Comments by "Mikko Rantalainen" (@MikkoRantalainen) on "Thriving Technologist" channel.

  1.  @Corrup7ioN  I think that's easy to fix. Make a rule that the reviewer of the code (whoever accepted PR) is taking responsibility about the code in case the original author is not available. That means, that person is required to be able to explain the behavior of the code to the other people if needed. Once you apply rule like that, people get much less trigger happy accepting code that they cannot understand and the quality the code raises a lot.
    12
  2. There's an old saying that "you get what you measure". If you start optimizing only for velocity, everything else will get worse if that improves the velocity. As the intented product of software development is not velocity, that should not be the thing that you're optimizing.
    11
  3. Maybe I'm in rare fortunate position where I can be creative in my work. The problem I'm facing is more along the lines of "acceptable quality" – I would want to set the minimum bar much higher than the rest of the team. It's surprisingly demanding mentally to have to accept the fact that the finished product is of lower quality than you would personally want to output. The customer base seem to be happy with the resulting quality even though I can see random failures every now and then in logs so maybe my personal criteria for a "acceptable quality" is simply much higher than general population.
    9
  4. I think that not having clear acceptance criteria is the most common problem in the software industry as a whole. With small enough changes (small incremental features) and clear acceptance criteria that's understandable to the team or the sole developer, there's no need for SCRUM or any other complex system.
    7
  5. If a piece of code requires that other team members have to ask about it, it's definitely not self documenting code. It doesn't matter if it contains comments or not. My guideline after writing software for living for a couple of decades is that if a team member has to ask about any piece of code, that code should be rewritten to be more understandable, or if that's not possible then you have to add enough comments or other documentation. Only bad coders have to write code that requires team members to ask about it and in that case that's done because of job security, not because it would actually result in better code.
    6
  6.  @TrackedHiker  I can think of multiple situations where code that has high performance is much harder to understand. Take an implementation of simple sort algorithm as an example. I would guess we can agree that insertion sort or bubble sort will be easier to understand than quick sort or radix sort – especially if you have memory constraints, too. For more complex example, try Linux RCU which implements shared memory syncronization algorithm with zero locking. If you can create an alternative implementation with code that's easy to understand with those performance targets, please share your code.
    5
  7. I mostly agree with your list. I guess it depends on company but being "Strategic Coder" as you described here may not work for a smaller companies – there might not be enough architecture to focus solely architect job and in that case, a great software architect would navigate the problem space and choose sensible tasks to speed up the development. However, you have to be careful to not lock yourself into too big projects so that you have enough time for the architecture work as needed. And I would have included hardware costs to the cost sensitive part of the video. If you write code in managed languages, the runtime performance will be lower and depending on the user count and who pays for the hardware and electricity, sometimes you should go with higher performance language such as C, C++ or Rust to reduce runtime hardware costs. If you're creating a mobile app and end users are paying for the hardware (e.g. their own smartphones), then you can have more focus in getting things out fast. If you're running AI systems on your own systems for a big amount of users, then you need all the optimization you can get because computational efforts are insane no matter which language you use. Or one could argue that most of this actually belongs to understanding tradeoffs. I think it's the single most important bit on your list.
    5
  8. I rarely actually execute the code when I review code but I mentally track all the new code to check e.g. if it correctly handles random binary strings or not. If the code is not clear enough to be mentally tracked, it should be fixed even if it actually executed correctly.
    5
  9. I definitely agree that leadership position and programmer / software architect are totally different things. The whole problem of highly skilled programmers entering tech lead position is caused by the failure of the company to provide tech specialist role with equal or higher pay compared to a tech lead. As a result, those programmers that want a raise are forced to take the tech lead position. I think it would be much better to have a leadership based on person skills and then have another person as a tech specialist to provide the technical knowledge required for the project.
    4
  10.  @HealthyDev  My thinking is that is a company is afraid of losing a high performance developer, they should offer him or her more money for their work but in reality they typically offer more work but require to take the tech lead role. I do agree that a developer shouldn't accept the tech lead role unless they're willing to do that kind of job. If the company is not agile enough to offer more money without taking the tech lead position, then the company deserves to lose the high performance developers that do not want the tech lead position.
    3
  11. I've been writing code for two decades and nowdays when I'm asked to do a temporary solution, I'm asking "when is the deadline for this temporary solution so I can hardcode a deadline enforced by the code?" It often turns out that the required code is not temporary when you ask it this way. And for those rare cases where the code is actually temporary, you can then add an explicit test that causes e.g. exception to be thrown if the method is called after the deadline. It also makes it obvious when the code is okay to be removed for good.
    3
  12.  @HealthyDev  It does make sense. The important part is that when you design a new feature, you explicitly decide which metrics you use to measure the success. The decision might be that one of the already existing metrics is good enough but that's a known decision before the new feature is implemented. That way your measurements make scientific sense – you decide the metric before you start measuring the data. When you do it the other way (add metrics after the fact, or invent the metric after already seeing some data) the results will be skewed.
    3
  13.  @TrackedHiker  I think that commit messages should explain WHY the code was changed or added. With well maintained code you should be able to run "git gui blame path/to/file.ext" and get a line level explanation WHY any given line exists in that file. If you have a non-trivial line where the commit message for that line doesn't explain WHY that line is there, the commit log is missing a lot of data. For me, code comments are documenting the intent of the code. For example, the comment should descibe that a method will handle untrusted user input in parameter "name". In that case, the implementation must be able to handle random binary input instead of handling just ASCII only or some other easy safe limitation. Without knowledge of the intent of the code, you cannot safely refactor it because you don't understand what your responsibilities are. Without documentation you have to assume that existing code is the perfect description of the intent of the code meaning that the existing code never has any bugs. In my experiece assuming that existing code has zero bugs is not a sensible assumption to make. In addition, why would you be even considering refactoring perfect code in the first place?
    3
  14.  @TrackedHiker  I didn't meant to attack you or anybody else in this discussion with the comment about quality. I only meant that I use whatever means possible to improve quality and having more comments instead of less is one way to improve quality. I totally agree that no amount of communication can prevent misunderstandings and other people skip reading. About the tooling: the editor I'm usually using does support showing latest commit message for any given line in the source file. As such, when I read a line of code that looks a bit weird to me, I inspect the commit message. And if that commit message has nothing to do with that line, I can be absolutely sure that the commit is crap and needs to be investigated more. With well written commit messages I see that, for example, the line was last modified to add support for non-RFC compliant email addresses to handle a case that a real customer hit. Encoding such details as comments in the actual code doesn't make sense to me but in commit messages and right tools, it makes tons of sense.
    2
  15. I definitely agree here. The longer I've been working in software development, the more sure I'm that the actual work of a good software engineer is to work as interpreter between normal human beings and computers. Your task is to communicate the requirements of the humans to the software and then explain the technical limitations or requirements from the machine to the humans. If you're good at this, you can give the response/requirements of the machine without actually writing any code or running any tests. That allows you to listen for the requirements that the end users really need and then offer possible solutions with a quite good estimate how expensive each solution is to implement in reality. You can basically promise anything if you don't need to mind about resource use, budget or time schedule. Just invent AGI and run the required software on that. For more realistic projects being able to clearly explain that with the end user requirements X and Y there are possible solutions A and B where A will be faster to implement but will cost more in use because of licensing reasons or because it requires constant 100x more computing time in production. Your role as a software engineer should be about offering those possibilities but it's not your task to select which one makes most sense for the business.
    2
  16. I nowadays think that why the code is there belongs in commit messages. Basically "git blame" should have all the data about why each line of code is needed. Comments should describe the intent of the code, basically similar to Eiffel design-by-contract rules about what any single class/function/method promises to do and what it requires from other parts. For example, if it takes argument called "name", is it okay to pass any random user input including null bytes in that? Without documentation about the intent you cannot know if the implementation is correct or not. If you have poorly named functions or variables, adding documentation as a fix would be a wrong thing to do. You should make the code as easy to understand as possible and have intent of the implementation in comment. Usually this means function level comments in practice and maybe one class/module level comment to describe overview of things.
    2
  17.  @markt1964  The problem is that when another developer visits that code in the future, he or she cannot know if the code is buggy and behaves some specific way or if the apparently weird behavior is by design. That's why comments should explain the intent of the code, not the implementation.
    2
  18. The best summary I've seen SCRUM is like this: Series of waterfall projects with a fixed length of 2 weeks. That's basically true in practice. If you try to religiously apply SCRUM in any long running software project you'll end up splitting any design or architecture changes in 2 week segments and even those need to be hidden as features. If that's not possible, tough. Your software is going to detoriate over time and it cannot be fixed within SCRUM rules. I think this is actually mostly your point 4 and point 5.
    2
  19. Our team has tried to create rough estimate for nearly all backlog items to help sorting the backlog. If you have new features X and Y in the backlog and you think both are about equally valuable to users, you cannot correctly sort those items unless you know that X requires roughly 5x the work of Y. I think you don't need estimates like "3.5 days" but S, M, L, XL for this, though.
    2
  20.  @MrAntice  And any code that interfaces with 3rd party code should contain links in comments to the documentation of the 3rd party code that the implementation depends on.
    2
  21. I guess that depends on your taste. For me, I watch these videos despite the guitar playing because the content is valuable but I usually skip forward when guitar playing starts.
    2
  22.  @cccc2740  I agree. You can discuss about the issue with your boss and explain that you're sure you can find better paying position in another company if you cannot get a promotion here and still many companies fail to promote you. I think it's sad actually but the HR department often has more power in the company that the people that actually create stuff that the company sells. And if HR department blocks your promotion it really doesn't matter how good you're in your job. If I were the owner of any software company, I'd make sure this wouldn't happen there.
    2
  23. I think the conversion to daily status meeting is because being afraid for going 2 weeks into the wrong direction for the whole project.
    1
  24.  @HealthyDev  I guess that's the actual root cause in most cases.
    1
  25.  @TrackedHiker  The problem I'm trying to avoid with real comments and well written commit messages is the situation where original author is not available and the code needs to be modified. In that case, I definitely don't see "one doesn't have to understand every last detail" before proceeding to modify the code. I've written comments about the intent of the code and clear commit messages and still some co-worker has modified the code against all instructions. I wouldn't want to see the results of trying to live with "self-documenting code". In the end, I guess it depends what kind of quality you're looking for. I always try to code like I were writing code for OS kernel.
    1
  26.  @TrackedHiker  So... where would you write that the said implementation follows e.g. RFC or HTML5 email validation? If I understood you correctly, you don't think that comments improve the quality of the code so you wouldn't use comments for that. And you don't think it belongs to commit message either, if I understood that part correctly. I'd personally put that kind of info in function or method docblock (techinically a comment) and in the commit message.
    1
  27.  @TrackedHiker  I think that if you use highly abbreviated commit messages and first line only you're missing a lot of value that well maintained version control can provide. With Git, you should aim first line being the title (similar to email Subject line) and the rest of the commit message should be similar to email describing WHY that specific commit is worth including to the whole project. Our team is nowadays trying to work this way and I've found it valuable multiple times. That has reduced the time needed to investigate code in many situations but I don't know if the overall time spent is positive or negative. At least developer experience has improved in my opinion. We also try to make logical/atomic commits instead of snapshots of the filesystem. I think that should be considered as a requirement before you even try to write good commit messages.
    1
  28. Code style is one thing where I'll always fight for Allman-8 formatting for any new code. That's the syntax programming is usually teached because it's the most clear style there is. And after writing code for a couple of decades, I still fail to see the need to use any less readable style. Most alternative styles originate from the time when terminal only had 25 lines and for those environment, minimizing the line feeds was actually an important feature.
    1
  29.  @markt1964  Are you assuming perfect unit tests? I'm assuming any code will have unknown bugs that will surface in the future.
    1
  30. If your estimate ever includes anything by any 3rd party vendor, just multiply whatever result you would otherwise estimate by 10. In my experience, 3rd party vendors may suddenly stop even answering you without any warning due some internal problems. It's very rare that you get such transparency from the 3rd party vendor that would know about their future internal problems arising. If you don't have a plan ready not being able to use that 3rd party vendor to implement the feature you need, you either need to decide that if the 3rd party vendor issue may cause the whole feature to fail or you include enough time to fully implement alternative solution. If you use 3rd party open source library, make sure that you include the risk that you become the sole maintainer of the project. I personally think that's lesser risk than trusting closed source "supported" 3rd party library in long run but that's still a risk you should consider.
    1
  31. The R in R&D is research. And research is about studing things that are still unknown. Research: if we knew what we're doing, it wouldn't be called research.
    1
  32. I think the problem with story points is that they look like numbers. We're internally using small, medium, large, x-large as the effort needed.
    1
  33. Great video. I think our team fails at not having metrics for every feature and that leaves us guessing about the actual impact. And your rationale why this happens makes perfect sense. I'll be working to get metrics for every feature in the future for sure.
    1
  34. I fully agree that comments/documentation should be considered mandatory for any code that's supposed to live long – that is, maintained and developed further. However, I don't believe in commenting individual lines but whole functions/methods. My rule of thumb is that if a method is public (usable by external code) it should have documentation/promise about what it does and basically state Eiffel-like design-by-contract about the supported inputs. Whether you write it as docblocks above the method implementation or in form of automated tests really doesn't make a huge difference but you should have clear documentation about what the code is supposed to do. That way you can figure out if the implementation actually matches the original intent when you later need to modify the code. Without documentation you cannot know if handling of some specific edge case is intentional or a bug in implementation. I prefer docblock-style comments in mostly English but I'm getting more and more strict about having to declare if any input parameter and results are trusted data or not. All input (user generated data, files, network sockets, config files) should be considered untrusted and anything directly computed from untrusted data shall be considered tainted, too, and as such, untrusted data, too. If you write all code like this, you end up having a lot less security issues in your code. And for all input and output string values, you have to declare the encoding in the documentation. The input encoding might be untrusted UNICODE string and output could be trusted HTML text fragment – in that case the implementation must encode all the HTML metacharacters or there's a bug in the implementation. Without a docblock you cannot know if that's intented or not. That said, private methods (in case of class/object oriented programming) do not need to have any documentation because those are just part of the implementation. I also don't think automated unit tests should even bother testing private methods directly but just the behavior or any public methods. I'm on a borderline if even protected methods should be tested with unit tests – I'm currently thinking that if no public method actually uses any private or protected method, those methods are just dead code and should be deleted instead of writing unit tests. In the end, when I write some code and a team member needs to ask me about the implementation (during code review or later) then I usually end up fixing the implementation to be more readable. In that case I believe in "self-documenting code" that I only use comments within the method as the last resolt – it's much better to write understandable implementation that can be fully understood without comments within the function/method body.
    1
  35. I think refactoring can be expressed as a separate task but you have to express it in terms that management can understand. The management can understand the concept of "without this refactoring, every new future feature will be harder to implement and will require more effort". Then the management can make informed decision about doing things faster right now in balance for extra future effort. Sometimes decision like that needs to be made and senior programmer will accept that, too, as a fact. The important part of the equation is to make management aware of the future cost for doing things fast right now.
    1
  36.  @raph151515  I'm happy with no comments in code that will not be maintained but if I'm writing said program, I'll ask for date (within following 365 days, not forever) when the software may stop working and I'll implement a check and the program will stop working on that date. If such date is not available, the software will be maintained in reality and any BS reasoning about no comments / documentation should stop.
    1
  37.  @Elemblue2  I totally agree about people disagreeing what kind of code is perfect. I'm personally mostly interested in code being clearly understandable and non-fragile. That is, the next developer making changes to it should understand the existing system and if they make mistakes during the implementation, the failure should trigger assert()s during testing instead of silently corrupting user data in production. I prefer correctly working code to nice looking code. I'd prefer having setup where you can run 24/7 mutation testing (which requires 100% code coverage in automated testing to even start) but my team doesn't see that valueable enough to even try to improve automated testing. One should consider mutation testing as automated testing of quality of your human designed automated testing. If you cannot do mutation testing, you cannot even know how much your existing tests are missing even if you had 100% code coverage. And most software projects ever made do not even have 100% code coverage for the automated tests. And if you only do manual testing without measuring code coverage, you don't even have an idea if the code is working correctly or not.
    1
  38. 10:45 One thing that I'd like to add is that if you write in some dynamic programming language (e.g. JavaScript or even PHP) where any variable can contain practically anything from a single integer to actual functions or objects, having machine readable notation for especially return type is very valuable for the other members in the team, including future team members.
    1
  39.  @TakanashiYuuji  I agree that if the language supports return values you should use those. However, comments can still be valuable to explain that, for example, even though the return type is technically int, the actual range for returned numbers is 0–4 inclusive.
    1
  40. In my experience, since acceptance criteria is so often lacking, asking for estimates is same as asking "how much does building a bridge cost". Correct answer might be something along like this: "Somewhere between 5 billion dollars and 1 dollar. If you want better estimate, you have to give more details. Where will the bridge be located? Will it be used by ants or are you going to land fully loaded cargo airplanes on it? If it's used by cars, how many lanes you need and should the estimate include all the ramps in both ends? How long bridge do you need? When do you need it ready? Are you able to pay it fully up front?" As you explained in point 2, there are a lot of variables and many don't have clear answers even if the developer actually tried to acquire the information.
    1
  41. I'm strongly in the camp "write once, read multiple times" when it comes to code and its documentation. Once you accept that any single of line of code will be read more than once in long term, you should make code as readable and clear as possible. And in practice that may require adding comments. However, comments should be added if they make code more clear, not just because the boss said so. My bar for how much more clear the code would become with comments is pretty low, though. If the code is any easier to understand with extra comments, add those comments. That said, it's a balancing act because extra comments just add extra letters to read if the code would be perfectly understandable without the comment. If you truly write temporary solution that will be thrown away in near future for real, sure. In my experience, nothing is as permanent as temporary solution that seems to work, though.
    1
  42.  @TrackedHiker  For that specific example case, I would say that commit message should say "Allow more letters in email address to fix issue noticed via customer feedback" + a link to the ticket that triggered the change. And the actual diff should only change the accepted letters with that commit message. The "why" should explain why the code was modified / why this patch should be accepted – it was because the code didn't work with real world environment / real world email addresses. The commit message should also include a notice which explicitly says if the new implementation is RFC compliant or intentionally against the literal RFC. For example, HTML5 email validation is against RFC because the real world is more complex than STMP RFCs would make you believe. The commit message may also contain short summary of the actual changed code but that can be always viewed from version control no matter what the commit message says. And yes, I definitely believe that unit tests should try to inject random data in all strings that are not specifically marked as trusted in the API. That said, I don't know if any unit test framework natively supports fuzzing on unit test level.
    1
  43.  @TrackedHiker  I think the fact that the issue was noticed by an actual customer is worth keeping in the version control history. I'm nowadays thinking about patches quite similar how Linux kernel development is done. The commit message should be analog to LKML email message which explains why that commit should be included in the official version. That way it will be easier to figure out if some specific patch should be cherry picked for some older maintenance release or not.
    1
  44. My calendar estimates usually go out of the window when I have to take new tasks that no other team member are willing/able to take. The problem is that if my work would be needed for some additional feature in e.g. 4 weeks, the choice is actually between prioritizing the task that no other member of the team can do and the additional feature that initially scheduled 4 weeks in the future being delayed in addition of my current work getting delayed. And it's often these dependencies that quickly get too complex for management to understand the big picture. I've taken a habit of saying "If I don't get interrupted with other work, this will probably take me 8 work days" to more clearly communicate the risks to the management. I think the bigger problem in my team is that way too often I'm the only member that can effectively work in many parts of the software. Other members would be able to do the work but take 4x the time I would need so they end up avoiding the task and the management may end up agreeing on that.
    1
  45. If you actually want to get promoted instead of being respected, the most important thing is to discuss about it with the people that are going to decide about your promotion. Tell them what you wish and ask them what they think you would need to demonstrate to make it happen. In some cases it might turn out that the company HR will prevent your promotion because of some little detail. And if you cannot change that detail, no matter what else you do, there's no hope for promotion regardless of your performance level. I totally agree that all the points in this video make you a better software engineer and are practically requirements for a good software architect role but doing all that may still end up just working more without getting paid as an architect/lead/senior if you fail to fulfill some hidden requirement that your boss is looking for. Also, make sure to discuss about the decision making in general. How much power do you and other people in your team actually have over the priority of the changes, design, schedule, UI or UX decisions? Some teams have a boss that really wants to micromanage everything, some teams fail to have clear knowledge about who gets to decide what and it will end up in a big mess over time. Are you looking for a better pay or more power in decision making or both?
    1
  46.  @attribute-4677  Finger pointing is bad behavior in all cases so that alone should be red flag requiring attention from the boss. I typically avoid naming the original developer even if I knew you made the mistake, instead I focus on the fix. And if the mistake seems to be systematic for said developer, or the whole team, then I'll do extra effort to get all developers to understand why this class of errors must be avoided in the future.
    1
  47. I totally agree with you except for the automatic code formatting. I strongly believe that there should be code formatting rules for a project but it shouldn't be enforced by automated process. Sure, have an automated check to tell if you've broken the rules and optionally allow automatically reformatting the new code but there will be always situations where code can be more readable by breaking the arbitrary rules your project ended up with. A basic example could be line length rules: if the code would be more readable if you go over the line length limit by 7 characters, do it. Wrapping that code on two or more lines might follow the formatting rules but it would result in less readable code. Code readability is the most important thing. Any important piece of code will be written once but re-read many times and you have to make sure that every reader understands it the same way. I strongly believe in self-documenting code but the bar should be that if any member of your team ever has to ask about the code, it's poorly written. If any member of the team fails to understand your code then it's not self-documenting. It's that simple. And in such cases, I always prefer fixing the code and as a last resort, I write some comments. That said, I also try to write short documentation for every function or method (DocBlock) to help people using editors that can show that documentation while modifying the code on the calling site and design-by-contract rules for the caller, without needing to even see the actual well written code. And after writing server software for a couple of decades, I've come to conclusion that all parameters should have explicit info about if the argument is untrusted (raw user input is okay) or trusted (never ever pass any unfiltered user input here). And note that raw user input may come from TCP/IP socket, file, environment string, command line argument, SQL connection or REST API request. If the bytes in the RAM can be affected by entities outside your code, it's untrusted. And untrusted data is contagious so if your programming language doesn't have something akin to Perl taint mode, you have to track untrusted data by yourself from variable to variable. Also, a string is just stream of unknown bytes unless you know the encoding and intent. Many security issues happen because programmers fail to understand the data. For example, SQL injection attacks and XSS attacks are actually the same security problem under the hood: missing or wrong encoding for the context. In case of SQL injection attack, typical problem is using raw string when the actual context is "constant UNICODE string within a string in SQL query" and XSS attack is caused by using raw string when the actual context is "constant UNICODE string within a JavaScript string embedded in SVG embedded in data-URL embedded in attribute string embedded in HTML5 document". Not every context can support raw binary strings but if your function or method takes untrusted string as input, it's your task to encode or otherwise make it safe. If your method cannot accept any random binary input, your method will need to test for binary crap and throw an exception or handle the problem in some other way. Remember that if you don't write this safe code, then every calling site must re-implement it or you'll have security vulnerability waiting in the code. I'm nowadays writing my functions or methods so that any data passed in must be random binary safe unless the parameter is explicitly marked as trusted and in that case the caller takes the responsibility for data safety. And automated tests for that code should actually use random binary test strings to make sure the code doesn't bitrot in the future.
    1
  48.  @xybersurfer  I totally understand that sometimes a co-worker may have holes in their knowledge of the programming language and I think a good answer to such question consists of two parts: (1) explanation to the actual problem, and (2) tips about how to figure the same thing in the future; that part could be the official language reference/spec, some google kung fu* technique or a good book about the language. (*Some say that proper form is Google-fu: "Google-Fu" is merely being able to find things quickly and easily, particularly difficult things, on Google. And the "-fu" comes from "Kung Fu"; the "google-fu" phrase is sort of an outgrowing of the whole usage of "ninja" to mean "someone who is hyper-competent".)
    1
  49.  @weatherman1504  That's why you should be code reviews. The point of code review shouldn't be variable names spelling or names of the stuff (what the code review typically ends up being) but about code being understandable. The most important question the reviewer should ask is "if the original author gets hit by a bus, could I maintain this code forever without painful experience?"
    1
  50. 6:10 I think that if you feel that you have to re-write the documentation for a method after modifying the implementation, your existing documentation wasn't well written. The existing documentation may not be accurate enough to describe some edge cases but if you just fix or add features to existing implementation, there shouldn't be need to rewrite the documentation from scratch.
    1