The average user

Last night I went over to my neighbours house. He was at our house about a week ago, picking up his son who was visiting my 7 year old. Anyway he mentioned that he had saved some pictures from his digitial camera to his computer. He was trying to get them from his computer onto some blank CDs he'd bought but was having problems and getting errors. He'd heard that I know about computers and asked if I'd drop by his house and take a look.

So I went over yesterday evening. He'd been trying to burn using some Nero software or something. I stepped through the wizard with him and confirmed that it didn't work. All I did was show him how to burn his pictures to CD directly using the Windows Explorer. The burn stuff that comes free, built in with XP, is not at all bad with an acceptable enough wizard. And it worked fine and he was able to save his pictures to CD successfully. So he basically paid for this junk Nero thing that didn't work when XP already has what he needed. He'd had the computer for over two years and until last night had not been able to save to CD successfully.

So that wasn't too bad. It only took about a half hour to get his pictures burned onto CD. Most of that time was spent training him so he could do it himself the next time when I wasn't around.

All done right? Not quite. He mentioned that his computer was starting slower and slower and he was getting these annoying pop ups. Could I look at that too? Hmmm. So anyway it was not a good scene.

• his IE start page had been changed on him to some Oemji crap
• there was some garbage IE "search" toolbar
• he was at XP SP1. He wasn't receiving automatic updates
• his firewall was not turned on
• he was getting billed every month on his credit card from classmates.com and wasn't able to cancel it
• he was getting these popups every few minutes for some junk or other
  

The very first thing I did was download and install Firefox. Then I could at least have a usable browser that would bring up Google successfully without being redirected.

From there I was able to squash Oemji (there was all kinds of it), fix his IE start page, get rid of the unwanted junk toolbar, squash the periodic popups, stop the scam "spy scan" program that ran at startup. Then I put on the Google toolbar - he'd had all kinds of problems with popups in IE. I also put him on windows automatic update (not sure how it got turned off), so hopefully he'll get SP2 shortly, and turned on his firewall.

For the classmates.com thing I told him to just call his credit card company and cancel the preauthorization with them. Don't bother trying to figure out how to cancel with classmates.

So all this extra stuff took a couple of more hours, not the most enjoyable way to spend an evening. Anyway he's kind of handy so I'll have a favor to call him for where I can use some of his skill in the physical world in exchange for the big electronic favor I did him.

I strongly hinted to him that he should switch to Firefox. I've been using Firefox for over two years and during that time my start page has never been changed on me, no unwanted toolbars have ever appeared, and there's never been a popup. I can only hope he took the hint.

He showed me the bill of sale from the computer. It was from a prominent local dealer, the ones who advertise on the radio all the time. I was highly unimpressed by what I saw. They charged him over $2000 for a mediocre system. It was basically a white box clone, not tier one. Also I noticed his CD player was an HP. I doubt it was brand new since the dealer could surely have bought a clone CD player cheaper - does HP even sell CD/R direct to small shop vendors? So it was very likely a used player cannibablized off some other HP system.

Still one more thing. At one point he took his PC back to the dealer about the inability to write his pictures to CD using Nero. The dealer gave him some mumbo jumbo tech talk he didn't understand, charged him $200, and didn't even fix it. The only difference before and after taking it in for "repair" was that he was out the $200.

I wonder what would happen with my neighbour if he had a leaky faucet, then called a professional plumber to come over to fix it. I doubt he'd pay that plumber $200 if he left his house without actually fixing the faucet. Yet that's just what he did with his PC.

It's a shame because for what he paid he could have had a Mac or a nice Dell workstation. Instead he got a white box clone that for two years didn't even write his pictures to CD, which is what he bought it for. I felt a bid bad for him for what he got for what he spent. Maybe if they didn't have so many radio ads their prices could come down some.

I'm pretty sure that most computer users are around his skill level. I'm also pretty sure a person who has only basic tech skills and knows how to use Google could make an OK living doing what I did, coming into people's houses and fixing IE start pages. Not that I would want to do that for money, no thanks.

The problem with doing it for money would be that you would go in and fix all the stuff, then two months later the user would be calling you saying that their IE start page has been changed again, the popups are back, and they're getting redirected off Google. Except when they call you back they'll say it's your fault and want you to come and fix it again, this time for free. So no, I'll stick with professional programming.

One thing I found interesting was my neighbour could not understand the difference between the Google start page and the IE address bar. He couldn't understand what the address bar was for or how it was different than typing something into Google. I tried to explain that the address bar will go straight to the site you want. But he just wasn't grasping it, I guess it is a subtle thing to many users. When I started his IE last night, the address bar wasn't even turned on.

What he likes to do is use Google as his IE start page. From Google he just types what he wants, then clicks the first link in the results. So if he wanted to go to Ebay, he would type ebay.com in Google, then use that to get to Ebay.

I once read that people go to Google, then type amazon.com and click through from there to Amazon. A guy from Google said he couldn't understand why people do that. I've now explained here why. People either have their address bar in IE turned off or pushed to the right, or don't know what the address bar is or how to use it. So they use trusty Google as their default IE start page, then type in where they want to go then click through from the Google results page. I can't imagine how much money Google must be making off selling that top link in the results. I can tell you that probably most users don't realize it's a sponsored link.

More Python

We're doing some stuff at work where we need to get the Base64 encoding of the SHA-1 hash of a password. Here's how to obtain it in Python


import sha1
import base64

print base64.encodestring(sha.new('password').digest())


That's it. One line of code. No download of 3rd party. No worrying about licensing or purchasing something.

Try it in C or Java. In Java the JDK sees fit to provide neither SHA-1 or Base64. So write your own or try to download or purchase something.

In C there's RFC 3174 for SHA-1. You can try to get it to compile on your system and get it into your build. Have fun with that, I did a couple of years ago. Like Java, you'll have to thrash around the Internet for Base64 or write it yourself.

Compare all that hassle with C/Java, compared to one line in Python using built in components. Python is just better.

Value of JUnit?

I just wrapped up my part in a project which has now gone into testing. It went pretty well. I didn't do any JUnit stuff. I haven't done any JUnit in more than a year.

I actually like JUnit. It's a good way to generate automated tests. It is pretty easy to learn and use. So if there was more time then I'd be motivated to use it.

What should you do if there isn't quite enough time for JUnit? Don't get me wrong, I test and the code I write tends to have a low defect rate.

JUnit is kind of the "formal" test for the code. This type of test is a permanent type of test involving planning, source control of test code, potential peer review, ongoing maintenance. So there's overhead involved.

For me, JUnit is the third level of testing. The first level is to print the code after I write it, then go over it carefully looking for errors. I find most errors through this static self inspection. For schedule reasons we don't do peer review, which is unfortunate because I am a fan of peer review.

The second level is informally running the code. Create a scratch J2SE client program that exercises the new code. Or click on the screen that will invoke the new code and check that it works as expected. The important thing is to exercise the new code in scenarios that are as close to possible to how it will be invoked in production. This will give you confidence that the code will be OK in black box integration testing.

The third level is formally testing the code within a controlled environment like JUnit, where the formal tests go into source control and are maintained along with the actual code.

So the JUnit level is basically a formal retest of code that you know works. My experience has been that the effort for levels 1 and 2 (static code inspection, informal scratch testing) is a fraction of that required to do JUnit. So it is possible to ship robust, tested code without requiring the overheads of JUnit. So focus on checking your code and scratch testing, and only do the JUnit at the end if there is time.

An issue I do have with JUnit is that it tests code in unrealistic scenarios that will not happen in production, while missing scenarios that will happen in production. Earlier this year, I was team lead on a project. This project involved a Tomcat WAR that processed a formatted URL and sent a message over JMS to a J2EE server that invoked an EJB call that did a bunch of stuff. The code was written and ready to test.

The developer responsible for that section wanted to set up JUnit for the different pieces. I said don't bother with JUnit, do an end to end test instead. Set up the components, invoke the Tomcat URL, and verify from the database and the logs that it works end to end. Well he did what I asked, then he spent several days sorting out deployment issues, permission issues and glitches between the components. But he got it working and it worked when we went to production. We never did do the JUnit for that, and I'm glad we didn't. The issues the developer found would only have been uncovered by doing an end to end test of the running system. If we'd done JUnit instead, we would have looked bad as the problems would have been found by the test team.

In my opinion the bulk of value in JUnit is for refactoring. It's also valuable for automated test of working code. The automated test is basically a form of refactoring test. You take something that is verified to work with JUnit. Then if someone inadvertantly breaks your code by changing something you call, then the automated test will catch it. But code has to exist and work before it can be refactored. And refactoring of new code generally only happens after the current project ends. Also let the person doing the refactoring absorb the cost of JUnit, since he is the one who benefits from it.

My observation is that there is no link at the individual level between use of JUnit and defect rate. Some mediocre developers are JUnit fans, yet it doesn't seem to improve the quality of code they produce. Some developers write lots of good, low defect code while spending little time on JUnit.

My theory is that strong developers will write good code and if they do JUnit then they'll do a good job of that too. But for the good developers the JUnit is not really necessary as the code is high quality regardless. On the other hand, weak developers will write mediocre code. The JUnit will be of similar lower quality and there will be more defects regardless of how much time they spend on JUnit.