For more generic programming related content, these entries get the “programming” tag. They may have specific language syntaxes or be about theoretical and pseudocode.
When I create a project, I will have at least one user seeded into the database. This usually is an admin user as well.
So, why would I create this user with a plain text password initially?! That’s crazy right?
Let me explain why - and then you can see if you agree.
AI is everywhere - and it has been for the last months… the last year(s)… I even use it now a lot as a tool for my development. So why haven’t I published AI guidance or written about it at all?
It’s really a simple reason. And it’s not what you think probably. I’m not a hater. It’s extreme love of AI and technology that makes me wait. Let me explain.
sprintf is an amazing function that doesn’t get enough love. Because of this, I had put together a little tool to explore it in the browser.
I’ve written about Custom PHP Exceptions before - as well as using PHP Interfaces for code readability. There’s one coding pattern that I use pretty consistently that encompasses these concepts - a custom exception for code or functionality that is not yet written.
If you’re going to use an Action pattern for your application, be careful what you expect coming in as input. In fact, input should be loose and output should be tightly coupled. Let me explain…
A monorepo refers to a single repository in your version control system that holds all of the code for an entire project. That project could be made up of many services, front and back end code, ETLs, etc.
There are many technical arguments for using a monorepo vs a bunch of smaller repos that are more targeted to that functionality. But, one argument is often left out of the discussion.
It seems that every project we run into has missing or out of date documentation. Wikis become stale. Don’t even start me on that out of date README.md file.
It’s almost not worth writing documentation because it gets out of date so fast.
Right?
Awesome. You used interfaces so you can abstract out the dependencies and swap services. Your database queries are all built with an ORM that is database agnostic. You don’t rely on anything special with your servers/cloud. You did it! You now have a project that retains the business logic while allowing all the technical aspects to be loosely coupled! But should you have done it?!
Please indulge me on a bit of an open-ended question and discussion. Recently I saw some “state of the XYZ” surveys where those were specific languages. The surveys were only answered by about 3,000 people each. And then people spoke about them as authoritative references. But are these surveys actually accurate?
One of the most painful things for programmers - whether you’re in a startup or an established business - is leaving code alone that you know could be better. That should be better. There are reasons for this - but what about when it comes to deleting code?
There’s a common joke among programmers: I’m so lazy that I made this script to automate these tasks. Efficiency and process are prized, but also sometimes mocked and ridiculed. So, are programmers actually lazy - or is there something deeper here - have they been mislabeling something else?
Conventional wisdom says to scope down your initiatives and make small tasks for your team members. It’s best if each can easily work on a single task in a silo, so they can get the project done with the least overlap and delay. But, what are we losing with this methodology?
When it comes to Open Source Software, you have a number of choices to make for licensing your software. When you provide a license for your software, you, as the copyright holder, are giving various types of permissions and warranties for the use of this software. You might even define the way it can be used and if modifications have to be submitted back to you. But, what do you “license” software that is closed, paid or private software that you don’t want anyone else to use?
I’ve known a lot of programmers who give a lot of concern to making the best product they can. They follow best practices, create amazing programs and demonstrate both quality and accuracy. It’s quite amazing. But when you look at their internal tooling, it’s garbage. What gives?
I don’t want this to turn into a rant, but…
One of the most rewarding things I’ve done as a programmer was watch a real life in person focus group use my application. At first, I didn’t enjoy it. But like most lessons, looking back, it was extremely valuable.
Over the course of many years, I’ve heard many variations of the same question “How do I learn programming?” Normally, I’m caught off-guard. I don’t know the answer. Things are constantly changing, and what was around “back then” may not be around now. Plus, I don’t exactly remember all of the steps I took to learn programming. Finally, the way I learned programming doesn’t make sense these days. Technology is much different - you wouldn’t consider dialing into a BBS or reading the manual that came from your computer, would you?
Measurement is important. Metrics, while not sexy, are concrete to a good business strategy. When you bring a problem to your superiors, they’re going to want to know what is your measurement, what metrics did you use to determine this is a problem. With tasks I’ve given developers, I’ve always said “show me the metrics that your fix is better” versus just looking at the code.
How often have you heard this phrase?
It’s such a cliche by now - “We need a rockstar programmer” or “only code ninjas should apply” - but this choice in your job want-ad is ruining your business. Let me tell you why.
I’m a huge fan of code review and code walkthroughs. I’ve been asked before what I look for while reviewing code but I don’t know if I’ve ever addressed ways to pick out what code to actually review.
I’ve migrated the website 33thingsbook.com to this blog post.
A programmer’s guide to quality code, great work relationships and respect.
I think around 2015, there was a big splash of good training online for PHP. Frameworks upgraded/changed, helped programmers write better code faster earlier than that. Before that, it was a lot of RTFM. So, before, in the earlier days (maybe somewhat still today), I think PHP developers did this:
As a PHP programmer, I struggle to understand the reason for private methods and properties. Now, don’t get me wrong, I know the official explanation for them: “Use this to hide properties and methods from child classes” - but why? There have been a number of times when I’ve done stuff that is way more of a cluster-fnck because of private methods that I couldn’t slightly modify.
The other day I found myself giving advice and revisions to a fellow PHP programmer about his cover letter for his next job application. That really inspired me to help out and write this entry.
I’ve been working with Pimple Dependency Injector lately, and I’ve come up with an interesting question.
I think it’s pretty awesome that my daily job is making something out of nothing.
One of the newer programmers on my team asked me the other day why I hired him. I said “I saw you had a natural talent, and have potential.” We both kind of laughed because we knew his skill level at the time was very low. He was not that experienced. But, he had more questions about how I can detect talent and potential versus just someone who has really polished looking code.
I was talking with one of the junior programmers on my team about naming method names. He was having problems coming up with ones that seemed to make sense to him and to the application. I broke it down how I think about it:
Hello friends - I’m trying to get an idea if this would be a good idea. Let me know your thoughts in the comments.
Estimates can be one of the hardest things to create as a developer. The word estimate is a misnomer in our industry. It’s almost as if they should be called “agreements” or “promises” according to some bosses. Yet we all know that they are just that: an estimate of the amount of time, not a guarantee.
When doing a bit of code review, I saw an incredibly ornately architected future-proof module written by one of my programmers on my team. It had taken him roughly 3x as long as I had estimated, but the code was very complete. It was created in such a way that every single portion of it was modular and could be interchanged quite easily.
Recently, I had a programmer create a new feature for one of our products. He inadvertently caused another feature of our product to look less polished and function a bit weird. (I called it ‘wonkified’). The consensus of the group was to push out the feature, and then go back and fix the broken part of the old feature in the next week or so.
One of the things I struggle with is the validation of data objects. I submit that there is such a thing as a dumb data object and a validation domain object. The validation object could also be some sort of helper or a service I guess. But, the point is, that the main data object doesn’t have validation on it. It has coupled objects that provide that validation.
Recently, someone mentioned to me Conway’s Game of Life was a programming challenge at a code retreat they attended. I had never heard of it so I went to take a look at the concept. It seemed like a cool idea. So, I decided to use Canvas and Javascript to create my own instance of it. This is just my first draft of it - so take a look. And, if I’ve done anything incorrectly, please please please! let me know.
Lately, I’ve been working on the “2.0” of a very old piece of software in our organization. I rarely use this software - partially out of the pain caused to try to figure out how to navigate it and the associated slow user interface - and partially out of a different theory about new software development. Let me explain.
A few days (ok, a bunch of days) ago, someone asked me on twitter what I look for when I do a code review. Pretty certain I was tweeting that I was either… a) doing a code review or b) annoyed at doing a code review. heh. I thought for a bit, and I think I’ve distilled the list of things I look for. Now, mind you, I don’t set out with my checkbox list or a manual, I just look at the code and “feel” it. Yes, that sounds crazy. I understand. But, subconsciously, I think I’m doing the following things when I do code reviews:
One thing I’m really passionate about is using PHP in enterprise situations. I obviously care about Design Patterns in PHP. I’ve also done a lot of technical review of other books about refactoring away from bad code.
I tend to want to use PHP Exceptions when I can. But, I don’t just leave them as is. I tend to have a large custom exception library. These exceptions extend the base Exception class in PHP - that’s about it.
I just finished glancing over Real-World Solutions for Developing High-Quality PHP Frameworks and Applications. I gotta say it…
A couple years ago, I developed this concept I call “Overtake User.”
One of the things I learned while working at “The Triangle” was the “joy” of auditing. From their point of view, auditing was extreme. Think journaling and you have a pretty good idea. Now, when we talk about auditing, make sure to understand this is referring to change tracking and not vulnerability or fault detection.
I came up with a great topic to write this blog entry about: filters and validators. Then, I got to thinking - maybe I can get more feedback from other programmers I know. I decided to send a note out to a few of my buddies and see what they thought as well.
So, often I have to show a masked credit card on the screen. However, I really want to go the extra mile and show the user a secure, fully masked credit card number that still reflects their original card. For example, if their credit card number is only 15 numbers long, I shouldn’t show a 16 character long string. So, I’ve developed this code snippet:
There has been a lot of discussion on forums and throughout the object oriented PHP programming community about service classes. This is just intensified by the Zend Framework model of development coupled with the changes in their design/architecture and vocal spokespeople. I thought I’d throw my hat in the ring for this.
The last time someone brought up authorizing certain actions by IP address - or I should say, limiting the amount of actions that can happen by one IP address. I brushed that off without a second thought. It didn’t occur to me until later that the original owner of that idea may not have known all the reasons why I know this isn’t a good idea. So here’s a quick rundown:
I run into this question a lot. Should my website have www in the domain name. Should I be going to aaronsaray.com or www.aaronsaray.com?? That is to say, which should be the default home page domain? Let’s discuss…
When generating a CSV file with PHP in the UTF-8 encoding, Microsoft Excel freaks out. It just doesn’t show the proper encoding. Thank you Microsoft! However, I did find a way to handle this encoding and make it compatible for Windows/Microsoft Excel.
After cleaning up some old files in my archive, I found this snippet of code I made a while ago.
While I’m infinitely happy that all uses of a class in PHP now are references, that’s just not good enough. Sometimes I want to use my newly created object in many different methods. I have two options. First, I could create it as a Singleton, and always call the instance getter. Or, I could use an object cache.
Just had a blast from the past… found this a while ago. This was a program I wrote way back in the days of Basic. It was a basic 3D walk through.
I rarely find myself needing to chain methods in PHP - but it’s not an altogether bad idea.
The website http://www.emailtextmessages.com/ keeps a database of most of the email addresses that correlate directly to a txt for mobile phones. However, their version is in HTML - and I see no feed. I’ve compiled the list into a CSV file so that its easier to use in programming. Do visit their website and click on an ad to support their hard work.
Today, I read through the paper titled ‘An Experimental Evaluation of the Assumption of Independence in Multi-Version Programming’ (Find it here).
UPDATE As of 2023, all content is now licensed Creative Commons. See the footer for more details.
I thought I’d take some time to look at the 3 main ways that I’ve handled forgotten passwords on my websites, why I did them that way, and if there was anything wrong.
I really hate to see people accessing and designing objects with public attributes. So many times I’ve seen this backfire. Let’s take a few examples and see why this matters:
For a while, I’ve been looking at plugin systems, but not really fully understanding the pattern behind them. Don’t get me wrong, I see how they work, but I didn’t know the reason why - the theory or pattern behind it. Well turns out, generally, they’re based upon the observer pattern. I decided to write my own observer pattern demonstration here.
In this post, I’m going to cover what a System Architect/Analyst (SA from now on) is and why you need one.
There are many interpretations of MVC - there are less definitions but more implementations. I want to cover what I personally do when using PHP for MVC. I call it MVCFDH.
One of the biggest pet peeves I have is when errors are generated on PHP files between redirects using the header() function. Especially if they’re not a fatal error, you never get to see them! Also, missing files that hit the apache logs usually are not found later until you review the logs as well. I thought: wouldn’t it be great if there was a tool that would watch these log files for me? (yes, a while ago, I talked about the perl “tail” script that I used in my eclipse to watch these… but… this is even better). Well there is a solution! My first Adobe Air application: Log File Watcher!
So, luckily, my current employer will pay and make arrangements for me to attend one major conference each year. Last year I attended Mysqlconf, the year before, Zend Con.
Working in a shop that has approximately 15 times more System-I as/400 iSeries (whatever you want to call it) programmers, I’ve been immersed into their culture, standards and mindset.