'Reuse' Is Not Usable
First, here's my attempt at a greenspunism:
Bambrick's 8th Rule of Code Reuse
It's far easier and much less trouble to find and use a bug-ridden, poorly implemented snippet of code written by a 13 year old blogger on the other side of the world, than it is to find and use the equivalent piece of code, written by your team leader on the other side of a cubicle partition.
And I think that 'the copy and paste school of code reuse' is flourishing, and will always flourish, even though it gives very suboptimal results.
Let's look at some reasons why it flourishes, and some reasons why it's not so hot in the long run (feel free to suggest your own).
Copy and Paste from the Internet Is Good Because...
- Code stored on blogs, forums, and the WWW in general is very easy to find
- You can inspect the code before you use it
- Comments at blogs give some small level of feedback that might improve quality
- Google Pagerank (for example) sort of means that you're more likely to find code that might be higher quality.
- Code that is easy to read is more likely to be copied (and pasted) -- a positive side effect of this is easier maintenance
- The programmer's ego may drive him or her to only publish code that he/she believes is of sufficient quality
- Other... (any suggestions?)
But Copy and Paste from the Internet Is BAD Because...
- If the author improves the code, you're not likely to get those benefits
- If you find a bug or improve the code, you're not likely to pass that improvement back to the author
- An ability to 'Inspect the code before you use it' can mean very little if the whole reason you're copying the code is because you don't understand how to implement it yourself
- Google Pagerank (for example) doesn't directly address the quality of the code, or its fitness for your purpose.
- Code shown in blogs (for example) is often 'demo code' and may purposely gloss over important concerns: e.g. no error handling, no care taken to avoid sql injection, no care for encoding etc. (All the sort of things that make an author/blogger say 'Of course this is just for demo purposes and you'd never use this in production')
- Security Concerns (I'll just leave it at that; the paranoiacs can make up their own details).
- Other... (any suggestions?)
So I started thinking along the wrong lines... I started thinking "What about these internal repositories of code we already have... why don't we try and find some way to make them more shareable... make them as easy to find and use as the code written by a 13 year old hacker in Kazakhstan.
Well, my thinking went down these lines....
Let's bolt tools onto our source code repository that generates, and indexes, beautifully formatted html pages of that code. Employees can browse these pages, at their leisure on your company intranet, without any of the hassle of having to 'get latest' or load an editor or IDE, or any of that other junk.... These little websites would be searchable... oops!
And I stopped right there because my head started thinking in two completely different paths at once.
"intranet search" is broken
On the one hand, "intranet search" is broken. I say it's broken because ranking algorithms, like pagerank, don't work on small datasets such as intranets. So the ranking of the results you find is always junk.
And more often than not, intranet search is broken long before you get to the ranking of the results. Intranet search solutions are usually slow, or incomplete, or over-engineered, or they just plain fail.
So even if there was a tool bolted onto your source code repository that generated a set of html pages etc.... well, 'Bambrick's 8th Rule of Code Reuse' would still hold true. It'd still be quicker to google for the answer than to use your dinky little company intranet.
But on the other hand, maybe intranet search of code doesn't need to be as broken as normal intranet search. Intranet search is fundamentally broken, because the data set is too small and sparsely cross-linked to provide meaningful ranking. And without IComparable, there is no sorting.
But look at the amazing amount of information you can get from a static analysis tool like NDepend. That thing is seriously powerful. Just say one piece of code calls a method in another piece of code. We can say that it has voted for that method. If we analyse an entire repository of solutions, we can start to establish rankings for the code that is in use, according to where the votes are directed. And this ranking data could be used to help determine the relevant order for search results against that code base.
And once you have content that can be ranked accurately, it becomes possible to have fast and effective searches... google style.
But anyway.... let's continue to assume that intranet search is broken... so what's the other approach?
Re-Invent 'Copy and Paste' of Internet Code
What would be nice would be if there was a way for you to receive updates to the code you've grabbed from the internet.
But most of the implementations that spring to mind are no good for this purpose. For example -- I could sign up to receive an email any time the code I've 'borrowed' is changed. This is ugly because (a) I wouldn't sign up, and (b) even if i did sign up, the email would be indistinguishable from spam, (c) even I paid close attention to the update emails, I'd have a hard time tracking down where in my own code i've pasted the updated code, and (d) why would a 13 year old blogger on the other side of the world want to set up an email spamming server, just to share snippets you can copy and paste anyway.
Another approach (that wouldn't work) is for our 13 year old blogger to have an internet-facing source code repository which shares the relavent snippet with you. Rather than copy and paste the kid's code, you'd add a reference to his library, and/or retrieve a copy of his code that way. Updates would be pushed out to you whenever you 'get latest'. But again, why is the kid gonna build this kind of infrastructure.
And by now you've guessed what the best solution is. Our old friend RSS. But RSS for code sharing.
You copy and paste a chunk of code straight off the internet, and with it you paste some kind of unique ID (embedded in a comment) that pinpoints the source of that snippet. Your IDE is smart enough to recognise this guid: You are automatically subscribed to the RSS feed for that piece of code, and optionally you can subscribe to the comments for that snippet as well.
The 13 year old hacker need produce nothing but a piece of XML.
One day your IDE/Code aggregator detects a new entry in the relevant RSS file: this indicates an update to the code you copied. You're given the opportunity to compare the difference between the code you have, and the new code (using the same diff/merge tools you're already familiar with). You can choose to cancel or allow the change. And more: you can view the comments around this change (or contribute to them, or unsubscribe from them).
But this form of RSS wouldn't be limited to code snippets. You could use it for entire open source libraries. (Ah, a new version of Prototype.js... let me see what's changed...) You could use it for closed-source Dll's. (Ah, a new MAPI.dll, let me see how the interface has changed...) The same tagging could be used on code assets at every level of the code hierarchy.
RSS for Open Code Sharing seems like a nice little thought experiment. Inside my head, just now, it's working perfectly.
What do you reckon? Feel free to insult and belittle this idea -- i've just had it and i'm not attached to it yet ;-)
(Incidentally, I'm dismissing any of the 'silo' style solutions available from those all-too-proprietary IDE add-ins that let you share snippets. Unless the solution is 'Open', and will remain open, there's no incentive for anyone to use it.)
'Dan F' on Wed, 28 Mar 2007 01:52:29 GMT, sez:
Dude, your brain must be in overdrive. Another cool idea or 3 from The Ideas Man :) Not sure if I'd use it myself, but it works perfectly fine in my head too.
'engtech' on Wed, 28 Mar 2007 05:28:11 GMT, sez:
"What would be nice would be if there was a way for you to receive updates to the code you've grabbed from the internet."
Isn't this cpan.org?
There's a perl script called cpan that comes with it for installing modules of other people's code and updating.
'illearth' on Wed, 28 Mar 2007 09:30:08 GMT, sez:
Cut and paste code is almost always a bad idea, even if you were able to update it. Don't get me wrong, it's a good way to learn how to implement something.
Using code that you don't understand without unit tests and with side effects you don't understand is just programming by coincidence.
If you didn't understand the code in the first place, I doubt you'd be able to understand how any updates or changes may effect your code base or product. Most people who do this would blanket accept all new code.
At any rate, there is more to code reuse than just reusing code snippets. It's about developing well thought out and tested classes and methods that can be used throughout a project reducing duplication, reducing duplication and regression of defects, promoting consistency, enabling refactoring, and reducing maintenance costs.
'Alan Stevens' on Wed, 28 Mar 2007 12:49:42 GMT, sez:
I'm reminded of a Scott Hanselman quote relating code found through Google and the writings on bathroom walls.
'Matt Casto' on Wed, 28 Mar 2007 14:37:31 GMT, sez:
I'd use it. Definitely a fun idea.
'Eddie Paz' on Wed, 28 Mar 2007 19:05:31 GMT, sez:
I agree with IllEarth, here. I'm always looking for solutions on the net. Those little gems of code that do exactly what you were looking for are just invaluable. But even then, after I copy and paste, I basically change it my standards, add whatever other it's missing or remove extra baggage.
So in a sense, I look for ideas on how to write the solution, then just simply copy & paste.
'Steve Jackson' on Thu, 05 Apr 2007 13:30:32 GMT, sez:
That's not copy and paste, that's "research". Accepted and encouraged in all academic and professional communities.
'Craig M. Rosenblum' on Fri, 06 Apr 2007 13:33:20 GMT, sez:
Why not create a firefox extension that allows you to search universal code repository.
And then as users, we always look for new snippets to add to the code library, but it has to has author, date created, version info.
It tracks who has copied the snippet, and then if an update occurs, updates a tab in the extension showing recentaly updated snippets.
Then it becomes more of a webservice, then an rss feed.
And then you can add features, like comments, or let's say you made some changes to the snippet, unless it's properietary, share those changes you made.
So that it becomes a source of learning and sharing.
Then you can add features like, requests for code snippets, where people can compete for points/rankings to see who can generate or find the best snippet.
This has potential, if we take action on the idea..instead of letting it sit in the bin...
'Alan' on Fri, 24 Apr 2009 11:23:47 GMT, sez:
Downloading updated snippets automatically is an extremely bad idea from a security perspective. Why do you want to give the 13-year old hacker control of your application? The fact that tools like maven do this already is not a reason to keep making this mistake.
'lb' on Fri, 24 Apr 2009 11:43:38 GMT, sez:
>Downloading updated snippets automatically is an extremely bad idea
please read all of the words in the article.
>You can choose to cancel or allow the change. And more: you can
>view the comments around this change (or contribute to them, or
>unsubscribe from them).
'Air Max Ultimate' on Mon, 13 Feb 2012 01:03:13 GMT, sez:
http://www.chaussuresairmax-fr.com/Fabriqué à la main: Beaucoup de femmes veulent s'en tenir aux dernières inventions en raison de la singuliers utiliser bracelets