Virtual XS (Access)(http://www.vxsbill.com/) in The Netherlands do all kinds of billing acceptance and are one of the most reliable partners for a lot of companies all over the world. They do adult, gambling, pharmacy etc. Only legit business is allowed, because you get screened to the bone. You've to setup a company in The Netherlands, but they will wire all funds to your account. At least, you can contact them and explain your situation. They are more than willing to provide you with a suitable solution.
I don't get it. Why doesn't Gravatar use a salt to generate the checksum? The salt would only be known to Gravatar and is not bruteforcable by anyone who doesn't know the salt.
A simple solution would be to assign each website its own unique ID, the based on that UID assign a private/secure salt only known to the website + gravatar. Then when the websites generate hashes, they can then append the salt and generate the hash. Simple solution and seemingly easy to implement..though, it`s probably not. (I suggest this in the event that it really is a big issue. However, I am of the opinion that it`s not)
That would require a bit more infrastructure on Gravatar's part (a UI for registering a site), and would significantly slow its adoption because site owners would have to go register their site before they could generate gravatar URLs. I used Gravatar for my site because it was so easy to implement, and I probably wouldn't have bothered if it was an annoying process like this.
When I first read the article, I thought the same thing. If each site had their own salt key (probably based upon a id), then this problem goes away.
It could get even easier if the domain name captured via the http referrer was used as the salt, then Gravatar.com wouldn't even need a UI to let sites sign up. This might make it a little more difficult for a site operator though, so ideally this would be a configurable option.
I'm soooooooo glad, that first, there is an explanation for this on wikipedia and second I read here that I'm not the only one.
I suffer from hypoglycemia and have a very unstable bloodsugar level. With that comes that during the day I fall asleep. During the night I sometimes have to much energy and can't sleep deep enough. Sometimes I fall asleep very quick when I hit my bed. But after a few minutes I wake up and experience sleep paralysis so it seems.
What makes me curious is the effect on the brain. I read that people get scared or paranoid for a few seconds. I sometimes start to blasphemy or get a low voice in my head. In other words, I can't move my tongue properly either. Or so I think I can't.
Very interesting to read about something I couldn't talk about with somebody else until now.
One of the reasons I don't write comments is because it gets outdated so quickly. And I don't need them myself, because I read only the code, even my own. Reading the code makes also for reviewing the code. Quickly changing bits so it makes better sense (like counts outside the for-loop instead of in the statement) etc. And use version-control system to make changes, test them and roll it back (revert). TortoiseSVN helps a lot with this for me. I also try to make the code more readable by adding my codingstyle or the codingstyle by convention (I still think mine is best ;-)
Now that you know how comments can fail, you should use that knowledge to write good comments rather than not writing any. There are plenty of very good reasons to write comments.
The most common reason I write comments is to explain the purpose of something that is unintuitive from the pure code. Examples are comments in CSS about a particular browser quirk, or hacking around an edge case in an efficient but opaque way.
The question I always ask before writing a comment is: will it contain the word "because?" If so, there is probably a need for a comment. If not, I will try hard to make the code more readable before breaking down and adding the comment.
One of the best reasons to write comments is that the comment describes what the author wants the code to do. What he wanted was not necessarily what he coded - bugs do creep in, after all.
If you confine yourself to reading code, but no other comments or documentation, you may think the code's behavior is correct, even though it's buggy.
. . . and one of the plenty of good reasons being producing API documentation automatically via javadoc, doxygen, etc. Having the API documentation source and code live together is a big win. It's easier to maintain the inline documentation so it doesn't go stale. I hate being forced to go read code when I just want to use an API (I'm looking at you, Dojo :-/ ).
One of the first things I'll do encountering a feral code base is run an automatic documentation generator over it, even if there are no API comments, because many will produce at least some level of documentation from pure code, including cross references, a type index, call graphs, type diagrams, etc. This can be especially helpful when the code is poorly organized, and trying to trace simple program flow in an editor means navigating a dozen modules manually. Doxygen, for instance, will produce hyperlinked program listing, so that I can use a browser in a natural fashion to navigate the code structure and program flow. The browser can maintain virtually unlimited context, whereas my brain loses track of where I am once I'm seven levels deep in function call nesting.
Some IDEs and UML tools also are capable of reverse engineering documentation from the code base. The Togethersoft tools used to be excellent at grinding through code (and may still be, but I haven't used them in years).
RE'ed documentation of feral code can reveal how well (or more frequently poorly) the code base is structured, and identify key areas for architectural or design refactoring (if that luxury is possible).
In writing my own code, I decompose until each function or method has a single purpose (f() does X, not X & Y & Z!), and therefore the API documentation suffices to document the code itself. Rarely do I write a comment inside the body of a function or method. That happens when I re-visit the code, and discover that it's operation is non-obvious. The non-obvious stuff tends to be the tricky stuff it took some time to get right, and so it doesn't get mucked around with, and such internal comments rarely go stale.
I wait until re-visiting the code because authorial bias (my code effectively become's someone else's after several weeks, sometimes faster :-) ) obscures what is and is not obvious. I used to over-comment from a tendency to perform a mini-brain dump in comments -- but the knowledge required to WRITE the code (this is what I was thinking at the moment) is no reliable indicator of that required to READ the code (this is what _you_ need to know).
(I've theorized that having someone else comment the code from the start, just like having an unbiased tester, could make for better comments -- wherein the commenter is also necessarily a code reviewer as well. I've never gotten any of the places I've worked to agree to 'cross-commenting' as a standard practise, but most love worthless, perfunctory desk-checks prior to check in.)
To avoid comment churn, and because I refactor aggressively when creating brand new code, writing API comments is the LAST step in coding.
Finally, I developed a habit of writing comments exclusively in point form, because context switching from programming constructs to proper English grammar broke my flow. The point form comments feel like a miniature brain dump, whereas otherwise I'd pause to think about how to put the information into a proper sentence, and then make nice paragraphs, and suddenly I'd be channeling me from 7th grade compsition class. It's also easier to scan and digest comments as point form notes.
That's what I do, and I leave it at that, because telling someone else how to code is like telling them how to raise their children.
tl;dr version
- at least write API comments, pls
- doc generators (and other tools) sometimes are a great way to RE docs for feral code
- write comments in point form
- write API comments as the FINAL step in coding
- try to remove authorial bias from comment writing
>In writing my own code, I decompose until each function or method has a single purpose (f() does X, not X & Y & Z!),
I hear this one a lot, from a lot of different sources. In practice, it never seems that practical. Here's a trivial example: the dashboard-page function in our webapp. It needs to do all of the following:
1) verify that the user is logged in. If not, bounce them to the login page, then bring them back on successful login
2) collect the list of all their providers
3) collect the list of all their profiles
4) collect the list of all their account information
5) load up and display the appropriate templates to render the web page with the requisite information.
Now, points 1-4 are accomplished by calling other functions, true. But dashboard-page still needs to do 5 separate things.
In this specific case, the dashboard-page function is actually sequencing operations, not performing them (except for 5, and I'd wonder why that couldn't be moved to a separate function), and can be described as such:
// - control the login sequence
function login_sequence() {
var user = verify_login
if (!user) {
user = login();
}
var providers = collect_providers(user);
var profiles = collect_profiles(user);
var account_info = collect_account_info(user);
load_templates(user);
display_templates(providers, profiles, account_info);
}
(Forgive the guess at what your code might look like.)
State may be passed between called functions, and used in control decisions, but state should not be grossly manipulated in sequencing functions (I do find with this style of programming that at high levels the state passed around tends to be large 'context' objects, rather than granular arguments encountered at lower levels). What I would NOT want to see in such a hypothetical login function is ALL the actual lower level code to do the login, collect the data, etc., so that essential higher order detail is obscured by the lower level operations.
A function's API comments do not need to repeat the purpose of called functions.
As I come up with API comments last, I usually think about them in reverse -- it's not 'I need to think of the single purpose of this function before writing it', but 'what single purpose did this function end up serving?'. Not being able to think of a decent answer for the latter is a possible symptom of sub-optimal decomposition. Then again, cutting blocks of code and pasting them into their own functions has become an instinct rather than conscious decision for me, so I'm effectively anticipating writing the 'single purpose' API comments.
At a certain level of detail I don't need to know the minutae of login, just that there is some black box function that controls the lower level details. And if I need to know the details, I break open the function and follow its call flow (or look at the autogenerated call graph in the doxygen docs or similar).
Having read a lot of feral code, I find the major indicator of quality is the static navigability of the code base (i.e. can I find my way around just by reading the code in an editor, without resorting to debuggers or autogenerated documentation), and having a level of detail structure, akin to the zoom feature on Google maps, is one method of achieving navigability (and partially the value of OO techniques). So it's okay to have functions/methods that simply sequence or aggregate calls to lower levels, and to describe them as such.
It was mentioned elsewhere on the thread that debuggers are useful tools in understanding a code base -- and I do often find myself setting breakpoints on code because it's near impossible to understand how particular functions get invoked by just reading the code. Then examining the call stack at the breakpoint I see that event loop called the network code invoked some code to read a database, which called into some code to instantiate widgets, which called back into the database code, which called the code that calculates order totals and tax, which called the widget code again to update those fields, all of which goes 30+ levels deep.
/// - parse an HTTP input stream as XML
/// - requires a progressive parser (currently xpat, which is distributed with
/// Apache)
/// - the XML in turn is mapped to database operations, and the results
/// of the database operations used to create the HTTP response
I'm having trouble wrapping my head around this--it seems to boil down to "I don't use comments because then I'd have to actually maintain them." I certainly don't think that every line of code should be commented, but as others have pointed out, some comments are important, particularly around why, say, an algorithm was implemented. Even for my own code, I need these little reminders, especially when I'm jumping between projects frequently.
I'm also at least slightly troubled by the assertion (not made Aschwin, but others) that the code is the only artifact worth reviewing. If you have a specification, or documentation, that doesn't line up with the product, why do you have those documents in the first place? Again, I don't expect that those documents will outline the specific implementation (though, if your shop uses software design documents, they should), but I should be able to get a reasonable explanation of how the system works from the docs. If this isn't the case, how do you expect to have someone test the system?
All that said, I agree that having the ability to read and understand others' code is critical to being a good programmer.
Well said. Comments come in classes, with different purposes.
Somewhere (at the top of the module?) its helpful to mention the external dependencies - meta-information that will NOT be found anywhere in the code.
For each code unit (method/function/template) explain why it exists, deficiencies, use case. Again, information not immediately obvious by reading code.
Finally, those strange lines of code with magic numbers, obscure syntax, checks for apparent side-effects need some illumination.
Lastly, and leastly, describing the code itself. These are the comments that get old fastest.
I would add one more class of comments that would sit at the bottom of the hierarchy: TODOs. When I'm sketching out functions, I typically outline what should be done with within the context of the function, then fill in the implementation details later. This often leads to stuff like this:
// Replace with a link to the core
AddStartupShortcut("Shell.lnk", Path.Combine(INSTALL_PATH, "foo.exe"));
// Update device time:
_log.Information("Updating device time...");
SetDeviceTime();
I always intend on cleaning these up, but often never do.
/* Does everything required to initialise the UI (DO NOT CALL DIRECTLY - see class foo) */
Get outdated quickly (without being updated) you have big problems.
Equally a one line comment before things like:
// Do this if we can be certain we are in month X
if (!(!x || ($chk(diff(y,o)) && (z<p))) {...}
Saves you having to draw out a truth table each time. Even if the logic gets tweaked a bit when bugs are found the purpose of the code is likely to remain and so the comment won't age too badly.
In the first case, perhaps the function should only be accessible by/from Foo, or those that share a Foo-ish interface. In the second, I would really hope to be able to abstract that into a call to s.in_month?(m), with s perhaps being built from some combination of $chk, x, y, o, z, and p.
Comments are a hack. There should be a way to include structured documentation with code that lies somewhere between free-form text (comments) and actual code. This documentation should sit at the abstraction level high enough to provide insight not captured in the code directly, but low enough that it actually has some coupling with the implementation so that if the implementation changes the documentation will be broken.
Of course, as long as we are using ASCII text for editing code, this is impossible. A few people are working on fixing this flaw (Intentional Software, Jetbrains MPS) but don't hold your breath!
Comments aren't for you. They're for whomever comes along later and needs to understand what you did. (Well it could be you, just several months in the future).
Sure, someone could read all the code, but it's way faster to just skim and pick out the comments if you don't care about the details. Think of code commenting as a time-saving device.
When I was studying CS, one of the things I was told was that if you grep and get only the comments out of a particular file/class, you should effectively see the pseudo-code of the program. In reality, I comment very little, just pointing things out that can’t be quickly deduced from casually reading the code.
I hope you don't still believe that's a good idea! That's a recipe for out-of-date documentation. Even if the comments are up-to-date they'll only be saying things that can be inferred from the code itself, less precisely.
I have to state that I have seen a case where keeping comments around which formed pseudo-code was a good idea, even though it was just once, and it was a very nonstandard case.
Basically, the comments were text and relational algebra in LaTeX which explained the implementation of dataflow equations by using sets and those relational algebra expressions were then implemented in operations on binary decision diagrams. However, as I said: this does not occur often. In fact, one might call it rare ;)
Good point @Xichekolas: We don't editorializing our own life and are not aware what information we give away to whom anymore. In the old old days, people didn't knew your last name untill someone else introduced you. Now people don't even bother to know your last name. They rather have your nickname or e-mailaddress (or fb profile).
We have no control on what kind of information lands where. Be it your SSN or where you last went on vacation. And we certainly don't know with what purpose the other party gains that information. For me, I don't care about pageviews, hits or anything that projects me as being popular or noticed. I want to know the party who is receiving information about me and the purpose of what is going to happen with that information. If I show people a slideshow of family photos I certainly know they don't get a copy unless I provide it to them. In the digital era it is quite different. Sharing is nice only if you can measure what it will deliver back to you. For now, only bad things can happen if you give up your privacy.
Oh my, this rocks. What would be even cooler is a library to use these functions. That would beat me to it, since I was thinking about a general data interface for websites too. If I could implement your effort into my code (PHP) that would be so awesome. Anyhow, nice idea though.
http://github.com/fizx/parsley/tree/master is a C library which represents the core of the parsing functionality. A PHP binding is quite possible, and indeed, there already are bindings for Python and Ruby. In fact, I might just go look at how PHP bindings are done in general...
Depending on the severity of the autism symptoms, he could try to get a more normal life. And no, I don't agree with the term normal since what is normal these days? Shooting people during a drive-by? Eating hamburgers all day? Using drugs and do everything possible to sustain that way of life? No. To me, that is not normal, but it is average in our society. He's not average, but he's using his capability to feed his interests. So let him.
In terms of real money, there is no money to pay the debt. The banknotes are just debt to pay another debt. It's backed by trust in a good future and a lot of promises of the working horde. But.... what if the crowd can't cope with it anymore? We can't predict the future and sure we can't predict mistakes made by banks or other investors. We can't let the people pay for these mistakes continuely, because the promises aren't built upon that. As long as there is no way to deal with these 'errors', there is no real way to predict investment either. Injecting 'money' (more debt) is not a cure nor a surety.
I'm sorry. I don't get it. Why is this same / similar technique posted for at least the third time on Hacker News? Has it improved in the last two weeks or are the people posting news not reading Hacker News themselves?
I can understand bringing it to attention (again), but somehow it gets annoying too. I don't like to read the same ol' same ol' news, especially if it is on the same website. Not to be a troll or anything, but could the people who post first look if something similar is posted?
