During a recent interview, an interviewer brought me to task for stating in my CV that I cannot accept copying code from the internet. I should have explained better that it is blatant copying of code without understanding it that I objected to. The modus operandi is the lazy developer plugs some code from the internet (usually from StackOverflow) into his project and run it to see if it works. If it works, the case is closed. If it doesn’t, then he’ll examine the copied code in detail. In this blog, I present 2 anecdotes that the copied code works and also do not work, to support my view.
Case 1: Wrong amount of RAM reported
Many years ago, I was maintaining an installer project. The installer sends back the PC specs to the server. One strange thing I notice in the database, is that none of the reported RAM exceeded 4GB. Upon examining code, the programmer calls a Win32 function to get the amount of RAM and that function returns a 32-bit integer value, so there is no way that the installer can detect more than 4GB. That function is relic leftover from Win32 and should never be used in the Win64 program. The installer has been always a Win64 program.
Case 2: SSL handshaking is disabled
On one fine day, a website product (without changes) failed to load a webpage on all browsers, giving an unhelpful and cryptic proxy error. Since in the corporate environment, every web traffic, (including that website product running on a test server) is accessed through a proxy. The software architect came over with the IT director and the 1st thing, he did, was to google and clicked on the 1st link which is a solution for reverse-proxy. And he copied the configuration line to disable the SSL handshaking for webserver behind reverse-proxy and after checking the code works, he committed the code without checking what is reverse-proxy and what the configuration line does. It effectively disables SSL handshaking because it is reverse-proxy (not webserver) responsibility to handle SSL as the webpage request from the outside world only sees the reverse-proxy, not the webservers behind it. And product manual still states that customers need to buy and renew the SSL certificate annually when the software architect has effectively disabled all SSL handling, so any future customer will be under false sense of security. The actual error is probably due to an automatic update to the corporate proxy that alters its behavior. Reader may ask what is the difference between proxy and reverse-proxy? Proxy is the gateway for all the client PCs (usually in a corporate environment) to access the web. The web only sees web requests from the proxy. Only the proxy knows the request and its reply is for which client PC. Reverse-proxy is the proxy for servers. A load balancer is an example of reverse-proxy. Reverse-proxy remembers whose IP address, the webserver serves the webpage so that the requests from the same IP will be forwarded to the same webserver so as to maintain caching, session and locality of information. See the diagram for more information.
One good way to avoid blindly copying code is to maintain an inquisitive mind and no responsible developer should accept any unknown code into his codebase without examining it thoroughly and checking on the official documentation.
Computer icons are courtesy of Clipart Library