This link has been bookmarked by 230 people . It was first bookmarked on 16 Apr 2006, by adrienne travis.
-
18 Jun 17
kevinoempty
-
28 Jul 16
-
06 Jul 16
-
28 Jun 16
-
23 Oct 15
-
All strings that come from the user must be stored in variables
-
-
02 Apr 15
-
Simonyi’s original concept for Hungarian notation was called, inside Microsoft, Apps Hungarian, because it was used in the Applications Division, to wit, Word and Excel. In Excel’s source code you see a lot of rw and col and when you see those you know that they refer to rows and columns. Yep, they’re both integers, but it never makes sense to assign between them.
-
-
03 Feb 15
-
26 Jan 15
-
Exceptions are fine for quick-and-dirty code, for scripts, and for code that is neither mission critical nor life-sustaining.
-
The way to write really reliable code is to try to use simple tools that take into account typical human frailty, not complex tools with hidden side effects and leaky abstractions that assume an infallible programmer.
-
-
26 Nov 14
-
02 Jul 14
-
27 Jun 14
-
24 Apr 14
-
04 Feb 14
-
17 Jan 14
-
25 Jun 13
-
08 Apr 13
-
23 Feb 13
-
06 Dec 12
Hendrik ThaerThis is the real art: making robust code by literally inventing conventions that make errors stand out on the screen.
So now I’ll walk you through a little example, and then I’ll show you a general rule you can use for inventing these code-robustness conventions, and in the end it will lead to a defense of a certain type of Hungarian Notation-
This business of making wrong code look wrong depends on getting the right things close together in one place on the screen.
-
I don’t want that information to be in another file or on another page that I would have to scroll to. I have to be able to see it right there and that means a variable naming convention.
-
Look for coding conventions that make wrong code look wrong. Getting the right information collocated all together in the same place on screen in your code lets you see certain types of problems and fix them right away.
-
If you read Simonyi’s paper closely, what he was getting at was the same kind of naming convention as I used in my example above
-
They’re both of type string.
-
But they are semantically different; they need to be interpreted differently and treated differently and some kind of conversion function will need to be called if you assign one to the other or you will have a runtime bug.
-
Apps Hungarian had very useful, meaningful prefixes like “ix” to mean an index into an array, “c” to mean a count, “d” to mean the difference between two numbers (for example “dx” meant “width”), and so forth.
-
In order to make code really, really robust, when you code-review it, you need to have coding conventions that allow collocation. In other words, the more information about what code is doing is located right in front of your eyes, the better a job you’ll do at finding the mistakes.
-
exceptions eliminate collocation. You have to look somewhere else to answer a question of whether code is doing the right thing, so you’re not able to take advantage of your eye’s built-in ability to learn to see wrong code, because there’s nothing to see.
-
-
04 Dec 12
-
29 Oct 12
-
28 Aug 12
-
27 Aug 12
-
20 Jul 12
-
22 Jun 12
-
15 Jun 12
-
coding convention that will ensure that if you ever make this mistake, the code will just look wrong
-
So our convention says this: if you ever see Request that is not surrounded by Encode, the code must be wrong.
-
violate the convention.
-
the right architecture
-
coding convention
-
Now whenever you see a naked Write without the Encode you know something is amiss
-
So, sometimes you can’t encode a string when you read it in, and sometimes you can’t encode it when you write it out, so neither of these proposals works
-
There’s no place to sniff. If you have a lot of code like this, it takes a ton of detective work to trace the origin of every string that is ever written out to make sure it has been encoded.
-
"us" (for Unsafe String)
-
"s" (for Safe string)
-
See what I did? Now you can look to see that both sides of the equal sign start with the same prefix to see mistakes.
-
and this will help you find obscure security bugs just through the normal process of writing code and reading code.
-
Making wrong code look wrong is nice, but it’s not necessarily the best possible solution to every security problem
-
variable naming convention
-
Most coding conventions include rules like
-
type coercion
-
Scott Meyers
-
By the way, the third edition of Scott’s book Effective C++ just came out; it’s completely rewritten; get your copy today!
-
you will have a runtime bug. If you’re lucky
-
Apps Hungarian wouldn’t really give you a choice in how to name this function. That’s a good thing, because it’s one less thing you need to remember, and you don’t have to wonder what kind of encoding is being referred to by the word Encode: you have something much more precise.
-
Hungarian Notation
-
Systems Hungarian
-
Apps Hungarian
-
Windows programming documentation
-
the bible for learning Windows programming
-
Systems Hungarian
-
Great Rebellion hit its peak
-
naming guidelines
-
strong type checking
-
Intellisense
-
collocation
-
makes wrong code look wrong
-
debug
-
write
-
maintain
-
Raymond Chen
-
the best programmer in the world
-
-
22 Feb 12
-
07 Feb 12
-
26 Jan 12
-
30 Dec 11
-
18 Dec 11
-
Write "Hello, " & Request("name")
your site is already vulnerable to XSS attacks. That’s all it takes.
-
-
04 Dec 11
-
28 Nov 11
-
10 Oct 11
-
we’ve got to get some consistent coding conventions around here!
-
spend the next day writing up coding conventions for your team
-
and you decide that it’s not really a bad thing to only reformat code when you revisit it
-
There’s an even higher level, though, which is what I really want to talk about:
4. You deliberately architect your code in such a way that your nose for uncleanliness makes your code more likely to be correct.
-
-
26 Aug 11
-
23 Aug 11
-
22 Aug 11
-
06 Aug 11
era eWhat Hungarian notation was supposed to accomplish, and how Microsoft blew it. ''Somebody, somewhere, read Simonyi’s paper, where he used the word “type,” and thought he meant type, like class, like in a type system, like the type checking that the compiler does. He did not. He explained very carefully exactly what he meant by the word “type,” but it didn’t help. The damage was done.'
-
11 Jul 11
-
25 Jun 11
-
04 Apr 11
-
12 Mar 11
-
04 Feb 11
-
21 Dec 10
-
20 Aug 10
-
Cross Site Scripting Vulnerability, a.k.a. XSS
-
when you build a web application you have to be careful never to repeat back any strings that the user types into forms
-
All strings that originate from the user are unsafe
-
Most web applications are developed under the principle that all strings internally are not encoded until the very last moment before they are sent to an HTML page
-
ll strings that come from the user must be stored in variables (or database columns) with a name starting with the prefix "us" (for Unsafe String)
-
All strings that have been HTML encoded or which came from a known-safe location must be stored in variables with a name starting with the prefix "s" (for Safe string)
-
-
06 Aug 10
-
Unsafe String
-
Hungarian notation
-
-
15 May 10
-
21 Apr 10
-
02 Apr 10
-
31 Mar 10
-
16 Mar 10
-
14 Mar 10
-
03 Feb 10
moritzwadeThis is the real art: making robust code by literally inventing conventions that make errors stand out on the screen.
software programming development design tips blog reference article productivity
-
06 Dec 09
jordimWhen you start out as a beginning programmer or you try to read code in a new language it all looks equally inscrutable. Until you understand the programming language itself you can’t even see obvious syntactic errors.
-
26 Oct 09
-
06 Oct 09
-
19 Sep 09
-
15 Sep 09
-
27 Aug 09
-
26 Aug 09
-
13 Aug 09
-
04 Aug 09
-
30 Jul 09
-
28 Jul 09
-
02 Jul 09
-
20 May 09
-
17 May 09
-
06 May 09
-
18 Apr 09
-
16 Sep 08
-
24 Jul 08
-
16 Jul 08
dalehagglundSpolsky discusses how to make sure that wrong code is easy to see, and in the processes explains his dislike of exceptions, and the merits of the much-misunderstood Hungarian notation.
joel spolsky coding style programming software development c c++ hungarian notation simonyi debugging exception documentation standard code design convention
-
20 Jun 08
Aditya BanerjeeThis is the real art: making robust code by literally inventing conventions that make errors stand out on the screen.
programming development coding software design bestpractices
-
18 Jun 08
Ricky RobinsonMaking wrong code look wrong using Hungarian notation.
-
07 May 08
-
30 Apr 08
-
I’ll show you a general rule you can use for inventing these code-robustness conventions, and in the end it will lead to a defense of a certain type of Hungarian Notation, probably not the type that makes people carsick, though, and a criticism of exceptions in certain circumstances,
-
-
03 Apr 08
Cory ForsythGood thoughts on coding, and how you learn to write good code.
-
27 Mar 08
-
21 Mar 08
-
16 Mar 08
-
06 Mar 08
-
20 Feb 08
-
03 Jan 08
-
01 Oct 07
-
26 Sep 07
-
10 Aug 07
ken .Years later Joel replies with a sweet story: Hungarian is not all evil, type<>class. Simonyi was misinterpreted. Robust=Readable => patterns (to recognise, not smells) -> Collocation, raise the visibility, reduce the ambiguity, information about intention
communication design development learning meaning microsoft patterns principles programming risk software
-
22 Jun 07
-
23 May 07
-
25 Apr 07
-
16 Apr 07
-
All strings that come from the user must be stored in variables (or database columns) with a name starting with the prefix "us" (for Unsafe String). All strings that have been HTML encoded or which came from a known-safe location must be stored in variables with a name starting with the prefix "s" (for Safe string).
-
now, if you make a mistake with an unsafe string, you can always see it on some single line of code
-
extend the rule a bit, and rename (or wrap) the Request and Encodefunctions to be UsRequest and SEncode
-
one step further, by naming Write to WriteS and renaming SEncode to SFromUs
-
-
01 Mar 07
-
15 Jan 07
-
01 Dec 06
-
09 Oct 06
Travis B HartwellAnother compelling reason for coding styles; "Apps Hungarian" sounds interesting...
-
08 Jun 06
-
26 Apr 06
-
27 Mar 06
-
17 Feb 06
-
06 Dec 05
-
01 Dec 05
Page Comments
Would you like to comment?
Join Diigo for a free account, or sign in if you are already a member.