Finding More Than One Worm in the Apple

As demonstrated, this vulnerability wasn’t a result of insufficient system testing; it was because of insufficient unit testing. Keith Ray himself wrote a “Testing on the Toilet”8 article, “Too Many Tests,”11 explaining how to break complex logic into small, testable functions to avoid a combinatorial explosion of inputs and still achieve coverage of critical corner cases (“equivalence class partitioning”). Given the complexity of the TLS algorithm, unit testing should be the first line of defense, not system testing. When six copies of the same algorithm exist, system testers are primed for failure.

via Finding More Than One Worm in the Apple – ACM Queue.

Why We Should Build Software Like We Build Houses

Architects draw detailed plans before a brick is laid or a nail is hammered. Programmers and software engineers don’t. Can this be why houses seldom collapse and programs often crash?

via Why We Should Build Software Like We Build Houses | Wired Opinion |

This analogy made me laugh because software doesn’t have to fight gravity or -20F temperatures or whatever else planet Earth has in store for a physical structure.  The gist of this article however seems to be that every software project should start with and needs a solid foundation of requirements.  Shout out to system engineering!

Update:  Here’s an interesting comment from slashdot and a shout out to awk.

If builders built houses the way programmers built programs, the first woodpecker to come along would destroy civilization.
Gerald Weinberg

Trivia: Gerald Weinberg is the “w” in awk. Sadly, things haven’t changed much since back when.


Research discovery could revolutionise semiconductor manufacture

Instead of starting from a silicon wafer or other substrate, as is usual today, researchers have made it possible for the structures to grow from freely suspended nanoparticles of gold in a flowing gas.

via Research discovery could revolutionise semiconductor manufacture – Lund University.

The structures are referred to as nanowires or nanorods. The breakthrough for these semiconductor structures came in 2002 and research on them is primarily carried out at Lund, Berkeley and Harvard universities.

Wall Street and the Mismanagement of Software

It’s clear that Knight’s software was deployed without adequate verification. With a deadline that could not be extended, Knight had to choose between two alternatives: delaying their new system until they had a high degree of confidence in its reliability (possibly resulting in a loss of business to competitors in the interim), or deploying an incompletely verified system and hoping that any bugs would be minor. They did not choose wisely.

via Wall Street and the Mismanagement of Software | Dr Dobb’s.

What is needed is a change in the way that such critical software is developed and deployed. Safety-critical domains such as commercial avionics, where software failure could directly cause or contribute to the loss of human life, have known about this for decades. These industries have produced standards for software certification that heavily emphasize appropriate “life cycle” processes for software development, verification, and quality assurance. A “safety culture” has infused the entire industry, with hazard/safety analysis a key part of the overall process. Until the software has been certified as compliant with the standard, the plane does not fly. The result is an impressive record in practice: no human fatality on a commercial aircraft has been attributed to a software error.

Building QuickBooks: How Intuit Manages 10 Million Lines of Code

As the manager with primary responsibility for build management, Burt has supervised the construction of automated systems that perform continuous builds and continuous integration. The systems incorporate tools for testing, version control, and scheduling.

via Building QuickBooks: How Intuit Manages 10 Million Lines of Code | Dr Dobb’s.

Most of all, the key to managing a large project was automation. “We automate everything that can be automated,” says Burt. “The tools make a huge difference. We maintain all the different versions of QuickBooks, on all our supported platforms, with about 60 code-writing developers. We couldn’t do that without automation.”