&. |

A software developer’s musings on software development

Introducing Chord-o-matic

I’ve now released what is quite possibly my most ambitious side project, the Chord-o-matic Chord Player:

Chord-o-matic screenshot

This is an app that lets you select the notes that to play on a fretboard, and it tells you possible names for the chord, and why it gave the chord that name. It also lets you hear what the chord will sound like.

My reasons for writing this app come from some frustrations that I have trying to adapt music for guitar. At church, I play guitar for the kids’ choir about every other month, and the music I have to work with is never actually written for guitar. So I start with sheet music that is intended for piano and singing. The problem is I read sheet music at a first grade level. Whereas someone more knowledgeable/experienced than me can just look at the music and say “G, D7, C, G, Am, G7, G” or whatever, I take several hours to get to that point. Usually I start with the sheet music, write down the name of each note, then go back and figure out what chord is being formed by the notes played at that moment. Then I figure out where is the best place to put the capo to play the song more easily.

One tool I found that helped me with this is the JamPlay Guitar Chord Finder, and if you look at that you will see that my app is heavily inspired it. I basically did an HTML5 rewrite of the app. There were a few things that bugged me about their app, and so I set out to change them:

  1. JamPlay uses Flash, which is quickly going extinct as browser manufacturers drop support for it. I wanted something written in HTML5.
  2. I needed the option to add a capo, and to alter tuning (i.e. down half step).
  3. I needed the ability to change the guitar tuning, or even to change the type of instrument (guitar, ukulele, etc.)

Upon setting out, there were two problems I would need to solve:

  1. The front-end to render the interactive guitar.
  2. The back-end1 to take a set of pitches and return the possible names of the fingered chord.

I expecteded that the first task would be the most difficult, especially considering my UI skills are not the greatest. But in actuality, I think I spent much more time spinning my wheels on the chord naming task. I assumed that there was some well-defined algorithm which took a set of pitches and returned chord names, and that all I would have to do is open the Wikipedia page or something and port the pseudocode to Javascript. As it turns out, there’s a lot of variation in chord names once you get out of the common chords (majors, minors, and sevenths). Different people have different reasonable interpretations, and many of the established names seem to actively work against any kind of algorithm2. So what I ended up with is a bunch of spaghetti code that I hope to go back to and clean up later, to the extent that it is even possible. One resource that I found extremely helpful for this is the ScalesChords Chord Namer, which lets you select a set of notes in a chord, and it generates possible names for that chord. And, most importantly, it tells you why it generated that particular name. All said and done, I think I learned as much music theory in the past few months as I have in the entire two decades I’ve been playing guitar.


  1. Technically, it’s all front-end, but this is the part that’s pure algorithm. 

  2. For example, you might think a seventh chord is a chord with a seventh in it, but it’s actually one with a flat seventh. A chord with a seventh is called a major seventh. Unless the fifth is flat and you have a minor third (diminished chord), to get a dim7 chord you take a diminished chord and add a double-flat seventh (i.e. sixth) instead of a flat seventh like you do with any other chord. The kind of mess that results in spaghetti code no matter how hard you try. 


Negativity

Earlier today I tweeted:

I have wasted too many hours of my life debating whether to write "if(somearray.length == 0)" or "if(somearray.length <= 0)". I mean, I know .length could never return a negative... but what if it does???

I want to elaborate on this using more than 140 280 characters. The situation where I tend to do this is when I come upon code like this:

  function processStuff(stuff) {
    if(stuff.length > 0) {
      //this is basically the whole function
      doStuff();
      //seems wasteful to indent this stuff
      doMoreStuff();
      //maybe another 100 lines of code
      return whatever;
    }
    else {
      //throw an exception or return an error message or print an error message or something like that
    }
  }

Two problems:

  1. The majority of the code is indented twice.
  2. The else clause is very far from the corresponding if clause.

So the solution is to refactor so that the current else clause is at the top

  function processStuff(stuff) {
    if(stuff.length == 0) {
      //throw an exception or return an error message or print an error message or something like that
    }

    //this is basically the whole function
    doStuff();
    //look it doesn't have an extra unnecessary level of indention now!
    doMoreStuff();
    //maybe another 100 lines of code
    return whatever;
  }

The problem now is that the before and after this refactoring is not strictly identical. The negation of stuff.length > 0 is stuff.length <= 0, not stuff.length == 0. The first code would have gone through the error condition if stuff.length is negative, but the refactored code won’t.

Now, I know that the length of an array will never return a negative in any programming language I’ve ever heard of. But, like I tweeted, what if it does?!

I want to ensure that I don’t break anything by refactoring. And it’s also not going to hurt anything if I write stuff.length <= 0. But then I wonder what the next person to see my code will think. “Is there some reason this idiot1 thought array length could be negative?”

And I go through this thought process everytime I encounter this situation, mentally debating the pros and cons, instead of just accepting that it doesn’t matter and moving on.


  1. Believe me, the last programmer was always an idiot. Especially when it was me. 


BigFraction now on Maven Central

My BigFraction Java library is now available on Maven Central, free to be used in any Java project built using Maven or any compatible build tool (Gradle, Ivy, etc.).

This project is something I started on my own nearly a decade ago, for my own use in solving Project Euler problems. About three years ago I put it on GitHub. Much to my surprise, several people found it and started using it. But the only way to use it was to check out the source code and build it yourself—not very practical to the way most Java projects are built today. I wanted to get the library on Maven central about a year ago, but I procrastinated for a long time thinking it would be a difficult process. Turns out, it is relatively easy, and completely free, to get your open source library hosted and indexed.

If you run into any issues, please report them on GitHub.


Half A Lifetime Ago

One of the cool things about being a software developer is this: if something doesn’t exist, and you want it to exist, you can make it exist. Today I was thinking about the fact that almost half of my life has been since high school. Then I started to wonder when exactly half a lifetime ago was.

This is easy enough to solve with one line of javascript:

new Date(Date.now()/2 + new Date(birthYear, birthMonth-1, birthDay)/2)

This seemed like the kind of thing that normal people would be interested, so I spent a little time this afternoon making a workable (but still pretty ugly) UI around this one line of javascript: tilde.ampersand.space/half-a-lifetime/

The code is also on GitHub: github.com/kiprobinson/halfALifetime


You Won't Believe How Many Hello World Programs Can Fit On A T-Shirt!

I’ve designed a t-shirt that is especially for programmers. It contains the simple hello world application, written in forty-seven different programming languages.

Click or Tap or Otherwise Activate This Hyperlink to Buy!

T-Shirt with Hello World in Forty-Seven Languages

Below is the “key”, for anyone interested. A few of these aren’t technically programming languages (like binary, QR), and a few are just frameworks within another language (like Angular, Swing). I’ve ordered one of the shirts myself and it looks pretty nice—I had to make sure of that before I offered it for sale. I’ll probably work on a version that works against a dark background, when I get the time.

Binary

0110100001100101011011000110110001101111001000000111011101101111011100100110110001100100

Java

public class Main {
  public static void main(String[] args) {
    System.out.print("hello world");
  }
}

AngularJS

<input type="text" ng-model="sometext" />
<h1>hello {{ sometext }}</h1>

Scala

object HelloWorld extends App {
  println("hello world")
}

XSLT

<?xml version="1.0"?>
<greeting>hello world</greeting>

Fortran

program hello
  print *, "hello world"
end program hello

Haskell

main = putStrLn "hello world"

8086 Assembler

.model small
.stack 100h
.data
msg  db  'hello world$'
.code
start:
  mov  ah, 09h
  lea  dx, msg
  int  21h
  mov  ax, 4C00h
  int  21h
end start

php

<?php echo 'hello world' ?>

Go

package main
import "fmt"
func main() {
  fmt.Println("hello world")
}

Lisp

(print "hello world")

Flex (MXML)

<?xml version="1.0"?>
<Application xmlns="http://www.adobe.com/2006/mxml">
  <Label text="hello world" />
</Application>

Hex

68 65 6c 6c 6f 20 77 6f 72 6c 64

ActionScript

createTextField("hello", 0, 0, 0, 100, 100);
hello.text = "hello world"

.bat

@echo off
echo hello world

Perl/Python/Swift

print "hello world";

Cobol

IDENTIFICATION DIVISION.
PROGRAM-ID. HELLO-WORLD.
PROCEDURE DIVISION.
  DISPLAY 'hello world'.
  STOP RUN.

Visual Basic

Imports System
Public Module modmain
   Sub Main()
     Console.WriteLine ("hello world")
   End Sub
End Module

Prolog

write('hello world'),nl.

HTML

<html><body>
hello world
</body></html>

R

state start:
  pstr("hello world\n");
  halt;

lolcode

HAI
CAN HAS STDIO?
VISIBLE "HAI WORLD!"
KTHXBYE

SQL

SELECT 'hello world' AS hello

Java (Swing)

javax.swing.JOptionPane.showMessageDialog(null, "hello world");

Scheme

(let ((hello-world (lambda() (display "hello world")(newline))))
  (hello-world))

C

#include <cstdio>
int main() {
   puts("hello world");
}

Ruby

puts 'hello world'

Pascal

program HelloWorld;
begin
  writeln('hello world');
end.

Mathematica

Print["hello world"]

Basic

10 PRINT "hello world"

ColdFusion

<cfoutput>hello world</cfoutput>

jQuery

$(function(){$('body').text('hello world');});

Brainf***

++++++++++[>+++++++>++++++++++>+++>+<<<<-]>++.>+.+++++++..+++.>++.<<+++++++++++++++.>.+++.------.--------.>+.>.

Whitespace

···→··→ ···↲
→   ↲
·····→  →   ··→ ·→  ↲
→   ↲
·····→  →   ·→  →   ··↲
→   ↲
·····→  →   ·→  →   ··↲
→   ↲
·····→  →   ·→  →   →   →   ↲
→   ↲
·····→  ·→  →   ··↲
→   ↲
·····→  ·····↲
→   ↲
·····→  →   →   ·→  →   →   ↲
→   ↲
·····→  →   ·→  →   →   →   ↲
→   ↲
·····→  →   →   ··→ ·↲
→   ↲
·····→  →   ·→  →   ··↲
→   ↲
·····→  →   ··→ ··↲
→   ↲
·····→  ····→   ↲
→   ↲
··↲
↲
↲

Smalltalk

Transcript show: 'hello world'.

C Sharp

public class Hello {
  public static void Main() {
    System.Console.WriteLine("hello world");
  }
}

Lua

#!/usr/bin/lua
print("hello world")

Javascript

document.write('hello world');

ASP.net

<% HelloWorldLabel.Text = "hello world"; %>
<html><body>
<asp:Label runat="server" id="HelloWorldLabel"></asp:Label>
</body></html>

Piet

Hello World program in Piet

Objective C

#import <Foundation/Foundation.h>
int main (int argc, const char * argv[])
{
  NSLog (@"hello world");
  return 0;
}

Ada

with Ada.Text_IO; use Ada.Text_IO;
procedure Hello is
begin
  Put_Line("hello world");
end Hello;

QR

QR Code encoding the text Hello World

c++

#include <iostream>
int main() {
  cout << "hello world" << endl;
}

MATLAB

disp('hello world');

No Excuse for No Security

A long, long time ago, in 2015, securing a website was an expensive, tedious process. Then along came Let’s Encrypt, a non-profit certificate authority that provides SSL certificates completely for free. Real (not-self-signed) certificates that get a green padlock in your address bar. And they make the process super easy and automated. If you’re on shared hosting it might be a little harder, but your host should be able to implement it fairly easily. Dreamhost made it basically one click for me. You should read that post it’s pretty good. One thing to note is that Chrome and Firefox both have plans to start marking http connections as insecure, rather than default neutral status (the current status quo).


JSON Formatter

In the last two days I’ve written a new, simple JSON Formatter. This is a very simple tool that allows you to prettify/uglify JSON data. It is basically just a textarea tied to the JSON.stringify() method that is built-in on every modern browser.

I created this after being frustrated with other online formatters that don’t work well for large data because they require the data to be submitted to a server for validation. My tool runs entirely client side. Live preview here.

You can even run it without an internet connection. Tool is written entirely with Vanilla JS, a hot new Javascript framework that is all the rage these days.

View Project on GitHub.


y2k16 bug

This website is now in its second calendar year. Which means the code to print the copyright at the bottom of the page just went to an untested branch of code. Turns out it had a bug!

y2k16 bug on this site

I have squashed the bug. Happy New Year! :)


Never Forget

In a previous life, I operated another blog. In the decade I spent running that site, I blogged 432 times. I have gone through the archives of that pile of random thoughts, and brought over twenty-eight posts. Think of it as my greatest hits collection.

Actually doing this turned out to be a huge task—I decided with this site that I would use Markdown to compose my posts, rather than the HTML I used on the old blog. Some things like <em> and <strong> were simple enough to search/replace, but others turned into a manual process. Then I had to deal with links within the site which would no longer work, and I had to find and move over attached images.

Anyway. Here are a few of my favorites:


Web Application Security 101: Slides and Demo App

I previously announced that I would be presenting at this year’s NCDevCon. Well, I tried! The conference suffered a complete power outage partway through the second day. I still tried to give my presentation in a dark room using only my laptop’s screen pointed at the attendees, but then we hit another snafu when a fire alarm cleared out the whole building.

As a result, I only got four slides in, and there is no video recording even of that part of the presentation.

I have put my slides and demo application on GitHub. You’ll find instructions there on how to set up the demo application.

One of the things I’m really disappointed that I didn’t get to discuss is Incentivizing Secure Code (slides 38-43). Here is the gist of what I wanted to say:

Our kneejerk reaction when we see insecure code is to say that the developer is ignorant or incompetent. But sometimes the developer is just making a rational decision to spend his or her time churning out as many features as possible, rather than spending more time doing something that probably won’t get recognized or appreciated (writing secure code). There’s often no incentive for the developer to make the code better. Given the rate of turnover in this industry, it’s quite likely that the developer who wrote the code for Target or Sony Pictures or Office of Personnel Management, or any other recent high-profile hack, is long gone from that job. They are not being dragged before Congress to testify. Their ex-boss’s boss’s boss is.

So, how do you solve this problem? Developers need to be incentivized to do the right things. I don’t mean monetary incentives. I mean the same kind of incentive you have to produce code that runs fast, or code that is stable, or a nice looking UI. Namely, that if you do those things well, you don’t have QA and product managers telling you that a million things are broken, and you have time to move on to your next task.

In my view, the best way to incentivize secure code is to train QA on how to test security. If the developer knows that security will be tested, and that QA actually knows how to test it, then he or she will be more likely to spend time covering security basics to begin with. In my company, we have a document that I worked with QA to develop, which provides guidelines for basic security testing. In a lot of cases it is as simple as “Enter <b>test</b> in every form field. If you see bold text, there is an XSS vulnerability”. Or “Enter a single-quote character in every form field. If you get errors there is a SQL Injection vulnerability.” QA needs to know how to use browser developer tools to modify hidden fields and select boxes.

None of this guarantees that your code will be secure. It should at least reduce very common and very preventable security vulnerabilities. There are other factors that are beyond the scope of this “101” level presentation. And sometimes it isn’t even in your control. It doesn’t matter if you won the Emmy for Best Coder last year; if you used OpenSSL you had a HeartBleed problem.