Kevin's Weblog

On Tuesday morning, I went to the “OpenID Bootcamp”. A lot of the material was stuff I already knew about the protocol, but there were some interesting points they made that I hadn’t thought about before. For example, they pointed out that most security concerns that people have about OpenID also apply to email. For example, while OpenID being a relying party means that you are “outsourcing security” to the OpenID provider, if you send out forgotten password emails to users, you are also relying on the security of a third party (the user’s email provider).

In the latter part of the presentation, they talked about some interesting new stuff on the OpenID horizon. Some relying parties may want to whitelist providers to those they trust or those who provide a sufficiently strong level of authentication. Both Microsoft and Verisign have schemes for bringing the authentication process closer to the user and the user’s local machine to remove the potential for phishing. Verisign has made a Firefox plugin that manages your OpenID identities. Microsoft runs a local application to manage interactions with providers and relying parties.

In the afternoon I went to Schwern’s talk about “How To Be A Better Programmer”. He started with the claim that Computer Science + People = Software Development, and that while we’re pretty good at the CS part, dealing with people is a lot harder. He spent a fair bit of time stressing the importance of continuous learning. Learning is hard, particularly when you already know one way of doing a task (like learning Dvorak when you already can type QWERTY). But, expanding the ways you think about things pays big dividends in the end. Learning new programming paradigms can help you recognize a substantially simpler way of solving certain problems. And, talking with people outside the technology team and learning how they think about the business problems makes you much more valuable to the company. Two phrases to practice: “Tell me about it” and “Why?”. He also stressed that email is one of the most difficult and problematic modes of communication. People get angry really easily in email and stop talking productively.

The second half of the talk dealt more with the actual practice of programming with some fairly familiar suggestions like: document as you code, test copiously and automatically, and use version control obsessively. In particular, he stressed keeping each commit limited to a single change. Doing this probably means you want to branch freely, and maybe use a distributed version control system. Another interesting phrase he brought up was “Fear-based Programming”, which is where you get into a mode where fear keeps you from actually doing anything. I think that’s probably a concept that most people working on large systems can relate to.