What are the programming mistakes most inexperienced programmers make? by Noam Ben-Ami
Answer by Noam Ben-Ami:
- There are a small number of cases where a public static final is ok, although in general I think that's a valid observation.
- Inexperienced programmers' worst mistake is causing security holes. Every line of code you write is a potential exploit. Be collaborative, get code reviews. The worst, and easiest, mistake to make is the creation of sql injection exploits. You cannot work around these by validating the users' strings yourself. Learn about software security and write defensive code.
- Next, inexperienced programmers abuse OOP. The most egregious error is deep, deep violation of single responsibility. Also, though, of encapsulation via abstraction leaks, use of inheritance where aggregation is appropriate, inappropriate variable access levels, poorly-designed package/assembly structures; the list goes on and on.
- Next up, lack of documentation and comments. Ok, this isn't a beginner programmer thing – most programmers are complete bozos when it comes to code documentation, and they create nightmares for those of us who come after them. Don't be that guy. Document your code. Get others to check the comments and code for clarity.
- Next, overcomplicating things. This is a beginner mistake in all crafts. Take the time to really understand the problem you are solving, and the tools available to solve it, and work hard to eliminate everything unnecessary. Complexity kills software. I've seen this done by seasoned professionals, of course, time, and time, and time again. I've walked into companies that couldn't scale because of overcomplicated architectural decisions made by very bright, but very stupid people, who designed giant technical cathedrals without ever considering simpler solutions that ran literally 1000x faster.
- Next, oversimplifying things. Make sure your code is robust; that it handles edge cases well, that it properly manages memory, even in GC environments like Java you can abuse memory in terrible ways.
- Next, poorly, or not at all, thought out error handling. Error handling is a critical part of software and an exception management strategy is something most beginners don't even know exists.
- Ok, let's move on to concurrency. This kills developers of every stripe, but especially the naive. Concurrency is hard. Avoid it if you can; because you will get it wrong. Find ways, whenever possible, of avoiding shared state, working with immutable state, using message passing architectures, and so on. If you must have shared, mutable state in a concurrent system, work with someone who really understands this stuff to validate your code or horrific, unexplainable things will happen to your system.
- Not understanding performance. Spending too much time optimizing things that are not important. Optimizing things before you measure them. Not understanding how your code will work in the real world under stress, and not bothering to stress it.
- Not testing properly. Lack of unit tests, lack of testability in class design, lack of integration tests. Test that are coupled to each other. Poor code coverage, poor scenario coverage. No tests at all.
- Lack of proper branch management. I have walked into so many companies that have no idea how to manage source control branches. Heck, I've walked into companies that don't even use a modern source control system.
- Lack of build and deploy systems. Seriously; learn how to use grunt, gulp, maven, sbt, make. Whatever floats your boat. Learn how to configure sonar, jenkins, travis. Or you're gonna get screwed.
- Lack of proper thought given to monitoring, metrics and other operational concerns. Do you log enough data to logs to debug things if they go wrong? Do you have a log aggregator? Does each of your systems have a healthcheck endpoints? Do you publish KPIs to somewhere? Do you know what to do if your pager goes off?
- Lack of proper extreme failure testing. What happens if I turn off your database and then turn it on? What if I walk into your happy little system and flush all your caches? Do you understand what your system is going to do to downstream systems if I do that?
- Lack of clear error messages. Man, I spend a lot of time on this. If you throw an exception and it says "system error, invalid state" I will come to your desk and…well, it won't be pretty. Learn how to communicate.
- Violation of layering. Oh boy, or no layering at all. Systems calling up, systems calling way too far down. Learn how to build systems into composable, encapsulated layers, or your code will become an unmanageable mess in no time.
Well, that's a good warmup.