New Technology High School

This High School is a model for high tech high schools that's being pushed by the Gates Foundation and probably some other places, and they're thinking about trying one out in Bloomington, or at least they've gotten 50 G's in order to study the possibility. Some of the money went to bringing in a speaker to discuss the possibility, so along with a couple of hundred other people, I went to check it out. My initial reaction is, Groovy. I hated high school, and it's only ten years from now that my son will start it. I'd like him to have some choices about where to go, and this model seems pretty nice. They want to keep it to 400 students, as opposed to the thousand or so at each Bloomington high school now. I've commented elsewhere about not really understanding the Indiana charter school system; I suppose this would be one of those.

I'm hearing some contradictory things about the school, though. For example, a questioner asked last night about the per-student cost of the school. The response was that the school doesn't get any more from the state than any other school would get, and that technology was the biggest expense. But the little handout we got actually says, small school and class size allows students to take responsibility for their own learning...So I wonder which it is. I'd guess that any school would find that graduation rates would inversely correlate to class size. Also, two separate articles in the paper (subscription required) tell us that the school (a) caters to students in the job market, and (b) most graduates go on to higher education. What the heck does that mean?

The speaker explained a little bit of what the school was about; all very nice; focus on communication skills and working as a team, computers for everyone, community internships. I think you can have two kinds of high schools: the kind where kids are motivated and enthusiastic about doing stuff, and the kind where the kids are biding their time until they can get out and go do something else. When you have the first kind, the students are going to be self-selecting - they have to want to go to the school. This is why I think charter schools and school choice are good ideas. So for that reason alone I think this school would be a good idea.

But the audience had a lot of good questions; some sublime; some ridiculous; all very practical. The inevitable "What about sports?" question was asked, which of course really means, "What if my kid wants to go there but he's also a basketball star?" The responder didn't really pick up on that dynamic, mentioning that the schools in California play Ultimate Frisbee against each other. Yeah, great. But the local guy did mention that allowing the students to play on the big school teams was a possibility.

A lot of the questions made me think, though, that either by state law or by educator attitudes, the school system isn't really ready to shift paradigms. I don't necessarily blame them; it's not an easy thing to do. But there were questions about honors degrees and demographics. The California panelist pointed out that an honors degree is a pretty divisive thing, and how can you teach teamwork in that sort of environment? The local panelist said that he thought the demographics would have to mirror those for the local high schools, so this school would have the same proportion of special needs students, minorities, gifteds, etc. I don't see how they can do that and still have the students be self-selecting, not to mention I find it extremely irritating when people are classified into "black", "poor", "special ed" or groups, even when the goal is to create balance.

So there's plenty to think about still. But I hope they do it. And if I'm still around town in ten years, I'll probably be pushing my kid to go there. If you see a chance, take it.

The Guerrilla Guide to Interviewing

Joel's latest article on interviewing is up. It makes some good points, although he continues with the down-to-the-metal idiosyncracy that I posted about last year. But here are the things that I thought were really good points:

• Hire/No-Hire . Make a decision. If you don't know, the answer is No Hire. I've run into this before when interviewing an entry-level guy for a position that required more skills than that. We recommended he be hired for Support instead. I'm not sure that that wasn't the right decision, but as a principle I like this one.
• You want people who are smart, and who get things done. Joel describes people who fail at one or the other, and I think I've worked with most of them before.
• A programmer should understand pointers, and recursion. Joel comments that a lot of people are coming out of school without learning a language that requires pointers, which is a problem. Less so with recursion. He says that pointers are an aptitude rather than a skill.

At the end he says, confidently,

If your resume and phone-screening process is working, you’ll probably have about 20% hires in the live interview.

True at FogBugz, no doubt. I've not really seen it here in Indianapolis, where the local talent pool is so small. But you never know, we might get lucky!

Want a job at an up-and-coming medical imaging company? Drop me a line!

Bloggers are people too

Ordinarily for me, reading and writing blogs is an intellectual exercise. I'm more comfortable and interested in discussing software processes, languages, testing than I am with the emotional appeal of the typical network news sob story. So when worlds, and cars, collide, I find it affects me especially. I envision my own five-year old son coming home from his karate class and I feel like crying. Good luck to you, Nick and Josh.

IQAA: Regression Testing

Dr. Hanna's Practice #8: Perform regression testing that is based on impact analysis. The first practice in the list that you can't just nod your head at, since you have to have a good idea of what regression testing is (I do) and what impact analysis is (I didn't.) But I did like Practice #7: Testers should attend design and code reviews. It's not something I had heard before, but it's obviously a good idea if you are interested in faciliating communication within your company.

So what should a tester do at a code review? Primarily they will want to come up with test ideas; examine the code paths; ask how each one can be exercised. But also they can ask a very fundamental question: What other parts of the code is this project going to affect? This is an impact analysis. If I remember correctly, it was recommended that this analysis be done formally, as in developers have to write up a statement or report analyzing what other parts of the product will be affected. Not a bad idea, but probably not for smaller companies like Prosolv.

So based on the Impact Analysis, testers should be able to come up with a set of requirements that need to be retested, and there's your regression suite. Of course, every build that goes to testing should be tested on the critical path (or as I prefer, the "Happy Path"). Dr. Hanna suggested a 90% pass goal, but I'm not sure why that should be. Some tests will be showstoppers, others will be...well, whatever. I suppose if you have more than 10% "whatevers" failing, you've got an issue, though.

Just a couple of other notes:

- Regression testing doesn't do any good if you do it at the beginning of a project - it is certainly to be hoped that there will be few failures then!

- Impact analysis is also necessary when a requirement is changed. Go to a developer if necessary!

- Which led to the question, what if the developer doesn't know? Dr. Hanna's response: Find new developers ;)

IQAA: Integration Testing

Dr. Hanna's Practice #3: Test for both functional and quality requirements. I would have thought state charts and truth tables were familiar to everyone, but I think the typical Indianapolis tester has a lot less experience than, say, one in San Jose, so there were a lot of people who they weren't familiar to. But Dr. Hanna had some good advice on turning a requirement, written in English, into a model by splitting it up into actions and results. He took a typical requirement statement, teased four predicates and four consequences out of it, and showed the truth table that it resulted in, with the 16 possible states of the predicates and the expected consequences of each. I was a bit itchy here, because I always feel that you can go through and test your application like this, but then go through and test a separate bit of your application which contradicts it. To help my understanding, I went on the second day to a talk on integrations testing, which I thought would more or less cover my confusion. You've got one requirement, you've got another requirement, testing them both is integration testing, right?

Well, no. Integration testing is the actual bit where you take two components of the system and make sure they talk to each other properly. Testing the input/output of one component is mostly a unit test, since they usually are easily testable and verifiable based on the automated testing that should have been written by the developer. But you need integration testing to avoid the "operation was successful but the patient died" phenomenon, where the interface of component A is not clearly understood by the developer of component B, so he writes and tests a very nice component that doesn't do at all what component A expects.

But with that clarification, I guess I see the real issue: the thing that is worrying me are two contradictory requirements. Given a clear requirements document, it is no longer the tester's problem, and it is no longer the developer's problem. It's a business problem, and someone with knowledge of the problem domain is required to clarify the contradictory requirements, which allows us to update the requirements doc, and guess what - now the testers can redesign their test plan and the developers can redo their code.

Here's a list of books recommended at the conference.

IQAA: Changing Requirements

The whole conference I was at this week for me revolved around the requirements management process. Partly because many companies I've worked at had trouble with this part of the process; that is, they followed the process of creating a requirements document, then they shut it away in a drawer and never look at it again while developers and testers go along their merry way and code up a mishmash of the requirements, what they think the requirements might mean, and any customer requests that aren't too difficult and/or are from important customers.

But I think a main thrust of Dr. Hanna's talk was that the requirements document is very important. I'm used to this very static, dull requirements document, and so I kept wanting to raise my hand and say, "How can you do that when the requirements phase is already complete?" But I have to conclude that he doesn't think it is static at all, and that it has to be dynamic and updated continually. (It was interesting that he said several times that testing is a process, not a step in the process, but he never said requirements were too.)

The typical software company tends to communicate rather informally. Write up a vague requirements document, then have the developers implement it any ol' way that seems right. If they're good, or at least social, developers, they'll talk to customers or managers or somebody that can clarify the requirement. A lot of developers will just guess, though. (Combined with receiving fast feedback from a Customer, this is just fine, of course.) But this is why the developer/customer communications need to be with testers (in a typical software environment ) or part of the process (in a regulated environment or one with traceability requirements. When it is part of the process, the correct process, I think, is to modify the requirements doc based on the customer communication. This gives testing a chance to update their tests. Dr. Hanna came back many times to the diagram:

Requirement -> Test Scenario -> Test Case -> Script

So if the Requirements are up to date, the tests can be up to date as well.

I'm not sure that every attendee thought this was the emphasis, but I also went to a couple of talks on this topic.

IQAA: Quality enrichment conference

I've posted about the IQAA before, and I regret that I haven't been able to make it to their talks regularly. There is a bit of a disconnect between the organizers and the members, I think, because the organizers are creating a fair amount of high-quality content, and I'm not sure that the Indy software testing scene really is vibrant enough to appreciate it. Today I'm attending a free seminar given by Dr. Magdy Hanna of the IIST on Software Testing Discipline and Software Testing Management, and it's very good.

The intent was for Dr. Hanna to give two seminars, one in the morning more or less aimed at testers, and one in the afternoon aimed at test managers, but in practice they all sort of collapsed together. The majority of attendees were there for both sessions; which was good, because they ran together pretty much. Dr. Hanna is a good, knowledgable, and confident speaker, and when you have one of those you're guaranteed to run over. We got to hear a little more than half of the practices before lunch, and a couple more afterwards, so what was billed as the "afternoon session" started around 2:00. But it covered basically the remaining practices anyway, and around 3:15 he looked up, said, "How much time do we have left?" and burned through the rest of his slides as if they were a kaleidoscope :) I'll put together a few posts over the next few days on my impressions of the conference and speakers. I'm not going to summarize all of the practices he named; just some of things that made me think. For example,

Practice 1: Requirements are crucial, with the couple of subheaders: You can't test what you don't know, and Users will always change their minds, and this was the point when he went all Steve Yegge on us, and explained how he was opposed to the agile movement. Of course, as is usual in such cases, we find out that he's not actually opposed to the practices of agile, or at least many of them, but only to calling it agile, or something. (I've never been quite clear on what exactly the opposition is to).

I mention this in passing because it seemed to me that those two headers absolutely contradict each other. How do you know what to test, when the users are calling the developers daily with new requirements? But his overall point, I concluded, was that (a) requirements documents should be kept accurate and up-to-date, and (b) they should be your main avenue of communication between developers and testers. I had assumed, when he said he didn't approve of agility, that he wanted nice static requirements docs before testing ever started. This, of course, never happens in the real world. More later.

WIX, IIS, and CPPUnit Nano

Shoutouts to a couple of pages that have made my life easier in the last few days. We use CPPUnit to run unit tests on some of our VC6 applications, but now it's time to start compiling those applications, and their tests, in Visual Studio 2005 . I messed around with trying to get CPPUnit to compile and link in in VS2005 for a while, but was unsuccessful; and in any case CPPUnit isn't getting any love from anywhere any more. So what's a unit tester to do? Enter Nano CPP Unit, a little unit testing page with all of the source right there on the page. Copy it in to the correct files, change a few other lines, and a bunch of tests were running right off. Very handy.

Second, trying to configure IIS through an installer built with WIX. The docs explain more or less clearly how to set up the custom actions, so I did that using the codes below, ran the installer, and...nothing.

<WebSite Id="MyWebServer" 
   Description="My Web Server"
   Directory="MyLicenseServer">
<WebAddress Id="LicenseManagerWebAddress"
   Port="80"/>
<WebVirtualDir Id="LicenseManagerVirtualDirectory"
   Directory="MyLicenseServer" 
   Alias="LicenseServer">
<WebApplication Id="MyLicenseServer"
   Name="MyLicenseServer" />
</WebVirtualDir>
</WebSite>

I ran across this Strange Blog entry detailing more or less how to do the same thing, but a comment in the post also mentioned the bit I hadn't seen before: Link in the provided object file sca.wixlib to set up all the custom action scheduling the way you need it. Thanks to that commenter, the Strange Blog author, and the author of Nano CPP Unit for their help!

Evidence open source project

I got a CodePlex project approved, whee. I'm pretty sure I must have grandfathered in since I submitted my request a couple of weeks ago - it's just an idea in my mind, not an actual project, and therefore it probably doesn't come under the latest requirements:

Most project requests that we approve have two or more project admins, two or more committed developers, and a recent history of active check ins, opened and closed work items, and at least one release. We sometimes make exceptions for individual project applicants (with or without code) who have a proven history of success in creating successful online development projects, or startups.

Uh, yeah, that's me all right. But, my project idea has to do with genealogy and collaboration; it's an attempt at raising the standards of online genealogical research. As I wrote on the project wiki:

The typical Internet genealogical researcher today works as follows:

1. Search on genealogy sites for published databases that have matches for someone already in their database
2. Copy the information to their database
3. Publish the database

So there's a lot of room for improvement. I'll write more about my ideas soon - right now I have to go figure out how one checks in code using Team System...

Drop me a line if you're interested in the project!

Credit card frauded

Crud! I got a call from MBNA to verify some "suspicious activity" on my credit card, and sure enough someone managed to get to their online banking site, use my account number to log in, change my address to somewhere in Maryland, and buy an $11,000 dollar computer from Dell.

Luckily Dell was on the ball and asked MBNA to verify the purchase, so the account will be closed immediately. Still, I wonder how they came up with the number? A little scary; but changing that account number is something I should have done years ago, as I use it for way too much stuff. (Which is exactly why I haven't changed it.)

When I called MBNA they asked for my mother's maiden name as verification. I bet that's easy to find - wonder if the online banking site used that same security?

Hopefully changing the account number is the end of it. Then I need to start splitting up my accounts: one credit card for online purchases, one for monthly charges, one for gas, etc. Be careful out there!

Death of NDOC

I caught the news first from Bill Wagner's blog that NDoc 2.0, the documentation tool for .Net developers, was losing its main developer and motivating force, Kevin Downs. (And incidentally, I never saw anything useful on either Digg or Technorati about it. Simple Google is still the best place to look.) Here's what Kevin had to say in an email that was quoted in dozens of blogs:

As some of you are aware, there are some in the community who believe that a .Net 2.0 compatible release was theirs by-right and that I should be moving faster – despite the fact that I am but one man working in his spare time...

This came to head in the last week; I have been subjected to an automated mail-bomb attack on both my public mail addresses and the ndoc2 mailing list address. These mails have been extremely offensive and resulted in my ISP temporarily suspending my account because of the traffic volume.

The standard line of bloggers has been, more or less: What a shame, what a loss to the community, why aren't these mailbombers contributing, that's what happens to open source projects.

It certainly is a big loss. But to be honest, I don't see it as a huge deal. Bill sees it as a problem with the whole open source software model, which I disagree with - I think the Asterisk project is one counterexample. The email, to me, has a bit of a defensive tone, like the writer's lost all his enthusiasm for the project and is looking for an excuse to get out of it. (I've sure been in that position, and it's got nothing to do with open source!) Is NDoc really that heavily used? Doxygen has the advantage of working with more languages, so it's my preferred tool, but I would think if there are that many people interested in using it, surely someone can step up as a new administrator, even if the project languishes for a while. And a mailbomb attack? Do those really still work? I would have thought any administrator would have been able to block some IP's and stop it. I guess it was the product of someone's bot army; but that brings up another point: anyone can launch a mailbomb or DOS attack. You can make one person mad online, even for a perceived rather than an actual insult, and the attack can come. If you're a small organization, you just have to weather the storm and move on.

I'm not saying Mr. Downs made the wrong decision; far from it. It's his life and his work and we should be grateful for whatever he is willing to donate to the community. But let's accept it and move on without getting huffy about it.

Oh, and maybe I better see if Doxygen could use any extra coders...

Customer Affinity and UI design

Martin Fowler discusses the importance of being attuned to the business side of software development. I especially liked this quote:

I've often heard it said that enterprise software is boring, just shuffling data around, that people of talent will do "real" software that requires fancy algorithms, hardware hacks, or plenty of math. I feel that this usually happens due to a lack of customer affinity.

I've heard this too, in spirit at least. and one of the reasons is that those people of talent don't believe that UI design is "real" software. Of course, the place you have the most opportunity to affect how the customers work and whether they enjoy your software is in the user interface. In the last few years, UI design has started to gain a little more respect in the community, but the fact remains that it is one of the areas of software design that really remains an art, rather than a science. What are your favorite sites for discussing UI design?

Finding holes in the process

Ever done a process review? It's one of those things that gets done, formally or informally, when a software company is trying to grow from small to large. In my experience, the most likely way it happens is, a manager or two or three get together and decide on some tool that they like, or have used before, and that they think would be useful for source control, or bug tracking, or building, and then they pass the edict down to the programmers: "Okay guys, from now on we use OnTime for all bug reports." The programmers nod politely and get on with the business at hand, and may even enter a few things into OnTime if they remember.

Ina few months, the managers realize that nobody's paying much attention to OnTime, and they go and bug the programmers. "Hey guys, let's use this bug tracker, ok? We paid a lot of money for it." The programmers start entering a few more things into OnTime, if they remember, but they grumble about it. Why waste time on this busywork, they think? The programmers aren't happy, the managers aren't happy, and communication is breaking down badly.

How do you avoid this? Don't just nod politely when the tool is introduced; attack it. Of course, if it's a tool you've not used before, you won't be able to see what any weaknesses are. But try to understand the workflow. Bug the manager until he makes it clear for you. He'll probably end up saying something like "Each bug goes from Entered to Accepted to Fixed to Tested to Released".

That's a pretty standard workflow. But now you can start to poke holes in it. Has anyone thought through the failure steps?

"Okay, so what if it's a bogus bug? I'm not going to accept it then."

"Hmm, that's true. Maybe we should add a Rejected state."

"Sounds good. What if Testing fails?"

"Umm, the test group should just set it back to Entered, and it can cycle through again."

"Okay, but what if that happens the week before the release? Do we need to put off the release until the bug gets fixed? Or can we hold off on it until the next release?"

"Ummm..."

Processes tend to break down around the failure points. If every bug took the path Find/Fix/Test/Release, software development would be very simple, and the workflow would be completely linear. But on every step of the line, it needs to be clear what will happen on a failure. Does it go back to previous step? Farther? Can we ignore it? A clear workflow with known failure paths will go a long way towards making any software project smoother.

Build part 3

Looks like the build is finally up and running, and we've completed a few builds that testing seems to approve of. I finally moved the virtual machine over to a machine with a decent amount of power behind it and that got things to pick up a little; but certainly we were far from the James Shore ideal of being able to download and build immediately...at least not after I implemented my idea of moving source code to a different drive so the C drive could be more easily restored if needed. It took quite a bit of time to finally dig out all the references to c:\Prosolv\build and replace them with environment variables!

But our mishmash of Ruby scripts is going again. We have our summer intern working on a new build process: he's evaluated various tools and chosen one called Visual Build, which we'll move to at some point, when he's declared it ready.

My friends Andy and Sushil have both just had babies. Congratulations, you guys!

Build machine still dragging

(Backstory here.) Came in the next morning; VS2005 is still installing. Curse. The bright side was, as I watched it, it switched from actually installing VS2005 to installing one of the CE framework packages that I really didn't care about. So, I spent some time unsuccessfully trying to get it to cancel out at that point, and eventually was able to get the machine to start shutdown, which allowed me to kill the VS install. How will that affect the machine, I'm not sure. So, around 9AM the machine started shutdown - then, the automatic updates kicked in. Thirty of them. Curse. So here it is, about three hours later, and just about half the updates are complete.

This is not a good circumstance when trying to get a release out.

The perils of slow build machines

We had a hard drive die on our build machine. Not to worry; as we learned from the rubber chicken source code should be buildable and shippable anywhere, anytime. But then, I don't have a great deal of trust in that ideal concept, so we decided to take advantage of the situation to create a virtual build machine instead of a real one. Here are roughly the steps I followed:

Install Virtual PC
Grab an existing hard drive image with Windows XP SP2 and copy it.
Install a couple of things on it; then attempt to install Visual Studio 2005.
It blows up with an error. Huh?
Try it again, same error.
Realize that the image is limited to 4 gigs, and VPC doesn't allow modifying the existing size of a virtual disk, as far as I can tell.
Curse.
Create a brand new image, and install XP SP2 on it. This process takes plenty of rebooting, and "Press Enter to continue" style dialogs; not to mention several hours just to copy all the files.
Install Visual Studio 6; hopefully it will be quicker and we'll need it for some legacy stuff anyway. Many more reboots, but eventually it's installed.
My boss comes by and asks how much longer it will be until the next build.
Curse.
Attempt to install VS2005 again. Many more reboots.
My boss comes by again and tells me he's arranged for a much faster machine with more memory. Cheer.
It's around 5:00 that day, so I decide to leave the VS2005 install running overnight, then I can transfer the virtual machine to the new machine in the morning.
Come back the next morning. VS2005 is still installing.
Curse.
It looks like it's nearly done, though. Hopefully it's within an hour or two of finishing and I can move it over to the faster machine.
Wait eight hours. VS2005 is still installing.
Curse.

I'll leave soon. Hopefully VS2005 won't take 48 hours to install, and I'll be able to get back to it in the morning. We're now at eight days without a new build. Curse.

Death of Agile

Jonathan Kohl writes on the value of pragmatism, as opposed to process zealotry, and asks what we think. Jonathan, I think you should enable comments on your blog :) But I'll do a quick post here instead. I'm not sure whether I agree or disagree. Absolutely you should use whatever works for your project; I have no issue with that. But I have a lot of trouble imagining a project where I would say, "In this situation, writing unit tests would be a very bad idea" or "It's clear that we should not have a daily build for this project. One a month, absolute max."

In other words, the point of agile processes are that they are good processes. You use them because they are unquestionably an advantage to your project. Maybe I'm a zealot. Is there an argument to be made against unit tests? To me, the whole zealotry issue comes across like saying, "Sure, I really like transistors, but hey, if vacuum tubes are what your stereo requires, you go right ahead and use them!"

Internship available

If you are a student in a computer-related field at an Indiana college and looking for a summer internship, drop me a line with a resume and I'll see that it gets to the right place. Prosolv is a medical software company in Indianapolis.

Podcast list

With basketball season finally over, I plan on updating this blog more often. I have a couple of series ideas in mind: first, I'm looking into presentation systems for 3D medical graphics; ultrasounds, for example, and I'm very interested in the Visual Toolkit (VTK). I've not been successful in importing any of our own sample DICOM sets yet, though, so I need to poke around and try to find some online that will work.

Second, I want to do a podcast review of the nine or ten podcasts I listen to regularly. I have a long commute, and I typically go to the gym over lunch, so I have a good three hours to listen to podcasts per day if I want.

I use Juice as my podcatcher, and an iRiver attached to the auxiliary input to the sound system in my car to listen to the podcasts. Here's an OPML of my subscriptions. In no particular order, they include:

Academic.net
HanselMinutes Mp3 Direct
QA Podcast
Polymorphic Podcast
Perlcast
Chris Pirillo Show
Software As She's Developed
Security Now!
Major Nelson
Channel 9
this WEEK in TECH
Congressman John Hostettler -- Capitol Update

Continuous Integration and Testing Conference

I'm planning on attending this free-form conference, Chicago, April 7th and 8th. Drop me a line if you'll be there!

Jump start new team members with code review

Here's another interesting article on code reviews.

Team Foundation Server

So Dave Bost gave a presentation on Team Server last night. It was pretty interesting; it was the first time I had really seen a Team System presentation that didn't focus on the different clients. He made it clear that he didn't want to discuss licensing, so I didn't ask the question that really was blazing through my head: why the heck do I and the thirty people in my company give a rip? Team System is for big people.

Anyway, Dave is the new developer evangelist for Indiana. It used to be Chris Mayo, but I guess he's moved on the other things. Dave, are you going to the Continuous Integration conference? Maybe I'll see you there!

There was also a semi-organizational meeting for a C# special interest group. I think that might be interesting, and we'll probably pull out the computers for the next one. A guy from the Advanced Visualization Lab was there too; their work might be relevant to some of the new 3D ultrasound machines that we're examining at Prosolv. Should be very interesting!

Volume texture DDS files

I had reason to try to create a Direct3D volume texture this week. This article gave instructions on how to do it, but I think it must have been out of date, because running the code they gave did not result in a DDS file that was loadable by the texture viewer. (I messed around with modifying the article, but then I had to register on the site, and blah blah blah) So I studied the header that was generated by the texture viewer, and eventually wrote this code:

#include <ddraw.h>
#include <fstream>
#include <D3d8types.h>

int main( int argc, char * argv[] ) {
  if( !argv[1] || !strstr( argv[1], ".dds" ) ) {
    fprintf( stderr, "Usage: noise output.dds\n" );
    return 1;
  }

  DDSURFACEDESC2 desc;
  memset( &desc, 0, sizeof(desc) );
  desc.dwFlags = 0x00801007;
  desc.dwSize = 124;

  desc.dwDepth = 64;
  desc.dwWidth = 128;
  desc.dwHeight = 128;
  desc.dwBackBufferCount = 64;
  desc.ddsCaps.dwCaps = 0x00001002;
  desc.ddsCaps.dwCaps2 = 0x00200000;
  desc.dwFVF = 32;
  desc.ddpfPixelFormat.dwSize = 0x20;
  desc.ddpfPixelFormat.dwFlags = 0x41;
  desc.ddpfPixelFormat.dwRGBBitCount = 0x20;

  desc.ddpfPixelFormat.dwLuminanceBitCount = 0x20;
  desc.ddpfPixelFormat.dwBumpBitCount = 0x20;
  desc.ddpfPixelFormat.
    dwPrivateFormatBitCount = 0x20;

  desc.ddpfPixelFormat.dwRBitMask = 0x00ff0000;
  desc.ddpfPixelFormat.dwGBitMask = 0x0000ff00;
  desc.ddpfPixelFormat.dwBBitMask = 0x000000ff;
  desc.ddpfPixelFormat.
     dwRGBAlphaBitMask = 0xff000000;

  unsigned int cnt = 
    desc.dwWidth*desc.dwHeight*desc.dwDepth*4;
  unsigned char * buf = new unsigned char[ cnt ];
  while( cnt-- ) {
    buf[cnt] = rand()>>7;
  }

  std::ofstream ofst( argv[1] );
  ofst << "DDS ";
  ofst.write( (const char *)&desc, 124 );
  ofst.write( (const char *)buf, 
     desc.dwWidth*desc.dwHeight*desc.dwDepth*4 );

  return 0;
}

To be a really useful sample, I need to replace the flag values with constants...I need to figure out what they are, first, though!

Honestly Subjective Performance Reviews

(Thanks Lasse.) Corporate performance reviews are for the most part a waste of time. At my last job, I worked with the same set of peers for around four years, and we did peer reviews on their anniversaries. The first year, I tried to provide constructive feedback on how I thought people were doing, what they could do better, etc. The second, third, and fourth years, I had no idea what to write. Reiterate what I wrote the year before? Try to comment on what they were doing better than they did last year? I didn't have a clue. Once (with a really cool boss) I wrote my evaluation as a limerick.

This article discusses what's wrong with reviews, and how they can be better. First of all, just bail on the idea that reviews can ever be objective, any more than journalists can. Then focus on the future, not the past. It's a very agile idea. I'm excited about the future of work. I think corporations of the 21st century can work so much better. But how many companies are willing to give it a shot?

Coding Standards and Reviews

At the IQAA on Thursday, there was a good presentation on coding standards and reviews. I've always had a strong sense that code reviews were important, but I've never actually been to a code review that was worth the time it took. My current job has a standard requirement that all code should be reviewed, though, so I've sort of been casting about for a good style of review. Ed Gibbs has thoughts on the subject; so does Macadamian. But I definitely thought that as far as my company was concerned, Robert Bogue's talk got to the heart of what a code review should be. Not that we'll actually change our process, of course, but at least I'll have some talking points when the subject comes up :) (I'm a touch underutilized in my company, I feel. I have to persuade rather than insist. Maybe after another year or two.)

So here is what I took away as the most salient points:

1. Code reviews should not be painful. Bring cookies; have balloons.
2. Code reviews should have a point. Don't just bring everyone in and show them the code. Then they all say, "um, sure, looks good." Have points of emphasis; exception handling, say, or readability.
3. It's OK for junior developers to comment on senior developer's code. I'm still groping on this one; not that I ever thought that they shouldn't, but the question is more, how do you get them to do it? I've known developers that come to code reviews, sign all the forms, but then don't ever say a word about the code. I brought the question up at the time but didn't state the issue as clearly as I would have liked.
4. Code reviews and code standards are related. This one had never occurred to me before, even after, at my last job, I wrote a short article called, "How to get your code past a review". Now I realize that that document was actually a coding standard. I think we've got a coding standard around somewhere at this company, but I'm not sure where it is. I'll probably resurrect it at some point.

So it was definitely a learning experience for me, and hopefully a springboard to learn more about the subject. Mr. Bogue has a blog as well, subscribed!

Yahoo! Patterns

Wow, this is a handy little pattern library. (Thanks to Grady Booch.) I'm spending more and more time with Yahoo these days, for stock updates, Yahoo! Answers, Flickr, and other things. A good sign for them, I guess.

The irrelevant Joel Spolsky

For a guy who has written so much good stuff on software development, I think Joel is falling behind the times. His latest post talks about not being able to find an online calendar that he likes, which is fine - I don't think anyone has, yet - but then he uses that as a springboard to decry the new software technique that he refers to as, "Ship early and often".

I did a web search for that phrase to find an alternate viewpoint, and Joel is already in the top three sites for it; he's quite an influencer. But he seems to have a lot of disagreements with the techniques of agile programming, which includes this technique, there referred to as "Frequent Releases". Joel - and the article I linked - claim that releasing half-baked software isn't a good idea; true enough in itself, but I'm guessing that the calendars he checked out weren't buggy, bugs are bad things and no one wants to use buggy software, but that they simply didn't have all the features he was looking for. Releasing a calendar that has actual business value isn't releasing half-baked software; it's getting something out there that people can use, evaluate, give feedback on. It's a starting point for a conversation with the users. Look at Flickr; the most popular photo-sharing site on the planet started its life as a game tool, and evolved into its current incarnation by listening to the users and giving them what they want. That's how you create software.

"But", Joel says, "I'm not going to look at 30 Boxes again -- I've spent enough time evaluating it." He won't be back to see next week's version, or even next year's. (I wonder what calendar program he'll be using in the meantime?) I suspect he says this as a recognized authority on good software, in the belief that if he doesn't like it, it's probably not much good. That's probably true, too, but, there are one heck of a lot of other folks out there. They have blogs. They write about stuff they don't like too, and they also write about stuff they do like, if not nearly as often. I didn't look at any of these Ajax calendars at all, myself. But eventually, I suspect, one will turn out to rock the world, and at that point it will be all over Technorati, Icerocket, Memeorandum, Tailrank. At that point I won't care about Joel's opinion of them today. Joel probably won't either. When one of them wins out, he'll know by word of mouth, as we all will. Two or three of the others will have fallen apart by then, spending too much time writing features that no one wants, not getting anything released out on their website, not getting any buzz. And that is why, if you're writing software today, you should release early, and you should release often.

Generics at user meeting

I went to the Indianapolis .Net User Group meeting last night. They advertised Generics as the topic, and since I really didn't know anything about them, I was looking forward to it.

It turned out to be more interesting as a group dynamic than as a presentation. As a presentation, what I gleaned was that, from a user's perspective, generics are precisely identical to C++ templates. You declare a variable of a type that takes generics, and drop the specific type after the type name, in brackets: ArrayList foo = new ArrayList. Or you declare your own class and declare a after it to create your own generic.

From an implementer's standpoint, they're pretty darn different from C++ templates, as you might expect. And working out exactly what those differences might be engendered more discussion from the group than any topic I've yet seen. People were interested in how they were implemented, whether they would really avoid boxing, whether it was done at run time or compile time. There appeared to be two or three people who really knew their stuff, too - they were discussing what the IL that was generated looked like and that sort of thing. By the 45 minute mark, I was pretty sure that I was in for a two-hour or more night.

But amazingly, the entire presentation couldn't have been more than 35 minutes. Add in 25 minutes of discussion and the whole thing would have been over with before seven with plenty of time to draw door prizes and be out of there by 7:30.

But I don't know if that's what happened or not. The Q&A period was still going strong at 7:05 and I decided to bail. I hope my ticket didn't win a new car or something :)

ISO

I wrote a while ago about how ISO can actually be used as a positive thing for a company, which I suppose most developers at the grunt level would disagree with. It's true though: you just have to use it to describe your processes, rather than prescribe them.

There is a basic dichotomy, however: The company management may not have the least interest in improving the processes. They just want the pretty sticker for the front door that says, "Yes indeed! We're ISO approved! You can do business with us!" After that, they may not give a fig whether or not the processes are actually being followed, except to the extent that they won't get into legal trouble. This is why so many developers hate ISO. For ten months out of the year, they're told to bypass, sneak around, don't bother with the process, we have to get those customers happy. Or if they follow a process, they may get penalized for it. "What do you mean it'll take you two months to do that? We can't put that on the form! Put down three weeks!" Then, of course, when it does take two months, everyone has to work overtime since the project is so far behind schedule.

For the other two months of the year, they're told, "OK, here's the process. You have to have it memorized. If an auditor comes by, make sure you have the document in front of you. Just read it to the auditor. Don't make trouble. Don't volunteer anything. We just want our little sticker; we don't care about the process."

It's a shame. There's real value in ISO. I wonder if there are any companies that can find it?

A good Informatics web site

When I complain about something, I do like to follow up if the problem is addressed, or corrected, or even vaguely not quite as bad as I thought. I wrote here about the IU School of Informatics web site and how I was pretty unimpressed with it, for what should really be a school on the cutting edge. Well, even if you can't find it from the main page, bubbling up from the bottom are some good sites. This one on a talk series about complex systems is very nice - it has the expected abstracts, speakers, times & dates, and things; but also includes links to the slide decks and podcasts of the existing talks! Now that's what I'm talking about! It's not perfect, of course - I'd like to have forums or comment sections for each individual talk, as well as an RSS feed so I can grab the talks with a podcatcher - but it's one heck of a lot more interesting than the Informatics main page. Well done, Katy Börner, and thanks to Justin Donaldson for the link.