Evidence open source project

I got a CodePlex project approved, whee. I'm pretty sure I must have grandfathered in since I submitted my request a couple of weeks ago - it's just an idea in my mind, not an actual project, and therefore it probably doesn't come under the latest requirements:

Most project requests that we approve have two or more project admins, two or more committed developers, and a recent history of active check ins, opened and closed work items, and at least one release. We sometimes make exceptions for individual project applicants (with or without code) who have a proven history of success in creating successful online development projects, or startups.

Uh, yeah, that's me all right. But, my project idea has to do with genealogy and collaboration; it's an attempt at raising the standards of online genealogical research. As I wrote on the project wiki:

The typical Internet genealogical researcher today works as follows:

1. Search on genealogy sites for published databases that have matches for someone already in their database
2. Copy the information to their database
3. Publish the database

So there's a lot of room for improvement. I'll write more about my ideas soon - right now I have to go figure out how one checks in code using Team System...

Drop me a line if you're interested in the project!

Credit card frauded

Crud! I got a call from MBNA to verify some "suspicious activity" on my credit card, and sure enough someone managed to get to their online banking site, use my account number to log in, change my address to somewhere in Maryland, and buy an $11,000 dollar computer from Dell.

Luckily Dell was on the ball and asked MBNA to verify the purchase, so the account will be closed immediately. Still, I wonder how they came up with the number? A little scary; but changing that account number is something I should have done years ago, as I use it for way too much stuff. (Which is exactly why I haven't changed it.)

When I called MBNA they asked for my mother's maiden name as verification. I bet that's easy to find - wonder if the online banking site used that same security?

Hopefully changing the account number is the end of it. Then I need to start splitting up my accounts: one credit card for online purchases, one for monthly charges, one for gas, etc. Be careful out there!

Death of NDOC

I caught the news first from Bill Wagner's blog that NDoc 2.0, the documentation tool for .Net developers, was losing its main developer and motivating force, Kevin Downs. (And incidentally, I never saw anything useful on either Digg or Technorati about it. Simple Google is still the best place to look.) Here's what Kevin had to say in an email that was quoted in dozens of blogs:

As some of you are aware, there are some in the community who believe that a .Net 2.0 compatible release was theirs by-right and that I should be moving faster – despite the fact that I am but one man working in his spare time...

This came to head in the last week; I have been subjected to an automated mail-bomb attack on both my public mail addresses and the ndoc2 mailing list address. These mails have been extremely offensive and resulted in my ISP temporarily suspending my account because of the traffic volume.

The standard line of bloggers has been, more or less: What a shame, what a loss to the community, why aren't these mailbombers contributing, that's what happens to open source projects.

It certainly is a big loss. But to be honest, I don't see it as a huge deal. Bill sees it as a problem with the whole open source software model, which I disagree with - I think the Asterisk project is one counterexample. The email, to me, has a bit of a defensive tone, like the writer's lost all his enthusiasm for the project and is looking for an excuse to get out of it. (I've sure been in that position, and it's got nothing to do with open source!) Is NDoc really that heavily used? Doxygen has the advantage of working with more languages, so it's my preferred tool, but I would think if there are that many people interested in using it, surely someone can step up as a new administrator, even if the project languishes for a while. And a mailbomb attack? Do those really still work? I would have thought any administrator would have been able to block some IP's and stop it. I guess it was the product of someone's bot army; but that brings up another point: anyone can launch a mailbomb or DOS attack. You can make one person mad online, even for a perceived rather than an actual insult, and the attack can come. If you're a small organization, you just have to weather the storm and move on.

I'm not saying Mr. Downs made the wrong decision; far from it. It's his life and his work and we should be grateful for whatever he is willing to donate to the community. But let's accept it and move on without getting huffy about it.

Oh, and maybe I better see if Doxygen could use any extra coders...

Customer Affinity and UI design

Martin Fowler discusses the importance of being attuned to the business side of software development. I especially liked this quote:

I've often heard it said that enterprise software is boring, just shuffling data around, that people of talent will do "real" software that requires fancy algorithms, hardware hacks, or plenty of math. I feel that this usually happens due to a lack of customer affinity.

I've heard this too, in spirit at least. and one of the reasons is that those people of talent don't believe that UI design is "real" software. Of course, the place you have the most opportunity to affect how the customers work and whether they enjoy your software is in the user interface. In the last few years, UI design has started to gain a little more respect in the community, but the fact remains that it is one of the areas of software design that really remains an art, rather than a science. What are your favorite sites for discussing UI design?

Finding holes in the process

Ever done a process review? It's one of those things that gets done, formally or informally, when a software company is trying to grow from small to large. In my experience, the most likely way it happens is, a manager or two or three get together and decide on some tool that they like, or have used before, and that they think would be useful for source control, or bug tracking, or building, and then they pass the edict down to the programmers: "Okay guys, from now on we use OnTime for all bug reports." The programmers nod politely and get on with the business at hand, and may even enter a few things into OnTime if they remember.

Ina few months, the managers realize that nobody's paying much attention to OnTime, and they go and bug the programmers. "Hey guys, let's use this bug tracker, ok? We paid a lot of money for it." The programmers start entering a few more things into OnTime, if they remember, but they grumble about it. Why waste time on this busywork, they think? The programmers aren't happy, the managers aren't happy, and communication is breaking down badly.

How do you avoid this? Don't just nod politely when the tool is introduced; attack it. Of course, if it's a tool you've not used before, you won't be able to see what any weaknesses are. But try to understand the workflow. Bug the manager until he makes it clear for you. He'll probably end up saying something like "Each bug goes from Entered to Accepted to Fixed to Tested to Released".

That's a pretty standard workflow. But now you can start to poke holes in it. Has anyone thought through the failure steps?

"Okay, so what if it's a bogus bug? I'm not going to accept it then."

"Hmm, that's true. Maybe we should add a Rejected state."

"Sounds good. What if Testing fails?"

"Umm, the test group should just set it back to Entered, and it can cycle through again."

"Okay, but what if that happens the week before the release? Do we need to put off the release until the bug gets fixed? Or can we hold off on it until the next release?"

"Ummm..."

Processes tend to break down around the failure points. If every bug took the path Find/Fix/Test/Release, software development would be very simple, and the workflow would be completely linear. But on every step of the line, it needs to be clear what will happen on a failure. Does it go back to previous step? Farther? Can we ignore it? A clear workflow with known failure paths will go a long way towards making any software project smoother.

Build part 3

Looks like the build is finally up and running, and we've completed a few builds that testing seems to approve of. I finally moved the virtual machine over to a machine with a decent amount of power behind it and that got things to pick up a little; but certainly we were far from the James Shore ideal of being able to download and build immediately...at least not after I implemented my idea of moving source code to a different drive so the C drive could be more easily restored if needed. It took quite a bit of time to finally dig out all the references to c:\Prosolv\build and replace them with environment variables!

But our mishmash of Ruby scripts is going again. We have our summer intern working on a new build process: he's evaluated various tools and chosen one called Visual Build, which we'll move to at some point, when he's declared it ready.

My friends Andy and Sushil have both just had babies. Congratulations, you guys!

Build machine still dragging

(Backstory here.) Came in the next morning; VS2005 is still installing. Curse. The bright side was, as I watched it, it switched from actually installing VS2005 to installing one of the CE framework packages that I really didn't care about. So, I spent some time unsuccessfully trying to get it to cancel out at that point, and eventually was able to get the machine to start shutdown, which allowed me to kill the VS install. How will that affect the machine, I'm not sure. So, around 9AM the machine started shutdown - then, the automatic updates kicked in. Thirty of them. Curse. So here it is, about three hours later, and just about half the updates are complete.

This is not a good circumstance when trying to get a release out.

The perils of slow build machines

We had a hard drive die on our build machine. Not to worry; as we learned from the rubber chicken source code should be buildable and shippable anywhere, anytime. But then, I don't have a great deal of trust in that ideal concept, so we decided to take advantage of the situation to create a virtual build machine instead of a real one. Here are roughly the steps I followed:

Install Virtual PC
Grab an existing hard drive image with Windows XP SP2 and copy it.
Install a couple of things on it; then attempt to install Visual Studio 2005.
It blows up with an error. Huh?
Try it again, same error.
Realize that the image is limited to 4 gigs, and VPC doesn't allow modifying the existing size of a virtual disk, as far as I can tell.
Curse.
Create a brand new image, and install XP SP2 on it. This process takes plenty of rebooting, and "Press Enter to continue" style dialogs; not to mention several hours just to copy all the files.
Install Visual Studio 6; hopefully it will be quicker and we'll need it for some legacy stuff anyway. Many more reboots, but eventually it's installed.
My boss comes by and asks how much longer it will be until the next build.
Curse.
Attempt to install VS2005 again. Many more reboots.
My boss comes by again and tells me he's arranged for a much faster machine with more memory. Cheer.
It's around 5:00 that day, so I decide to leave the VS2005 install running overnight, then I can transfer the virtual machine to the new machine in the morning.
Come back the next morning. VS2005 is still installing.
Curse.
It looks like it's nearly done, though. Hopefully it's within an hour or two of finishing and I can move it over to the faster machine.
Wait eight hours. VS2005 is still installing.
Curse.

I'll leave soon. Hopefully VS2005 won't take 48 hours to install, and I'll be able to get back to it in the morning. We're now at eight days without a new build. Curse.

Death of Agile

Jonathan Kohl writes on the value of pragmatism, as opposed to process zealotry, and asks what we think. Jonathan, I think you should enable comments on your blog :) But I'll do a quick post here instead. I'm not sure whether I agree or disagree. Absolutely you should use whatever works for your project; I have no issue with that. But I have a lot of trouble imagining a project where I would say, "In this situation, writing unit tests would be a very bad idea" or "It's clear that we should not have a daily build for this project. One a month, absolute max."

In other words, the point of agile processes are that they are good processes. You use them because they are unquestionably an advantage to your project. Maybe I'm a zealot. Is there an argument to be made against unit tests? To me, the whole zealotry issue comes across like saying, "Sure, I really like transistors, but hey, if vacuum tubes are what your stereo requires, you go right ahead and use them!"

Internship available

If you are a student in a computer-related field at an Indiana college and looking for a summer internship, drop me a line with a resume and I'll see that it gets to the right place. Prosolv is a medical software company in Indianapolis.

Podcast list

With basketball season finally over, I plan on updating this blog more often. I have a couple of series ideas in mind: first, I'm looking into presentation systems for 3D medical graphics; ultrasounds, for example, and I'm very interested in the Visual Toolkit (VTK). I've not been successful in importing any of our own sample DICOM sets yet, though, so I need to poke around and try to find some online that will work.

Second, I want to do a podcast review of the nine or ten podcasts I listen to regularly. I have a long commute, and I typically go to the gym over lunch, so I have a good three hours to listen to podcasts per day if I want.

I use Juice as my podcatcher, and an iRiver attached to the auxiliary input to the sound system in my car to listen to the podcasts. Here's an OPML of my subscriptions. In no particular order, they include:

Academic.net
HanselMinutes Mp3 Direct
QA Podcast
Polymorphic Podcast
Perlcast
Chris Pirillo Show
Software As She's Developed
Security Now!
Major Nelson
Channel 9
this WEEK in TECH
Congressman John Hostettler -- Capitol Update

Continuous Integration and Testing Conference

I'm planning on attending this free-form conference, Chicago, April 7th and 8th. Drop me a line if you'll be there!

Jump start new team members with code review

Here's another interesting article on code reviews.

Team Foundation Server

So Dave Bost gave a presentation on Team Server last night. It was pretty interesting; it was the first time I had really seen a Team System presentation that didn't focus on the different clients. He made it clear that he didn't want to discuss licensing, so I didn't ask the question that really was blazing through my head: why the heck do I and the thirty people in my company give a rip? Team System is for big people.

Anyway, Dave is the new developer evangelist for Indiana. It used to be Chris Mayo, but I guess he's moved on the other things. Dave, are you going to the Continuous Integration conference? Maybe I'll see you there!

There was also a semi-organizational meeting for a C# special interest group. I think that might be interesting, and we'll probably pull out the computers for the next one. A guy from the Advanced Visualization Lab was there too; their work might be relevant to some of the new 3D ultrasound machines that we're examining at Prosolv. Should be very interesting!

Volume texture DDS files

I had reason to try to create a Direct3D volume texture this week. This article gave instructions on how to do it, but I think it must have been out of date, because running the code they gave did not result in a DDS file that was loadable by the texture viewer. (I messed around with modifying the article, but then I had to register on the site, and blah blah blah) So I studied the header that was generated by the texture viewer, and eventually wrote this code:

#include <ddraw.h>
#include <fstream>
#include <D3d8types.h>

int main( int argc, char * argv[] ) {
  if( !argv[1] || !strstr( argv[1], ".dds" ) ) {
    fprintf( stderr, "Usage: noise output.dds\n" );
    return 1;
  }

  DDSURFACEDESC2 desc;
  memset( &desc, 0, sizeof(desc) );
  desc.dwFlags = 0x00801007;
  desc.dwSize = 124;

  desc.dwDepth = 64;
  desc.dwWidth = 128;
  desc.dwHeight = 128;
  desc.dwBackBufferCount = 64;
  desc.ddsCaps.dwCaps = 0x00001002;
  desc.ddsCaps.dwCaps2 = 0x00200000;
  desc.dwFVF = 32;
  desc.ddpfPixelFormat.dwSize = 0x20;
  desc.ddpfPixelFormat.dwFlags = 0x41;
  desc.ddpfPixelFormat.dwRGBBitCount = 0x20;

  desc.ddpfPixelFormat.dwLuminanceBitCount = 0x20;
  desc.ddpfPixelFormat.dwBumpBitCount = 0x20;
  desc.ddpfPixelFormat.
    dwPrivateFormatBitCount = 0x20;

  desc.ddpfPixelFormat.dwRBitMask = 0x00ff0000;
  desc.ddpfPixelFormat.dwGBitMask = 0x0000ff00;
  desc.ddpfPixelFormat.dwBBitMask = 0x000000ff;
  desc.ddpfPixelFormat.
     dwRGBAlphaBitMask = 0xff000000;

  unsigned int cnt = 
    desc.dwWidth*desc.dwHeight*desc.dwDepth*4;
  unsigned char * buf = new unsigned char[ cnt ];
  while( cnt-- ) {
    buf[cnt] = rand()>>7;
  }

  std::ofstream ofst( argv[1] );
  ofst << "DDS ";
  ofst.write( (const char *)&desc, 124 );
  ofst.write( (const char *)buf, 
     desc.dwWidth*desc.dwHeight*desc.dwDepth*4 );

  return 0;
}

To be a really useful sample, I need to replace the flag values with constants...I need to figure out what they are, first, though!

Honestly Subjective Performance Reviews

(Thanks Lasse.) Corporate performance reviews are for the most part a waste of time. At my last job, I worked with the same set of peers for around four years, and we did peer reviews on their anniversaries. The first year, I tried to provide constructive feedback on how I thought people were doing, what they could do better, etc. The second, third, and fourth years, I had no idea what to write. Reiterate what I wrote the year before? Try to comment on what they were doing better than they did last year? I didn't have a clue. Once (with a really cool boss) I wrote my evaluation as a limerick.

This article discusses what's wrong with reviews, and how they can be better. First of all, just bail on the idea that reviews can ever be objective, any more than journalists can. Then focus on the future, not the past. It's a very agile idea. I'm excited about the future of work. I think corporations of the 21st century can work so much better. But how many companies are willing to give it a shot?

Coding Standards and Reviews

At the IQAA on Thursday, there was a good presentation on coding standards and reviews. I've always had a strong sense that code reviews were important, but I've never actually been to a code review that was worth the time it took. My current job has a standard requirement that all code should be reviewed, though, so I've sort of been casting about for a good style of review. Ed Gibbs has thoughts on the subject; so does Macadamian. But I definitely thought that as far as my company was concerned, Robert Bogue's talk got to the heart of what a code review should be. Not that we'll actually change our process, of course, but at least I'll have some talking points when the subject comes up :) (I'm a touch underutilized in my company, I feel. I have to persuade rather than insist. Maybe after another year or two.)

So here is what I took away as the most salient points:

1. Code reviews should not be painful. Bring cookies; have balloons.
2. Code reviews should have a point. Don't just bring everyone in and show them the code. Then they all say, "um, sure, looks good." Have points of emphasis; exception handling, say, or readability.
3. It's OK for junior developers to comment on senior developer's code. I'm still groping on this one; not that I ever thought that they shouldn't, but the question is more, how do you get them to do it? I've known developers that come to code reviews, sign all the forms, but then don't ever say a word about the code. I brought the question up at the time but didn't state the issue as clearly as I would have liked.
4. Code reviews and code standards are related. This one had never occurred to me before, even after, at my last job, I wrote a short article called, "How to get your code past a review". Now I realize that that document was actually a coding standard. I think we've got a coding standard around somewhere at this company, but I'm not sure where it is. I'll probably resurrect it at some point.

So it was definitely a learning experience for me, and hopefully a springboard to learn more about the subject. Mr. Bogue has a blog as well, subscribed!

Yahoo! Patterns

Wow, this is a handy little pattern library. (Thanks to Grady Booch.) I'm spending more and more time with Yahoo these days, for stock updates, Yahoo! Answers, Flickr, and other things. A good sign for them, I guess.

The irrelevant Joel Spolsky

For a guy who has written so much good stuff on software development, I think Joel is falling behind the times. His latest post talks about not being able to find an online calendar that he likes, which is fine - I don't think anyone has, yet - but then he uses that as a springboard to decry the new software technique that he refers to as, "Ship early and often".

I did a web search for that phrase to find an alternate viewpoint, and Joel is already in the top three sites for it; he's quite an influencer. But he seems to have a lot of disagreements with the techniques of agile programming, which includes this technique, there referred to as "Frequent Releases". Joel - and the article I linked - claim that releasing half-baked software isn't a good idea; true enough in itself, but I'm guessing that the calendars he checked out weren't buggy, bugs are bad things and no one wants to use buggy software, but that they simply didn't have all the features he was looking for. Releasing a calendar that has actual business value isn't releasing half-baked software; it's getting something out there that people can use, evaluate, give feedback on. It's a starting point for a conversation with the users. Look at Flickr; the most popular photo-sharing site on the planet started its life as a game tool, and evolved into its current incarnation by listening to the users and giving them what they want. That's how you create software.

"But", Joel says, "I'm not going to look at 30 Boxes again -- I've spent enough time evaluating it." He won't be back to see next week's version, or even next year's. (I wonder what calendar program he'll be using in the meantime?) I suspect he says this as a recognized authority on good software, in the belief that if he doesn't like it, it's probably not much good. That's probably true, too, but, there are one heck of a lot of other folks out there. They have blogs. They write about stuff they don't like too, and they also write about stuff they do like, if not nearly as often. I didn't look at any of these Ajax calendars at all, myself. But eventually, I suspect, one will turn out to rock the world, and at that point it will be all over Technorati, Icerocket, Memeorandum, Tailrank. At that point I won't care about Joel's opinion of them today. Joel probably won't either. When one of them wins out, he'll know by word of mouth, as we all will. Two or three of the others will have fallen apart by then, spending too much time writing features that no one wants, not getting anything released out on their website, not getting any buzz. And that is why, if you're writing software today, you should release early, and you should release often.

Generics at user meeting

I went to the Indianapolis .Net User Group meeting last night. They advertised Generics as the topic, and since I really didn't know anything about them, I was looking forward to it.

It turned out to be more interesting as a group dynamic than as a presentation. As a presentation, what I gleaned was that, from a user's perspective, generics are precisely identical to C++ templates. You declare a variable of a type that takes generics, and drop the specific type after the type name, in brackets: ArrayList foo = new ArrayList. Or you declare your own class and declare a after it to create your own generic.

From an implementer's standpoint, they're pretty darn different from C++ templates, as you might expect. And working out exactly what those differences might be engendered more discussion from the group than any topic I've yet seen. People were interested in how they were implemented, whether they would really avoid boxing, whether it was done at run time or compile time. There appeared to be two or three people who really knew their stuff, too - they were discussing what the IL that was generated looked like and that sort of thing. By the 45 minute mark, I was pretty sure that I was in for a two-hour or more night.

But amazingly, the entire presentation couldn't have been more than 35 minutes. Add in 25 minutes of discussion and the whole thing would have been over with before seven with plenty of time to draw door prizes and be out of there by 7:30.

But I don't know if that's what happened or not. The Q&A period was still going strong at 7:05 and I decided to bail. I hope my ticket didn't win a new car or something :)