Thursday, October 30, 2014

Inside of the developer's mind

As software developers, we give special care to learning and mastering our tools, whether they are IDEs, libraries, technologies, or design patterns.
But we forget about the most important tools that we use: mind and memory. And in our continuous challenge to learn new things, our understanding of how mind and memory work is essential.
In this post I would share some knowledge about how memory works and try to explain how does this relate do our job as developers.
I’ve learned many of the concepts I’ll mention here from a great MOOC: Learning How to Learn

First, I will share with you few concepts about memory.

Human Memory

If you remember from computer science classes that you might have attended, computer systems have different types of memory. Each type of memory is used for a different type of tasks and have different characteristics.
For example registers are used for performing calculations in the processor. While hard disks are used for long term memory storage.

Surprisingly human memory works kind of the same. we have a working memory which has limited number of slots (4 to be more specific). It’s used for problem solving and to process things that require concentration like debugging and writing new code.
This memory is highly volatile. you need to concentrate to keep things active in it and stay conscious or you’ll lose them. Some times you need to repeat things few times in order for them to stick even for a short period just enough until you get to use it (imagine remembering a bug id from an issue tracking system just for a few seconds till you get to your machine). Sometimes you even close your eyes to disallow distractions from wiping it off.

On the other hand, long term memory is used to store huge amount of information but also is harder to retrieve data from. Long term memory is essential for learning, imagine that you need to learn everything from scratch again and again, you’ll not make a noticeable progress.
Same as computers work, we need to retrieve information from long term memory into the working memory to process them. So both types are connected.
So how to support your long term memory to store and effectively retrieve information when needed?

Long term memory is like a huge warehouse, where billions of things (information, memories) are stored, and these things can bury each other. To be able to retrieve them later, you need to practice retrieving them. This practice reinforces the synaptic connections that form the memory. This time, unlike Hard disks, if you don’t practice the retrieval process, you’ll not be able to find the information when you need it.
In addition, to reliably store new information, you need to give it some time so the bonds get stronger. So just repeating a piece of information several times in a short period of time (minutes or hours) won’t get it into the long term memory.
Spaced repetition is a technique used to practice the retrieval process over an increasing time intervals. For example, when you try to memorize something, you read it today, tomorrow, two days later, a week later, a month, and so on. These intervals are determined based on the difficulty of the topic and whether you’re able to recall it or not.

One great tool that employs this technique is Anki. You feed it with index cards or use a card deck from its gallery and start studying these cards. It will handle the spaced repetition, it will show you the cards that you’ve studied when it feels it’s the right time. Smart isn't it? And by the way, it has web, desktop, and mobile editions.
So the next time you find yourself unable to remember the name of a design pattern, try Anki. Some kind people contributed to the shared decks with design patterns decks. Or even better, make your own and contribute them.


Software development is fun, or so it should be. Good developers are driven by challenging problems and curiosity. But times come when we have to do boring tasks that we want to put away but we can’t as they are part of the job. What are you whispering? Writing documentation? Yes, this is a good example.
When we are required to do some tasks that we don’t like, we tend to procrastinate, find excuses to do other less important things at that time, or remember that it’s the time for a cup of coffee and some socialization.
Why? It’s because of how our brains work. When we are faced with a task or a problem that we don’t like to do, this activates areas in the brain that are associated with pain. It’s a normal reaction that brains do some tricks to avoid doing them. Thus avoid the pain and feel temporarily happier, till deadlines approach, and bosses start to get angry. Even worse, the more you procrastinate, the more painful the task gets. Similar to addiction, short term happiness, but long term loss.
What’s interesting is that if you actually start working on the task, the pain goes away! So it’s all about coming over the cue that activates the procrastination behavior.
Procrastination is a bad habit, and we want to replace it with a good habit that make us more effective. So what are the components of habits?
  1. Cue: This the trigger or event that starts the flow of the habit. For example, a distraction from social media or an email notification. Or a checking your task list to find that documentation task.
  2. Routine: The reaction to the cue. For example, finding somebody else’s task that your task is pending on in order to avoid it. Admit it, you’re good at this :)
    A good routine might be a positive self talk followed by a time-boxed duration to get things done. I’ll tell you later about a good tool for this.
  1. Reward: Maybe this is what’s dangerous about procrastination as a habit, it gives immediate reward which is removing the pain and doing something more pleasant. So key to building a good habit is to reward it, maybe with a quick technical chat with a geek like you about a hot technology. Or a cup of coffee.
  2. Belief: Our beliefs about what’s good and what’s bad, what’s useful and what’s not. To tackle procrastination, you need to understand and believe that it has a negative long term effect.

To put this into action, Pomodoro is a very effective technique of handling procrastination. Pomodoro is the Italian word for tomato . This is how it works:
  1. Disable any interruptions. (No unwanted cues)
  2. Focus on a task for a short period, 25 minutes by default, which is not too hard. As I mentioned before, once you start, the pain goes away. Use the timer for this.
  3. Give yourself a 5 minutes break as a reward. You can get your cup of coffee now. Again, use the timer.
  4. Start the next 25 minutes of focused work and repeat.
  5. Give yourself a longer break after say 4 pomodoros.
This technique is very useful and proven. You can find mobile apps that employ this technique to help you manage your pomodoros and track them.

A pomodoro timer, from

In addition, you need to focus on the process of the task, rather than focusing on the outcome (the product) that triggers the pain.
Try to get into the flow mode which gets the best out of your concentration and focus. Have a look on this talk to know more about it.

Mark Seemann - Zone out, check in, move on from NDC Conferences on Vimeo.

Focused and Diffuse modes of thinking

We’ve all had time struggling against a weird bug or trying to find a solution for a complex problem, but no good. Trials after trials, hours after hours, Googling, tweaking, and squeezing your mind to the last drop of good ideas, and it all seems as if you’re slamming your head in the wall.
We’re all about focus, but focused mode of thinking won’t always get you where you want. It sometimes limits the space of your brain where you’re searching for the solution. It keeps finding the ideas that you’re familiar with, which might be the reason why you’ve got into this buggy situation in the first place. Or the reason why you can’t figure out the best design for this novel problem. Similar to how greedy algorithms sometimes can’t find the optimum solution by being stuck into a local minimum or maximum.

Local maximum and minimum. From
So, should you give up? No, you should just switch to a different mode of thinking , the diffuse mode, which allows you to explore wider solution spaces and form new connections in your brain that finally formulate the solution you’re looking for. How to do the switch? It’s easy. Get away from the computer’s screen, leave your desk, have a walk and take a breath in the fresh air. Do this while giving yourself a chance to think about other things that might not be directly related to your problem. Looking into the big picture and seemingly unrelated areas will explore wider areas of your brain’s memory and will help you getting the solution.

Note that these two modes of thinking cannot be used simultaneously. You cannot be in both states at the same time. So you might need to go back and forth between focused and diffuse modes in order to find an innovative solution or understand a difficult concept.


Understanding how your brain works is essential to your career as a software developer. Ability to learn and understand new concepts and use that understanding in the right place and time is a cornerstone in your arsenal of skills.

Thursday, August 21, 2014

Code disclosure pattern issue with AjaxControlToolkit

I was helping a team troubleshooting some issues found when they ran IBM Security AppScan tool against a web application.
One of the issues reported by the tool was:

Web Application Source Code Disclosure Pattern Found

Severity: Medium
URL: URL/ScriptResource.axd
Entity: ScriptResource.axd (Page)
Risk: It is possible to retrieve the source code of server-side scripts, which may expose the application logic and other sensitive information such as usernames and passwords
Latest patches or hotfixes for 3rd. party products were not installed
Temporary files were left in production environment
Debugging information was left by the programmer in web pages
Fix: Remove source code files from your web-server and apply any relevant patches

And the report included the following sample response:
// Add common toolkit scripts here. To consume the scripts on a control add
//public class SomeExtender : ...
// to the controls extender class declaration.

So the highlighted part indicated to appscan that the application exposed some code. And as I have previous experience with AjaxControlToolkit I could give the proper advice.

Referring to the source code of AjaxControlToolkit, you can find that the file Common/Common.debug.js includes the above lines as a hint to developers. So it sounds harmless, another false positive, and we can live with it, right?
Probably not. The release version of the above file Common/Common.js does not include any of this C# code. This is an indicator that a debug version is being used in the test. What started as a security issue, is now a performance issue, and using release build should fix it.

In general, automated security, code analysis, or performance testing tools generate false positives, but they should not be ignored without proper analysis.

Note: the latest version of AjaxControlToolkit includes the commented hints in the Client/MicrosoftAjax.Extended/Common/Common.pre.js file

Tuesday, July 29, 2014

Do's and Don'ts of Agile Retrospectives article on

Team retrospectives is an important Agile practice, check my article Do's and Don'ts of Agile Retrospectives to find some tips about having a healthy retrospective and avoiding common pitfalls.

Friday, July 18, 2014

Using Azure command line tools in Windows batch files

I have an Azure IaaS environment for development and experiments. The environment consists of 3 machines. I wanted to automate starting and shutting down the VMs in this environment.
I used Azure Command-Line Interface to create two batch files, one to start the environment and the other to stop it.

The scripts looks like:

azure vm start VMName1
azure vm start VMName2
azure vm start VMName3


azure vm shutdown VMName3
azure vm shutdown VMName2
azure vm shutdown VMName1

But when I executed the batch files, only the first command is executed then the script just terminates even if the command is successful. I had no clue why!!

I asked my friend @mShady who thankfully pointed me to this stack overflow thread: The answer tells: "you must call another script using the call command so it knows to return back to your script after the called script completes. Try prepending call to all commands."

So I added call to the batch files:

call azure vm start VMName1
call azure vm start VMName2
call azure vm start VMName3


call azure vm shutdown VMName3
call azure vm shutdown VMName2
call azure vm shutdown VMName1

And it worked.

The documentation for call mentions that it "Calls one batch program from another without stopping the parent batch program".

After checking, I found that the azure command is a batch file that internally calls node. And that was the issue.
The path of the batch file (which is in the path environment variable to be visible anywhere) is: "C:\Program Files\Microsoft SDKs\Windows Azure\CLI\wbin\azure.cmd"

Wednesday, April 30, 2014

Learning plan for Exam 70-480

The Microsoft exam 70-480 "Programming in HTML5 with JavaScript and CSS3" is the first step in a couple of MCSD certification paths. It's common in Web, Windows Store apps and SharePoint technologies.
I share the resources I used to get prepared for this exam. Note however that while I'm relatively new to HTML5, CSS3, I have a long web development experience that helped me.
The points below are copied from the skills being measured section in the exam page, augmented with some recommend resources from my side.

General Resources

Implement and manipulate document structures and objects (24%)

  • Create the document structure
    • Structure the UI by using semantic markup, including for search engines and screen readers (Section, Article, Nav, Header, Footer and Aside); create a layout container in HTML
  • Write code that interacts with UI controls
    • Programmatically add and modify HTML elements; implement media controls; implement HTML5 canvas and SVG graphics
  • Apply styling to HTML elements programmatically
    • Change the location of an element; apply a transform; show and hide elements
  • Implement HTML5 APIs
    • Implement storage APIs, AppCache API and Geolocation API
  • Establish the scope of objects and variables
    • Define the lifetime of variables; keep objects out of the global namespace; use the “this” keyword to reference an object that fired an event; scope variables locally and globally
  • Create and implement objects and methods
    • Implement native objects; create custom objects and custom properties for native objects using prototypes and functions; inherit from an object; implement native methods and create custom methods

Preparation resources

Implement program flow (25%)

  • Implement program flow
    • Iterate across collections and array items; manage program decisions by using switch statements, if/then, and operators; evaluate expressions

  • Raise and handle an event
    • Handle common events exposed by DOM (OnBlur, OnFocus, OnClick); declare and handle bubbled events; handle an event by using an anonymous function
  • Implement exception handling
    • Set and respond to error codes; throw an exception; request for null checks; implement try-catch-finally blocks
  • Implement a callback
    • Receive messages from the HTML5 WebSocket API; use jQuery to make an AJAX call; wire up an event; implement a callback by using anonymous functions; handle the “this” pointer
  • Create a web worker process
    • Start and stop a web worker; pass data to a web worker; configure timeouts and intervals on the web worker; register an event listener for the web worker; limitations of a web worker

Preparation resources

Access and secure data (26%)

  • Validate user input by using HTML5 elements
    • Choose the appropriate controls based on requirements; implement HTML input types and content attributes (for example, required) to collect user input
  • Validate user input by using JavaScript
    • Evaluate a regular expression to validate the input format; validate that you are getting the right kind of data type by using built-in functions; prevent code injection
  • Consume data
    • Consume JSON and XML data; retrieve data by using web services; load data or get data from other sources by using XMLHTTPRequest
  • Serialise, deserialise and transmit data
    • Binary data; text data (JSON, XML); implement the jQuery serialise method; Form.Submit; parse data; send data by using XMLHTTPRequest; sanitise input by using URI/form encoding

Preparation resources

Use CSS3 in applications (25%)

  • Style HTML text properties
    • Apply styles to text appearance (colour, bold, italics); apply styles to text font (WOFF and @font-face, size); apply styles to text alignment, spacing and indentation; apply styles to text hyphenation; apply styles for a text drop shadow
  • Style HTML box properties
    • Apply styles to alter appearance attributes (size, border and rounding border corners, outline, padding, margin); apply styles to alter graphic effects (transparency, opacity, background image, gradients, shadow, clipping); apply styles to establish and change an element’s position (static, relative, absolute, fixed)
  • Create a flexible content layout
    • Implement a layout using a flexible box model; implement a layout using multi-column; implement a layout using position floating and exclusions; implement a layout using grid alignment; implement a layout using regions, grouping and nesting
  • Create an animated and adaptive UI
    • Animate objects by applying CSS transitions; apply 3-D and 2-D transformations; adjust UI based on media queries (device adaptations for output formats, displays and representations); hide or disable controls
  • Find elements by using CSS selectors and jQuery
    • Choose the correct selector to reference an element; define element, style and attribute selectors; find elements by using pseudo-elements and pseudo-classes (for example, :before, :first-line, :first-letter, :target, :lang, :checked, :first-child)
  • Structure a CSS file by using CSS selectors
    • Reference elements correctly; implement inheritance; override inheritance by using !important; style an element based on pseudo-elements and pseudo-classes (for example, :before, :first-line, :first-letter, :target, :lang, :checked, :first-child)

Preparation resources

I hope this helps someone get ready for the exam. Good luck.