Archive

Posts Tagged ‘C#’

My Legacy

October 21, 2011 7 comments

In July 2004, I was offered a development job by a start-up firm I will refer to as ‘ABCD’. I was sorely tempted at the time, however ABCD were undergoing a round of funding at the time and they couldn’t guarantee when I could actually start.

In August 2004, I was offered another development job, this time by a three-year-old firm I will refer to as ‘Acme’. Acme had a small team of developers already, were offering me the same salary as ABCD, and would let me start work as soon as internal issues (relating to the individual I was succeeding) were resolved.

In September 2004, I took a job working for Acme. A Delphi-based software house, the managing director was astute enough to realise that they were blindly following a dead platform, and I was tasked with leading the company’s development forwards. Within a fortnight, all the developers were on a course to assist them with transitioning to VB.net, and my work had begun.

Since then, I pride myself on the way that I’ve pushed the development within the company forward:

  • The code was overhauled completely, migrating to VB.net where possible or providing (with a view to eventually ending) support for clients using existing Delphi software.
  • As each new version of Visual Studio was released, it was evaluated and software slowly migrated onto it for continuing support.
  • Where possible, applications were migrated to the latest version of the .NET framework itself, and to updated versions of SQL Server to take advantage of newer features.
  • Seeing the potential drop in support for VB.net both from Microsoft and the community in general, I started learning C# in my own time and within a week was easily able to convince the MD that, for the benefit of future recruitment and support, all new projects should be written in C#.
  • Spotted the advantages of object-based database models, and as soon as was viable dropped our database layer in favour of Microsoft’s own Entity Framework, giving us access to toolsets including LINQ.
  • Saw the ease in which MVC allowed the splitting up between development and user interface work, and (having rejected the original asp.net MVC and MVC2) evaluated then adopted MVC3 for all future work.
  • Kept track of best-practises, and whilst never dictating rigid development standards still ensured that all code would be written in a manner familiar to any other team member.
  • Continuously educated the ever-changing development team about key aspects such as software security and encryption.

A year ago, a new member of staff joined the company. Claiming to have prior experience in development, he assumed the role of project manager whilst claiming a job title giving him overall responsibility for IT and Operations. It is this individual that I refered to in my previous posts of the Security Moron.

Within a week, he had sent around his former employer’s Development Standards document with a recommendation that we adopt it; not only was this document related to his former employer’s business but it also explicitly ruled out processes and procedures that we had adopted and were actively using, whilst making further recommendations that were nonsensible in our type of business.

Since that time, his input into development, albeit not as a developer but as an operations manager, have increased as his failings as a project manager have became apparent. I have already documented his failings related to security, but when it comes to development he required that certain processes become self-contained modules of work, with little understanding of how these could work in practise or of the downsides associated with them.

His plans for a ‘central audit module’ bore no relation to reality and thus when one was implemented to his requirements it was so non-specific that any output required further work, whilst the ‘security module’ written to his specification actually managed to increase development time considerably and leave code significantly less maintainable that if we had done without.

The one project that he was placed in sole responsibility for from start to finish is generally regarded as a flop; well over budget and currently on the verge of cancellation due to incomplete requirements (that I had been assured many months ago were “100% complete”). Today, we have been given notice by a client that I personally have serviced since my first day that they were taking development in-house after a year of incompetent support under his care.

Furthermore, the company as a whole is following a business model that I specifically recommend against in my previous post ‘Unsupportable Success‘; the managing director is willing to take on any work involving a support contract with no consideration as to who provides the support or even the hours that the contract covers.

A month ago, I was approached by a recruitment agency; a client of theirs were hiring and I may be a good fit for a role they are filling. Persuing this further, it turned out that the client were none other than ABCD (although the agency were unaware of my previous contact, and ABCD themselves had changed so significantly that my offer was a documented, but otherwise unmemorable, blip in their past). The interview went well – so well that, half-way home I received a call from the agency asking me to turn around and return for a second interview that same evening.

As of yesterday, it is now public knowledge within Acme that I have accepted an offer from ABCD. Within an hour, I was excluded from the ‘development team strategy’ meeting, and from now on the development within the company will be pushed forward by the Security Moron.

I had hopes, one day, that when I left Acme I would leave some sort of legacy, in that someone else would take over and push the development team forward in the way I have: my team contains a number of people, each of whom could easily fulfill that role. It is a standing joke within the team that everything the Moron suggests is prefixed with ‘in my old company…’, and the weakness in his technical skills are obvious to all. But with him assuming charge of development, any change will be despite, rather than because, of him.

I no longer have faith that the company will progress. I no longer believe in Acme. I will miss the people here, but I will not miss the company.

Categories: Development Tags: , , , ,

But … what does it do?

September 23, 2011 Leave a comment

One for the C# developers; another sample of the code previously described here and here. Without running the function below, describe exactly the format of its input parameter, the expected output, and what the hell the developer was thinking at the time.

 //get date in ddmmyyyy format
 public static string ddmmyyyyDate(string strdate)
    {

        const string pattern = "^(?<Day>\\d{1,2})(\\/)(?<Month>\\d{1,2})(\\/)"
                       + "(?<Year>\\d{4})$";

        System.Text.RegularExpressions.MatchCollection mc =
                       default(System.Text.RegularExpressions.MatchCollection);

        mc = System.Text.RegularExpressions.Regex.Matches(strdate, pattern);

        if (mc.Count > 0)
        {
            string strMonth = mc[0].Groups["Month"].Value.PadLeft(2, '0');
            string strDay = mc[0].Groups["Day"].Value.PadLeft(2, '0');
            string strYear = mc[0].Groups["Year"].Value;

            string strDateNew = strMonth + "/" + strDay + "/" + strYear;
            return strDateNew;
        }
        else
        {
            return strdate;
        }
    }

For completeness, the code also has another function ‘mmddyyyyDate’ with exactly the same signature and content.

Categories: Development Tags: , ,

Opening the box: 2 of 2

September 22, 2011 2 comments

In my previous post, I extolled the virtues of a system developed by another software development firm, which had been passed to us for evaluation and potential support and maintenance. As a result, I thought it best to calm the rhetoric down slightly when discussing the code.

First things first, check the connection to the database. Curiously, we’d already noticed that the application was working despite us not having changed the connection string. Must be some magical force we’re not aware of.

Ah, sadly not. They’ve very kindly left their original SQL server wide open for us to use. Firewalls just make development awkward, so it’s good to avoid them.

Then I found this, which brought me right down to earth again. It’s a typical example of the level we’re looking at:

Just to clarify exactly what is being shown here:

  • A function, having checked (across several ‘if’ statements – they obviously don’t know what && and short-circuiting is) that they need to output a message, then:
    • Takes a simple error message.
    • Hard-codes every single bit of styling (fonts, etc) into the HTML, and embeds the text string somewhere into this.
    • Adds that HTML into a text string.
    • Outputs this text string in such a way as it becomes a parameter into a function call to be rendered by the browser through a jQuery plugin.

Then, this …

Now, personally I’d have just used CSS classes, and had the message as a parameter into a template defined in a separate resource file – but, I’m picky like that.

For a start, it may be that they simply haven’t heard of stylesheets:

… or “Stored Procedures” ….

… or “SQL Injection Attacks”…

Several steps beforehand, it does filter out some characters – < > \ ” ‘ % ; ( ) & – but the fact that they’re filtering it in the first place means that they’re already doing it the wrong way.

I could go on, but – on a serious note – this was code delivered to a client expecting a professional level of service. Whether this is typical or not I don’t know, but it’s a simple example of why, if you cut corners in your development budget and go for the cheapest quote, you will end up paying more in the future.

Technical debt is a big problem in the software development industry. We will take this client on, but under the strict instruction that they will pay us for a rewrite, from scratch, of the entire back-end. Whether they will accept it or not, we don’t know; after all, they don’t know what’s inside the magical black box. And until it impacted on their bottom line, they didn’t even care.

Opening the box: 1 of 2

September 22, 2011 2 comments

To the majority of people, software development is a black-box process. They contact a software development company, provide them with a specification, some money changes hands and some time later a shiney finished bit of software lands on their desktop ready to use.

Every so often, though, the box needs to be opened. They may lose contact with (or faith in) the original development company. If they’re intelligent enough to have negotiated ownership of the intellectual property, they pass the software onto a third party for them to evaluate, then support and extend according to the client’s wishes.

This happened to a client of ours recently, and I was given the task of opening the box. All I knew was that the original developer had provided us with ASP.NET and C# source code, and a SQL Server database. What I found amazed me, and so to avoid overloading this blog with too much magnificance in one step I am splitting my analysis over two separate posts: this first, for the SQL database, and then a second covering the ASP.Net and C#.

For obvious reasons, the name of the client has been substituted or removed in the examples; other than that, these are all genuine screenshots.


The 40MB database backup was a bit daunting at first, but thankfully the file actually contained five separate copies of the database rather than just the one that most people use (nothing like redundancy!) so it wasn’t as bad as it could have been. The first thing I noticed was that they were being very careful on security – anyone who decided to try a case-sensitive attack on the structure would have been easily thwarted right from the start:

I spotted later, after altering the image above, that their login (which prefixes the table names above) also included a numeric in place of a letter. So ‘clientsN4m3’ would be a more accurate representation of their login. Not their password. Their login. It’s even more secure than I realised.

Their coding style was also very efficient – no need to worry about any standards to read through and memorise when you could make up primary key fields at any point and follow any particular naming scheme that came to mind at the time. I especially loved, in the ‘state’ table, the way that they were free to even use different datatypes if they wanted to:

We obviously have a lot to learn from them here, and even more so when you take into account the relationships in the database itself:

Now, personally I’m happy with a straight one-foreign-key-per-relationship, but obviously they wanted to make sure that, when they added a relationship, they meant it. They were obviously very committed to their database designs, and good on them.

Part 2 continues the theme …