The Blog

Should everyone know how to write code?

published January 21, 2013

For some time I have been thinking about the future of software engineering and where all this frantic coding is heading to.

(Some of the links in this post are in Finnish, sorry.)

Let’s face it, we need more software. Everyone has some great idea how to change the world and implementation usually includes software. Small and large organizations need new software and updates to their old applications. Apps are coming into cars, soon every object will have an IP address, and software will be everywhere.

As Marc Andreessen put it “software is eating the world“.

A few days ago, I read a good article by Esko Kilpi about the future of ICT. In his post, he writes:

I have met many people who think that programming is a kind of a modern version of a working-class skill. It can well be outsourced to some far-away, poor nation while we here do higher value things. Nothing could be further from the truth, more wrong, and more dangerous for us. The code is today the main domain of creativity and innovations. It is a new language. Writing code is the number one high leverage activity in a creative, digital society.

I very much agree with this. All the time I encounter a situation where someone needs something coded for them. They all can tell what the application should do (when they see it, they know that it wasn’t exactly what they wanted after all). Requirements, kanban boards, and backlogs. All full of features waiting for coding. Almost all ICT companies and start-ups I know are hiring good developers. So the question is this: Who is going to write all this code in the future?

Also, check what startups are desperately seeking. Most of the roles contain programming in some form. Some are hybrid roles where only part of the work includes writing code. US Bureau of labor statistics predict that job outlook for software developers will grow “much faster than average for all occupations”, 30% between 2010-2020. Same thing is for market research analyst, expected growth 41%. Even though this is not quite the same as “marketer”, but check this post about useful skills for a marketer. There are quite a lot of posts about how everyone should learn to code on Venturebeat, TedX, Arctic Startup, Forbes, Time, and Wall Street journal. Estonia is making everyone learn coding. There is Codeacademy and Coursera. The list goes on and on.

Not all people think that everyone should be taught to program. Check the answer by Linus Torvalds to this question (from 0:52:20), this article, and this. Fine. But then we really have to deal with “why on earth are we doing so many projects that deliver such marginal value?”. If everyone is not coding, then we need better ways to get right stuff built. Agile methodologies help us to tune the development process but unfortunately cannot help if we are building wrong features in the first place.

I think that some critics view programming too narrowly. Even if you are not a “real” software engineer you can still do beneficial things in code. There is a good thread on hackernews about this.

Also, if we look at basic web applications all features are not created equal. There are lots of features that are really not that critical nor that complex, and these features could be built by a less experienced person. You need a new column to a report? Great, code it! Let more experienced engineers develop APIs and use modern web frameworks to integrate APIs inside your organization by yourself. Of course this might be much harder in practice. Martin Fowler talks about internal reprogrammability:

If internal reprogrammability is rare for tools aimed at programmers, it’s even rarer for tools aimed at non-programmers. I’ve often wondered if that ought to change. What would come from making more tools exhibit this quality? Would this encourage more people to learn about programming, the better to control the environment that they spend so much time in? This was certainly part of Alan Kay’s vision of the dynabook. He saw children not as passive consumers of media, but actively programming their environment.

One option to the developer scarcity is, of course, self programming seed artificial intelligence. Ah, the self-improving machine. “Machine, go create me a Facebook. Chop chop.”  That might take some years. Dammit.

How long will programming be in high value? And in addition, how long are people able to program? Some say that after 40 it’s game over. Move to management and let younger people take over. Wait it gets worse. According to Eleonora Guglielman:

The acquiring of new knowledge and skills becomes therefore more and more difficult, and the execution of complex tasks requires more effort than the younger learners. This problem has been addressed both under the neurological and the educational side by the OECD, which in 2001 held in Tokyo the Forum for Learning Science and Brain Research project to discuss issues related to the nature of brain ageing and cognitive function in old age. Data gathered by OECD demonstrate that many cognitive abilities decline between the ages of 20 and 80; this reduction has effect especially on tasks like reading, recognizing letters and words, and generically on memory. The decay begins around age 30 and accelerates after age 50; it is characterized by memory lapses, delays in reasoning, communication difficulties, Freudian slips (OECD, 2002).

Last time I checked, I was over 30 and coding consisted, at least partly, of reading and recognizing letters. “What was that character again? Oh yes, it was ’s’.” Luckily I don’t yet have problems with Freudian slips and it also gets better:

The current research shows that substantial changes occur in cortical areas and that learning, thought and action deeply transform functional anatomical structures of the brain. The brain ageing is reversible, as neuroplasticity is bidirectional: it can cause the deterioration of the brain or its improvement. The physical, chemical and functional brain decline is caused by changes that give rise to a process of negative plasticity, causing a vicious circle of deterioration that includes four components…

Go figure. Should software engineers stop or continue what they like to do? And if we want to get really cynical, we can ask should we be doing this in the first place?

I think this is somewhat a question on amateur professionalism and what that means in software. Are people only consuming or also writing useful code for themselves? Imagine this. How about if programming was something that everyone could do? Basically like the English language for Finnish people. That cannot be possible, right? Nowadays if you need an English article, chances are that you write it by yourself. It seems that in Finland 82% of people know at least some English.

It’s not that everyone has to be a hard core server engineer but we cannot outsource all coding to Asia either. In my opinion, we should be making coding sexy. Luckily there are great projects like Rails Girls that try to get programming more mainstream. Now, go fork this code.

Samuli @ 19:17 (One Comment)

tags: Software

Trackback URL

Tomcat secure sessions with AJP and HTTP protocols using Apache proxy balancer

published May 20, 2011

During this week I have been digging into Apache AJP protocol and how it communicates with Tomcat. Especially, I have been interested in knowing how SSL works in different Tomcat connector setups. Once again in hindsight everything is so clear but had many desperate moments during these days :) Anyways, you should first check mod_proxy balancer configurations, and ajp protocol.
Basically, I have tried two different solutions:

1) Apache proxy balancer using HTTP


<Proxy balancer://liferaycluster>
BalancerMember http://node1 route=node1
BalancerMember http://node2 route=node2
ProxySet stickysession=ROUTEID
</Proxy>


2) Apache proxy balancer using AJP


<Proxy balancer://liferaycluster>
BalancerMember ajp://node1 route=node1 ping=3
BalancerMember ajp://node2 route=node2 ping=3
ProxySet stickysession=ROUTEID
</Proxy>


Benefit of using AJP is the “ping” setting which Apache uses to check whether Tomcat is up or down and does more sophisticated load balancing based on that information. However, things become more tricky in Tomcat connector configurations when checking whether JSESSION will end up to be “secure” or “not”. In HTTP connector you can define secureness of your connector like so:


<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="false" scheme="https" secure="true" proxyPort="443"/>


But if you define connector with AJP protocol:

<Connector port="8443" protocol="AJP/1.3" SSLEnabled="false" scheme="http" secure="false" proxyPort="443"/>

“Secure” setting will not have any effect to JSESSIONID cookie. However, it does have an effect to function call “ServletRequest.isSecure()”. Go figure.

It seems that AJP protocol contains boolean value wheter initial connection to Apache was secure or not and that value is passed to Tomcat which uses that information to create user session cookie.

If you need an AJP setup where JSESSIONID should not be secure even if initial connection was through HTTPS you can do Apache haxing to remove Secure setting from cookie like so:

Header edit "Set-Cookie: JSESSIONID=" Secure " "

This will replace word Secure with empty string from JSESSIONID cookie. This is not the most clever thing to do because now your session is open for hijacking.

Samuli @ 10:53 (No Comments)

tags: Liferay, Software

Trackback URL

One click deployment to clustered Liferay with Jenkins

published April 27, 2011

During last year, we have built pretty cool one click deployment system with Jenkins. Environment has been created little by little, but when decision was made to cluster Liferay and in addition to serve our 15.000 lines of  JavaScript code from Apache, it was pretty clear that manual installations would be a pain.  So we built environment like this:

Developer can initiate (1) portlet build from the Jenkins CI GUI. Jenkins runs (2) Ant build, unit tests,  selenium tests and builds multiple war packages. If build is successful Jenkins first copies (3) our JavaScript framework to Apache and then deploys (4) portlet wars to clustered liferay environment. All this with one click.

Configuration is pretty simple, each copy step is run as a shell script like so:

./deployFrameworkToApache.sh;
./deployPortletsToNode1.sh;
./deployPortletsToNode2.sh;

I have to give credit to Jenkins, it is really easy to configure.

Samuli @ 19:04 (2 Comments)

tags: Liferay, Software

Trackback URL

The tale of the catching team

published September 10, 2010

Have you ever been in a situation where a software project is started with a clear roadmap and beginning works very well? Then after a while, “easy” parts of the software are done and suddenly new features are harder to implement because future plans are not clear enough.

It is almost like the story of the tortoise and the hare. The role of the hare is played by a product owner, the tortoise is played by a Scrum team. If product owner has other responsibilities or vision is not clear, we might end up in a situation where team “catches up”. Suddenly confusion increases because team is not sure what to do next and how to do it. The role of the hare can also be played by other system that team is trying integrate to. If both “client and server” are developed simultanously, client code can be ready before server which will hinder final testing.

An advise “Just make sure everything is ready enough when implementation starts” is very easy to give, but harder to implement in practise. You should, however, be aware of this if you want to avoid “the tale of the catching team” ;)

Samuli @ 21:34 (No Comments)

tags: Scrum, Software

Trackback URL

EXT JS, jQTouch and Raphaël joining forces.

published June 18, 2010

This combination sounds very interesting. We are working with Ext JS and I feel strong momentum with HTML 5 applications. New company is called Sencha and they already have HTML 5 based javascript framework built for iOS and Android devices. There is definitely a need for this and frameworks like it will help us to build exciting new applications.

Samuli @ 20:08 (No Comments)

tags: Software

Trackback URL

mod_rewrite 101

published May 11, 2010

mod_rewrite is a popular apache module for rewriting urls and making redirects. I decided to write small introduction about it, since I had to configure it on project test server. Reason why we are using it, is our upcoming release in which we will need to forward our customers to new liferay community instead of default /web/guest.

So, after rewrite engine is turned on from apache configuration, it will filter all matched requests and apply special rules for it. Request is passed through this chain of rules and if match is found, redirect is sent by apache.

mod_rewrite’s work horses are RewriteRule and RewriteCond directives which are used to build rule chain. Processing works so that

1) config files and .htaccess files are parsed for RewriteRules from top to bottom.
2) First RewriteRule is selected and request is compared against RewriteRule’s pattern.
3) If match is found and there are RewriteCond elements introduced, they are tested against the request.
4) If conditions match, redirect to new rewritten url is made.
5) If there was no match, request is passed onwards to next RewriteRule in chain, if such exist.

Configurations
Below is a simple configuration for redirect

# Turn on rewrite engine processing
RewriteEngine On
# Write log here
RewriteLog /var/log/httpd/rewrite.log
# Log everything
RewriteLogLevel 9
# Redirect context root to new community /web/new/
RewriteRule ^/$ http://%{SERVER_NAME}/web/new/
# Do not allow access to old /web/guest
RewriteRule ^/web/guest(.*)$ http://%{SERVER_NAME}/web/new/

There is loads of stuff you can do with this module, check it out.

Samuli @ 19:59 (One Comment)

tags: Liferay, Software

Trackback URL