DSLs and Friends

My friends and fellow ThoughtWorkers Michael Schubert, Jay Fields, and Stephen Chu were just complimented by Martin Fowler.

This isn’t to say that there’s no benefit in a business-writable DSL. Indeed a couple of years ago some colleagues of mine built a system that included just that, and it was much appreciated by the business. It’s just that the effort in creating a decent editing environment, meaningful error messages, debugging and testing tools raises the cost significantly.

What Martin doesn’t go on to explain is that this project vastly improved efficiency for a whole organization.  They went from a situation where it took months with dozens of programmers to change some business rules in their software to minutes with all sorts of extras they couldn’t get before like “what-if” simulations.

Jay wrote about some of the things they learned in this presentation on InfoQ and much more on his blog about DSLs.

via MF Bliki: BusinessReadableDSL.

What’s Your Exit Strategy?

An occupational hazard of being a consultant is that you get to see lots of the same problems in many different organizations.

It seems that sometimes little thought is given to how an organization can move from one technology to another or to move from legacy systems (where legacy means it doesn’t fit the organization anymore) to better solutions.

Today’s decisions can be tomorrow’s botleneck or bad design. It’s just a matter of time.

What can you do to help your future organization? Things like SOA can help. Great tests around your application are essential if you ever make the choice to change.

I’m looking for something better. I don’t know if you can ever get to a system that is that responsive to change. I’d like to see one that is.

PSA: Don’t Generate Offensive Promo Codes

OK folks, I’m now on my 3rd client having problems with certain four letter words coming up in their automatically generated promo codes. It’s easy to get around this problem in a very simple way: Don’t use vowels in your promo codes if you’re using letters. No need for special filtering software or huge lists of banned words. You can always add complexity later, but that simple rule will help you more than the rest.

If you want to get more careful, you could alternate letters and numbers, or use some other strategy. To be kind to your users, be aware that some numbers and letters look the same to people and they will enter your codes wrong (or worse, enter in someone else’s code by mistake).

To help you, here’s a list of the numbers and letters I suggest people use because they won’t get them confused with each other and hopefully your system won’t create any bad words (if they do, let me know). If you’re worried about the number of combinations you can make, just add more characters to the length of your code or allow yourself the option to generate your own special codes.

letters = [‘B’, ‘C’, ‘D’, ‘F’, ‘H’, ‘J’, ‘K’, ‘L’, ‘M’, ‘N’, ‘P’, ‘Q’, ‘R’, ‘S’, ‘T’, ‘V’, ‘W’, ‘X’, ‘Y’, ‘Z’]
numbers = [2, 3, 4, 7, 9]

You could then take this and make a simple ruby method that does something like this:

letters = ['B', 'C', 'D', 'F', 'H', 'J', 'K', 'L', 'M', 'N', 'P', 'Q', 'R', 'S', 'T', 'V', 'W', 'X', 'Y', 'Z']
numbers = [2, 3, 4, 7, 9]
promo_set = letters | numbers # combine arrays
promo_code = promo_set.sort_by{rand}[0..14].to_s # randomize array and take the first 15 elements and make them a string

AntiSamy – HTML In Web Apps

A big problem right now in web application development is allowing users to add in HTML and then protecting them from malicious javascript. Fortunately, someone is working on this problem and giving the rest of us the results for free.

The “AntiSamy”:http://www.owasp.org/index.php/Category:OWASP_AntiSamy_Project library is named after the samy “worm” that hit MySpace and infected many thousands of pages before it was contained.

The page mentions that there is very little interest from the Rails community on this. I know there are plugins like the “whitelist plugin”:http://agilewebdevelopment.com/plugins/whitelist, but AntiSamy looks at least to be a nice compliment to something like whitelist.

Protect Users From Themselves

Often, when designing a system for users, we look at what they could do wrong and either try and prevent it or tell them what’s going wrong. I prefer to take as much of a proactive approach as I can by having the system fix the problem and not even bother the user with an error message if it’s not absolutely necessary.

This same mentality holds true for the way users expect a system to work. I found an example from bloglines today, which is a great service that I use every day.

Bloglines has the nice feature of letting you use keyboard shortcuts to navigate around your feeds and the posts within them. It’s a tremendous time saver not having to scroll all the time. However, this morning, I discovered an oversight that is easy to fix: if I have caps lock enabled, the navigation doesn’t work. It is something that only comes up in a blue moon, but it took me a minute to figure out what was going on today to correct the problem.

The problem is with the javascript that bloglines uses to capture the key events and perform an action. Here’s a (snipped) example.

var g_hotkey_scrolldown = 106; // j

else if( whichCode == g_hotkey_scrolldown ) {
    // j - scroll down pane
    if(main.basefrm && main.basefrm.gotoNextItem) main.basefrm.gotoNextItem(nav4);
    else if(main.gotoNextItem) {

This only captures the lowercase j, but if you wanted to capture the uppercase J (because someone might have the caps lock enabled by accident), then it would be simple to change the whichCode line to add in the case for uppercase J.

var g_hotkey_scrolldown = 106; // j
var g_hotkey_scrolldown_upper = 74; // J (uppercase)

else if( whichCode == g_hotkey_scrolldown || whichCode == g_hotkey_scrolldown_upper) {
    // j (upper and lower) - scroll down pane
    if(main.basefrm && main.basefrm.gotoNextItem) main.basefrm.gotoNextItem(nav4);
    else if(main.gotoNextItem) {

A simple one line change for this example, but it prevents users from getting behavior in the system that they don’t expect.

Update: I had sent this issue directly to Bloglines before making this post with essentially the same information. I received a reply from them saying that they would forward on the report to the appropriate department. Hopefully, they will fix this issue and get back to me. A commenter noted this issue happens with similar sites that use access keys in this way. My lazyweb question then: is this not technically possible? I didn’t actually run the code I wrote, but I could if I really wanted to test it out since I believe Firebug will allow me to do that. It just wasn’t that pressing.

Update: I still haven’t seen this work and have moved on to another blog reader. I just couldn’t deal with the lack of progress and missing out on better options. So long Bloglines, you’ll be missed. I’m happy to be lured back someday.

Wink is Great

I used the awesome tutorial and presentation software Wink today and it worked surprisingly well.

I was testing out the newest version of SIFR (also awesome software) and found a few bugs. Screenshots weren’t going to be enough to show the problem, so I created a simple screencast with Wink.

You can see the results here.

I can definitely see myself using this more in my work on client projects for ThoughtWorks.

New Homepage

I decided I needed a new front page to this place, so I went to work on something new. I didn’t exactly know what I wanted until I started putting something down on paper and forming some ideas. I finally came up with the design you see “here”:http://www.bitshaker.com and I am pretty happy with it. Read on after the jump on how I did it.

HTTP 412

If you’ve ever hit this error, you are dealing with mod_security. I was posting an article about some technology and some of the words triggered the filter and were giving me the famed 412 error. It basically means something in my article was a restricted word in this case. I’ll have to figure this out.