I don’t even know where to start. I’ve had a number of incidents in the past where I’ve been touched in ways I don’t want to be. Most recently, I was out in the park yesterday evening, walking over to the Olympiastadion, to get a look at the sunset and to just get outside for a bit. As I walked past a group of people, mostly guys, all roughly my age, one of them just reached out and grabbed my left breast. Excuse me!?

So some ground rules… Doesn’t matter who you are, you don’t touch my breasts in public. Sure, there are people who are allowed - an echocardiogram involves rather a lot of breast-mauling, for example. But that’s done in a particular setting, and in private. While we’re at it, no touching breasts when I’m clothed either - in private doesn’t mean you get to touch. If I’ve taken my clothes off, only then is it a fair bet that you’re allowed touch.

Other rules depend a bit on who you are. If you’re a guy, don’t touch me unless I’ve touched you before. Feel free to offer me your hand, or open your arms to offer a hug. But unless you’re pretty sure of yourself, don’t just grab me. Yes, I understand that it’s unfair that I get to touch first. However, it’s also unfair that I am, by and large, smaller and weaker than guys. Deal with it. And yes, it’s a double standard that women can go ahead and give me a hug, while guys should wait til I give them one. If or when I get women touching me inappropriately, I reserve the right to amend this. Thus far, everyone who’s done it has been male.

If you want to talk to me, stay at arm’s length. If you’re under 5′10″, my arm will do just fine. If you’re over, use your arm. I can hear you from over there, and I’m less likely to spend the whole conversation backing off. Yes, it’s scary and threatening when you loom over me, and no, it’s not ok. I understand that cultural norms may be different for you, but you’re big enough to get over that, please and thank you.

Now that that’s out of the way, does anyone have any suggestions for dealing with these kinds of things? When I was grabbed in the park last night, I put my head down, eyes front, and just kept on walking. I don’t honestly know what else I could/should have done. Steve asked me later what I would have done if I’d seen it happening to someone else. Suggestions? Unfortunately “quit going out alone” isn’t a viable option. Neither is “fight back” (at least physically), since I’m 5′3″ at a push, and not especially strong or skilled at fighting.

In other news, an ASF committer (who yes, I’m deliberately refusing to name, because he’s not the only one by a long shot) tried to be helpful last night, and updated the Women Wiki, for the women@apache group. Based on the current state of the “What Not To Do” page I set up thereafter, he really, really doesn’t get it. (Note: the “Counter response” isn’t mine - I just wrote the stuff above “Answer”).

How can we change this? Can someone help me with how to explain to people like this that what they’re doing isn’t helpful? I don’t want to discourage those who want to help - not by any means. But this really isn’t the kind of ‘help’ we need. Yes, there are plenty people in the ASF who ‘get it’, and plenty people who just don’t care either way. How do we get the message through to the others though, who care, but don’t get it?

Ugo Cei chimes in with his (€|$)0.02 on the whole RocketBoom thang… And it just makes me wonder, would anyone have made a comment like that about a bloke? I’m curious.

Is Ugo Cei still COO for SourceSense? If it is so, I would like to suggest that Gianugo hire Linus Torvalds instead. For Ugo can be useful and competent, but Linus is about a hundred times better, and his karate-champ wife would be ass-kicking.

That’s all.

Class Photo, Baywatch style, originally uploaded by NoirinP.

---

I’m just back from probably the oddest college course I’ve ever been on

After a few preparatory classes in the traditional fashion, we were sent our seperate ways, and told to prepare presentations for a “Blockseminar” on Lake Chiemsee. Each group had three or four students, a topic, and two hours of presentation time. My group was discussing the Internet and the World Wide Web, and my part of the presentation was the technical stuff…

It went well, thankfully, despite copious quantities of nervousness. Our group went first, which helped, and of course made the rest of our stay on the island that bit more pleasant My slides are now, as usual, online.

All the presentations were interesting, and the convent itself was a pretty cool place to stay, but it was the music, singing, and general camaraderie in the evenings that really made it worthwhile. And, of course, the lake itself.

The water was crystal clear, warm, just amazing. I’d go back in an instant, and I’d recommend it to anyone. Mmm… It was a pleasure to swim in, and I indulged frequently. I really would return to Germany just to visit this place again.

Photos, as always, are on flickr.

DSCI0074, originally uploaded by sailorlad.

---

Dad got back from the Round Ireland Yacht Race early on Saturday morning, and has now put some of his photos up on Flickr!

He was on Lancastrian, and we had great fun tracking him, via GPS and the race website. Unfortunately, conditions weren’t as favourable as they might have been, so it took a little longer than he’d hoped. (Konica Minolta Zana, the yacht pictured, won the race, but was more than 24 hours outside the previous record time.)

Still, they got home safe and sound, and he’s off to Cork at the end of the week, so looking forward to more photos then!

Good on ya dad!

Leinster Senior Football Semi-Final 2006

Hosted on Zooomr

Noel very kindly brought Colm, Justin and I to Croke Park last Sunday (wow, is it that recently!? It feels like a lot longer ago!).

As usual, I took some photos Even the girls here in Munich have started teasing me about how many I take, but hey, it’s fun (although, given how I’ve fallen in love with Colm’s 350D, it could wind up more expensive than a cocaine habit… Uh oh!)

Evacuation, originally uploaded by NoirinP.

---

After I’d checked in yesterday to come back to Germany, I headed up to the food court, to find a cold drink. As I did so, I heard screaming, alarm bells, and noticed a general chaos descending… I’ve always felt that it’s not worth staying in a building if the alarm is going. I’d rather be inconvenienced on a regular basis, than dead just once.

So, along with everyone in sight, I evacuated the airport building, heading in a reasonably swift, orderly progression down towards a carpark.

What ensued was a couple hours of waiting around, mostly well-humoured travellers trying to figure what was going on, and some very harried customer service reps continually trying to herd people further and further.

News filtered in slowly, via radio, mobile phones, conversations with fellow-travellers, strategic eavesdropping and so on.

The airport staff were polite, as helpful as they could be, and did an excellent job overall. The travellers, for their bit, were patient, understanding, and willing to have a laugh at the situation. The rain made it a little less pleasant, although after an hour or so, people were allowed in to the multi-storey carpark to seek shelter - I didn’t take this option, as there were several people smoking in there, and I preferred the fresh air outside.

Communication was an issue - while regular announcements were made that we were safe, and would be given updates as available, no information was provided on whether flights would resume later, or be cancelled. A blanket “we aim to get as many flights as possible back on track, once we’re allowed in” would have allayed many fears and much of the discontent - and seemed to be true. Only a few flights - all Ryanair, as far as I could tell - were cancelled.

Of course, after all that drama, once we finally got on the plane, the flight went relatively smoothly - until I disembarked, went through passport control, and realised I’d lost my wallet, and that it must be on the plane. Fortunately, by the time I’d collected my suitcase and gotten over to the Aer Lingus desk to ask, they’d already received a call to say a wallet had been found on the plane, so I just had to hang around a little bit longer, for the rep to bring it over.

Boy, was I glad to get back to my own little apartment!

Laura Thomson came all the way from Australia to present the last talk I went to at ApacheCon - PHP/MySQL Best Practices - and for me at least, it was well worth her trouble. This was originally submitted as a tutorial, and was only converted to a talk at the last minute, so we were really lucky to have her!

Talk-lite - 45 mins instead of 3hrs

Design DBs & apps without big holes
Maintainance

Clear vision for architecture = good
‘Framework’ = trendy buzzword

Everyone has a different idea
Some frameworks lead to bloat, and make it hard to do simple things simple

No paradigm for frameworks = no help with maintainability, transferable code
skills

Have a clear & simple architecture
Easy to add to
Easy to explain to new people
Easy to remember now, and in 2/5/10 years

Database extraction = MYTH!!!
Changing PHP = easy
DB chosen based on features
DB extraction layers inefficient/slow/cumbersome

Data access extraction - PDO
Standardise on prepared statements - MySQL4.1

Templating languages (database extraction & frameworks also) - religious issue

Start simple, can’t help but adding features
Ends up with feature-complete languages, adds a layer of complexity = layer of
inefficiencies, something else to break

ARCHITECT FOR YOURSELF - presume that /you/ will be maintaining this in the
future

Don’t rely on server config - write the most portable code possible (security,
ini settings)

Design with security from the ground up - dispatch architecture = single line of
execution

CODE REVIEW - code quality++, make sure code is developed sensibly

Security audit - particularly with inherited/legacy code

Education, education, education - make it easy to do the right thing

Use error reporting - turn it right up on development servers
Aim to write code that doesn’t throw any notices
Turn error level down, or display_errors off, on production servers - attackers
can use error messages to make better attacks

Education - developers don’t know better
Code review from peer-to-peer, formal code review, mentor junior staff, read
commits
Developer education is a good addition to any security audit

Integrating against external data sources - don’t trust them
Don’t trust them to stay the same, be secure (injection attacks), be there at al
l!

Layer of abstraction++
Web2.0/AJAX/DHTML - JS heavy
Nightmare to debug and maintain

Firebug = God’s gift to JS programmers

Maintainability

Can someone understand your code, change & update it? Can /you/? Can the code be
extended/adapted?
“It’s just a hack” - turns into 10,000 lines of code, go back and look at first
500 - they’re buggy, hellish, breakable

THINK AHEAD

Developer ignorance is a big problem

For small project - write small code, be prepared to throw it away if it turns
into a big project
For big project, DESIGN FIRST

Problems arise when projects grow organically

Self-taught/junior developers aren’t the only ignorant developers
Lack of experience with teams/inability to adapt & be flexible
Lack of experience with developing significant (100,000 LOC) codebases
Lack of experience with someone else’s awful code! - #1 driver for developers to
improve is having to maintain someone else’s code!

Obfuscated code - crossword puzzle anyone?
Poor naming conventions - Hungarian notation = most abused naming on the planet
Abuse of define()
Seventeen layers of handoff
Reimplementation of built-ins/standard library functions - esp array functions
Failure to do /the simplest thing that could possibly work/
Premature optimisation - and it’s practically always premature! Obfuscates code,
usually without a good reason

Failure to comment /appropriately/ - “set foo to true if this is true” +
insanely complicated formula
Inline functions–
Nasty side effects - eg library file that includes executable code
Failure to read & fit in with existing code - use functions already in the code
where they exist

Not just about meeting a coding standard - it’s about THINKING!!!
That said - have and use a coding standard
No need to make from scratch - PEAR & Zend Framework have them. Good place to
start anyway
Use a coding standard from the start - nightmares happen if you try to do it
later!

Make rules awkward/hard to remember = no one will use them
Force millions of tiny files = performance hit
Apps Hungarian = just no
If you want something totally OO, use Java or Python
Formatting - use long form PHP tags
Space indents, or tabs, but everyone should use the same!
Comments - header block!
Single line comments for non-obvious code, TODOs, FIXMEs etc
Coding semantics - declare functions/classes in library files that don’t have
execution side effects
Code should run clean with E_ALL
Don’t use magic numbers, ternary operators, embedded HTML

Version control for anything that’ll take more than one week, one code file or
one developer - and most of those too!
Frequent commits - every conceptual change, additional functionality, every bug
fix should have a commit
Detailed commit messages - trac is a PITA, but trac++ still

DOCUMENTATION - any project beyond a certain size needs it. Organic code–
If you don’t document as you go, you never will
Aim for consistently produced lightweight docs - takes less time (so it just
might happen), and is quicker to read

TRAIN DEVELOPERS - code layout/design, sample code, explainations of
architecture/requirements - FEEDBACK

Hell is other people’s code - legacy code: the ninth circle of hell
You may never read all the legacy code
Parts of it are broken, were never used
If it wasn’t documented before, you never will
If it needs a complete rewrite, you won’t have time
You will have to deal with this. If not today, sometime soon.

Worth spending time to audit documentation, architecture, coding conventions,
what’s used, what’s obviously broken/fragile
Refactor as you go, with a lightweight plan in mind
Don’t get too ambitious