Spreading Bad Software is Immoral

29. September, 2017

From Fefe’s Internet Security Days keynote:

Schlechte Software zu verbreiten ist unmoralisch.

Translation: Spreading sloppy software is immoral. It’s like producing waste and dumping it into a river. Properly handling would be expensive, illegal dumping saves money and turns it into a SEP.

Writing sloppy software is similar. Instead of investing time into doing it right, you try to externalize costs: The client will somehow (have to) deal with it. They either have to pay you to make it better the second time or they have to spend time and nerves every day to work around shortcomings.

When we see someone dump toxic waste in a forest, most people are outraged. The same people, when they are managers of a software company, sign contracts that define the delivery date of something before knowing the requirements. Software developers, desperately trying to feel and look competent, shout “Done!” only to collapse into a morose heap of self-pity after a minimum of poking what this “done” really means.

Fefe is arguing that doing it right is as expensive as doing it sloppily. I have the same hunch. I’ve seen numbers on the  Standish Group Chaos Report (alt: Wikipedia, German) which gives a good indication how much failing projects cost: Around 20% are a total waste of money since they are eventually killed, 52% cost twice as much, only 30% make it in time, in budget and with the promised feature set (note: I bet at least half of those 30% made it because the feature set was reduced/readjusted during the project).

If you assume that in 2014, $250 billion was spent on software development in the US, that means cost of $50 billion on failed projects alone. That is our money. Your’s and mine. Companies don’t magically get money, they sell products and each wasted project eventually means additional figures on some price tag in a shop.

Then we have $125 billion which should have been $62 billion but another $62 billion was necessary to make it to the finishing line. It’s a harder to tell how much of that is wasted. You can’t count projects that were simply underestimated or feature creep – additional features cost additional money, so it’s out of budget but not wasted. Let’s assume $10 billion (less than 10% waste overall) in this group.

In a perfect world, that would mean we could spend 24% ($60 billion out of $250) more on software quality without any additional cost.

Related articles:

Wrong colors in Windows Photo Viewer / Falsche Farben in Windows-Fotoanzeige

18. September, 2017

When colors in the Windows Photo Viewer (Win 8 to 10) look oddly wrong, it’s probably because of something called “color profile“.


  1. Open “System Control” (Systemsteuerung)
  2. “Color Management” Farbverwaltung
  3. Select your monitor
  4. Check “Use my settings for this device” (“Eigene Einstellungen für das Gerät verwenden”) (otherwise, you can’t click anything at the bottom)
  5. Hinzufügen
  6. Select “sRGB IEC61966-2.1”
  7. Click “Set as Default Profile” (“Als Standardprofil festlegen”)
  8. Repeat for each monitor
  9. Restart Photo Viewer (Fotoanzeige)

How Houston Sends a Humbling Message About Climate Change

2. September, 2017

People in Houston have been drowning the past few days. Do they care about climate change right now?


They are currently returning to houses that have been massively damaged. Are they caring about climate change now?


These people have real problems at the moment. They don’t have the time, nerve or energy to waste on climate change. In the past few years, I’ve come to the conclusion that climate change isn’t a “problem”. Talking about it is a waste of time. People need jobs, they need money to pay rent, food, education, Netflix. Climate change is a nice but somewhat irrelevant topic to fill the gaps of boredom between.

So how to prevent climate change when talking about it is a waste of time? We need a new story. People love stories. Compare these two:

  1. If you smoke, your live will be 10 years shorter on average.
  2. My grandmother smoked all her life and she died with 95 in good health.

Both are “true” in the sense that they are facts which have been verified as well as could be. Which one do you like to hear?

So here is my story about climate change:

Climate changes. It changes all the time. Sometimes it’s hotter, sometimes it’s colder. Who cares. People have real problems. People need jobs. How do you create jobs? By doing new stuff.

When everyone has a car, you can’t sell more cars. You simply can’t get most people to buy two cars. You can replace the few that die every year but that’s not growth. That’s simply keeping the level. Today’s cars produce a lot of poisons. That’s bad for everyone. They need gasoline of which the US has only so much. We need to send soldiers to die in far away countries to make sure we get all the oil we need.

That’s a tragedy for the families involved and that’s a lot of our money wasted. This money doesn’t come from some magic place, it’s the money which every American pays in form of taxes.

If we replace all the bad cars with new cars, we will create a lot of jobs. New technologies need to be invented. Better batteries. More efficient and reliable power grids. When was your last power outage?

No more soldiers dying for oil. Cars which refuel themselves over night. No need to stop at dark fuel stations. Yeah, the fuel stations will go away. But a lot of people lost their jobs when we did away with horse carriages. Those were unhappy but overall, it was a change for the better.

Cleaner air. More jobs. Better health. Less power outages. Less traffic noise. Having a job will mean you can afford the new car and get rid of the old junk. With all those new cars, people will ask for better roads. With the new jobs, we can afford that as well. We can then invent technology to recycle millions of cars efficiently and sell that.

Here is how the story works: People have problems that are important for them. We can ignore that (and be ignored) or acknowledge it. Telling them “hey, here are even more problems and who knows how to solve them” isn’t going to work. So we need to paint a picture. One where they can find themselves in. One where they can see some actual problems of themselves solved.

That’s how you prevent climate change.

I Hate Green …

31. August, 2017

… in my blueberries.

Thunderbird: Using Images in Signature

24. August, 2017

lifewire has an excellent article how to put an image into mail signatures: “Automatically Use a Picture in a Thunderbird Signature

Keep in mind that those images add a lot of bloat to your mail. If you just send a few sentences, then even a small image can easily make the mail hundreds or thousands of times bigger.

Shortest Horror Joke Just Got Shorter

20. February, 2017

Previously, it was

The last human sits in front of his fireplace. Suddenly, there is a knock on the door.

Now, it’s

Trump says.

Good and Bad Tests

16. January, 2017

How do you distinguish good from bad tests in your code?

Check these criteria. Good tests

  • Nail down expectations
  • Monitor assumptions
  • Help to locate the cause of a failure
  • Document usage patterns
  • Allow to change code
  • Allow to verify changes
  • Are short (LOC + time)

Bad tests

  • Waste development time
  • Execute many, many lines of code
  • Prevent code changes
  • Need more time to write than the code they test
  • Need a lot of code to set up
  • Take ages to execute
  • Are hard to run


There are a lot of checks in your compiler. Those help to catch mistakes you make. Do the same with your tests. There are a lot of things that compilers don’t check: File encodings, existence of files, existence of config options, types of config options.

Use tests to nail down your expectations. Read config files and validate the odd option.

Create a test which collects the whole configuration of your program and checks it against a known state. Check that each config option is set only once (or at least that it has the same value in all places).

When you need to translate your texts, add tests which make sure that you have all the texts that you need, that texts are unique, etc.


Convention over configuration only works when everyone agrees what the convention is. Conventions are assumptions. Your brain has to know them since they are no longer in the code. If this approach fails for you, write a test that validates your assumptions.

Check that code throws the exceptions that you expect.

If you have found a bug in a framework and added a workaround, add a test which fails when the bug is fixed. Add a comment “If this test fails, you can remove the workaround.”


The world speeds up. No one can afford slow tests, tests that are hard to understand, hard to maintain, tests that get in the way of Get-Things-Done™. Make sure you can run your tests at the touch of a button. Make sure they never fail unless they should. Make sure they fail when they should. Make sure they are small (= execute fast, few lines to understand, little code to write, easy to change, cheap to delete). Ten tests, each asserting a single fact, are better than one test that asserts ten facts. If your tests run for more than ten seconds, you lose.


There is code rot. But long before that, there is documentation rot. Who has time to update the comments and documentation after a code change?

Why not document code usage in tests? Tests tell you the Truth™. Why give someone 100 pages of words they can’t trust when you can give them 100 unit tests they can execute?


Make your life easier. Stop wasting time in your debugger, begging for production log files, running code in your head. Write a good test today, it will watch your back for as long as the project lives. Write a thousand good tests and they will be like an army of angels, warding you from suffering, every time you press that button.