almost any company that gets several positive mentions on TechCrunch would have happy, enthusiastic developers and a good sense of how to handle projects. Otherwise, they wouldn't be able to grow as fast as they did. This is the kind of company that I'm aiming towards. I prefer working in a business where the software being made is the profit center and not a cost center that is delivered to an external client, like most "IT consultancies".

Having talked to someone that's been running his own web business for over 15 years, he says it makes sense, since the majority of the market are small customers and don't want uber-complex websites, companies can't justify bringing more than one developer for such work. As opposed to SaaS development, where they can afford giving more work since the software IS their main source of profit and can be as complex as they need.
[/quote]

A friend of mine contracted himself as a fractional employee to small-medium businesses and it was pretty brilliant. Basically he took his 40 hour week and sold 1/4 alotments of his time to 5 different businesses ( yes, he over sold ). Basically each company paid about 1/4 the cost of a fulltime coder ( about 60K / 4 ) with a 25-50% premium, so 20-25K each and he guaranteed at least 10 hours a week, onsite if needed and had more hours available on a per hour basis.


So basically he was pulling down about 100K, while 5 companies that couldn't otherwise afford a fulltime developer got a good deal and a consistent face to call on, which is actually a really big deal. Also with the 5th company, it could result in a ton of overtime, although if you get lots of "over the 10 hour" weekly hours, you can make a serious bonus.


It's a pretty interesting and quite lucrative scenario, if you can come up with 4 or 5 contracts to work with, and can manage the overlap conflicts which no doubt arise.

Share this post


Link to post
Share on other sites
Sign in to follow this  

  • Advertisement