Monday, April 15, 2013

I can write code, but can’t design well. Any help?

12:34 AM  , ,  No comments


This Q&A is part of a weekly series of posts highlighting common questions encountered by technophiles and answered by users at Stack Exchange, a free, community-powered network of 100+ Q&A sites.
user396089 is more than competent when it comes to writing code in "bits and pieces." Planning and synthesizing that code into a complex, coherent app is the hard part. "So, my question is, how do I improve my design skills," he asks. And to that, some more experienced programmers answered...
See the original question here.

Be a bad designer for a bit

Amadeus Hein Answers (8 votes):
Well, there's no golden apple for this kind of question, and I feel perhaps this is for every coder himself to find what's right for him. Here's my take, anyway.
You could read books on the subject. Great books. Fantastic books. But I find that these books only help you once you've tried to build and design an application—and failed.
For me, it's all about experience. When I started as a rookie I read books on how to design. I didn't understand much of the content back then. When I started working and had to design applications myself, I made very messy applications. They worked, but they were a pain to maintain. Then I read those books again—and this time I better understood them.
Now, I continue making new mistakes and learning from the old ones.
Related: "What to plan before starting development on a project?"

Stick to some basic rules

Konrad Morawski Answers (4 votes):
Read about patterns, sure, but first and foremost read about anti-patterns. Recognizing anti-patterns is important, and it's easier to understand why something shouldn't be done in such a way than why it should.
See SourceMaking's post on anti-patterns, for example.
Write code so that it can be adjusted quickly if requirements changed (which is very common in production environment).
Be super-skeptical about adding "just one more little hack." One more here, one more there, and the code becomes unmaintanable.
Value the open/closed principle.
Write tests (as in TDD). They force you to think your design through even before you actually implement it.
Browse the code of open source projects (reasonably sized ones, that is). I used to be surprised at—usually—seeing so many levels of abstraction. Now I understand it's not art for art's sake, there's a reason why it's done this way.

Decompose it

Giorgio Answers (3 votes):
One principle that I find very important for good design is decomposition:
  • If a class is too big (more than, say, 300-400 lines of code) break it up into smaller classes.
  • If a method is too big (say, more than 50 lines of code) decompose it; if a project contains more than 50 classes, decompose it.
The key is to estimate the size of your system and construct several abstraction layers (e.g. subsystem, application, project, module, class, method) that allow you to decompose your code into understandable units with clear relationships between them and few dependencies.

Forget about design

kevin cline Answers (2 votes):
Stop designing and learn to refactor code. Incremental development with continuous and aggressive refactoring will result in a much cleaner end product than any up-front design.
Find more answers or leave your own at the original post. See more Q&As like this at Programmers, a site for conceptual programming questions at Stack Exchange.

Read More

Huge attack on WordPress sites could spawn never-before-seen super botnet

12:31 AM  , ,  No comments


Security analysts have detected an ongoing attack that uses a huge number of computers from across the Internet to commandeer servers that run the WordPress blogging application.
The unknown people behind the highly distributed attack are using more than 90,000 IP addresses to brute-force crack administrative credentials of vulnerable WordPress systems, researchers from at least three Web hosting services reported. At least one company warned that the attackers may be in the process of building a "botnet" of infected computers that's vastly stronger and more destructive than those available today. That's because the servers have bandwidth connections that are typically tens, hundreds, or even thousands of times faster than botnets made of infected machines in homes and small businesses.
"These larger machines can cause much more damage in DDoS [distributed denial-of-service] attacks because the servers have large network connections and are capable of generating significant amounts of traffic," Matthew Prince, CEO of content delivery network CloudFlare, wrote in a blog postdescribing the attacks.
It's not the first time researchers have raised the specter of a super botnet with potentially dire consequences for the Internet. In October, they revealed that highly debilitating DDoS attacks on six of the biggest US banks used compromised Web servers to flood their targets with above-average amounts of Internet traffic. The botnet came to be known as the itsoknoproblembro or Brobot, names that came from a relatively new attack tool kit some of the infected machines ran. If typical botnets used in DDoS attacks were the network equivalent of tens of thousands of garden hoses trained on a target, the Brobot machines were akin to hundreds of fire hoses. Despite their smaller number, they were nonetheless able to inflict more damage because of their bigger capacity.
There's already evidence that some of the commandeered WordPress websites are being abused in a similar fashion. A blog post published Friday by someone from Web host ResellerClub said the company's systems running that platform are also under an "ongoing and highly distributed global attack."
"To give you a little history, we recently heard from a major law enforcement agency about a massive attack on US financial institutions originating from our servers," the blog post reported. "We did a detailed analysis of the attack pattern and found out that most of the attack was originating from [content management systems] (mostly WordPress). Further analysis revealed that the admin accounts had been compromised (in one form or the other) and malicious scripts were uploaded into the directories."
The blog post continued:
"Today, this attack is happening at a global level and WordPress instances across hosting providers are being targeted. Since the attack is highly distributed in nature (most of the IPs used are spoofed), it is making it difficult for us to block all malicious data."
According to CloudFlare's Prince, the distributed attacks are attempting to brute force the administrative portals of WordPress servers, employing the username "admin" and 1,000 or so common passwords. He said the attacks are coming from tens of thousands of unique IP addresses, an assessment that squares with the finding of more than 90,000 IP addresses hitting WordPress machines hosted by HostGator.
"At this moment, we highly recommend you log into any WordPress installation you have and change the password to something that meets the security requirements specified on the WordPress websitethe company's Sean Valant wrote. "These requirements are fairly typical of a secure password: upper and lowercase letters, at least eight characters long, and including 'special' characters (^%$#@*)."
Operators of WordPress sites can take other measures too, including installing plugins such as this one and this one, which close some of the holes most frequently exploited in these types of attacks. Beyond that, operators can sign up for a free plan from CloudFlare that automatically blocks login attempts that bear the signature of the brute-force attack.
Already, HostGator has indicated that the strain of this mass attack is causing huge strains on websites, which come to a crawl or go down altogether. There are also indications that once a WordPress installation is infected it's equipped with a backdoor so that attackers can maintain control even after the compromised administrative credentials have been changed. In some respects, the WordPress attacks resemble the mass compromise of machines running the Apache Web server, which Ars chronicled 10 days ago.
With so much at stake, readers who run WordPress sites are strongly advised to lock down their servers immediately. The effort may not only protect the security of the individual site. It could help safeguard the Internet as a whole.

Read More