Design for developers – how it went

It has been a while since I went through the course, and I wanted to report back on how it went. Some things went well, some no so well…

The good:

  • The course is a great introduction to design.
  • I learned a lot of design jargon (for example: visual hierarchy).
  • I gained a solid understanding of what it takes to do design.
  • I now know what makes good design and what makes bad design.
  • I learned about some of the existing design tools and utilities out there (color scheme selection helpers, style tiles).
  • Having a mentor and getting feedback both on the site and via video (Skype in this case) was incredibly useful and pushed my learning much faster.

The not-so-good:

  • Though advertised as only requiring 10 hours a week, it took significantly longer than that:
    • Large amounts of reading (at least 10 hours worth per week).
    • Being unfamiliar with design tools meant I had to learn and experiment with them as well (GIMP, Inkscape and Balsamiq Mockups to name a few).
  • My mentor disappeared on me during the last week of the course (he had a product launch).
  • I did not realize that iteration were expected from the get go – the interface wasn’t clear about this (there were a few hints, but not enough for me), not did my mentor explicitly mention it.
  • Some of the downloaded resources require Photoshop and other commercial tools, where a developer or someone learning about design wouldn’t necessarily have them (or want to purchase them just for the course).

In general, the course was great, though I didn’t get as much from it as I probably could have.

Coming into it, I didn’t have a specific project that I wanted to apply my learning to. Had I had one, I would have had more motivation and some end goal to work towards during the course (the course did seem geared towards the notion of working on an existing project, in particular the last two weeks of it).

I struggled with the actual time requirements, partially due to the need to learn new tools and partially due to the large amount of required reading.

I was able to gain an understanding of the design workflow, language and tooling. Not enough to become a designer myself, by enough to converse and understand design jargon, and possibly come up with a decent enough design myself.


I had a feedback session with one of the founders – he was very receptive to everything I had to say, the good and the bad, and I have seen that since, they have made some changes. To be fair to them, the course was still very new (I was in the second “class” – only the second time they have run through it) – they have now had plenty of time to refine things.

The course has been renamed from “Design for Developers” to “Design 101“, which I think is a much better name. The reading requirements have been adjusted and there have been many changes to the UI to address some of the issues I’ve raised. I’ve been told that introductions to the different tools and downloadable resources have been added to the site.

Design Labs are also offering a – UX Research & Strategy course these days.


If you are thinking of taking this course I can make a few recommendations:

  • Have a project that needs some design work. This can be something you work towards polishing throughout the course.
  • Expect to spend a good amount of time learning the tools.
  • Make sure you iterate from day one – this is where the value is. Given feedback from your mentor – follow up on it, make changes and iterate.
  • Enjoy!

Pro Git 2nd Edition – a review

I found the book to be quite a good introduction as well as a suitable book for power users.

The book starts with the basics – the common uses that most users will have of git, it then goes into workflows followed by more esoteric uses and an in depth look into git internals.

In the in-depth chapters, the details are very low level – how git stores different objects, what they look like and what information the different object types contain.

The book is very *nix centric – some chapters and commands assume a *nix environment, and it isn’t clear how these specifics translate to windows (examples include hooks and hook scripting).

Things I found interesting:

  • I did not know that I could just use a network share for collaboration (using the local protocol). This is very simple to setup – could be perfect for a small office/home office environment where code doesn’t need to be on the Internet.
  • rerere – recording confict resolution. A git feature that allows recording how merge conflicts have been resolved, so future conflicts can be automatically resolved using the same strategy (this is a rare use but can be very helpful if the same merge needs to be performed repeatedly).
  • Git hooks for customizing actions – for example, special commit rules, running commands when fetching and more (the book doesn’t make it clear if/how to manage this on Windows).
  • filter-branch – a very powerful, but very dangerous feature, that allows rewriting history across the whole repository and commits in it. Can be useful for removing certain files from all revisions (say a private key file was committed by error and should be completely expunged).
  • How reset works – the section explains the different states of a repository being tracked, what HEAD means and how to think about it and what reset does. Clarified quite a bit for me.
  • Splitting a repository – for example, if the repository has grown a lot and only the recent history is of interest, it is possible to split a repository into old historical/current.

I recommended this book if you feel you are not using git effectively.

It contains lots of info about how different commands work, and is a good introduction to many tools, some of which you may not be familiar with (stash, rerere, reset, bundling, rebasing and more) as well as a chapter dedicated to the use of github.

The book can be read online, downloaded for free (supported formats are pdf, epub, mobi and HTML), and a dead tree edition is available on amazon.

Design for developers – the journey begins

So I decided to take a design course.

Graphic design, that is. Not design patterns, not architecture. Graphic design.

Why would I, a programmer for well over a decade, decide to do that?

Because design by developers:

Design by developers

(image taken from You Sank my Battleship on infovark)


I have always been one of those developers that said – I can build it, but I can’t make it pretty.

Not that a design course would magically make my software pretty – but at least I will have the basis to identify whether the design is bad and to talk to designers in their language, without making a fool of myself. I mean – think about how non-programmers talk to you about programming, right?

The course I have taken is design for developers, offered by DesignLab. This is a four week course, where one is expected to put in 5-10 hours a week.

I know this sounds like a lot, in particular considering this is done outside of “office hours” (I work remotely and make my own hours – but my study for this course is strictly off the clock). However, having taken Open University courses in the past, while in full time employment, I cam confident this is easily achievable in particular given that weekends are off the clock.


I intend to document my progress here as I go through the course.

Stay tuned.

What Developers Need to Know about SQL – SQL is not for everything

Here is another intersting tweet from What Developers Need to Know About SQL Server:

What Aaron is talking about here is that SQL is a Query Language – that is what SQL and relational databases are optimized for – getting result sets.

SQL is not a data manipulation language – yes, you can do quite a lot of manipulation of string, dates and such, but the language does not lend itself to such operations.

It is far more efficient to move such operations to the client/UI code – whatever language you use to interact with the database will almost certainly have better facilities for manipulating strings and dates.

What Developers Need to Know about SQL – Set Based Programming

Here is one stand alone tweet from What Developers Need to Know About SQL Server, which is rather information dense and worth expanding on:

Stuart Miller compares the mental shift required for someone who is used to OOP do develop in SQL to the mental shift those used to imperative programming (c, COBOL, Basic and more) need to go through in order to truly understand and use OOP correctly.

This different programming paradigm is set based programming, taking its name from set theory, a mathematical framework from which the relational model of databases was derived by Edgar F. Codd, which in turn gave relational databases their name.

One of the major differences between set based programming and object oriented programming has to do with how they deal with groups of related items. Where in object oriented programming, one would iterate over a collection of objects, dealing with each item at a time, set based programming deals with the group as a whole – there are no iteration constructs. That’s right – there are no loops in set based programming.

As result, the way to think about and apply operators is in groups of related items (sets, or relations, in Codds’ relational model), not individual items. Operators allow filtering, aggregating, projection, joining and more – always resulting in groups of related items (where a group can be empty or consist of a single item).

Relational theory is the basis from which relational databases have been built and the relational engines that power them are optimized for this kind of thinking – set based thinking. Most relational database do offer looping constructs – but these are most often than not best avoided as they go against the grain and can be the cause of performance issues. This is not because relational databases are slow – it is because using loops instead of operating on sets goes against how they were built and what they are optimized to do.

What Developers Need to Know about SQL – Introduction

I will be starting a series of blogs, inspired by a twitter conversion Brent Ozar had with other database folks and the highlights of which he collated as a blog post, titled What Developers Need to Know About SQL Server.

Since these started life on twitter, they are quite short and though Brent briefly expands on some of the tweets, I believe there is value is expanding on them even further, explaining the rationale and thinking behind them.

Though Brent and the conversation are ostensibly SQL Server oriented, many of the points raised are applicable to any relational database – Oracle, MySql, PostgreSQL etc. I plan to mostly deal with these shared points.

Let me know in a comment if there is anything specific you are interested in.

Anatomy of a XSS vulnerability on Stack Overflow

Stack Overflow has had a mobile version of the site for quite a while now, and to make life easy for our users, we have a switcher in the footer – allowing one to toggle between the mobile and the full versions of the site.

Recently, an XSS vulnerability on this link was disclosed via our meta site.

The link markup was looking like the following:

<a onclick='StackExchange.switchMobile("on", "/some/path")'>mobile</a>

Where, "/some/path" is the current request path – this ensures that when switching between mobile and full, one remains on the same page.

As it turns out, this path was rendered to the page using HTML encoding only, meaning that when accessing the site with the URL http://stackoverflow.com/%22,alert%281%29,%22 (which would throw up a “404 page not found” that contains the footer), clicking the link would execute a JavaScript alert.

How does it work?

When rendering the path %22,alert%281%29,%22, the link ended up looking like this:

<a onclick='StackExchange.switchMobile("on", "",alert(1),"")'>mobile</a>

Since %22 encodes ", %28 is ( and %29 is ).

The initial fix was to ensure " was correctly encoded. It was a quick fix – done to minimize damage from this particular form of attack. It was followed by a change to the StackExchange.switchMobile function where no path parameter exists anymore and which precludes this attack – the path is no longer in a string and URL checking was moved to the server side.

Did you know? A .NET CSV parser that comes with Visual Studio?

In the Microsoft.VisualBasic.FileIO (Microsoft.VisualBasic.dll) namespace lives the TextFieldParser class.

This useful little class can be used to parse structured text files – either delimited or fixed length. You can iterate over the lines in the file and extract the data through the ReadFields method.

Since it is provided by Microsoft, you can use it in environments that do not allow “third-party” libraries and as it is a .NET libarary you can use it in any .NET language (yes, C# and F# included) – just import the library.

The examples on MSDN are all in VB.NET, but are easily translated to other .NET dialects.

How to: Read From Comma-Delimited Text Files
How to: Read From Fixed-width Text Files
How to: Read From Text Files with Multiple Formats

Class libraries do not have configuration

Why is that?

If one takes the time to think about it, class libraries only ever execute in the context of an application – a web application, a console application, a unit test runner or some other executable.

A class library gets loaded into the memory space of the application and gets called and executed there.

It makes sense then that the executing application should be the one deciding on how to configure a class library it is using, rather than the other way around.

The .NET framework configuration subsystem subscribes to this idea – when using the System.Configuration namespace, the application configuration file will be the one queried, even if there is a configuration file matching the dll name.

I would add that configuration should be treated as a dependency – the values should be injected into any class or method that required them – read the excellent blog by Paul Hiles – Configuration Settings Are A Dependency That Should Be Injected.

Date and Time format strings in .NET – Understanding format strings

Date and Time format strings come in two flavors – standard and custom.

Whenever these are used, the CultureInfo that is used with them comes into play. If an IFormatProvider is not specified, the CultureInfo assigned to the current thread is used.

Standard format strings

These are all single character format specifiers – they each can be thought of as representing longer, culture sensitive custom format strings.

Any format string that contains more than one character (including white space) is considered to be a custom format specifier.

A FormatException will be thrown if the format specifier is not one of the known ones (listed in the table below):

Format specifier Description
“d” Short date pattern
“D” Long date pattern
“f” Full date/time pattern (short time)
“F” Full date/time pattern (long time)
“g” General date/time pattern (short time)
“G” General date/time pattern (long time)
“M”, “m” Month/day pattern
“O”, “o” Round-trip date/time pattern
“R”, “r” RFC1123 pattern
“s” Sortable date/time pattern
“t” Short time pattern
“T” Long time pattern
“u” Universal sortable date/time pattern
“U” Universal full date/time pattern
“Y”, “y” Year month pattern

Take a look at the documentation for more detail.

Standard format strings are simple to use – when formatting a DateTime as a string or parsing a string into a DateTime (using ParseExact or TryParseExact).

Formatting examples:

DateTime.Now.ToString("f");
// 13 December 2011 19:35

DateTime.Now.ToString("f", CultureInfo.GetCultureInfo("he-IL"));
// יום שלישי 13 דצמבר 2011 19:35

DateTime.Now.ToString("D");
// 13 December 2011

DateTime.Now.ToString("D", CultureInfo.GetCultureInfo("ru-RU"));
// 13 декабря 2011 г.

Parsing examples (really just the opposite of the above):

DateTime.ParseExact("13 December 2011 19:35", "f", 
                    CultureInfo.GetCultureInfo("en-GB"))

DateTime.ParseExact("יום שלישי 13 דצמבר 2011 19:35", "f", 
                    CultureInfo.GetCultureInfo("he-IL"))

DateTime.ParseExact("13 December 2011", "D", 
                    CultureInfo.GetCultureInfo("en-GB"))

DateTime.ParseExact("13 декабря 2011 г.", "D", 
                    CultureInfo.GetCultureInfo("ru-RU"));

Custom format strings

Any string that contains more than one character will be considered to be a custom format string.

Custom format strings allow you to exactly match and parse any string representing a date and to convert a DateTime to any custom date string for display. They provide the most flexibility in parsing and outputting but are more complex to understand, construct and use than standard format strings.

All characters are allowed in the format string and each would be interpreted unchanged, unless it is one of the following format specifiers:

Format specifier Description
“d” The day of the month, from 1 through 31
“dd” The day of the month, from 01 through 31
“ddd” The abbreviated name of the day of the week
“dddd” The full name of the day of the week
“f” The tenths of a second in a date and time value
“ff” The hundredths of a second in a date and time value
“fff” The milliseconds in a date and time value
“ffff” The ten thousandths of a second in a date and time value
“fffff” The hundred thousandths of a second in a date and time value
“ffffff” The millionths of a second in a date and time value
“fffffff” The ten millionths of a second in a date and time value
“F” If non-zero, the tenths of a second in a date and time value
“FF” If non-zero, the hundredths of a second in a date and time value
“FFF” If non-zero, the milliseconds in a date and time value
“FFFF” If non-zero, the ten thousandths of a second in a date and time value
“FFFFF” If non-zero, the hundred thousandths of a second in a date and time value
“FFFFFF” If non-zero, the millionths of a second in a date and time value
“FFFFFFF” If non-zero, the ten millionths of a second in a date and time value
“g”, “gg” The period or era
“h” The hour, using a 12-hour clock from 1 to 12
“hh” The hour, using a 12-hour clock from 01 to 12
“H” The hour, using a 24-hour clock from 0 to 23
“HH” The hour, using a 24-hour clock from 00 to 23
“K” Time zone information
“m” The minute, from 0 through 59
“mm” The minute, from 00 through 59
“M” The month, from 1 through 12
“MM” The month, from 01 through 12
“MMM” The abbreviated name of the month
“MMMM” The full name of the month
“s” The second, from 0 through 59
“ss” The second, from 00 through 59
“t” The first character of the AM/PM designator
“tt” The AM/PM designator
“y” The year, from 0 to 99
“yy” The year, from 00 to 99
“yyy” The year, with a minimum of three digits
“yyyy” The year as a four-digit number
“yyyyy” The year as a five-digit number
“z” Hours offset from UTC, with no leading zeros
“zz” Hours offset from UTC, with a leading zero for a single-digit value
“zzz” Hours and minutes offset from UTC
“:” The time separator
“/” The date separator
“string”, ‘string’ Literal string delimiter
% Defines the following character as a custom format specifier
\ The escape character
Any other character The character is copied to the result string unchanged

Several of these merit special discussion:

“:” – the time separator

When “:” appears in a custom format string, is gets replaced with the time separator defined in the CultureInfo being used. For example, in the “it-IT” culture, the time separator is a “.”.

“/” – the date separator

When “/” appears in a custom format string, is gets replaced with the date separator defined in the CultureInfo being used. For example, in the “ar-DZ” culture, the date separator is a “-“.

“string”, ‘string’ – the literal string delimiter

You can use single and double quotes as literal string delimiters within a format string – any such delimited string within a format string would appear verbatim in the string being parsed or output.

“\” – the escape character

When “\” appears in a custom format string, it simply escapes the next character so it does not get interpreted as a format specifier. For example, if the letter s appears in the string to be parsed, “\s” would represent it for parsing to ensure it does not get interpreted as the single character seconds custom format specifier.

“%” – precedes a single character custom format specifier

If you wish to use a single character custom format specifier you have several choices – prepend or append a space to it to ensure that it is not interpreted as a standard format string (otherwise it will be and if it is not a valid one a FormatException will be thrown). A downside to using a space in this manner is that one will be expected in the string to parse or will be output when converting to a string.

The alternative is to prepend “%” – this avoids the issue with spaces and serves as a special escape to allow for single character custom format specifiers.


Take a look at the documentation for more detail.

I will not give examples for these, as the documentation contains plenty.

If you have specific questions about the contents of this post, please post them in the comments and I will answer to the best of my ability.