You can become a better developer if you understand these security principles

Image for post
Image for post
Illustration adapted from Icons8

Cryptography is the science of secrets. In the distant past, it was simply about scrambling messages so adversaries couldn’t read them. In the modern computing era (a span of time that stretches less than 50 years), cryptography has become a keystone of computer security, encompassing all the ways we hide data, verify identities, communicate privately, and prevent message tampering.

Something else has changed, too. Today, every developer needs a solid grasp of security and cryptography basics. …


The summer of 2020 will be remembered for plenty of things. A new disease briefly closed the world. Life turned into a never-ending Zoom meeting. And politics went from ordinary crazy to full on bonkers QAnon insanity.

And over at Young Coder, we rolled out some of our most successful stories ever. So if you’re looking for a diversion from all the other stuff, check out the top tech stories that we published this summer:

  1. What’s behind the current obsession with attacking OOP? Find out in The Case Against OOP is Wildly Overstated.
  2. Microsoft and Python: a match made in Heaven or Hell? …


Good programmers follow the insights. Poor programmers worship the rules.

Image for post
Image for post
Wisdom from above [Wikimedia Commons]

Programmers love rules. We make sweeping architectural commandments and canonize them with official acronyms (like DRY, YAGNI, and SOLID). We make fine-grained laws and legislate tiny details. (See, for example, this research paper that use eye-tracking cameras to argue whether camelCaseNaming is better than underscore_naming.)

And once we make rules, we start to argue.

When the internet was small enough that you could fit all the world’s web servers into an empty swimming pool, coders were already using it to roast each other about the right way to program on usenet. Flame wars could be about foundational coding philosophies, or minor details like tabs versus spaces. Visual Basic was scorned for years for plenty of good reasons and at least one trivial issue — its convention of counting array indexes starting at 1 instead of 0. …


What sharing my knowledge has taught me

Image for post
Image for post
My first decade in print

Unless you’ve spent a couple of decades coding, you may not remember the days when some of the most important information about frameworks, APIs, and even programming languages was as scarce as semicolons in a .py file. But there was a time when programming information was so valuable that well-worn books (like Petzold’s Programming Windows) were passed around the office from cubicle to cubicle. Sometimes they went missing.

Books were a particularly valuable source of information about new technology. In 2001, the year before I wrote my first book, one of the most sought-after computer books was a comprehensive guide to the beta version of a new framework. (That was ASP.NET 1.0, still called ASP+ at the time.) That’s how valuable insider information could be. Software companies recognized that books and magazines were a priceless conduit to their developer audience — a fact I realized when I toured the Microsoft campus during their Book Publishing Partners Summit, an intimate gathering with PMs and developers that was far more illuminating than the much bigger MVP conference the following year. …


Finally there’s a consistent way to host the Chromium engine in your Windows applications

Image for post
Image for post

In the ancient days of the 1990s, when the internet was a new and trendy invention, programmers wondered if it might be a good vehicle for applications. So we tried to take the desktop technology of the time and wedge that into our web browsers. We used tools like ActiveX plugins and Java applets. We used embarrassingly bad, proprietary plugins like Office Web Components and FrontPage Extensions. Most sensible programmers stayed far away.

Eventually people realized these strategies were never going to work at the scale of the web and for the incredible variety of web-connected computers and devices. There was too much install, too many security risks, too little support across different platforms. Instead, it turned out that the right model was the reverse. Instead of putting a native app into a browser, Trojan horse style, we needed to sneak web apps into our desktop applications. Today, this type of approach is called a hybrid application and it runs the gamut from a simple web page shown alongside native content to a complete JavaScript app in Electron. …


Here are the design patterns programmers *really* use

Image for post
Image for post
I’ll get the new guy to figure it out [WikiCommons]

Ever since the Gang of Four came down from the mountaintop with their stone tablets, life just hasn’t been the same. They gave us 23 canonical design patterns, promising solutions to problems you didn’t even know you had. Some people thought these patterns were a way to talk about complex problems and describe tested solutions — a kind of common language that could help prevent programmers from reinventing the wheel. Other people just treated them like magic pixie dust to sprinkle over questionable code. But everyone agreed that design patterns were a Very Important Topic.

But maybe we made a mistake. Instead of inventing names to describe the common solutions coders create, perhaps we should have coined terms for the most popular disasters we leave behind. Because the only thing more popular than design patterns are these, the 23 enduring patterns of software negligence. Check them out. Are you guilty of practicing them? …


How could an organization that had its hand in so many world-changing technologies fail to thrive?

Image for post
Image for post
© Young Coder

When the news broke that Mozilla was launching a new round of layoffs — its second in 2020 so far — reaction was swift. Developers noticed that Mozilla’s cuts ran straight through the corporate fat to the meat of the company. They were “reducing their investment” in the popular developer tools division. Disbanding their entire threat management team. Cutting the Servo team that was working on a next-generation Rust-powered browser engine. Vaporizing the MDN team. In total, the combined two rounds of layoffs added up to nearly a third of the company.

Considering that a significant portion of Firefox’s modest user base is programmers, shrinking its developer tools seems like a particularly short-sighted way to disappoint your most loyal users. But to people who are less familiar with the company, the Mozilla cuts seem like just another case of a competitor failing to succeed with a niche alternative. After all, it’s been years since Mozilla’s marquee product — the Firefox browser — had seriously challenged for market dominance. Surely this was just another dinosaur slowly going extinct? …


Tech thinkers are too quick to predict the decline of the software career

Image for post
Image for post
An impression of Leo von Klenze’s “The Acropolis at Athens” [Wiki Commons]

These days, it seems like all you need is a Twitter following or a TEDx talk to call yourself a futurist. But Tim O’Reilly — the founder of legendary tech learning company O’Reilly Media — is not that sort of guru. His thoughtful observations on computing trends, and his advocacy of open source (long before it was considered cool) give him street cred to spare.

So when Tim O’Reilly recently commented about the future of the software industry, professional developers took notice. Here’s what he said:

“I think the golden age of the last couple of decades where you can become a programmer and you’ll get a job… is sort of over. Programming is now more like being able to read and write. …


One of the few times a folk remedy defeated a deadly disease

Image for post
Image for post
I see you [Pexels]

If you sometimes feel like 2020 is one long doom scroll of bad news, well, you aren’t wrong. But recently, tiny green shoots of hope have emerged in the medical world. Coronavirus vaccine efforts are steadily marching forward. There are dozens currently under development, promising animal studies, and the capacity to start delivering doses — hypothetically — early next calendar year. If that happens, it will be a feat never equaled in the history of medicine. (You can follow the progress of all of them with the New York Times vaccine tracker.)

The broad way that vaccines work is easily understood. Vaccines leverage your body’s immune system — the idea being that you show your body a tiny bit of a tiny pathogen, and it can manufacturer the antibodies to kill it. The only trick is that you aren’t actually showing your body the real coronavirus, but an incapacitated version of it, or a fragment of one of its proteins, or (more experimentally) a scrap of genetic material that tricks your body into creating one of the virus proteins. In all cases the principle is the same — once your body knows the enemy, it’s primed to fight it. …


Microsoft and Python may be an unlikely couple, but they’re flourishing together

Image for post
Image for post
Unlikely companions

Visual Studio Code is a modular code editor, so extensions are mandatory. You use them to get essentials like language compilers, and useful tools like code formatters, linters, and profilers. Look closely, and you’ll even find an extension for emoji support.

VS Code’s marketplace holds roughly 20,000 extensions. But for years, there’s been a single unchallenged extension dominating the rankings. The most popular VS Code extension, at nearly double the downloads of its closest competitor (23 million and counting), is the Python language extension:

Image for post
Image for post

It’s no secret that Python is wildly popular. But the fact that Python trounces the popularity of Microsoft’s own languages in their own editor is no small feat. It’s also a development that didn’t seem possible just five years ago. Back then, Microsoft was still shaking off its reputation as a corporate dinosaur, a company tied to a dying world of desktop software, in love with the development tools of yesterday, and completely unable to play nicely with other people’s technology. The company was held in particular contempt in the world of open source software. …


After 50 years, we’re still confused about programming’s dominant paradigm

Image for post
Image for post
Illustration by Thierry Fousse from Icons8

You can’t rule the development world for decades without attracting some enemies. And object-oriented programming, which provides the conceptual underpinning for dozens of languages old and new, certainly has some enemies.

Maybe that’s why we’ve suffered through a never-ending series of hot takes about OOP. They’ve described it as a productivity-destroying disaster, a set of deceitful programming patterns, and a mediocre tool designed to help poor programmers hide their incompetence. OOP was even proclaimed dead (14 years ago, so take that one with a grain of salt).

Image for post
Image for post
The four pillars of OOP

What all these rants have in common is that they point out (rightfully) some of the pitfalls in modern software design and then conclude (wrongfully) that this indicates a terrible rot at the core of the programming world. Yes, object-oriented programming doesn’t look so great if you conflate it with sloppy design practices and fuzzy architectural thinking. But are these crimes really an unavoidable part of OOP? Or are they just one of the wrong paths we sometimes wander as programming neophytes, armed with too much confidence and too much curiosity? …


And I say “Enhance!”

Image for post
Image for post
Image by Tumisu from Pixabay

Maybe you think you know what makes a great programmer. Like foreseeing potential problems. (Wrong.) Writing the least amount of code. (Nope.) Elevating the work of your peers. (No.)

No, it’s something more subtle. It’s in the way my black hoodie falls around my sunken eyes. The way I hit you with my coder talk. My socially awkward vocal stylings.

I am the Hollywood hacker.

Computers work differently in my world. Here, code runs without compiling. Debugging? Please. Testing? Don’t make me delete your digital identity again.

I can break into any account using the Back Door. I find fugitives with Google. Don’t believe me? Pass me that security cam footage. I’ll get your man. …


Advice for a new coder beginning their journey

Image for post
Image for post
Adapted from Unsplash

Hello again! I got your message last week, and was excited to hear that you’re thinking of studying programming — maybe even making a career out of it. …


With all survive and no creative, the dungeon crawler dilutes Minecraft’s legendary brand

Image for post
Image for post
A bridge too far?

Part of the enduring magic of Minecraft is that it fuses together two very different games — a creative mode that’s all about imaginative building, and a survival game that’s full of strange creatures and quirky mythology. Unlike other games that have tried something similar, these two types of gameplay succeed without diminishing each other.

People who’ve never played Minecraft often overlook how different these two sides actually are. Creative mode has the “virtual Lego” that Minecraft is famous for. It lets ambitious builders make almost anything — even machines that operate with redstone circuitry like simple, real-world electronics. By comparison, survival mode is like a traditional game set in the Minecraft universe. It tests player skills as they find food, craft tools, and battle enemies. …


Microsoft has been an innovator in many fields. User interface design, not so much.

Image for post
Image for post
Image courtesy of Icons8

The world of software is full of interesting twists and turns. Consider Microsoft, a trillion-dollar company that’s dominated computer desktops for nearly a generation. Despite having built some of the most successful software products in history, Microsoft’s vision for user interface design has always been a little… shaky.

That’s not to say that Microsoft UI is uniformly awful (it isn’t). …


Companies don’t buy code. They buy people, customers, and relationships.

Image for post
Image for post
Picture courtesy Icons8

If you’ve been programming for longer than a hot minute, you know the fun of going deep into a new project. You get to start from scratch, with no dead weight or legacy code. For a short while, it’s all about design and architecture, mapping out the relationships between different components, trailblazing your way with new APIs, and figuring out how everything should talk together. Hours disappear.

And then, two paths open up. If you’re lucky, you climb the high road to a successful release, a stable product, and a steady grind of fixes and improvements. …


.NET MAUI is a single model that extends Xamarin and embraces Blazor — but it won’t appear until .NET 6

Image for post
Image for post
Separate, but not apart [Pexels]

Microsoft has almost made it to the finish line with .NET 5, their ambitious platform unification project. For the first time since 2016 — when Microsoft introduced .NET Core and created a parallel track for cross-platform development — all .NET applications will be back together under one roof.

Having one .NET is a huge step forward, but it doesn’t necessarily mean a developer’s life will be easy. There are plenty of overlapping technologies under the .NET 5 umbrella. Some old web stalwarts are finally gone — in particular, both ASP.NET MVC and ASP.NET Web Forms are officially dead. But there are still three different, fully supported .NET models for building desktop Windows applications, which Microsoft is slowly trying to unite. …


Programmers use the platform to let people see their work and their world

Image for post
Image for post
Photo: SOPA Images/Getty Images

As the world’s most popular livestreaming site—and a multibillion dollar Amazon property — Twitch is hardly new. But in recent years the web giant, which rocketed to success showing gamers at play, has started to branch out. As livestreaming setups have become cheaper and watching the web has continued to displace television time, many more types of streamers have joined the party. Today, Twitch has amateur musicians, home cooks, stream-of-life vloggers, and even ad hoc groups of people trying to help each other learn foreign languages. And now, you can also watch programmers programming.

At first glance, programming seems like a poor fit for livestreaming. The problem isn’t the long hours spent staring into a computer monitor — after all, that’s no different from Fortnite, which sucks up roughly 4 million hours of daily watch time on Twitch. The problem is that the average programming session is 10% meat and 90% filler. Moments of focused typing are broken up with reading Stack Overflow, staring blankly at the screen, fruitless Google searches, and contemplating broken builds. …


Write JavaScript in your browser, friction-free

Image for post
Image for post
Annie Spratt / Unsplash

If you’re a regular reader of this space, you know about my somewhat controversial opinion that JavaScript is a great first language for kids learning to code. It’s not because JavaScript is a great teaching language (it most certainly isn’t). It’s because the platform is ubiquitous — on every operating system, every browser, and almost every electronic device that’s more complicated than a toaster.

This wide reach makes it effortless for a beginner to build a program with JavaScript and share it with friends. Unlike the rest of recorded computing history, there’s no downloading, installing, or configuring required. …


Now that Microsoft’s C#-in-a-browser platform is an official release, it’s safe to dig in

Image for post
Image for post

Ever since it was first announced as an experimental project in late 2017, there’s been plenty of excitement about Blazor. The promise is huge — to let developers write C# code that runs on a streamlined version of .NET in the browser. It’s the biggest expansion of .NET’s front-end footprint since Silverlight died in 2012. And unlike Silverlight, Blazor works natively, which means there’s no plugins, setup issues, or security vulnerabilities.

But despite all the excitement, plenty of cautious developers have given Blazor a wide berth. Some didn’t want to commit to technology that might end up in the towering pile of abandoned tech that Microsoft’s built over the years. …


After years of confusion, Windows development is about to improve… slowly

Image for post
Image for post
Microsoft Build Conference, 2020

Sometimes, being a Microsoft developer seems like Mark Twain’s old joke about the weather. You know the one — if you don’t like the API they’ve given you today, wait a week and try the next one.

My favorite example of Microsoft’s constant reinvention is database APIs in the late 1990s, when they unleashed an alphabet soup of different three-letter technologies (RDS, DAO, ADO, OLE DB). But in the decade since, no one has suffered more than business developers trying to write graphical Windows applications.

Two decades of Windows applications

When .NET 1.0 first hit the scene, life was straightforward. If you were a .NET developer who wanted to build a Windows desktop application, you used Windows Forms. It was easy (almost VB-like in its drag-and-drop simplicity), and relatively feature-complete. Yes, you might need to work around the odd limitation and make a call to the Win32 API every once in a while. But if you wanted a straightforward line-of-business application that looked respectable and didn’t need custom chrome, the world was a good place. …


And why so few businesses survive death from disruption

Image for post
Image for post
Adapted from Kārlis Dambrāns

The most dangerous handicap for a mature company is its own success. Successful companies polish their leading products, invest deep in narrow niches, and live well off generous profit margins. When conflict comes, successful companies rarely rush to meet it. Not because they lack the technical know-how, but because from the great height of their success, their competitors look so small and inferior.

Clayton Christensen was one of the first to describe this problem in The Innovator’s Dilemma — a business-school staple that’s often described as one of the most influential business books ever written. Christensen wanted to understand why successful companies, with their enviable technology and wide-moat advantages, were cut down by upstart competitors. At first, he suspected that big businesses just couldn’t keep up. In other words, their colossal size turned them into slow, lumbering giants. …


What does it mean when the world’s greatest value investor hesitates to buy?

Image for post
Image for post
Bear and Bull [Adapted from Wiki Commons]

There’s been no shortage of talk recently about America’s shifting place in the world. Once, it was the country that would lead the response to any global pandemic. Now, it’s wilted in the face of political showmanship and conspiracy theories. …


Some developers don’t want to work with it. But small businesses can’t afford to maintain custom code.

Image for post
Image for post
A tasty mushroom or a something more sinister? [mikezwei]

Here’s a first-place finish WordPress didn’t want to win. In Stack Overflow’s annual developer survey, programmers report the technologies they love using, the ones they want to try, and the ones they’re trying to ditch. The last category makes up Stack Overflow’s most dreaded platform list, a walk of shame for the technologies that move developers to tears.

And in 2019, WordPress was the chart-topper:

Image for post
Image for post
Most dreaded platforms (ranked by % of developers that want to discard them) [StackOverflow]

By sheer market share, WordPress is easily the world’s most popular content-management tool. It commands over 60% of the market, while its competitors are mired in the single digits. In fact, one out of every three websites on the web is running WordPress. …


The cost of conspiracy theories and a broken news media

Image for post
Image for post
John Hopkins University COVID-19 Tracker (April 17)

The sudden explosion of COVID-19 cases caught North America by surprise. Yes, many of us were watching the developments in Europe with a wary eye, worrying about testing failures and expecting the problem to grow. But few were anticipating the zero-to-a-hundred eruption of cases that turned normal life into a ghost-city lockdown in just a handful of days.

But it’s one thing to underestimate a pandemic, and it’s another to completely deny that it exists. …

About

Matthew MacDonald

Teacher, coder, long-ago Microsoft MVP. Author of heavy books. Join Young Coder for a creative take on science and technology. Queries: matthew@prosetech.com

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store