Monday, June 30, 2008

100 Pushups

I stumbled across the hundredpushups site the other day while browsing through I'm no stranger to pushups, having done martial arts and ROTC in college. But that was a long time ago, and I've been mostly sedentary for the past two years. And even at my fittest, I was never able to crank out more than about 65 pushups at once.

So I'm going to give this a try. At least this blog will get regular updates for a while. I figure blogging the challenge will encourage me to keep up with it.

My initial test was 40 pushups, which puts me in column 3. Here's how I did on day 1, week 1:

Level 1: 10/10
Level 2: 10/10
Level 3: 8/8
Level 4: 6/6
Level 5: 13/min 7

Check back on Wednesday for day 2.

Sunday, June 22, 2008

Security: You're doing it wrong

A couple weeks ago, Bruce Schneier blogged about this motivational poster. He thought it was funny, and it is, but it can also have a deeper meaning. I like to think of it as a reminder.

If you're a programmer, when was the last time you thought about how your program could be exploited? What about the sensitive data stored in your database? Or how that data is accessed?

Security is an arms race, a never-ending process of trying to stay one step ahead of the bad guys. The bad guys will never stop looking for exploits, which means you can never stop thinking about the security of your system. The fact is, you're probably doing something wrong, because even if you follow good security practices the rules keep changing.

So yeah, it's funny. But it's also true.

Monday, June 2, 2008

Should you know C?

I've been enjoying the podcasts that Jeff Atwood and Joel Spolsky have been putting out for StackOverflow. In the last two, Jeff and Joel have been discussing whether it is useful for a programmer to know C, even if they do not program in C. Joel believes that knowing C, or more specifically, low-level programming details, is not just useful but essential. Jeff, on the other hand, doesn't seem to think it's very useful, and that programmers can better use their time learning the business domain of their applications. Of course, the fact that Joel knows C, and Jeff doesn't, might have an impact on their opinions.

I agree with Joel on this, but then I also know C so I suppose that's to be expected. Other people have made good supporting arguments, but I'm curious if the naysayers think that web application developers, or even web designers, should know HTML. There are plenty of tools that let you design a web site or manage content without using HTML, so why bother learning the low-level details of how they work?