Older blog entries for elanthis (starting at number 359)

Io Language

Next up on my the language tour is Io, a tiny interpreted pure-OO language. Io is small, really small. Lua is a bit larger, actually.

Io has some admirable design goals. From the front page of the Io website:

Io is a small, prototype-based programming language. The ideas in Io are mostly inspired by Smalltalk (all values are objects), Self (prototype-based), NewtonScript (differential inheritance), Act1 (actors and futures for concurrency), LISP (code is a runtime inspectable/modifiable tree) and Lua (small, embeddable).

I can definitely feel the impact of those languages on the design of Io, Smalltalk especially. Everything is an object and all operations are simply messages (methods) sent to objects. Then syntax is just a little foreign for a C weenie like me, but it’s not too far out there, and is something I could get used to quite quickly; it’s not anywhere as foreign feeling as Objective-C, which I feel is a disgusting monstrosity of language design gone wrong. (Seriously, use SmallTalk, or use C. Don’t even get me started on Objective-C++. That language is God’s punishment for the Sins of Mankind.)

I downloaded and built Io, and started working at getting a sample project up and running. Io is a minimal language, so addons are necessary for a lot of things, such as networking. That’s where I hit the snag - the Sockets addon appears to be wholly undocumented on the Io website, and looking at the list of available methods is leaving some questions. Searching around on the net for examples isn’t bringing much up. Io is not really in use for any large production apps yet, so it’s still got a lot of rough edges in the documentation and examples areas.

Like I said with Pike, life is too short to deal with that sort of thing. I’d love to give Io a spin, but not for the project I’m on now. I’ve bookmarked it and plan on taking another look at it in 6-12 months on my next project. Maybe it’ll be ready for some serious use then; the development is active and the community seems fairly healthy, so I expect it’ll grow up pretty quickly.

Syndicated 2007-12-05 21:04:01 from Sean Middleditch

JewelScript Is No Jewel In The Rough

I decided to look up some non-mainstream languages before moving on the list of Big Popular languages I wanted to try for this new project. I took a look at a few that were outright unsuited, and then found and spent some time looking at JewelScript. Like Pike, JewelScript is an interpreted OO language with a syntax very reminiscent of C/C++.

JewelScript has a lot of nice features. The syntax is familiar, but the addition of coroutines and a ‘var’ type in addition to the static typing make certain classes of application a lot easier to write than C++ does. Unfortunately, JewelScript also seems to be so heavily based on C++ that some of the painful parts of C++ programming are firmly a part of JewelScript programming.

The biggest turn of here is the reference system. In JewelScript, all variables are copy-by-value, just like C++. If you want two variables to refer to the same object, you must declare one of the variables as an explicit reference to the other. That’s not so bad, really, until you get to function arguments. Just like in C++, you end up having to declare many function arguments as references solely for performance reasons, and not because the argument actually needs reference semantics. Also just like C++, that can result in programming errors, so JewelScript has a const reference type, which is a slightly different set of semantics but at least allows you to get decent performance without opening yourself up to programming mistakes.

Really, though, if I felt like declaring 90% of my function parameters with a logically unnecessary const and an equally unnecessary & just to work around the performance problems of the language design, I’d have stuck with C++. JewelScript could potentially fix this behavior with the simple addition of copy-on-write behavior for objects and other “fat” datatypes. That gives the programmer the full performance benefits of a const reference without the overhead of manually declaring const references when copy-by-value semantics were what they wanted in the first place.

JewelScript also lacks a comprehensive standard libary. That’s fine in many respects, but that coupled with a too-C++-like language design make it a poor choice for my project. However, anyone looking for a language to embed in C++ that offers a very familiar syntax, JewelScript might be just what you’re looking for.

Syndicated 2007-12-05 18:18:08 from Sean Middleditch

Passing on Pike

I’m starting a new project, and I decided to give the Pike language a try. It looks like a nice language for an old C/C++ hold out like me. Statically typed but still pretty flexible, very C++-ish in syntax, has a decently sized standard library, and not too slow for an interpreted language. Bonus points for having implementations of a ton of application network protocols in the standard library, including the ones I needed.

Sadly, it just isn’t meant for me. The language debugging facilities are atrocious. If you thought C++ template instantiation errors were hell, you’ll not be too pleased with the average Pike backtrace or compilation error. It gives way too much information about things that don’t matter and nothing useful on the actual error itself. For example, if you pass the wrong argument type to a function, you’d expect something like “Argument 2 (client) expects string, got int.” Instead, you get a huge line detailing the entire signature of the function, and then a second line detailing the entire signature of the function call, leaving you to scan through and find the differences.

That wasn’t going to sour the deal for me, though. I’m used to C++, so huge and nearly useless error messages are something I can deal with. Forging on, I found some oddities in the standard library that are just not working out well for me. For example, the String type includes a trim_all_whites function. Why isn’t this trim? Extra typing is half the reason i wanted to avoid using C++ itself. The HTTP implementation forces a ton of extra string copies all over the place. The TELNET implementation is one of the most akward protocol handler classes I’ve ever seen, plus it seems to be rather buggy. These are all relatively minor things. Silly function names I can learn to live with, and it’s not like I’m not up to writing an HTTP or TELNET protocol handler that more closely meets my needs.

The real kicker, however, are the total lack of certain features… or possibly just the lack of documentation on using those features. The official Pike documentation is almost entirely lacking in examples, many functions and classes are undocumented (some of which have a nice Fixme comment in the docs, while others are just blank), and I simply can’t figure out how to do some things that I’d really expect out of a language like Pike. I’m fairly sure Pike can do them, I just can’t figure out how.

Life is too short to spend a ton of time trying to figure out undocumented features of a language, so I’m passing on Pike for now. It’s a shame, because I like the Pike language itself, I just am not willing to deal with a idiosyncratic and partially undocumented standard library if I don’t have to.

There are some other languages that are on my list of Things To Try, so I’ll report back on those when I get the chance to play with them a bit.

Syndicated 2007-12-05 07:50:50 from Sean Middleditch

Irritating Java Environment

Debian/Ubuntu has what I think is pretty dumb Java environment.

Basically, jar files are not automatically found in /usr/lib/java/ and JNI libraries are not automatically found in /usr/lib/jni, requiring you to create a goofy little shell script for every Java app you write that sets these things if you need them. Any Java app that uses external JAR files or JNI files (.e.g., SWT) is instantly made non-portable by the fact that you have to set weird system-specific path settings instead of just being able to run java -jar myapp.jar.

The justification for this seems to be, “well, users might have multiple JVMs, and /usr/bin/java alternative might not be set to the most complete/featureful one, and since we only support software packaged officially for Debian**, we just recommend that packagers include scripts that set the specific JVM and classpath and so on they need, and never ever use the essentially useless /usr/bin/java command.”

Here’s an idea: make /usr/bin/java a system wrapper around the chosen alternative that automatically sets things up so the required JAR files located in the manifest of apps are found without the Debian-specific paths and so that the library search path is set so the Debian-specific /usr/lib/jni path is used for loading JNI shared objects. Then shit will actually work. For the users who set their java alternative to point to some incomplete or non-functional JVM, tell them to kiss your ass and install a JVM that will actually work.

** And this, folks, is still the #1 usability killer in Linux. If it isn’t part of the pre-selected set of almost certainly out of date software packages shipped by the specific version of the specific distribution you’re running, the software is a complete and total bitch to install and use, even when that software happens to be something designed from the ground-up to be portable between distros (or even OSes) in binary format. Packaging systems, for all their benefits, are to many non-technical users just one gigantic artificial barrier to ease of use. The Microsoft software installation model, for all its flaws, actually freaking works when it comes time to install something released after the OS install CD you have was shipped. Linux is the easiest OS in the world to use, so long as you only use it for the things the distro package set says you can.

Syndicated 2007-12-03 03:50:07 from Sean Middleditch

Security Hole of the Day

So a major games site many of us geeks might frequent has a fun security hole. I couldn’t remember the login for my account, but whenever I failed entering the right email and password combo, I noticed it set a ?login=false query parameter in the resulting URL. Sure enough, changing the false to true results in my being logged in, with a user that has a blank name (”Welcome, !”) and no email.

The worst part is, I have no way to login other than using said hole, since there is no “forgot password” link or any other way that I can possibly figure out to get into my account, so I had to make a new one (which is free, just validates email). I suppose it’s not that serious of a problem since user accounts really don’t do anything critical other provide marketing details to the company and allow forum posting, but I’m still pretty sure that they don’t want people bypassing their “subscriber only content” restrictions.

The site isn’t even written in PHP, I think. The URLs don’t give any indication of the language, but I vaguely recall seeing ASP-ish traceback errors a few months ago when something else was broken on the site. The Good Samaritan part of me wants to kindly inform the site operators of their blunder, but given the lawsuit happy and technologically ignorant business types running things in many companies, I’d probably just get a felony charge for “hacking” for my effort. :/ So instead I just hope they realize it on their own, fix it, and maybe add in that “forgot password” link in the process - I liked my old username a lot better than my new one.

It could be worse, I suppose. One of the sites I got to clean up last year, aside from its bazillion other horrendously broken design points, with its code comments all written in (broken) Portugese, did the classic ?admin=true authentication check. At least it wasn’t a JavaScript routine with the username and password stored in the HTML.

Syndicated 2007-12-01 05:29:17 from Sean Middleditch

Apartment Found, FLOSS Work, Language Design, Rambling

Apartment hunting is over already.

Looks like I’ll be living in Aspen Chase, off Golfside between Clark and Washtenaw, right next to WCC and US-23 and I-94, plus right near all the cool shopping places and restaurants and Ann Arbor.

I move in at the end of the month. Thinking about throwing an apartment warming / alcohol cabinet stocking party sometime in early-mid January.

So, now I need to ratchet up how much or work (or where I work). I’m also really interested in getting back into FLOSS work. I’m digging through some Ghostscript bounties (two birds, one stone) and seeing if there’s anything a newcomer to the project without much 2D compositing experience can tackle. A few looks like applicable.

After that, I’m unsure. My three biggest favorite things to work on are games, low-level infrastructure and language tools, and usability. FLOSS games are not much interesting to me; I’m not sure why, but for some reason Open Source just doesn’t seem to be working so hot for game projects as it does for everything else. Possibly because artists/designers/musicians aren’t as into the Give It Away For Free thing as programmers are.

So, for low-level stuff, I was at first thinking X and drivers. Then I’m thinking that that tends to be a pain without a second set of hardware, plus the chance of breaking hardware (hopefully rare, but still a possibility, as I’ve heard), and I don’t really have the cash for spare hardware, graphics cards, etc. and I need this one machine to continue working perfectly so my regular job. So maybe that’ll be an option down the road when I have more spare cash.

That pretty much leaves general desktop app work, or work on lower-level desktop code like HAL or D-BUS. Now, while I’m a GNOME fan of their desktop design, I actually really dislike their underlying frameworks. I mean, OO in C certainly works, but… damn is it ugly. Writing desktop software is a very high-level thing to do, and really would be better with a high-level language. Sadly, C# is dead for political reasons, C++ isn’t really all that great (but it certainly blows C out of the water - compare the pleasure that is the Qt API to the glib/gtk API), Java might very well become a good choice soon what with it being Free and IcedTea coming along, but then I’m not a huge fan of Java (C# is Java “done right,” but see afore-mentioned political issues), and so on. Vala looks like a fun projects (language design, low-level framework… my favorite areas) so I might look into that very soon. I’m specially not fond of how it just translates to C (there’s several very good reasons why C++ no longer does that), so maybe giving it an LLVM backend would be spiff, plus I’ve really been wanting to play with LLVM anyway. Actually, working on the clang frontend for LLVM is another option.

There is then always the part of me that just wants to do something new and exciting, but that’s… difficult. Not so much in writing it, but finding something new and exciting and actually worthwhile. I mean, doing all the web work I do, I’d love to have a langauge dedicated solely to doing web work. PHP, Java, C#, Ruby, Perl… all of these are extremely general-purpose languages that have libraries for working on the web, but they still make things more complicated than you really need. (Ruby on Rails does purportedly make things very easy, but then, you’re not so much coding Ruby as you are in a specialized dialect built on top of Ruby - plus, having hacked on the Ruby interpreter in years past, I’m not a fan of the underlying technology, unless Matz and co have done some serious work on it in the last few years… maybe I should take a look.) Really, 90% of what a web app does it spit out HTML and run SQL queries. Those two things should be SUPER easy and the easiest way to do them should also be both the most efficient and the most secure way to do them. Just makes sense. I have ideas on how to do this, so it’s tempting to write mod_languagethatdoesnotsucklikephp… but that gets back to whether the project would really get used much and really be worthwhile or just be yet another niche language used by three people in tiny projects nobody’s ever heard of.

I’m equally tempted to do a more low-level language. D is a neat language, but the design is a little… fluid. Plus its standard library sucks, and of the two competing projects to write a new one, both feature new ways of sucking as well as little chance of ever actually being “standard” (not that anything in D is standard, since its just a dump of whatever features the lead developers think is cool at the moment). I like C, I really do, and I really hate the way that C# and Java force OOP down your throat even for things that aren’t best modeled by OOP, or for things where their object model is not quite the best fit. It would be nice to do C with an enhanced type system that makes OOP possible and easy, but makes other styles of OOP also easy, as well as providing much better high-level data structures than the way C++ does things. Basically, I’d like a language that has high-level features, but also allows low-level programming, unlike Java or C# which put everything on their custom managed runtime. To be completely honest, neither Java nor C# really helps all that much with being portable except for trivial programs, and the security benefits of managed runtimes aren’t nearly as useful as advertised except for applet-like situations (seriously, it’s not really that much harder to write secure code in C than in any managed language, from Python to C# - buffer overflows and other memory-address-based attacks are less likely, but that’s hardly the sole kind of security hole around). But still, there are a bazillion “a better C/C++” projects out there, and even if I do make The Best(tm), how useful is that really going to be in the grand scheme of things?

It thus seems best to focus on something that people will actually use, instead of yet another quasi-academic intellectual-masturbation sort of project. GNOME and LLVM are my top choices. LLVM is a little more up my alley, but GNOME work can be fun. It’s been years since my last patch to GNOME, too. Maybe it’s time to rectify that sad fact.

Not seeing any of that likely until January, though - need to earn some raw cash now and get ready to move into said new apartment in a month. My rent will be going up by $325/month, plus I won’t be splitting utilities or Internet anymore. Yay fun.

Syndicated 2007-11-30 22:23:53 from Sean Middleditch

Apartment Hunting

My lease is up in a few months, and combined with some general life-style differences with my roommate (who is not a bad guy in general, we just have some vastly different habits), I’ve decided it’s time to start looking for a new place to live.

I’ve decided to try moving out on my own, which will be a first for me. I lived with my parents, then with a roommate, so having a place all to myself will be quite new. I have a feeling I will get massively bored very quickly.

Granted, the apartment I’m currently aiming for is also in the middle of Eastern Michigan University campus, and we’ve already met a number of attractive young ladies around my age living in the area, so maybe I won’t be _that_ bored. :)

The real kicker though is going to be rent and utilities. My current apartment is only $550/month, and I only pay half of that. I also only pay half of the utilities and Internet access. Anyone who’s done a move-out knows that reducing the number of people living in an apartment does not result in an equivalent reduction in utility costs, either. When I moved out of my parents’ house, their utilities bills actually went up - you’d figure the removal of 3-4 computers would have brought a signficant drop.

So, I’m looking to be spending some $550-$650 per month in rent, plus around $100/month in utilities, plus another $30-$50 in Internet access, plus I won’t be able to bum groceries off my roommate anymore. This is going to get expensive, quick. I’m going to need to work on my finance management quite a bit, if this year is any indication.

Being self-employed (although I’m really only working for one guy, I do so as a sub-contractor, not an actual employee) I have to pay the employer’s share of taxes, as well as find my own health care, and I don’t get any 401k or anything. This year I made $14k more than last year. However, for the last two years running, I managed to increase my total savings and stocks by $6k and $4k, but this year I managed to increase it only by a grand total of $361.00, and I’m actually going to be short in my taxes fund come Winter tax time, so that’ll turn to a negative in about a month. I am somewhat boggled as to how I managed to spend around $18k more this year than last year. I mean, a few years of that kind of money saved could buy me a decent house. In cash.

Somewhere in the back of my head I know where all the money went, but trying to put it into a list of things I can cut is being rather challenging. Rent and groceries ate up about $6k of it. The trip to Japan last Spring ate up another $2k. The damn Wii and Wii games probably took up another $1k, and movies and books ate up another $2k. The rest probably went to eating out so often, since I only know how to cook one meal and, while it is my favorite, it’s not something I really want to eat every day, or even every week for that matter.

So, for the upcoming year, aside from finding more/better work, I need to cut back my spending. And that’s after taking into account the fact I’ll be paying more than twice in rent and utilities soon. I need to start cooking at home more often, that’s way cheaper than eating out at expensive restaurants every morning, lunch, and dinner. That should be relatively easy to start doing. I need to spend less on entertainment, which I guess I could replace by getting involved in Open Source stuff again, or maybe just hanging out with people more often doing things that don’t require buying stuff. Maybe I could stop bitching about FLOSS software issues and start working on it more often again. (I started writing a patch for PCRE for a bug I filed, but of course I picked something that requires extensive internal changes to the system, and isn’t really a best first patch for someone who’s never worked on the codebase before - why do I always bite off more than I can chew? Oh well, at least I’m learning how PCRE works very, very quickly.) I’m planning another overseas trip, so that expensive will be back, but this time I can hopefully not spend nearly as much.

Unfortunately, looking at it, all of the “low hanging fruit” in my budget is going to add up to about the same amount as the additional rent and utilities I’m going to be paying. At best, unless I start making more money, I’m going to be stuck at the end of next year with no additional cash in savings. And that won’t work for me - I really wanted to have enough for a down payment on a house by this time, but I missed that mark by about $5k. Which I could have easily saved up in 10 months in years prior. :/

Making more money is something that should be easy, even in my current job. I just have to work more hours. They’re available to me. I just… well, as yesterday’s whine-fest indicated, working more hours at that job is likely going to lead to brain hemmhorging or something. I need to start pulling in additional jobs, or get one of the half-dozen “cool idea” projects I have off the ground. Sadly, most of those projects involve needing a lot of help. My roommate has a very nifty idea that could easily be making hundreds of thousands of dollars a year, but we need artists (our last one spontaneously joined the navy without telling us), and we need time to get this up and running - it’s going to be a massive web (ugh) project. Nothing nearly as complicated as the work we’ve done in the past, and totally within our abilities, but still something that will take a month or two of non-paid dedicated work on both our parts to get up, fully featured, bug-free, and ready for customers. Maybe I should look into getting investors? My friend Scott has told me that it’s not nearly as complicated as it sounds, so long as you know how to pitch it (and I don’t).

Still, at the very least, having my own place to myself will reduce at least some of my stress (no more crappy repetitive rock music we’ve both heard 1,000,000 times playing from the moment my roommate gets home until 1am in the morning, for example) and just make me feel a bit better about my place in life (my current apartment complex is skanky hooker central, and I am NOT just being colorful with my language).

Plus, you know, being somewhere that I might meet girls that aren’t over 40 and having sex with strangers for a living could improve the quality of my life and stress levels quite a bit. It’s been waaaaay too long since I’ve dated last. Not so much as a single date since Laura and I split up, actually, but then, when I live where I’m at and I’m not in school, it’s not like it was really likely I’d ever meet anyone to date. I suppose there are always SCA chicks (”If you can’t get laid in the SCA, you just don’t want any”), but given what I’ve met there… pass. Standards and morals are such a bother sometimes. :) [I am sure there are some very nice girls in the SCA who are available and my age - I just haven’t met any of them yet.]

Actually, that reminds me of my other huge expense: the SCA. As soon as Yurii actually gets back to me (it’s been over a month since I last heard from him… getting worried), I have $1400 waiting to send him for the last few bits of essential armor I need to have a complete combat kit. $1400. On top of the $800 or so I’ve already spent on armor, plus the gas and hotel rooms and such for trips to SCA events (only been to two, unfortunately), plus the money I need to spend soon on clothing and such… not a cheap hobby. But it is fun, and the people are some of the best I’ve ever met. Five years of playing Kanar (a LARP), I met a handful of kick-ass people, but most of them were just selfish/skanky/jerks. Not all of them (those Kanar friends of mine reading this - obviously you’re in the Kick-Ass People group, otherwise you wouldn’t be a friend :p ), but most of them just aren’t even remotely the kind of people I’d want to spend time with. The people I’ve met in the SCA on the other hand… there’ve been a few jerks I’ve run into, but most of these people are just awesome. I do wish I could find a way to hang out with some of those cool Kanar people _without_ having to go to Kanar, though. I feel a bit sad that I’m pretty sure I won’t see some of those people again, unless I maybe run into them at Grace’s or if I actually stop being a loser and go to one of Craig’s get-togethers (which I feel really bad for never going to, because I really do want to, I like Craig and his friends quite a bit). :/

I’m rambling. Bah. Off to work.

Syndicated 2007-11-29 17:20:10 from Sean Middleditch

Meltdown Imminent

note: fairly personal, rather angsty, and especially whiny post. I would heartily condone skipping it, unless you like reading cheesy teen drama novels or like listening to emo alternative rock. you have been warned.

I don’t think I can take this anymore.

I am not the world’s greatest programmer. Not even close. I follow the work of people far greater than me, I know my place on the Hierarchy of Computer Science, and it’s midling, at best.

But… i just… I can’t fathom how these fucking idiots keep getting jobs to write software. Jobs that pay more than $80/hour, well more than twice what I make… and why after they inevitably end up failing to produce something that works, I have to clean up after it. This code is… every project I’ve worked on in my professional endeavors - every last single one - was apparently written by the most clueless fucking morons on the planet.

I know I’m not some sole soul stranded out in the Idiot Programmer Woods. I know that most Good programmers stuck in Commercial settings end up working on Horrific Code. Why do any of us have to put up with this shit? If car engineers consistently produced parts that just broke or exploded or dissolved the second they were put in a simulator, the engineers would be fired. Why do shitty coders get away with this kind of crap you can’t get away with anywhere else, and why do they get hired over the people who have a freaking clue? Why do sites like WorseThanFailure even have to exist, when those kinds of mistakes and incompetence just flat out aren’t tolerated in almost any other field?

I work mostly on web stuff for a living. Now, I dislike that in and of itself. “Programming the Web” is a lot like programming a VCR, except slightly easier. It’s mindnumbingly boring. The challenges in this kind of work are far and few between. It’s boring. It’s really, really, really boring. I LIKE hard challenges. They’re exciting. Something to do. Something to learn. Something to get a rush off of. Web programming does not offer those challenges, not even close. Yet, somehow, doing it right seems to be beyond 90% of the employed web programming work force.

The current HUGE client I’m working for has a codebase written partly by a man who has published books on PHP programming. This man, clearly, knows his stuff. Except, not so clearly. Aside from just being ugly code (you know what I mean - the kind that’s just hard to read, even though it really shouldn’t be), it’s way over-complicated. Can you say “design pattern?” Because he obviously can. a lot. If it’s possible to maybe kind of find a way to make one of the four or five Super Popular Patterns fit the code, he found a way to do it. Even if there’s a simpler one-line equivalent that a nice dynamic language like PHP offers, his code instead favors the 18-classes-over-12-files approach that strict and forced-OO languages like Java shove down your throat. And he doesn’t even program in Java, so what’s his excuse? Worse, the code is in some spots just flat out wrong, to a dangerous level.

Super basic security holes like not checking user input before opening a file, or going through the effort to make sure that all SQL query code is using place-holders, but using the ! placeholder instead of the ? placeholder (note: ? replaces the input with its escaped equivalent, while ! is really no different than passing %s to *printf functions). The code rigorously checks for errors on every single possible call into PEAR or MDB2 or other library functions, but does not in even a single place anywhere check for errors in user input. Users can, aside from trivially causing SQL injection attacks, also just insert data into the database with no value for a ‘name’ column which, in the admin UI, is the content of the link used to edit/delete the item. So link content, no link, so no way to edit the content the user submitted with calling up a DB admin. Eventually I will fix all of this. Assuming the client can be convinced that he needs it. Because, if the client is not convinced, he’ll go with what he has, with is maybe 5% my work at tops, and when it finally does come crashing down, I’ll be blamed for it instead of the idiot friends-of-the-CTO or whatever they hired in to write the original mess.

Let’s not forget that apparently not one freaking PHP programmer on the planet that I’ve had the luck to be hired after seems to understand the basics of XSS and related attacks. It’s not hard at all for a user to fill in a contact form, put some quite malicious JavaScript in the body (which when viewed in the admin UI could then easily reload the page in a frame and keep a key logger or other kind of trojan running on every page that admin user access there-after, it’s really quite trivial to do this, even for a javascript novice). Unfortunately, it’s a bit easier to understand how attacks like these get in with a language like PHP, since it’s a fucking langauge _designed solely for doing websites_ that makes it harder to do the Right Thing than the Wrong Thing. Nobody with a clue is using PHP to generate all of the HTML of the page; they use templates and such for most of the actual content. Most of the dynamic content spit out by PHP is stuff that needs to be properly escaped (just like with DB queries). So why then by default does PHP not escape its output? Wouldn’t it make more sense to escape by default and then, in those much rarer cases when you code does need to spit out raw HTML, add a method to do that? Shouldn’t the easiest, shortest way of doing something be the correct way to do it?

If a language is 90% SQL queries and HTML template processing, you’d think that those two things would be a core language feature that makes it super freaking simple to do the right thing. You wouldn’t expect database access to be a horrendously misdesigned and inconsistent add-on that requires 8 times the work to write safe SQL queries that aren’t injection-susceptible, and you wouldn’t expect the language that is itself meant to be embedded in HTML to require an add-on template engine to make up for all the design mistakes of the original language (while introducing a billion more, in the case of Smarty), would you? PHP programmers seem to think it’s pretty damn normal. You’d be surprised how hard it is to convince some of these Professionals that there just might be an easier way to do things that produces safer, faster, smaller code. Because, you know, they get paid six-figure salaries and have published books and are employed by huge Top 10 Internet Companies and I’m just the guy who fixes their broken shit that (news to them) doesn’t smell like roses.

I’d love to replace PHP. It wouldn’t be hard. I’ve written high-performance general-purpose and special-domain language runtimes before. Really, I would have to suffer repeated head trauma to even be capable of producing something as bad as PHP. But what’s the point? None of the jobs I’d get would ask for that language, they’d all ask for PHP (Or Java, or C#, or even C++ - yes, there are people who try to use C++ to write web apps, great idea, geniuses). Maybe 10 years down the road any new language I publish for this would be popular enough that I could work in it for a living, but by then I will have already gone batshit fucking insane and jumped in front of a bus from working on projects like this current one for a living every single day of my life.

I mean, this project… When you have bug after bug after bug after hole after bug all on top of a gigantic codebase that requires you to edit 12+ files (literally) just to do the basic handling of a 3 column database table used on one page on the site… i can’t take this. And it’s not even just this project. Every single one, save the very few that I have gotten to do from scratch, and gigantic messes that will take MONTHS to clean up and make work properly and securely. I just can’t imagine how people can write code like this and not say to themselves, “This is horrifically wrong, I should learn to do better.” I don’t understand how people can just shovel this shit out and realize that they could not only do it better, but do it _easier_ too. I just don’t get it. I’m not the best, but I don’t understand how you could possibly be this bad and let yourself get away with it.

I cannot keep doing this for a living. I can’t. I can’t do this. Just the thought of having to do this for another 10 years, much less 50, is making me want to cry.

The answer might appear to be to go back to school and finish that CS degree I was barely a year away from earning, and then maybe I’d be the fresh hire and not the after-thought budget coder pulled in to fix the mess the Rock Star coder couldn’t manage to build, but is that really going to make a difference? Or am I just going to get a degree that cements me in a career that I’m just going to hate for the rest of my life? Should I get a degree in something else? What? What else could I possibly do? Christ, do you know how hard it is to go back to school when you’re in my position? Especially a Good School, which invariably means “hates undergrads with a passion because they’re just a pain in the ass that gets in the way of research,” like the University of Michigan where I suffered through two years of attending and having to figure out how to keep working enough hours to pay for over-priced classes where nobody wanted to actually teach anything but wanted to take a ton of my money for the honor of not being taught anything at their prestigious school. Yeah, that’s worthwhile.

I’ve loved working on software since I was 9. I spent most of my childhood coding and learning how to do better. It’s really the only damn thing I know how to do. At this age, with an entire life devoted to one field, a field I am coming to hate more than anything else in the world… what the hell am I going to do now, if not computers?

Is there some small hope that maybe somehow I can get a job programming somewhere that I’m actually accomplishing something? Where I’m not just cleaning up after people who can’t name the difference between an integer and a b-tree? Where maybe - just maybe - I’m doing something that is actually useful, actually going to result in software people will actually use and actually need? Something where I’m actually challenged? Something where I don’t literally dread going to sleep because I know it’s followed by waking up to another day of this kind of work?

What the hell am I doing wrong that I can’t work at a company that does interesting things and hires actual programmers and not script-monkeys and where real software is produced by skilled people that ends up being used by people to actually accomplish things? Is my lack of a degree really that big of a show-stopper, in the face of damn near 10 years of real work experience? Am I just as bad of a programmer as the script-monkeys and I don’t realize it, just another worthless unhirable with too big of an ego to know what I really am? Do I just not know how to find a job, the lack of such a simple skill that shouldn’t even need much use somehow holding me back from finding work I can finally enjoy? Am I holding myself back, or is this kind of job exactly what someone like me deserves?

I don’t want to do this anymore.

Argh. Well, back to trying to hack something functional out of this pile of crap before I go to bed. Rent isn’t free after all, and only the movie critics get paid to bitch.

Syndicated 2007-11-29 08:24:08 from Sean Middleditch

I Am Appeased

Stuart Langridge is my hero. That is like a million times faster than gedit, and doesn’t seem to lock up on large pages.

Syndicated 2007-11-29 01:47:24 from Sean Middleditch

Empty Inbox

I’ve been trying to get to the “0 messages in your Inbox” status for a few days now. Before I started, I had some 5000 messages in my Inbox, starting with messages from early 2003. I’m now down to a little over 1200.

I’m not sure that my organization strategy is really the best, unfortunately. I have a folder for Work with sub-folders for various clients and sub-contract clients. I have a folder for Projects with sub-folders for all of the projects I work on or with. Then I have the Personal folder which has sub-folders for Friends, Family, Notes, and some hobbyist organizations I belong to.

At this point in my Inbox, I’m out of low hanging fruit to pick. I have messages that include things like personal replies to personal blog posts and stuff like that (e.g., commentary with Miguel de Icaza over the DS and Wii). Where do I put this stuff? I don’t want to mass delete what’s left because I’m quite sure there are some important things hidden in there that my searches missed, and I don’t want to individually delete messages that I know are unimportant because I don’t feel like manually sorting through 1200 messages.

I have an Archive folder for all my messages prior to 2003, so I suppose I could just move these messages there. If I realize I’m missing something I need, I can search for it in there. Perhaps I should split the Archive folder up by year while I’m at it, too.

Syndicated 2007-11-19 01:38:34 from Sean Middleditch