Unprofessional code: Answer

time to read 2 min | 244 words

In my previous post, I mentioned that I don’t like this code, that it lacked an important *ities, and I asked what was the problem with it.

The answer is that it isn’t easily debuggable. Consider the case where we have a support call from a user “I am in France but I see courses that are running in Australia”.

How do you debug something like that, and how can you work with the user on that.

In this case, adding something like this is enough to make the system much nicer to work with under those scenarios:

This is an internal detail, never expose externally (until this blog post, obviously), but it allows us to override what the system is doing. We can actually pretend to be another user and see what is going on. Without the need of actual debugging any code. That means that you can try things out, in production. It means that you don’t have to work hard to replicate a production environment, get all of the production data and so on.

Thinking like that is important, it drastically reduces your support burden over time.

Tweet Share Share 33 comments

Tags:

design

Comments

26 Jun 2012
09:15 AM

Rei Roldan

Or instead of Reques.UserHostAddress use a "IIPService thing" because you will need more than just UserHostAddress to get the user's IP address in case of him being behind a proxy (for example), abstracting it away leads to easier testing.

I know you'll probably call YAGNI on this one, but knowing the IP of the user doesn't seem like a trivial part of the apps logic, it adds business value, so, why not :)

26 Jun 2012
09:24 AM

Krasimir Evtimov

Just to point out that you better be sure that you don't rely on the IP for some security checks or whether to show or hide some features based on the user location, because you just introduce a way for the user to fake his IP address..

26 Jun 2012
09:29 AM

Bevan Coleman

My issue with is that it just reeks of bad UX.

The code is taking an important choice away from the user (what location they are interested in). There is no sign it lets them know what region it has assigned them and doesn't give them the ability to override it.

Even worse... if it can't work out the region it just shows nothing.... ewww....

You probably wouldn't get any support calls.... because the user wouldn't come back.

Given that geo-location is not 100% (to 9 digits...) reliable it should be an progressive enhancement (i.e. auto choice the region in a list).

26 Jun 2012
10:23 AM

Ayende Rahien

Rei, Yes, I do call YAGNI on that. And knowing the user's IP actually IS a trivial part of the application.

26 Jun 2012
10:24 AM

Ayende Rahien

Bevan, Take a look at http://ravendb.net/events, where you can see this in action. You don't have a way to know from the provided code what kind of a UX you have. As you can see from the actual site, you do have a way to override that in the UI.

26 Jun 2012
10:45 AM

Bevan Coleman

Yeah, the end result does look ok... though I can't see any "EventsNearYou" not being anywhere near any of those places.

That said the site should still let people know what region it is detecting them as. Unless I knew that the site had a "EventsNearYou" function I couldn't tell it was there (let alone if it was working or not).

Even telling the user there was nothing in their region would do. Though I suppose you could argue the map does do that as most people should be able to find themselves :/

You could also argue that the IP detection functionality is not critical to the function of that page (though it is too the PartialView) so you already have progressive enhancement.

Hmmm... maybe I'll just leave now :)

26 Jun 2012
10:55 AM

Mark

You set a high standard. In my day-to-day code, we must be happy to deliver at all. These kind of thoughts are totally too far out. But of course, I get paid by the hour, and that's another factor. Also, I am temp personnel, so I expect not to be here in 1 year time anyway.

26 Jun 2012
11:20 AM

Ayende Rahien

Bevan, There is a really big map right in the center of this page. It has dots that shows where we have courses. If you can't find yourself on a world map... maybe you aren't a candidate for one of our courses.

26 Jun 2012
11:20 AM

Ayende Rahien

Mark, I make some assumptions, sure. I expect things to _work_.

26 Jun 2012
11:30 AM

Stefan Hendriks

I believe the location should be a method parameter. The code circled in red could be put in a seperate method.

So you could get something like this: EventsNearYou(getNearbyLocation());

The next step would be to parameterise getNearbyLocation which seems to need an ip string.

Ending up with: EventsNearYou(getNearbyLocation(Request.UserHostAddress ?? ""));

26 Jun 2012
13:12 PM

Lee Atkinson

A useful feature, but why one call the absence of it 'unprofessional'? That seems harsh.

26 Jun 2012
13:24 PM

George Bogs

Um, that's what you consider "unprofessional?" Wow. That's highly unfair and slightly arrogant to pick that piece of code for that reason and claim the coder as unprofessional.

26 Jun 2012
13:32 PM

Jesse

I agree with Lee. The ability to override the IP in order to debug is very useful, but it doesn't make it unprofessional. Though I suppose it depends on your definition of professional. Some would consider the fact that the method can't be easily tested as unprofessional. Of course, I see your point that not being able to debug to solve a customer's problem is also unprofessional.

26 Jun 2012
13:54 PM

Chris Eldredge

I thought it looked unprofessional because it takes some precautions that should be unnecessary. For example Request.UserHostAddress should never be null or blank. I don't see how that's possible. Next, using TryParse when it shouldn't be possible for the address to be malformed. These are things the asp.net runtime should guarantee.

I also agree with Stefan that the location should be bound to a parameter instead of parsed in the controller. The controller shouldn't care where the location is coming from (client IP address, query string parameter, user preference cookie). It should just accept a location as input.

26 Jun 2012
14:10 PM

Maxime Rouiller

Why not extract that to a CustomModelBinderAttribute?

You extract the "Location" as a parameter of your method and you stamp your newly created CustomModelBinderAttribute to that parameter.

Then, you build a custom IModelBinder for those specifically binded element. Then, you have extracted that Location logic out of the Controller and right into a testable model binder.

No?

Assumption: You are using ASP.NET MVC 3.

26 Jun 2012
15:15 PM

Sla

Exposing debugging concerns to production code in my opinion isn't professional either. Such problems should be encapsulated in tests.

26 Jun 2012
15:39 PM

Ayende Rahien

Maxime, Because I only need it in one place, it is a few lines of code, it is actually important for me to be able to see what is going on if there is something wrong. And not have to hunt for what is happening. Clarify is _important_, and this code is very clear about what it does.

26 Jun 2012
15:40 PM

Ayende Rahien

Sla, This isn't a debugging concern, this is a support concern. I need to be able, live on the production system, to be able to replicate a customer scenario. Being able to do so is very helpful.

26 Jun 2012
18:28 PM

Daniel Lang

Awesome! It's exactly those tiny little details that absolutely make the difference between a 'normal' codebase and one that I want to work with.

That's probably the most valuable thing I've learned from your code - things like WaitForUserToContinue or Tasks / Commands with Session as a public property... you know what I mean. Thanks for that.

27 Jun 2012
02:43 AM

Tucaz

The only problem I see with it is that the next guy that works with this code will have a really bad time figuring out why the heck you can receive the IP address from a querystring when the environment gives it to you. Maybe even you can get confused after not seeing this code in a few months.

If someone needs to rewrite this piede of functionality they might keep it around "just in case" because they don't know who calls it passing the querystring.

Good for debugging, bad for keeping it.

27 Jun 2012
03:26 AM

Harry Steinhilber

@Tucaz

I disagree. Why you can receive an IP address from a querystring when the environment gives it too you is clearly documented. It is documented in the name of the querystring variable. The name override-ip very clearly states that it is used to override the user's IP address.

27 Jun 2012
21:30 PM

Robert Slaney

Is it just me or have you introduced a massive security hole. Anyone using GeoLocation as a basis of business rules that allows a simple querystring override is making the situation worse than the original problem.

You should be basing the override from a server side storage mechanism ( ie Session or similar ) that requires an explicit claim or role ( ie Admin or Support ) to be able to set it.

28 Jun 2012
04:00 AM

Brad

I would be careful about doing stuff like this especially when dealing with sensitive issues. For example a getSocialSecurityNumber method should never accept a user as an argument but impersonate and use the identity from the current caller.

28 Jun 2012
04:52 AM

Ayende Rahien

Robert, Security hole? That depend on your actual usage. In this case, we are using Geo Location as a way to show you where you are located so we can find a course nearby. There is no security concern related to changing the location.

28 Jun 2012
05:15 AM

Robert Slaney

It's a principle thing. You might only be using this to locate nearby courses but someone looking at this code and coping verbatim into their code base without understanding the implications ( - "but it's testable therefore it must be ok" ) is an all too common occurance

28 Jun 2012
07:32 AM

Ayende Rahien

Robert, Their fault, their problem. I am not going to write code for "what if an idiot is going to copy/paste it" design principles.

28 Jun 2012
08:31 AM

grega_g

"their fault, their problem"

yea, unless you live near nuclear power plant that used code like that for something critical :D

anyway, there are "WIAIIGTC/PI" design principles? tell us more

29 Jun 2012
13:10 PM

David Fauber

"claim the coder as unprofessional."

A person is not their code.

03 Jul 2012
09:03 AM

Howard Ricketts

I have seen a similar problem with DateTime. Always using DateTime.Now means that a particular LeapYear/Bank Holiday criterion cannot be tested, demonstrated/UATed/Supported without hacking the system clock (when other bad things start to happen).

13 Jul 2012
10:07 AM

David L

To me this is a missing usecase, not unprofessional code. Had the usecase been there the dev would never have missed it. You are clearly stating that your support people need to quickly verify what the user is telling you, but considering that you call it unprofessional code and that particular feature is missing in its entirety, i make the assumption that this requirement was never clearly communicated to the dev responsible.

13 Jul 2012
10:32 AM

Ayende Rahien

David, This is an general issue, devs should think about the support requirement of their code. In the same sense that we don't state "shouldn't use too much memory", and assume that features wouldn't use gb's of RAM for no good reason.

There is a distinct difference between a "coder" - knows to write code, and a "developer" - who actually write software.

13 Jul 2012
12:57 PM

David L

I disagree, IMO expectations like that lead to estimates that are off, and an app with a slew of undocumented features and hooks known only by word of mouth. I also believe one should be carefull when calling people out as unprofessional when they're not conforming to ones personal preferences.

15 Jul 2012
07:18 AM

Joe

@David L +1

Ayende is right that, that's the better way of doing it. But, that doesn't mean he should expect it from other coders. Your comment is more reflective of the real world, than Ayende's post. The problem with Ayende is that he's way too geeky, he lives inside the .NET framework and he breathes C# instead of air, and eats his own code for food. Thus, in his world, anyone who doesn't code the way he does, is unprofessional.

I always wonder what happens to people like Ayende, when they grow old, do they hate themselves because they can't spit out C# code at the speed they used to? Or do they continue to have so much pride, that they don't realize they are losing it?

Comment preview

Comments have been closed on this topic.

Markdown turns plain text formatting into fancy HTML formatting.

Phrase Emphasis

*italic*   **bold**
_italic_   __bold__

Links

Inline:

An [example](http://url.com/ "Title")

Reference-style labels (titles are optional):

An [example][id]. Then, anywhere
else in the doc, define the link:
  [id]: http://example.com/  "Title"

Images

Inline (titles are optional):

![alt text](/path/img.jpg "Title")

Reference-style:

![alt text][id]
[id]: /url/to/img.jpg "Title"

Headers

Setext-style:

Header 1
========
Header 2
--------

atx-style (closing #'s are optional):

# Header 1 #
## Header 2 ##
###### Header 6

Lists

Ordered, without paragraphs:

1.  Foo
2.  Bar

Unordered, with paragraphs:

*   A list item.
    With multiple paragraphs.
*   Bar

You can nest them:

*   Abacus
    * answer
*   Bubbles
    1.  bunk
    2.  bupkis
        * BELITTLER
    3. burper
*   Cunning

Blockquotes

> Email-style angle brackets
> are used for blockquotes.
> > And, they can be nested.
> #### Headers in blockquotes
> 
> * You can quote a list.
> * Etc.

Horizontal Rules

Three or more dashes or asterisks:

---
* * *
- - - -

Manual Line Breaks

End a line with two or more spaces:

Roses are red,   
Violets are blue.

Fenced Code Blocks

Code blocks delimited by 3 or more backticks or tildas:

```
This is a preformatted
code block
```

Header IDs

Set the id of headings with {#<id>} at end of heading line:

## My Heading {#myheading}

Tables

Fruit    |Color
---------|----------
Apples   |Red
Pears	 |Green
Bananas  |Yellow

Definition Lists

Term 1
: Definition 1
Term 2
: Definition 2

Footnotes

Body text with a footnote [^1]
[^1]: Footnote text here

Abbreviations

MDD <- will have title
*[MDD]: MarkdownDeep

Oren Eini

Oren Eini

CEO of RavenDB