ProgrammingPro #30: NSA Backdoor in Windows?, Keep Calm and Refactor, Spooky JavaScript, and The Best OSS of 2023
Bite-sized actionable content, practical tutorials, and resources for programmers
"If you go back and look at code that you wrote a year ago and you’re not embarrassed, then you’ve not developed as a software developer.”
– Scott Wierschem (2023), In an interview published in Developer Career Masterplan
Delving into legacy code and embracing the discomfort of reading others' work is where true growth happens for developers. Scott Wierschem, a seasoned software expert with 40 years of experience, champions these often-overlooked talents and through his Keep Calm and Refactor initiative, guides developers to sharpen their craft in this area. His message: take control of your career, invest in self-improvement, and transform legacy code into a playground for innovation. Read the complete interview, in our Expert Insight section in today’s issue.
But wait, we have more, and here are my top 5 picks:
NSA 🕵️ Backdoor in Windows? This and more from the guy who created Windows Task Manager!
Are C++ attributes [[likely]] and [[unlikely]] impacting your code's performance?
Stay awesome!
Divya Anne Selvaraj
Editor-in-Chief
PS: If you want us to find a tutorial for you the next time or give us any feedback, take the survey! If you are looking for Python stuff, subscribe to PythonPro and find the archives here.
🗞️News, 💡Opinions, and 🔎Analysis
🗞️News
What's new in C# 12: overview: The new version introduces notable features like primary constructors, concise collection syntax, default lambda parameters, type aliases, and more. Read to learn more about valuable enhancements for you.
GitLab 16.5 brings improvements to the Compliance Center: Improvements include a tab for standards adherence reports identifying projects not meeting GitLab's best practices. Read to learn more including how you can now set specific target branches for merge requests, ensuring accuracy in project workflows.
The best open source software of 2023: Winners include Apache Hudi for real-time analytics, Bun for simplified server-side JavaScript, CPython for improving Python runtime, HTMX and Hyperscript for streamlining web app development, and many more. Read for the complete list of winners and learn why they made it.
Microsoft offers ‘Arm Advisory Service’ for developers: This move is a response to the expected growth of Arm-powered PCs in the market, as predicted by Counterpoint. Read to learn more about the service which includes technical workshops, platform recommendations, code samples, and more.
What AI won’t replace in your programming: While AI streamlines mundane tasks, the essence of programming, with its expertise and creativity, remains uniquely human. Read to understand how the effective use of AI demands a deep understanding of the domain and the ability to guide it effectively.
💡Opinions and Analysis🔎
NSA 🕵️ Backdoor in Windows? This and more from the guy who created Windows Task Manager!: In this video, Dave Plummer, among many other fascinating topics, talks about how a coding passion can lead to unexpected opportunities in major tech companies. Watch to learn what someone who has years of development experience recommends to get ahead as a programming pro!
C++ Should Be C++: This paper discusses the C++ standardization committee’s take on redefining the committee's mission and the importance of saying "no" to preserve value. Read to learn why making C++ more useful is the real goal, how tribalism affects discussions, why language wars are counterproductive, and more.
Why Python is Better than C++ for Algotrading: Many successful trading firms use Python, Java, or other languages, recognizing that speed in development often outweighs the marginal execution speed difference in C++. Read to learn more about why Python is the better choice for traders without vast resources.
Solid.js Creator Outlines Options to Reduce JavaScript Code: In this article, Ryan Carniato, discusses the importance of reducing JavaScript's weight in frontend development. Read for eight strategies, including code splitting and progressive enhancement, to optimize your code for smoother user experiences.
P99 CONF: Coding for Speed: Rust vs Zig vs.... JavaScript ???: In this video Jarred Sumner (creator of Bun.js, a JavaScript runtime built on Zig), Carl Lerche (maintainer of the Tokio library in Rust), and Glauber Costa (CEO of Turso), discuss language choices for their projects. Watch to learn about the trade-offs between the languages for system-level development.
🎓 Tutorials and Guides🤓
Implementing #embed for C and C++: #embed is a new directive in C23 and C++26, but its implementation can be tricky and slow for large files. Read if you're interested in optimizing #embed and want to improve the speed of large file processing.
Vulnerable C++ - Peter Sommerlad - CppNorth 2023: This talk focuses on ISO SC22 WG23's efforts to identify common language vulnerabilities and establish standards for addressing them. Watch to learn how these vulnerabilities apply to C++, and learn about the forthcoming standard 24772-10, which offers guidance on mitigating these issues.
Generating Random Numbers Elegantly in Swift: You can use SystemRandomNumberGenerator to generate random values from predefined sets, like espresso shot sizes, with a more concise and familiar syntax. Read to learn how this approach to ensures automatic seeding, thread safety, and more.
How to rewrite classes using closures in JavaScript: This article addresses JavaScript class syntax issues and introduces a solution using closures to create object factories with static and instance properties. Read to learn how closures eliminate code bloat, enable private properties, and create encapsulated wrappers.
Accelerating JavaScript arrays by 10x for Vector Search: This article explores optimizing vector search for Retrieval Augmented Generation (RAG) and suggests a switch to 8-bit integers for a 12% speed improvement. Read to learn how to use multi-threading and the USearch library for significant performance improvements.
Web Scraping in Javascript and Nodejs: This tutorial takes beginners through the process step by step, using Cheerio, Axios, and Puppeteer. Read to Discover how to fetch data from websites, parse HTML, and collect the information you need.
How "this" works in Typescript: This article explains the use of “this” in TypeScript interfaces for recursive references and building complex data structures. Read to learn how "this" can lead to infinite type errors in certain scenarios, understand the connection between "this" and unknown types, and more.
Why I Don't Use a DI Container | Node.js w/ TypeScript: The article discusses why the author prefers using a "Package by Component" approach, emphasizing clean code organization around use cases. Read to learn how this method reduces complexity, enhances software composition, and minimizes circular dependencies.
🔑 Secret Knowledge: Learning Resources🔬
Are C++ attributes [[likely]] and [[unlikely]] impacting your code's performance?: In a benchmark test, code "with attributes" performed faster (0.579 seconds) than "without attributes" (0.722 seconds) and the standard library's "std::cos" (0.426 seconds). Read if you want to boost your code's efficiency.
Safety-First: How To Develop C++ Safety-Critical Software - Andreas Weis - CppNow 2023: This talk delves into the principles behind safety-critical systems, using the ISO standard for functional safety in automotive systems as a reference point. Watch to understand the "how" and "why" of safety engineering practices and bridge the gap between development approaches toward well-engineered software.
For processing strings, streams in C++ can be slow: In an experiment, a straightforward approach outperformed streams by over four times. Read to learn how early exit when '%' is absent significantly boosts performance.
The Circles of Hell 🔥 of C Libraries Integration: Streamlined C library integration ranges from simple "single file libraries" to intricate systems with their build processes and dependencies. Read to choose the right approach for streamlined development and navigate integration challenges to enhance your productivity.
Web Components Will Outlive Your JavaScript Framework: Web components, a W3C standard, simplify web development by encapsulating HTML, CSS, and JS in a single file. Read to learn how they reduce dependencies with shadow DOM and configurable attributes to ensure long-term accessibility and resilience of content.
🧙♀️ Spooky tales 👹 for JavaScript developers: This article explores intriguing and sometimes unsettling aspects of JS including the history of 'undefined' as a writable variable, the manipulation of the Symbol.toPrimitive method, and the hidden quirks of Annex B in the ECMAScript spec. Read if you dare.
Flappy Bird 🐤 Implemented in Typescript types: This article will take you through a mind-bending journey where a 2D Flappy Bird game is coded purely with Typescript type annotations. Read to learn how a custom Zig-based VM executes Typescript in a custom bytecode format, creating a unique rendering experience.
Fixing TypeScript's type-safety with Nominal types: This article discusses a problem with TypeScript's structural type system, where types with the same structure are considered equivalent, potentially leading to type-related bugs. Read to learn to address this using "Nominal Types" to make variables unique by type.
🧠 Expert Insight 📚
Here’s an exclusive interview with an industry expert from the book Developer Career Masterplan by Heather VanCura and Bruno Souza.
An Interview with Scott Wierschem
Q: Scott, can you quickly introduce yourself?
A: My name is Scott Wierschem. I’ve been doing software development for about 40 years. I’ve been doing Java
development for 20 years.
My forte is working on legacy systems: old crusty code that most people are afraid to dig into. I like to find ways to get in there and make it maintainable.
I have a project I call the Keep Calm and Refactor project. It’s a mentoring program to help developers who have got some experience but need help to become better at handling legacy software development, as that’s really what most of us are going to be working on for most of our careers. If you can be good at that, you will have a much more enjoyable career in software development. That’s what lights my fire these days.
Q: That’s awesome. One of the things that you do is help developers not only deal with legacy code but actually to become better developers. You practice the skills and technologies with them in depth.
A: Yes, I help them to understand the value of the fundamentals. Test-driven development is one of those skills that are hard to develop, and so I work with developers to help them develop that skill so that they can then take it to their regular work and become better developers who are constantly looking for ways to do better work and make work more enjoyable. We enjoy work more if we’re really exercising and developing our skills.
Q: Do you think working outside your comfort zone is important for developers to improve their skills?
A: It’s essential. You can’t improve your skill set if you keep doing the same old stuff. If you go back and look at code that you wrote a year ago and you’re not embarrassed, then you’ve not developed as a software developer. If you’re going to stay within tried-and-true things that you’re familiar with, you’re not going to learn new things.
For instance, in Java, I know people who still don’t know how to do lambda programming. That’s been out since Java 8. It’s the same with streams. This is stuff that’s been around for many years but some people just don’t understand it yet. You’re really limiting what you can do. You’re not taking advantage of how to make your software development better by learning the latest features of the language that you work with every day. You need to go through the pain of feeling, “I’m not familiar with this. I feel like an idiot trying to figure it out.” And then, you spend the time and you learn how to do it, and realize, “Oh, yeah. This was so easy. Why was I thinking it was so hard?” Well, because it was hard! What you did was hard, but you worked on it every day, sometimes for years. It’s OK to struggle with something that’s new because that’s how you become better at what you’re doing.
Q: But it’s also scary to put yourself in a position where, as you said, you feel like an idiot and you don’t know what to do. That’s very scary.
A: It’s especially scary if you’re going to do it on your production work; that’s not the way that you do it. What you should do is do the scary stuff where you feel like an idiot someplace else – on an open source project or some tutorial that you’re working on at home.
You have to invest in your career in your time. You can’t necessarily expect your employer to do that for you. You can go to conferences and learn about stuff. You can buy books, work through tutorials, and have friends who can help you, but you have to spend some extra time doing it and not expect your employer to train you.
There are some employers who will help you learn new things, but you can’t expect that. You can’t just say, “Well, if they’re not going to train me, then forget it. I’m not going to learn.” It’s your career. You’ve got to take control of your career.
I like to tell people a story about the woman who cuts my hair. She was cutting my hair once and someone came in one time selling scissors for cutting hair, and she said, “Oh, yeah. Those are the cheap ones. They’re only 200 dollars.” I said, “What?” It turns out that she goes to barber conferences to get the nice shears for cutting hair, and they’re about 500 dollars – for a pair of scissors! And we’re whining about spending 150 dollars for an IntelliJ license. Get over yourself! I pay her 15 dollars to cut my hair. I get paid more than 30 bucks an hour. I should be able to afford the tools that I use and the training that I need to keep myself up to date. She doesn’t have her employer sending her to barber conferences. She sends herself to barber conferences and she pays outrageous sums of money for these tools, and she has to pay to keep them sharp. You’ve got to pay for the tools you use and the licenses for the tools that you use. You’ve got to support the online open source projects that you’re a fan of. Living your life for free is a loser’s way to approach your career.
Q: And in the same way that she needs to keep her tools sharp, you also need to keep your tools sharp.
A: Absolutely. In the same way that she goes to conferences, learns new techniques, and subscribes to magazines to see different hairstyles and keep up with what people are interested in, I’ve got to make sure I keep up with the latest technologies, techniques, and best practices in my industry. That’s just what a professional does, and it’s up to me. It’s not up to somebody else to make sure that I learn it. Nobody cares about my career more than me. Not even my mom cares about my career more than I care about my career!
Q: Do you have any stories of how working outside your comfort zone actually helped you in your career? Is there anything that you can remember that happened to you that shows the value of working outside a comfort zone?
A: At some point, I realized that I liked working on legacy systems and that I wanted to do that. So, I talked to you, Bruno, and you gave me some advice on how I can find other people who are doing this sort of thing and make it a part of my career.
I discovered that there’s a community that meets on a regular basis to discuss things with respect to working on legacy code, and I met the author of a tool called Approval Tests. I met him and he talked about this cool tool that he has. I started playing with it and found that it’s an exceptionally useful tool. I’ve become a big fan of it.
At first, I struggled with it for months, trying to figure out how it worked – I knew that I wasn’t using it right. Finally, a year or two later, I was able to catch up with him again. I told him how frustrated I was trying to use it because I knew that it had all kinds of great features, but I couldn’t figure out how to do it right. He said, “You know what? I need to improve the documentation on that, and you are in the ideal situation to help me with that.”
Now, I have been meeting with him for two hours every week, working on improving the documentation. I bring my ignorance and he brings his experience, and we’re able to help each other. I’m able to help him make the documentation better, and he’s helped me to understand the product better and vastly improve my software development skills through pairing with him to make changes to the application to improve it so that we can make the documentation work better.
This is one of those 10x developers. He charges maybe $800 an hour for his consulting fees. He’s a very in-demand guy, and I get two hours of his time once a week. That has been absolutely amazing in helping me to advance my career.
Q: That’s great. What’s his name?
A: His name is Llewellyn Falco, and he wrote the Approval Tests open source tool.
Q: Cool. Do you have any advice to help people become better developers and improve their skills? Is there any advice that you want to give the people reading the book who are trying to improve themselves?
A: There are a thousand things I could say.
The first thing that comes to my mind is that if you take ownership of the work that you do so that you take pride in making sure that what you turn in every day is of the highest quality, that will make all the difference. It will make you want to learn more about how to do things better. It changes how you approach everything that you do so that you start to care about the little things, such as spaces versus tabs. This affects how the team works together. It’s something that we all need to work together and communicate. Are we going to adopt a test-driven approach? How are we going to do our unit testing? We need to agree on how we’re going to do this, and we all need to make sure that we’re doing it in a way that’s effective for our team, for the product, and, most importantly, for the users. If I write something that’s really fun and cool to work on but nobody uses it, it doesn’t matter – I’m still going to lose my job. You need to create value and take ownership of making sure that everything that you do every day creates value for your employer and for the end user.
Q: Nice. You mentioned that you love to do legacy code and that you actually help people understand legacy code. There is a perception in the industry that legacy code is bad – that it is old technology that won’t help your career. Why do you think working with legacy code is important for developers?
A: Well, first off, there’s a lot more legacy code out there than there is new code. And frankly, once you’ve been working on something for a week or even a couple of days, it’s already started to turn into legacy code. Like I said, if you go back and look at code that you wrote a year ago and you’re not embarrassed, then you’re not growing, and you should be growing every day.
One of the big advantages of legacy code is that it is already creating value for the company. The company is making money from it, and so it’s a critical piece of the company’s profitability. It’s important that it keeps working well and that you are able to enhance it in some way.
Netscape was far and away the best browser in the industry, and they decided that the code was too ugly. They said, “We’re going to go and rewrite this sucker from scratch.” That became the Mozilla project, which is now far behind Google Chrome. Now, the industry – even Edge – has decided to build on the engine for Google Chrome. That is what everybody’s using. Why did Netscape lose that edge? Because they decided, “Oh, we’re going to throw away all the learning we had over the years, start from scratch, and make all those mistakes again.” That’s a really expensive way to go.
Being able to maintain legacy code and work with legacy code adds a tremendous amount of value to your skill set, and if you can find ways to make it interesting, then you will have much more enjoyment in your career. There isn’t a whole lot of greenfield software development out there, where you get to go and make all the decisions for how everything works. Generally, someone else has already decided what the database is that you’re going to use. Someone has already decided what language you’re going to use. Someone’s already decided on your framework and your libraries. Sometimes, even the IDE is forced on you. If you can find ways to work within the parameters that are given, add value, and make things interesting and fun, then you’ll have much more joy in your career, you’ll be much more effective in the work that you do, and you’ll be able to bring a lot more value to the table. People will notice.
Q: Cool.
A: We only do refactoring if we’re maintaining existing code or adding new code, which is all the time when you’re doing test-driven development: red, green, refactor. That’s adding new code. When you’re going in to fix a bug, you’re effectively refactoring something to correct a problem. When you’re enhancing an existing system, you’re going to have to go and refactor it in some way so that you can plug in the new functionality.
So, yes: refactoring – we use it all the time! That’s why I call my project Keep Calm and Refactor, because refactoring is a critical skill set. You can never completely master it, but there are always new ways for you to enhance your skills. That’s what I like to help people do.
Q: Cool. Let me go back to working outside the comfort zone. I know that you have a great talk about reading code. That’s such a basic skill for developers. Can you work outside your comfort zone when reading code, which seems like such a basic, easy thing to do?
A: Reading my own code is easy because I wrote it and I know what I was thinking when I wrote it – unless I wrote it a few months ago or a year ago, in which case I go back and say, “What was I thinking?”
But when I’m looking at someone else’s code and I’m trying to understand it, I often don’t understand what they were thinking. I’ll say, “That’s a stupid thing to do. I’m going to go do it the right way.” But you can develop the skill of going in and reading others’ code, understanding how it’s doing what it’s doing, and getting into the mindset of the developer, who may no longer be around. You can develop that skill and think, “OK. This looks like a design pattern, and so this is the design pattern they were putting in place,” or, “This is a function that they needed to implement to make sure that these other pieces all work properly. We had to have this initialization step put in place in a particular way to make sure that it would all follow correctly.”
Being able to do that quickly and effectively makes you a more effective developer and makes you much more valuable because you can quickly get into some unfamiliar code and understand how it works. You can go and make a change or instruct someone else on how to make the change properly. You can do code reviews and say, “OK. These are areas that are going to be potentially problematic and we need to look at. Let’s find ways that we can make that a little bit better before it gets pushed into the production code.”
Reading code is a skill that we really need to work on and develop. It’s something that we just don’t do because it is hard and – for the most part – not enjoyable unless you can find a way to make it fun. The way that you make something fun is to start to develop a skill in that area, and then, when you exercise that skill and develop it in some small way, that’s what makes things fun. It’s fun because I’m learning how to implement an algorithm in a slightly different and better way than I did the last time I tried to do this, or I’m learning a new tool or a new feature that makes it much more interesting to do what it is I’m trying to do. That’s what makes software development so much fun. It’s because we’re constantly learning a little bit more, and you can do the same thing with reading code.
I get excited about this because it’s a skill that is neglected, but as you start to develop the skill, it really can be a lot of fun. It’s neglected because it’s hard and not fun, just like learning object-oriented development was hard when you first learned it. You just don’t remember how hard it was. Functional coding was hard when you first learned it. You just don’t remember how hard it was. Everything we do was hard when we were first learning it, but you’ve got to get comfortable with being uncomfortable and realize, “If I learn a little bit every day, eventually, things are going to start falling into place.”
Developer Career Masterplan by Heather VanCura and Bruno Souza was published in September 2023. Each chapter in the book features an interview with an industry expert. Buy the book here or signup for a Packt subscription to access the entire Packt digital library.
🛠️ Useful Tools ⚒️
The Art of C++: a collection of high-quality C++ libraries designed with simplicity and minimal external dependencies, offering well-documented, extensively tested, and highly portable solutions.
c-coroutine: a C89 library that simplifies concurrency, async tasks, memory management, and features like channels, offering efficient solutions for C programmers.
googletest: a C++ test framework which embraces Abseil Live at Head philosophy, with version 1.14.0, comprehensive GitHub Pages documentation, and wide adoption in projects like Chromium and LLVM.
public-apis: a diverse collection of free APIs for developers, covering categories like anti-malware, art & design, authentication & authorization, blockchain and many more.
📢 If your company is interested in reaching an audience of developers, software engineers, and tech decision makers, you may want to advertise with us.
We have an entire range of newsletters with focused content for tech pros. Subscribe to the ones you find the most useful here.
If you have any feedback, leave you comments below!