OWASP - I have been reading about the OWASP Top 10. Apparently they are a list of common web security breaches. There seems to be a new list each year. Figure I h...
Ha ha. That's going to be my new methodology. OOPS. Just have to come with a catchy algorithm and run with it. Heck it sounds close enough to OOP that I might just be onto something.
Metadata to the rescue. I could store all the info about the tables and columns in a metadata store. Then a query builder could interrogate the metadata and build up my SQL strings on the fly. Maintenance of the metadata will be a whole lot easier than going through all the hard coded SQL.
Had a manager call me up today to discuss my proposal. He tried to drill down into the structure of the metadata. Unfortunately he did not fully understand the problem being solved. He also pitched a very verbose metadata structure. I want my job to be a whole lot easier. Don’t want to shift all the hard work from code changing to metadata maintenance. Got to formulate a plan to get him to see things my way.
I told him the thing to do would be to activate some logging so he could build a bread crumb trail. That way he could figure out what was going on in the stored procedures. I call this the old printf style of debugging. So we sprinked some logging to a database table in his routines. Then we ran the code again.
Sure enough, some output was generated in the database table. We traced it down to the code he wrote. Then we iterated and added more logging in the local area where he thought the code was not working. All of a sudden, the application started working correctly. Wait what? I could not imagine just adding logging would fix the problem.
I gave it some thought. The logging did not magically fix his code. He was just not running the same version of the code that he was looking at. He just assumed that the version of code he worked on was what was deployed. Next time I should have him extract the source code of the stored procedures right out of the database. That would prevent this surprise.
Turns out my normal backup was also out of the office. That's okay. I trained the new guy on this system. Unfortuantely he told the managers that he knew nothing about the operations. Fail. I guess I trained him up but he did not use that knowledge. So he forgot it all.
Today I was scheduled to give a one hour session on the system. I did so. Took around 30 minutes to give a high level overview plus a hands on demonstration on how all the pieces get run. Then a manager asked me to prep the audience to respond to problems. Another manager asked that I give them the steps to "reset the data".
Unfortunately the only way to get familiar with the system is to get your hands dirty. You got to resolve a bunch of trouble tickets. Only then will you get the chance to dig deep and understand what the heck is going on. That's how I learned. That's how my backup learned. And that's how everyone else is going to need to learn. Sorry. Once again there is no silver bullet here.
Sometimes I am able to detect some requirements that are not necessarily new. They are just newly documented. It is a problem that they are just lumped together with the new requirements. But that is a story for another post. There were there requirements at the end of my mapping which seemed strange to me. They did not seem to be related to the new functionality. They also did not seem to be things the system already did.
I decided to get in touch with our requirements lead. Apparently these were requirements previously collected but never implemented. They need to be completed along with all the changes I am working on. That is a bit tricky. They should not be mapped to the new design I produced. They need to go with a future design that was yet to be written. Tricky.
The little time we actually spend on the new features causes the schedule to drag on. Our team decided to record the time we spend on tasks during the day. Iteration one is using Excel spreadsheets to track everything. Hey. I am game for anything that tracks actuals.
Initially the team wanted me to record start and stop times for tasks. Dude. I work on all kinds of tasks and get interrupted from each all the time. There is no time (no pun intended) to record all those starts and stops. The goal here is to collect duration of tasks. Therefore I am only record the daily duration on every task I do.
The team lead thought we should record down to the 15 minute increment. Nope. Thirty minutes is the least I can do. Otherwise I am going to be wasting more time recording the stuff. Pretty soon I hope we can use a tool to collect this data. But spreadsheets are good enough for right now. I find that I am even more diligent in recording everything I do, including all the interruptions.